top of page
Search

70% of CISA is gone. (really)

  • Lytical Ventures
  • Aug 13
  • 5 min read

Cyber Thoughts Newsletter


AUGUST 2025


You might have noticed we’re a bit late this month. That’s because we wanted to wait until after Hacker Summer Camp, the annual combo of Black Hat and its rowdy sibling DefCon. The content? The best in years. Attendance? Flat. The likely culprits? Less international travel and DOGE budget cuts.


But the rumor that really fried our circuits: 70% of CISA is gone. Or, for the non-cyber nerds among you, the Cybersecurity and Infrastructure Security Agency (CISA). We knew Trump’s budget aimed for a 30% cut, but between DOGE reductions and people heading for private sector paychecks, insiders say it’s already more than double that. This is a disaster. There, we said it. No matter your politics, this is bad, very bad.


Cybersecurity is a national interest, not just a federal budgeting problem. Why? Because your typical small business can’t equip itself with the tech or talent to adequately defend itself. Even if they could, expecting the private sector to secure the entire supply chain is pure fantasy. The federal government should be backing up small businesses; instead, they’re walking away from the fight.


With that bit of sunshine out of the way, here are our top 5 takeaways from Black Hat, based on what we saw as attendees, with a little extra perspective from our role on the review board. We had an insider’s view of the action, and these observations are strictly our opinions.


  1. Startup Spotlight Competition

As one of the judges for this year’s Startup Spotlight competition, we sat through more than 120 pitches, some genuinely great, others impressive mainly for their creative use of buzzwords. There were even a couple totally generated by AI. Really? That said, three of the four finalists were AI companies, and the winner, Prime Security, actually put the tech to work, using AI to supercharge security architecture reviews. All four finalists, FireTail, Keep Aware, Prime Security, and Twine Security, brought their A-game and made it look easy to stand out in a crowded field.


  1. CISOs Are the Cool Kids at the Party

The battle for CISO (Chief Information Security Officer) attention has gotten so intense that vendors are literally buying their time. New? Not really. Price tag? Getting stupid. One sales exec told us about a 45-minute line for a free custom-tailored blazer, but only for CISOs on the invite list. The rest of us just watched while holding our free “Prompt me, maybe?” t-shirt. Okay, we made that one up… but now we kind of want one.


  1. MCP Has Won (and now we have a problem)

Model Context Protocol servers are quickly becoming the go-to way for AI agents to connect to external systems using a consistent, open standard. You think, “I need data from another security product… I know, I’ll use an MCP server!” Congratulations, you now have two problems. The upside is big, but so is the new attack surface you just introduced. Which is great, if your security strategy includes keeping the incident response team gainfully employed.


  1. It’s All Downhill from Here

We met a 23-year-old, fresh out of school, trying to build an AI pen testing platform. Nothing unusual here — except he was a finance bro who can’t code. This is the founder profile we would expect at YC pitching “the next big social app.” Instead, here they are at Black Hat. Pro tip: you can often spot the peak of a bubble by watching where Harvard MBAs land; their top choice is usually the top of the valuation curve. We might be there.


  1. Outsider Eyes on Black Hat

One of our partners is new to cybersecurity. After his first Black Hat, his hot take was: “Cyber is a real industry.” Well DUH! Sounds obvious, right? A corporate lawyer turned AI founder, he still thought of cyber as a bit of a cottage market. A dozen or so dedicated public companies, most acquisitions historically under $500 million, and a constant drumbeat of new startups. In his head, that meant Black Hat would feel like a chaotic startup bazaar.


Instead, he walked into an expo floor dominated by public companies and late-stage giants throwing their weight around. Big booths. Bigger logos. More suits than hoodies. Startups were still there, but tucked between the giants like kids squeezed into the corner of the grown-ups’ table.


His point, and it is a good one, is that most people outside cybersecurity still have no idea how big and mature the industry really is. For an “insider” industry, it is much larger than you would expect, with a lot more money flying around than you’d think for something most “outsiders” still think runs on hoodies, Mountain Dew, and hope.


Fun Fact: Black Hat was started by DefCon founder, and Lytical Advisor, Jeff Moss (a.k.a. The Dark Tangent), and originally ran at the same time as DefCon for purely logistical reasons. DefCon was originally held in the summer so the mostly young, mostly broke hackers could attend without skipping school. Which is why we spent this August in Vegas, roasting in 108-degree heat. Cheap venues, free schedules, and maximum dehydration; the original hacker endurance test. You’re welcome.


Lastly, if you appreciate our highlighted content, please follow us on Twitter and LinkedIn, where we regularly post about things worthy of attention.


What We're Reading

Here's a curated list of things we found interesting.


Are CISA cuts making America safer? Current and former officials clash at hacker conference

ree

We believe we’ve already made our thoughts clear on this one; so we are on the side of the NSA? Weird thing to say. 


Is narrowing the scope of federal cyber defense making the country safer? A Trump‑appointed official and a former National Security Agency cybersecurity chief offered contrasting views at the Black Hat conference here on Tuesday.







How AI is helping advance the science of bioacoustics to save endangered species

ree

Can AI help us understand whale songs? No. But it’d be cool if it did. Maybe someday?


Our new Perch model helps conservationists analyze audio faster to protect endangered species, from Hawaiian honeycreepers to coral reefs. One of the ways scientists protect the health of our planet’s wild ecosystems is by using microphones (or underwater hydrophones) to collect vast amounts of audio dense with vocalizations from birds, frogs, insects, whales, fish and more.





The AI-Driven Cloud Market Share Shift

ree

A great piece on why Azure may be eclipsing AWS in importance. Hint: It’s AI. The answer is always AI. 


What force could dethrone AWS after more than a decade of unchallenged dominance?









Transactions

Deals that caught our eye.


Breaking Down Palo Alto Networks’ $25B CyberArk Acquisition

ree

Palo Alto Networks’ $25 billion planned acquisition of CyberArk is a fundamental shift in how enterprises approach security architecture in an era where artificial intelligence agents, automated systems, and human users all require sophisticated identity management.










Podcasts

What we’re listening to.


Ross Haleliuk, author of Cyber for Builders and thought leader

https://www.lyticalventures.com/post/episode-11-mike-privette

In this episode of CyberThoughts, host Lucas Nelson speaks with Ross Haleliuk, author of "Cyber for Builders" and a cybersecurity founder. Haleliuk discusses his journey into cybersecurity and why he views it as a horizontal, rather than a vertical, market. He introduces the concept of cybersecurity as a "market for silver bullets," where neither buyers nor sellers can guarantee a product's future efficacy, and explains why this, combined with high switching costs, makes market entry for new companies extremely challenging, despite the hype around new technologies like AI.






About Lytical

Lytical Ventures is a New York City-based venture firm investing in Corporate Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. Lytical’s professionals have decades of experience in direct investing generally and in Corporate Intelligence specifically.


 
 
bottom of page