I like the industry as a whole, so I compiled some information that I focused on when I was choosing which companies to buy. I majored in computer network and security, have been on a sales team which sold cybersecurity solutions to government agencies, and my close relative is a CISO of an MNC, so I sort of understand the background of how the industry works from both the sales, technical, and customer part.
There are many different solutions with many companies in each solution, so find a solution you're thinking of investing. There are four main layers companies look at when structuring their defence; network, endpoints, application, data. Each layer has sublayers that requires different forms of protection, creating many small niches that requires a cybersecurity solution. For example, endpoint solutions has endpoint detection and response (EDR) which involves stopping and remediating attacks happening on PCs (where Crowdstrike and SentinelOne are in), or endpoint management which enforces policies and regulations on PCs (Tanium and Bigfix). Some other solutions are SASE, SWG, CASB, ZTNA, SIEM, NDR, MDM. It's good to dive into a particular solution, instead of looking at cybersecurity as a whole as it's too broad.
There are some companies that has a foot in different solutions, like how Zscaler provides both ZTNA and SWG solutions (two of the many solutions that are on the network defence layer), but generally you're looking at more than 5, or even 10 companies at each layer. You can look up something called Gartner Quadrants to see the who's leading a particular solution and the competing companies. An easy decider is picking the best company for a particular solution.
Side note: Companies in this industry are also at constant R&D war with each other. Losing out in developing newer technologies immediately puts you behind when companies are sourcing for solutions. As soon as a new solution goes onto the market with a strong solution, organisations would reaccess how this new solution may integrate and possibly solve more areas than existing solutions. Many are constantly on the lookout to improve existing infrastructure. Solutions can be phased out after 2 or 3 years if companies deem the solution as laggards. You have to constantly watch which solutions are being left behind, and keep track of solutions R&D steps to ensure your company stays relevant. Even the solution itself can be phased out by newer solutions, so do watch your company closely.
Not sure whether ETFs may be better, on the fence for this. Would love to hear any feedback or thoughts!
Leave a Reply