Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Product + Marketing at Monad and former detection engineer in big tech. Each week, I dig through all the major headlines to bring you the latest security product innovation and industry news. Subscribe below for weekly updates! 📧

🥇 Chainguard Containers: 98% fewer CVEs compared to OSS alternatives🥇

The status quo in open-source software (OSS) delivery has led to high profile security breaches, compliance failures, and constantly growing CVE backlogs. Security teams need more visibility into the OSS used by dev teams.

Enter Chainguard: Minimal, hardened containers rebuilt daily, so your teams can ship quickly and confidently.

👉 See Chainguard in action!

Tl;dr

If you’re short on time, below are this week’s highlights:

• It’s officially cybersecurity earnings season with 9 public security companies reporting in the past couple of weeks and 6 more in the coming weeks.

  • CloudFlare had a particularly strong quarter. Notably signed a multi-year, $130M+ contract.

• Orca acquires Opus to bring AI agents to prioritization and remediation.

• CrowdStrike and Microsoft layoffs impact over 6.5K employees.

• ServiceNow adds AI agents to its suite of security solutions. Deep dive included in ‘Security Operations’ section.

• NSO Group ordered to pay $167M to Meta for damage tied to its spyware.

• Cato Networks adds a pretty dope ‘autonomous policies’ feature for it’s SASE solution.

• ..And loads more product news!

Okay cool, let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

Earnings Season 💰

It's earnings report season which means we get visibility into how certain security market segments and public companies are performing. I always like to feed the transcript to GPT and ask it to highlight key takeaways or try tune in live for some of the bigger players like Palo Alto Networks and CrowdStrike. There’s so much alpha and insights in listening to earning calls. Highly recommend if you’re not doing so already!

That said, if you're in a rush or don't like digging through transcripts, Cole Grolmus (Strategy of Security, Mike Privette (Return on Security) and several others typically provide amazing coverage of earning calls. Below is coverage for companies that have reported most recently. Click on the full company name for the tl;dr on quarterly performance:

• CloudFlare (NET 0.00%↑) - Very strong quarter. Beat Wall St. expectations

• Varonis (VRNS 0.00%↑) - Strong quarter. 19% ARR growth. Beat Wall St. expectations.

• Tenable (TENB 0.00%↑) - Good quarter. Vulcan (exposure management) acquisition has been playing out well for them. Beat Wall St. expectations.

• Fortinet (FTNT 0.00%↑) - Beat Wall St. expectations.

• Qualys (QLYS 0.00%↑) - Beat Wall St. expectations.

• Checkpoint (CHKP 0.00%↑) - Beat Wall St. expectations.

• Rapid7 (RPD 0.00%↑) - Beat Wall St. expectations. ARR + # of customers up YoY.

Upcoming Q1 FY25 Earnings

• Cisco (CSCO 0.00%↑) - May 14, 2025

• Palo Alto Networks (PANW 0.00%↑) - May 20, 2025

• Okta (OKTA 0.00%↑) - May 27, 2025

• CrowdStrike (CRWD 0.00%↑) - Jun 2, 2025 - Jun 6, 2025

• SentinelOne (S 0.00%↑) - May 28, 2025 - Jun 2, 2025

• Rubrik (RBRK 0.00%↑) - Jun 5, 2025

CrowdStrike and Microsoft Layoffs

CrowdStrike cuts 5% of workforce

The layoffs are attributed to AI efficiency gains. 500 employees impacted. Seems like it's more of the GTM and services side of the org. The CEO, George Kurtz, says that they will continue to hire people in customer-facing and product engineering roles.

Microsoft lays off 3% of workforce

6,000 employees across "all levels, teams, and geographies" impacted. A third of those impacted work at the HQ in Redmond, Washington. Based on their spokesperson and CFO's recent comments, the goal of the cuts are to reduce management layers and streamline processes.

Layoffs are never easy and sadly, I think we'll continue seeing the trickle of these types of headlines as enterprise AI adoption continues to gain steam. If someone you know has been impacted, please check in on them. If you've been impacted and would like to chat, drop me a note wherever you can reach me (here or LinkedIn). Happy to be a sounding board and help you figure out next steps.

Attribution is a Trap (in Marketing)

Nicole recently shared a banger of a post that highlights why attribution is only a piece of the puzzle and how to approach B2B marketing in today's noisy world.

