Podcast Summary: CyberWire Daily – Tech Investment Strategies and Overview [CISOP]

Date: December 23, 2025
Host: Kim Jones (CISO Perspectives, N2K Networks)
Guest: John Funge (Venture Partner, Datatribe)

Episode Overview

This episode dives deep into the intersection of cybersecurity innovation and venture capital. Host Kim Jones, an experienced CISO, discusses with investor John Funge the realities and challenges of funding transformative cybersecurity solutions. The conversation examines how VCs choose investments, the tension between business needs and practitioner demands, barriers to disruptive innovation in cyber, and the essential importance of practitioner-VC engagement for advancing the industry. The episode is both candid and practical, shedding light on systemic barriers while offering actionable advice for CISOs and entrepreneurs alike.

Key Discussion Points and Insights

1. The Misalignment of Cyber Industry Incentives

Host’s Opening Thesis: Kim Jones questions whether the cybersecurity technology industry prioritizes selling mitigation tools over delivering true solutions—drawing a parallel to the healthcare industry’s palliative focus ([00:11]).
- Quote: “Sometimes it seems as if the cyber technology industry allows its focus on maximizing profit to stand in the way of advocating for innovative yet incredibly useful tools... This is to the detriment of the consumer, our clients.” – Kim Jones ([00:46])
Case Study: An innovative Australian identity tech startup that could have dramatically reduced fraud was rejected by VCs because its success would have harmed existing portfolio investments, ultimately leading the startup to fold ([02:28]).
- Quote: “As the firm's founding partner stated, ‘Your tech would destroy at least one third of our portfolio.’ … That solution is no longer available.” – Kim Jones ([03:14])
Mission Reminder: Kim underscores that the role of cybersecurity professionals should be to keep people safe and minimize material incidents, not to chase profits at the consumers’ expense ([04:21]).

2. How VCs Evaluate Cybersecurity Investments

John Funge’s Background: Former software engineer, multiple-time founder, now a VC at Datatribe with deep experience in early stage cyber startups ([06:15]).
Investment Approach: Contrary to common belief, the evaluation of early stage cyber startups is less about technology and more about founding teams, founder-market fit, and the size and defensibility of the business opportunity ([09:45]).
- Quote: “While the technology is important, it’s probably a minority of the calculus… you’re looking for a home run… this team is world class… and can create a truly differentiated and defensible position.” – John Funge ([09:53])
Integration and Market Fit: The complexity of integrating new security tools into enterprise environments is a significant investment filter. Solutions requiring deep structural changes (like replacing identity systems) have higher barriers ([13:41]).
Timeline Realities: Startups must demonstrate product-market fit and early revenues within a typical 18-24 month runway ([15:49]).
Pace of Change: The unique adversarial nature of cybersecurity (where innovation is directly driven by attackers) makes the market unusually frenetic and challenging ([15:06]).

3. The Challenge of Innovation and Practitioner Frustrations

Practitioner Perspective: Kim voices frustration that VCs sometimes walk away from startups solving real problems for practitioners, often to avoid internal portfolio conflicts rather than because of technical inadequacy ([16:20]).
- Quote: “The challenge that I have… is I look at both those areas… I understand all the pieces you’re saying, John… but I’ve been in the room… where [VCs] have walked away from solutions that I need within the environment… because ‘you’ll destroy the rest of my portfolio.’” – Kim Jones ([16:59])
Conflict of Interests: John affirms that VCs generally avoid backing companies in direct conflict with their portfolio. While this protects current investments, it sometimes means market-advancing products don’t get funded ([19:33]).
Market Dynamics: At scale, VCs act as a signaling mechanism, betting on conviction in trends by risking capital. Not all valuable ideas get backed due to limited risk appetite, internal priorities, and market perceptions ([21:21]).

4. Inclusion of Practitioner Input in Investment Decisions

Consulting Practitioners: Datatribe and similar firms maintain CISO advisory networks, consulting multiple practicing CISOs and prospective customers as part of due diligence ([25:42]).
- Quote: “We have a CISO network of about 30 CISOs and every single time… we will engage with 5-10 of our members… and with prospective customers.” – John Funge ([25:51])
- Memorable moment: Kim calls the process “free consulting”—and John agrees ([26:50]).
Time Horizons: Operational versus truly strategic thinking is rare among practitioners; most CISOs operate in a short (12–36 month) window, whereas VCs often think in 5–10-year market trajectories ([29:19]).
Bridging the Gap:
- Successful alignment requires both sides to be proactive. VC engagement helps practitioners see over-the-horizon innovations, while CISOs help VCs stay grounded in practical enterprise realities ([30:29]).
- Quote: “Venture investors… spend a lot of time thinking about these technologies in production… there’s nothing more valuable than folks that are actually in the seat telling us ‘for sure this is a problem.’” – John Funge ([30:59])

