For the past five years, I’ve been writing openly about all kinds of things in our industry - what I am seeing, what works, what doesn’t, what’s not being talked about, what we are missing, and so on. I’ve intentionally tried to stay away from a lot of nonsense that dominates security conversations, but that doesn’t mean that everything I say will resonate with everyone all the time. That’s perfectly fine and expected. Over the years, I’ve shared plenty of perspectives that ruffled feathers, like the idea that we need more venture capital and startups in security, that there is no such thing as “gatekeeping” in cybersecurity, that most of the security teams’ work has nothing to do with chasing advanced adversaries, or that VCs only really care about 6 cybersecurity markets among many, many others.

I am always super excited to hear from my readers, be it through messages or comments on social media, direct replies, or anywhere else. It doesn’t mean that I am great at responding (founder life), but I love a good debate about security. Disagreements are healthy because they mean people are thinking.

At the same time, there are two questions I get asked over and over again that, frankly, after all these years, still frustrate me every single time. Whenever I see them, I can’t help but wonder: How are we still asking these questions? What do we think they add to the conversation?

In this week’s issue, I want to talk about these two questions and why I think people asking them are completely missing the bigger picture.

“... do we really need this many point solutions?”

Every time I talk about the market, celebrate the growth of security startups, or simply mention the fact that Google’s biggest ever acquisition is a security company, someone will always jump in with some variation of the same comment: “Should we really be celebrating that? Why do we need so many point solutions? We need fewer products so that security teams can more easily make sense of the market”.

To be clear, I totally get where that frustration comes from. The market is 100% crowded, security teams are overwhelmed, stretched thin, and constantly bombarded by endless sales outreach. That fatigue is real, but the question if we need more point solutions completely misses the point.

Saying that “we don’t need this many point ...