“This was an ecosystem [that was] very, very hard for outsiders to come in and join. So that barrier has gone down. That's the good news,” Joe Lin, co‑founder and CEO of the VC‑backed cyber firm Twenty, told an industry conference — a blunt assessment that frames a central tension: venture capital sees opportunity in defensive cyber, but it is not yet clear whether the market will produce a small number of dominant “true winners.”
Joe Lin and Twenty on venture capital in defensive cyber
Lin told Second Front’s Offset Symposium that private capital is not flowing into cybersecurity at the same rate as other defense tech because it’s unclear whether companies can scale into clear market leaders. He argued that the ecosystem’s historic barriers to entry have fallen, but that uncertainty remains about whether “a company that is able to take a lot of money invested into private R&D is able to actually be successful in the space.” That observation frames why venture investors are cautious even as new entrants proliferate.
Brian Carbaugh and Andesite on buyer fatigue and “table stakes” features
Brian Carbaugh, ex‑CIA and co‑founder and CEO of Andesite, described a market saturated with vendors and marketing dollars. “There is a tremendous amount of noise,” Carbaugh told Defense One, adding that buyers experience “fatigue because they're having to sift through just so many vendors and pitches that oftentimes don't materialize.” He said customers now expect tools that “can do all the things, all the time,” and that features once considered innovative are increasingly “table stakes.”
Carbaugh framed the opportunity differently: technology that can “optimize” analysts and be auditable with “a very, very high security compliance” can materially relieve overburdened security operations centers. He noted that “the warning lights are blinking red in a lot of these [security] operations centers” and called the daily work of CISOs and their teams “nothing short of heroic.”
Katie Sutton and Maria Barrett on tighter Pentagon–industry coupling
Katie Sutton, the Pentagon’s cyber policy chief, argued the Department of Defense must develop a closer relationship with the cyber industrial base so vendors do not “build the battlefield and we operate on it in a very disjointed way.” Sutton said the Pentagon’s forthcoming update to its three‑year‑old cybersecurity strategy and implementation plan will “set a very definitive vision of where we need to go” and include “a very detailed action plan” for persistent challenges such as workforce development and ensuring cyber operators have current tools.
Maria Barrett, former commanding general of U.S. Army Cyber Command, emphasized adaptability: industry partners must be “willing to work with us, and right side the operator, or whoever the user is, to tweak it,” because “that quality of adaptability … and the willingness to be able to do that and deliver it quickly…that's the new normal.”
HASC’s NDAA mark: solid rocket motors and a supply‑chain program
The House Armed Services Committee’s draft of the annual defense policy bill includes two supply‑chain provisions that intersect with industrial policy and risk management. One provision would create a Pentagon working group and “would require that certain covered munitions have more than one solid rocket motor supplier,” and lawmakers urged the defense secretary to “obligate and expend funding that has been appropriated by Congress for this explicit effort.”
The committee also signaled caution about the Pentagon’s use of equity investments in established industries like solid rocket motors: “The committee also remains concerned with the sole use of equity investments with regards to expanding solid rocket motor industrial base when there are other tools that could be used in a more expeditious manner given the importance of increasing munition production,” the draft states.
Separately, the draft would require the Pentagon’s industrial policy office to create a “Defense Supply Chain Risk and Response Program” to “develop a common framework across the Department of Defense and with contractors to enable a holistic and coordinated approach for identifying managing risks,” explicitly naming cyber vulnerabilities, foreign investments, financial distress, and supply chain disruptions.
Navy information warfare leadership and other defense contracting notes
The Navy has added new leadership roles in information warfare: Jennifer Edgin was appointed assistant deputy chief of naval operations for IW requirements and capabilities, and Rear Adm. Susan Bryer Joyner was named IW director. Other brief items from the Defense Business Brief include Deloitte winning a $249 million contract to support implementation of the Army’s organic industrial base modernization plan as the only bidder; the Justice Department arresting two defense contractors on bribery and fraud charges linked to Army Pacific Command’s innovation hub in Hawaii; a reported robbery of the SEC; and SpaceX landing a more‑than‑$2 billion satellite communications contract.
What this means for CISOs, the Pentagon, and venture investors
- CISOs and security teams: Expect continued pressure to evaluate many vendors and demand auditable, adaptable tools that can scale; Carbaugh warned that buyers are fatigued by pitches that do not deliver.
- The Pentagon and policymakers: Sutton’s planned update to the cybersecurity strategy and HASC’s proposed supply‑chain program signal moves toward a more coordinated, risk‑focused industrial policy that can address cyber vulnerabilities and supplier concentration.
- Venture investors and startups: The lowered technical and market entry barriers present opportunity, but Lin’s central question remains — can capital‑led entrants become the “true winners” in a market where procurement, adaptability, and operational integration are decisive?
The facts in view create a clear hinge: the cyber industrial base is expanding and venture capital is circling, but buyers’ expectations, Pentagon policy adjustments, and congressional scrutiny of industrial tools like equity investments will determine whether a fragmented market consolidates into a set of enduring suppliers — or remains a crowded field where many try and few dominate.