5. Barriers to Disruptive Innovation

Timidity in Innovation: Kim invokes examples from academia (like mRNA research) to question whether the industry dampens radical innovation by favoring “expected and accepted” improvements ([33:40]).
Market Inertia: John acknowledges systemic inertia—fundamental changes requiring upheaval (e.g., “blowing up the SIEM”) are extremely difficult to execute or sell into established enterprises, regardless of technical merit ([37:44]).
- Quote: “The inertia of making any kind of massive change… is incredible… that’s augering against the type of profound change you’re talking about.” – John Funge ([38:09])
Early-Stage Funding Gap: Bringing “over the horizon” research to market is tough; even early-stage investors are challenged to bridge the gap between innovative academic breakthroughs and commercially viable products ([39:15]).

6. Trends and Practical Advice for Practitioners

Emerging Trend – Stack Rationalization: John highlights startups using AI to help large organizations rationalize, manage, and optimize their cyber stack, anticipating future impact in vendor management and purchasing ([44:43]).
- Quote: “There are a family of… startups working on platforms to help large organizations rationalize and understand their cyber stack and to manage it… there’s a real opportunity for AI to help…” – John Funge ([44:43])
VC Engagement Call to Action: John strongly encourages CISOs to allocate time to engage with VCs—formally, informally, at conferences, or dinners—to inform innovation and market direction ([45:31]).
- Quote: “VCs want to engage with CISOs… embrace taking some slice of your time and allocate it to trading notes on what’s coming in the five to ten year horizon.” – John Funge ([45:34])
Kim’s Closing Advice: CISOs often complain about the disconnect but must proactively make time to bridge the gap—otherwise, the system won’t improve ([32:28]).
- Memorable moment: Kim jokes about always accepting a dinner invite—“free steak”—as a first step to real engagement.

Notable Quotes & Moments with Timestamps

“Has the cyber industry decided that they would rather sell mitigation as opposed to solve the problem?”
— Kim Jones ([00:25])
“Your tech would destroy at least one third of our portfolio.”
— Anonymous VC, via Kim Jones ([03:14])
“While the technology is important, it's probably a minority of the calculus… you’re looking for a huge opportunity and a world-class team.”
— John Funge ([09:53])
“There’s a slight, you know, slight bit of daylight… between the incentives of investors and…the customer and practitioners…”
— John Funge ([19:33])
“Most strategic CISOs aren’t really strategic; they’re really operational… Finding ones who can look beyond that time horizon… is what, maybe 1 in 10,000?”
— Kim Jones ([29:22])
“The inertia of making any kind of massive change… is incredible… that’s augering against the type of profound change you’re talking about.”
— John Funge ([38:09])
“There are a family of… startups working on platforms to help large organizations rationalize and manage their cyber stack… I think there’s a real opportunity for AI…”
— John Funge ([44:43])

Important Segment Timestamps

[00:11–05:06] | Host’s opening essay, tech industry priorities, and lost innovation story
[06:15–09:45] | Guest intro and “how VCs choose cyber investments”
[09:45–16:20] | Deep-dive: early-stage investment criteria, integration barriers, market fit
[16:20–19:33] | Practitioners’ frustrations; why VCs walk away from “disruptive” startups
[25:42–29:19] | Practitioner input in VC process; concept of ‘free consulting’ and CISO networks
[33:40–39:14] | Academic research, market inertia, and the “tamping down” of innovation
[44:28–46:42] | Trends to watch (stack rationalization, AI), and engagement call to CISOs

Flow & Tone

The conversation is frank, collegial, and occasionally humorous—grounded by Kim’s practitioner realism and John’s transparent VC perspective. There’s a shared sense of responsibility for improving the industry, despite structural and cultural barriers.

Actionable Takeaways

CISOs and practitioners: Proactively engage with investors—your input does shape what gets funded. Don’t ignore those “free steak dinner” invitations; they are pathways to influencing market direction.
Entrepreneurs: Realize VCs make decisions based on team, defensibility, and market size as much (or more) than on technical novelty.
VCs: Seek continual input from experienced practitioners; don’t let portfolio protectionism inadvertently stifle breakthrough innovation.
Everyone: Recognize the inertia present in cyber and the real challenges in moving from fundamental innovation to enterprise deployment—and keep working to narrow that gap.

