Cybersecurity market intelligence · Transaction diligence · Verified AI

Decision-grade intelligence for the cybersecurity market.

RiskOne is a standing intelligence system for investors and operators — every material claim source-tagged, confidence-banded, and re-verified on a clock. Built for the few engagements where being right matters more than being fast, and delivered fast anyway.

Request an engagementHow the system works →

Opinions do not keep score. RiskOne does.

Coverage

How we segment the cybersecurity universe.

Every entity that matters sits in a standing census — watched daily for material change. The ones that matter most carry full structural profiles: ownership, capital stack, technology position, trajectory. Explore the segments:

13
segments
2,000+
entities under standing census
380+
full structural profiles
Continuous
re-verification — never stale
Segment · census → profiledAs of 2026-06-12

MDR, MXDR, SOAR, IR and DFIR — and the shift to agentic security operations.

503 under census → 129 structurally profiled · re-verified continuously

Tracking an entity we have not profiled yet? Request coverage →

+ 297 entities under census in emerging domains, not yet broken out

Abstract rendering — entities are never identified · as of 2026-06-12

The connected universe

Coverage is a graph, not a list — every profile is wired to the people, owners, products, and transactions around it.

  • executives mapped337
  • investors tracked174
  • products mapped142
  • ecosystem links71
  • transactions comped36
··

Signals & intelligence

What the system surfaced recently.

Publicly-reported market events on tracked entities, from the daily news sweep. External sources only — analyst findings, deliverables, and client material never appear here.

2026-06-10
funding

CyeraCyera Raises $600 Million at $12 Billion Valuation — Series G led by Evolution Equity Partners

Data and AI security company Cyera raised $600M Series G at $12B valuation; led by Evolution Equity Partners with Cyberstarts, Temasek, Accel, Blackstone, AT&T Ventures, Coatue, Spark Capital. Total funding now exceeds $2B. Valuation…

Source →
2026-06-10
funding

Pi SecurityPi Raises $35M to Make Security Scale as Fast as Code — Series A led by Brightmind Partners and Third Point Ventures

Pi, an agentic AI security platform automating software protection from design to deployment, raised $35M total ($25M Series A + prior seed) led by Brightmind Partners and Third Point Ventures, backed by CrowdStrike CEO George Kurtz and…

Source →
2026-06-10
funding

Aryon SecurityAryon Security Raises $29 Million in Series A Funding — preventive cloud security enforcement

Aryon Security, Israeli cloud-security startup founded by Matzov (elite IDF cyber unit) alumni, raised $29M Series A led by Brightmind Partners; participation from Datadog, Skinos Ventures (Shlomo Kramer), Blumberg Capital, Viola…

Source →
2026-06-10
regulatory

CISACISA issues Binding Operational Directive 26-04: Prioritizing Security Updates Based on Risk

BOD 26-04 requires federal civilian agencies to prioritize vulnerability remediation by four risk criteria (asset exposure, KEV status, exploit automation, post-exploitation impact); deadlines from 3 days (highest risk) to 60 days;…

Source →
2026-06-10
platform-move

Google Security OperationsGoogle SecOps agentic-SOC expansion: Triage & Investigation Agent GA (claims 5M+ alerts processed, 30-min analyses to ~60s); Detection Engineering, Threat Hunting, Agentic Automation in preview

New June 2026 announcement (distinct from April Cloud Next preview and May Google AI Threat Defense). Triage & Investigation Agent autonomously investigates alerts and is now generally available — first-party hyperscaler agentic L1/L2…

Source →
2026-06-09
m&a

Cycurion, Inc.Cycurion, Inc. Completes Transformative Acquisition of Secuvant, LLC and Flagship Panoptic Cybersecurity Platform

Cycurion (NASDAQ: CYCU, tracked Target) closed its acquisition of Secuvant LLC (Panoptic continuous threat & vulnerability visibility platform) on 2026-06-02; PR 2026-06-09. Consideration ~$2.875M ($875K cash + 888,888 preferred shares…

Source →

Updated with each census sweep · as of 2026-06-12

01

Market intelligence

A standing system — not a subscription to someone else's thesis.

Traditional coverage is a $1M-a-year stack of analysts and subscriptions that applies someone else's framework on someone else's schedule. RiskOne replaces it with a system that runs continuously against your thesis: a daily census across the cybersecurity universe, structural profiles of every entity that matters, and ranked screens you can put in front of a board or an investment committee — with the evidence chain visible on every line.

  • Ranked investment screens, board-ready
  • Sector pre-reads with consolidation vectors and trading comps
  • Capital-stack monitoring — maturities, covenant posture, distress signals
  • Continuous currency: findings expire, claims re-verify on a clock
02

Transaction diligence

Three weeks becomes three hours — and the output stays current after it ships.

For private-equity sponsors and acquirers in the cybersecurity market: a deal-cycle suite built on the same living dossiers — triage one-pagers for Monday pipeline calls, deep-dive competitive dossiers, IC memos with every claim linked to falsifiable assertions, CFO packs with the valuation multiple implied by technology ownership, and a simulated pressure-test from the five people who will actually challenge the deal.

