← Back to Library

To truly understand the state of the security market, we need to look beyond our industry

Ross Haleliuk · Venture in Security · ·11 min read
Commentary by Hex Index staff

Ross Haleliuk challenges the cybersecurity industry's most persistent complaints—not by denying the noise, but by reframing it as a symptom of a maturing, democratized market rather than a failure of execution. While executives often lament an oversaturated vendor landscape, Haleliuk argues that this perception crumbles when security is compared to other technology sectors like fintech or climate tech, revealing that the industry is actually under-served relative to its critical importance.

The Illusion of Oversaturation

Haleliuk begins by dismantling the narrative that "too many cyber startups are being started every year." He draws a parallel to housing markets, noting that while people correctly identify rising costs, they often misdiagnose the cause as simple greed rather than structural shifts. "The startup world is no different," Haleliuk writes, arguing that entrepreneurship has been "de-risked and democratized" over the last two decades. This shift allows founders from diverse backgrounds and locations—such as Boise or Pittsburgh—to build companies without the traditional gatekeepers of Silicon Valley.

To truly understand the state of the security market, we need to look beyond our industry

The author suggests that the barrier to entry in security remains high due to the need for domain expertise, making the current volume of startups a sign of accessibility rather than chaos. "For all these reasons, there are more startups being built in every area, and it just so happens that cyber is one of the areas," Haleliuk observes. This framing is compelling because it shifts the blame from the founders to the market's natural evolution. However, critics might note that while democratization is positive, the sheer volume of AI-driven security vendors could still lead to dangerous fragmentation and integration fatigue for buyers, regardless of the founders' origins.

The fact that more founders from diverse backgrounds can now build, raise, and ship products without needing to be in Silicon Valley is not a weakness, it's a strength.

Contextualizing the Crowded Market

The piece then tackles the belief that "cybersecurity is the most crowded industry." Haleliuk argues that this view relies on a flawed historical baseline, comparing today's complex landscape to the simpler era of firewalls and antivirus software from twenty years ago. "If we truly believe that 'cybersecurity is everyone's problem', I am struggling to see why having some 6,000 companies would be 'too much'," he asks. By juxtaposing security's 6,000 vendors against 30,000 fintech or 50,000 climate tech startups, the author forces a recalibration of what "crowded" actually means.

This comparative approach is the article's strongest analytical tool. It moves the conversation from subjective complaints to objective data, suggesting that security is actually lagging behind other sectors in terms of vendor density relative to market need. Haleliuk posits that the perception of noise is often a result of looking inward rather than outward: "What is much more interesting is comparing security to other industries of the present." This perspective is vital for busy leaders who need to distinguish between market saturation and genuine innovation gaps.

The Universal Nature of Sales

Finally, Haleliuk addresses the frustration that CISOs are bombarded by vendors more than other executives. He points out a fundamental hypocrisy in the industry: the very teams complaining about sales tactics are paid by companies that rely on aggressive go-to-market strategies to survive. "There is one truth that many people, regardless of the industry, have yet to fully internalize: everyone is selling something," Haleliuk writes. He reminds readers that in the business-to-business space, the salaries of security practitioners are funded by the same sales motions they claim to despise.

The author notes that while the volume of outreach has increased, it is not unique to security; heads of marketing, finance, and engineering face similar saturation. "Welcome to the world of GTM in 2023, a world of fierce competition, short attention spans, and oversaturation of the market," he concludes. This argument effectively neutralizes the sense of victimhood among security leaders, reframing the experience as a universal business reality. Yet, a counterargument worth considering is that security vendors often target CISOs with higher-stakes, fear-based messaging that differs qualitatively from the feature-focused pitches sent to other departments, potentially justifying the unique intensity of the annoyance.

In the B2B space, salaries of security practitioners who are tired of traditional GTM motions, like cold calling, are being paid from the money their company earns through traditional marketing tactics.

Bottom Line

Haleliuk's most valuable contribution is his insistence on looking beyond the industry bubble to understand market dynamics, successfully arguing that the perceived chaos is actually a sign of a healthy, expanding ecosystem. The argument's vulnerability lies in its optimism; while the market may be maturing, the immediate operational burden on CISOs to filter through this noise remains a critical, unresolved pain point that data alone cannot fix.

Instead of getting sentimental and talking about the past, we can embrace this complexity with better frameworks and clearer thinking.

Sources

To truly understand the state of the security market, we need to look beyond our industry

by Ross Haleliuk · Venture in Security · Read full article

When people talk about the state of cybersecurity, the three “truths” seem to come up again and again: 1) that there are too many startups, 2) that the industry is way too crowded, and 3) that CISOs are bombarded by vendor outreach more than any other executives. These narratives aren’t totally wrong, but they usually miss the bigger picture. If we zoom out and compare security to other industries, historical context to today’s reality, and perception to actual data, the story becomes much more nuanced and far more interesting. In this piece, I am addressing these three usual complaints and sharing my perspective on why they aren’t exactly fair. I am sure some people will disagree with the way I look at things, but that’s exactly why it’s interesting to have a healthy debate.

Stop AI Identity Sprawl Before It Becomes Your Biggest Risk

AI is everywhere, fueling productivity but also creating new blind spots. Shadow AI, prompt-based data leaks, API key exposure, and runaway agents are expanding the identity attack surface.

Permiso’s AI Security Cheatsheet shows you how to take control: spot emerging threats, respond in minutes, and govern AI identities with confidence. It’s packed with practical steps and key metrics your team can put into action right away.

Download the cheatsheet, and start closing your AI security gaps today.

“Too many cyber startups are being started every year”.

Having lived in different cities and countries, I am used to hearing an argument that “Life used to be so much cheaper, but now everything (especially the property prices) in our city has made living completely unaffordable”. What’s interesting is that each time I hear this, people are generally right, but as soon as they start analyzing the reasons why it happened, in my opinion, they are generally wrong. The cost of living in most cities has indeed increased, and especially so in large urban centers, but it isn’t just because of evil developers or tech people moving in (though these certainly play a role). Instead, housing and urban living have become more expensive because of a mix of long-term structural forces that are often invisible in day-to-day debates, from land-use restrictions and zoning, underbuilding after past recessions, infrastructure and regulatory costs, the fact that housing in major cities all over the world has become an investment asset for global wealth, demographic and cultural shifts like the fact that we ...