Podcast Summary: CyberWire Daily – Tech Investment Strategies and Overview [CISOP]

Date: December 23, 2025
Host: Kim Jones (CISO Perspectives, N2K Networks)
Guest: John Funge (Venture Partner, Datatribe)

Episode Overview

Key Discussion Points and Insights

1. The Misalignment of Cyber Industry Incentives

Host’s Opening Thesis: Kim Jones questions whether the cybersecurity technology industry prioritizes selling mitigation tools over delivering true solutions—drawing a parallel to the healthcare industry’s palliative focus ([00:11]).
- Quote: “Sometimes it seems as if the cyber technology industry allows its focus on maximizing profit to stand in the way of advocating for innovative yet incredibly useful tools... This is to the detriment of the consumer, our clients.” – Kim Jones ([00:46])
Case Study: An innovative Australian identity tech startup that could have dramatically reduced fraud was rejected by VCs because its success would have harmed existing portfolio investments, ultimately leading the startup to fold ([02:28]).
- Quote: “As the firm's founding partner stated, ‘Your tech would destroy at least one third of our portfolio.’ … That solution is no longer available.” – Kim Jones ([03:14])
Mission Reminder: Kim underscores that the role of cybersecurity professionals should be to keep people safe and minimize material incidents, not to chase profits at the consumers’ expense ([04:21]).

2. How VCs Evaluate Cybersecurity Investments

John Funge’s Background: Former software engineer, multiple-time founder, now a VC at Datatribe with deep experience in early stage cyber startups ([06:15]).
Investment Approach: Contrary to common belief, the evaluation of early stage cyber startups is less about technology and more about founding teams, founder-market fit, and the size and defensibility of the business opportunity ([09:45]).
- Quote: “While the technology is important, it’s probably a minority of the calculus… you’re looking for a home run… this team is world class… and can create a truly differentiated and defensible position.” – John Funge ([09:53])
Integration and Market Fit: The complexity of integrating new security tools into enterprise environments is a significant investment filter. Solutions requiring deep structural changes (like replacing identity systems) have higher barriers ([13:41]).
Timeline Realities: Startups must demonstrate product-market fit and early revenues within a typical 18-24 month runway ([15:49]).
Pace of Change: The unique adversarial nature of cybersecurity (where innovation is directly driven by attackers) makes the market unusually frenetic and challenging ([15:06]).

3. The Challenge of Innovation and Practitioner Frustrations

Practitioner Perspective: Kim voices frustration that VCs sometimes walk away from startups solving real problems for practitioners, often to avoid internal portfolio conflicts rather than because of technical inadequacy ([16:20]).
- Quote: “The challenge that I have… is I look at both those areas… I understand all the pieces you’re saying, John… but I’ve been in the room… where [VCs] have walked away from solutions that I need within the environment… because ‘you’ll destroy the rest of my portfolio.’” – Kim Jones ([16:59])
Conflict of Interests: John affirms that VCs generally avoid backing companies in direct conflict with their portfolio. While this protects current investments, it sometimes means market-advancing products don’t get funded ([19:33]).
Market Dynamics: At scale, VCs act as a signaling mechanism, betting on conviction in trends by risking capital. Not all valuable ideas get backed due to limited risk appetite, internal priorities, and market perceptions ([21:21]).

4. Inclusion of Practitioner Input in Investment Decisions

Consulting Practitioners: Datatribe and similar firms maintain CISO advisory networks, consulting multiple practicing CISOs and prospective customers as part of due diligence ([25:42]).
- Quote: “We have a CISO network of about 30 CISOs and every single time… we will engage with 5-10 of our members… and with prospective customers.” – John Funge ([25:51])
- Memorable moment: Kim calls the process “free consulting”—and John agrees ([26:50]).
Time Horizons: Operational versus truly strategic thinking is rare among practitioners; most CISOs operate in a short (12–36 month) window, whereas VCs often think in 5–10-year market trajectories ([29:19]).
Bridging the Gap:
- Successful alignment requires both sides to be proactive. VC engagement helps practitioners see over-the-horizon innovations, while CISOs help VCs stay grounded in practical enterprise realities ([30:29]).
- Quote: “Venture investors… spend a lot of time thinking about these technologies in production… there’s nothing more valuable than folks that are actually in the seat telling us ‘for sure this is a problem.’” – John Funge ([30:59])

5. Barriers to Disruptive Innovation

Timidity in Innovation: Kim invokes examples from academia (like mRNA research) to question whether the industry dampens radical innovation by favoring “expected and accepted” improvements ([33:40]).
Market Inertia: John acknowledges systemic inertia—fundamental changes requiring upheaval (e.g., “blowing up the SIEM”) are extremely difficult to execute or sell into established enterprises, regardless of technical merit ([37:44]).
- Quote: “The inertia of making any kind of massive change… is incredible… that’s augering against the type of profound change you’re talking about.” – John Funge ([38:09])
Early-Stage Funding Gap: Bringing “over the horizon” research to market is tough; even early-stage investors are challenged to bridge the gap between innovative academic breakthroughs and commercially viable products ([39:15]).