  • One-pager triage → deep-dive dossier → IC memo
  • CFO pack: revenue quality, margin levers, implied multiples, deal comps
  • Capital-stack posture before strategic logic — distress is structural
  • Q&A simulation: IC skeptic, operator, LP, GC, management
03

Verified AI

Trust is earned by architecture — and verified continuously.

Most AI programs ask for trust up front and never check it again. Published red-team results say adaptive prompt injection wins more often than not — so we don't negotiate with the model, and we don't grant trust by policy. We architect so trust is earned: sensitive data physically cannot reach a frontier model — local redaction before anything leaves, a deterministic egress gate that classifies every call, and a tamper-evident audit chain of exactly what left and why. Then the trust is re-verified on every call, because sensitive work fails closed to local models instead of leaking.

This is a reference architecture we run in production — not a slide. We bring the same rigor to your AI estate, and we audit vendor AI claims the way an underwriter would: demonstrated, claimed-only, or theater.

The topology
workspace
redaction · PII never leaves
egress gate · deterministic, fail-closed
audit chain · hash-linked, append-only
frontier model · public-class data only
04

Detection & response advisory

Advice from an operator who has built what the market buys.

RiskOne's principal has built detection and response products adopted by two of the largest banks in the United States, by government, and across the Fortune 500 — each time as an operator inside those environments first, learning the biggest unmet needs firsthand and building the products that defined what came next.

That operator-builder base, paired with the standing intelligence engine, is what we bring to clients: where the market is moving, what buyers will actually pay for, and how to aim a development effort so it lands — grounded in public detection-efficacy evidence rather than analyst quadrants.

  • Product strategy and roadmap guidance, steered by the intelligence engine
  • Program strategy and vendor selection from the buyer's chair
  • Evaluation against detection-efficacy evidence, not quadrant position
  • Operator-to-operator counsel, delivered with builder's candor

Methodology

A chain of custody on every material claim.

Most diligence arrives as a finished document — conclusions detached from their evidence, current as of the day it was written, stale by the time it is read. RiskOne deliverables keep the chain attached. Three links, visible on every assertion:

i

Source-tagged

Every claim carries its source class — public, triangulated, expert judgment, or privileged — and privileged material never crosses into a client-facing deliverable. The MNPI firewall is structural, not procedural.

ii

Confidence-banded

High, medium, or low — earned, visible, and auditable. No false-precision scores, no decimal-point theater. If the evidence doesn't support a band, the claim says so.

iii

Re-verified

Findings expire. Every claim re-verifies on a standing cadence — material events trigger immediate re-verification, and nothing is allowed to go stale. Predictions are scored after the fact; the system's calibration is itself a tracked metric.

Who this serves

Built for the few decisions where being wrong is expensive.

i

Investors & acquirers

Sponsors, growth investors, and corporate development teams putting capital to work in the cybersecurity market.

What to expect
Ranked screens, living dossiers, and IC memos delivered in deal time — every claim sourced and confidence-banded.
Why it is worth it
Replaces a seven-figure stack of analysts and subscriptions with conviction that holds up in front of an investment committee.
ii

Operating executives

CEOs and product leaders of security companies deciding what to build, buy, or exit next.

What to expect
Market structure, competitive position, and roadmap guidance from an operator who has built category-defining products.
Why it is worth it
Product and portfolio bets de-risked before the capital is committed — not post-mortemed after.
iii

Boards & risk owners

Directors, CISOs, and the committees who must stand behind security and AI decisions.

What to expect
Vendor claims graded as demonstrated, claimed-only, or theater. AI adoption architected to earn trust and verify it continuously.
Why it is worth it
Confidence you can defend under questioning — not assurances you inherited from a vendor's deck.

See what decision-grade looks like — example deliverables →

The firm

Independent.
Highly focused.
Methodology-first.

RiskOne is an independent intelligence practice. Its principal has spent three decades inside security operations — from military CERT operations and global security operations centers, through the founding era of SIEM and network forensics, to the CTO seat of one of the industry's largest security integrators — and has taught information security to CISOs and executive teams as faculty since 2008.

Financial services leads the world in security operations, and he has been part of that charge at multiple of the institutions that set the bar — building and fielding detection capabilities inside the largest US banks. That is the standard the practice holds every engagement to.

The practice is highly focused and AI-augmented by design: a standing intelligence system multiplies expert judgment, so depth scales with focus rather than headcount. And it keeps score in public terms — claims are sourced, confidence is banded, predictions are calibrated after the fact. The methodology is the credential.

  • · No vendor sponsorships. No placement fees. No resale incentives.
  • · Client-privileged material is structurally walled, never recycled.
  • · If the evidence is thin, the deliverable says so.

Engage

Engagements are focused by design.

RiskOne works with a focused slate of marquee clients each quarter — investors, acquirers, and operating executives in the cybersecurity market. Outline the decision you need to make and the timeline it is on.

[email protected]+1.303.900.3191Existing clients: portal.risk.one →