"We’re constantly consuming - scrolling, skimming, passively absorbing. But we’re not always clicking, downloading, or filling out a form." In B2C, The Rule of 7” says the average person needs to see a message 7–13 times before taking action. In security which is a deeply trust-based industry, this number is often much higher. Therefore, security marketing teams should try their best to diversify their channels and content mediums so they can reach their intended audience in the ways and places they like to be reached, repeatedly for higher chances of success.

Nicole recently started her newsletter called "Pipelines & Perspectives". If you're on the GTM side of security, I highly recommend subscribing to it!

NSO Group ordered to pay $167 million after losing WhatsApp lawsuit.

The highly controversial NSO Group, which built and distributed the Pegasus spyware to over 1.4K WhatsApp users, has been ordered to pay $167M in damages to Meta.

Pegasus was reportedly sold to the Saudi Arabian government for $55M and was allegedly involved in the murder of a Washington Post journalist, Jamal Kashoggi, in 2018.

The NSO rabbit hole runs deep. If you want to dive in, episode #100 of Darknet Diaries (pinned above) is an amazing place to start!

🔮 The Future of Security 🔮

Cloud Security

Orca Security acquires Opus to expand AI-driven cloud security automation

Opus is a vulnerability management startup that had raised a $10M seed in September of 2022. Their platform integrates with 100+ security tools to aggregate, prioritize and help automate remediation of vulnerabilities. Over the recent years, they made a heavy push towards automated remediation using AI agents and their own proprietary prioritization framework which includes various critical factors like business context, exploitability, and threat intel. I see them as a more proactive Avalor.

This is a fantastic pick up by Orca from a talent + product standpoint. CNAPPs produce a ton of findings, this will help with the last mile of prioritization and remediation of security issues. Terms of the deal are undisclosed.

Data Security

BigID launches Privacy Executive Console

A console built specifically for privacy leaders which I believe is an underserved market. With the emergence of AI and a stricter regulatory environment, privacy has become a growing concern, especially for consumer-facing enterprises. Kudos to BigID for this launch.

Identity security

ClearVector raises $13M to expand identity-driven threat detection platform (ITDR)

ClearVector is an ITDR player with a distinct focus on tracking + providing coverage on what happens post-authentication. They've recently raised a Series A in a round led by Scale Venture Partners, and joined by Okta Ventures, Inner Loop Capital and Menlo Ventures.

IoT/OT Security

Nozomi Networks adds support for Nvidia BlueField DPUs

Nozomi Networks has announced support for NVIDIA BlueField-3 Data Processing Units (DPUs) to enhance operational technology (OT) and Internet of Things (IoT) security. This integration allows Nozomi's AI-powered sensors to run directly on BlueField DPUs, enabling real-time threat detection and response at the edge. By offloading data processing from CPUs to DPUs, organizations can improve system resilience and maintain uptime without altering existing network configurations.

Network Security

Cato Networks launches AI-driven Autonomous Policies

While I'm not a network security expert, I have written my fair share of firewall rules. That said, I must admit that this feature is pretty bad ass. It continuously monitors network activity to make policy recommendations to eliminate unnecessary openings, stale rules, improve network performance and tighten access control.

I love adaptive, behavior-based security solutions that take on the guess work and analysis on behalf of security teams. That said, trust but verify.

Security Operations

ServiceNow unveils AI agents for security

ServiceNow has slowly been encroaching into the cybersecurity space and in my opinion, they are well-positioned to do so. ServiceNow is used by 85% of the Fortune500 ($200B mkt. cap) and has CMDB, ITSM and strong case management capabilities. In other words, they have a crap ton of context about business infra, business units, and ongoing activity.

Over the past couple of years, they've launched a threat intelligence platform, Digital Operational Resilience Management (DORM) solution, and announced partnerships with Cisco and Microsoft to provide security + governance for AI. They also have a vulnerability management offering and rich integration ecosystem with security vendors.

Most recently, they launched AI agents to operate across all their security offerings to help orchestrate vulnerability remediation, respond to new threat campaigns, and manage risk.

This wasn't in my bingo card for 2025, but, ServiceNow is a great story to keep your eye on in security and AI moving forward.

More SecOps news ⬇️

• Rapid7 Launches Managed Detection & Response (MDR) for Enterprise

• Huntress Debuts Managed SIEM to Simplify Cybersecurity

• BlueVoyant Launches Optimization Service for Microsoft Security Tools

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!