6. Trends and Practical Advice for Practitioners

Emerging Trend – Stack Rationalization: John highlights startups using AI to help large organizations rationalize, manage, and optimize their cyber stack, anticipating future impact in vendor management and purchasing ([44:43]).
- Quote: “There are a family of… startups working on platforms to help large organizations rationalize and understand their cyber stack and to manage it… there’s a real opportunity for AI to help…” – John Funge ([44:43])
VC Engagement Call to Action: John strongly encourages CISOs to allocate time to engage with VCs—formally, informally, at conferences, or dinners—to inform innovation and market direction ([45:31]).
- Quote: “VCs want to engage with CISOs… embrace taking some slice of your time and allocate it to trading notes on what’s coming in the five to ten year horizon.” – John Funge ([45:34])
Kim’s Closing Advice: CISOs often complain about the disconnect but must proactively make time to bridge the gap—otherwise, the system won’t improve ([32:28]).
- Memorable moment: Kim jokes about always accepting a dinner invite—“free steak”—as a first step to real engagement.

Notable Quotes & Moments with Timestamps

“Has the cyber industry decided that they would rather sell mitigation as opposed to solve the problem?”
— Kim Jones ([00:25])
“Your tech would destroy at least one third of our portfolio.”
— Anonymous VC, via Kim Jones ([03:14])
“While the technology is important, it's probably a minority of the calculus… you’re looking for a huge opportunity and a world-class team.”
— John Funge ([09:53])
“There’s a slight, you know, slight bit of daylight… between the incentives of investors and…the customer and practitioners…”
— John Funge ([19:33])
“Most strategic CISOs aren’t really strategic; they’re really operational… Finding ones who can look beyond that time horizon… is what, maybe 1 in 10,000?”
— Kim Jones ([29:22])
“The inertia of making any kind of massive change… is incredible… that’s augering against the type of profound change you’re talking about.”
— John Funge ([38:09])
“There are a family of… startups working on platforms to help large organizations rationalize and manage their cyber stack… I think there’s a real opportunity for AI…”
— John Funge ([44:43])

Important Segment Timestamps

[00:11–05:06] | Host’s opening essay, tech industry priorities, and lost innovation story
[06:15–09:45] | Guest intro and “how VCs choose cyber investments”
[09:45–16:20] | Deep-dive: early-stage investment criteria, integration barriers, market fit
[16:20–19:33] | Practitioners’ frustrations; why VCs walk away from “disruptive” startups
[25:42–29:19] | Practitioner input in VC process; concept of ‘free consulting’ and CISO networks
[33:40–39:14] | Academic research, market inertia, and the “tamping down” of innovation
[44:28–46:42] | Trends to watch (stack rationalization, AI), and engagement call to CISOs

Flow & Tone

Actionable Takeaways

CISOs and practitioners: Proactively engage with investors—your input does shape what gets funded. Don’t ignore those “free steak dinner” invitations; they are pathways to influencing market direction.
Entrepreneurs: Realize VCs make decisions based on team, defensibility, and market size as much (or more) than on technical novelty.
VCs: Seek continual input from experienced practitioners; don’t let portfolio protectionism inadvertently stifle breakthrough innovation.
Everyone: Recognize the inertia present in cyber and the real challenges in moving from fundamental innovation to enterprise deployment—and keep working to narrow that gap.

wavePod

Tech Investment Strategies and Overview [CISOP]

Powered by Wave AI

Summary

Podcast Summary: CyberWire Daily – Tech Investment Strategies and Overview [CISOP]

Episode Overview

Key Discussion Points and Insights

1. The Misalignment of Cyber Industry Incentives

2. How VCs Evaluate Cybersecurity Investments

3. The Challenge of Innovation and Practitioner Frustrations

4. Inclusion of Practitioner Input in Investment Decisions

5. Barriers to Disruptive Innovation

6. Trends and Practical Advice for Practitioners

Notable Quotes & Moments with Timestamps

Important Segment Timestamps

Flow & Tone

Actionable Takeaways

Summary

Podcast Summary: CyberWire Daily – Tech Investment Strategies and Overview [CISOP]

Episode Overview

Key Discussion Points and Insights

1. The Misalignment of Cyber Industry Incentives

2. How VCs Evaluate Cybersecurity Investments

3. The Challenge of Innovation and Practitioner Frustrations

4. Inclusion of Practitioner Input in Investment Decisions

5. Barriers to Disruptive Innovation

6. Trends and Practical Advice for Practitioners

Notable Quotes & Moments with Timestamps

Important Segment Timestamps

Flow & Tone

Actionable Takeaways