Welcome back to The Trident Radar!

I installed a VSCode extension last week that promised to make my code 10x more efficient. It added rainbow brackets. That's it. Rainbow brackets. Meanwhile, Palo Alto just paid $300M for a company that detects when those innocent-looking extensions are actually stealing your source code and AWS credentials. Suddenly I'm auditing every extension I've ever installed.

This week we're covering supply chain paranoia, a $232M LBO that proves network infrastructure never dies, and why your two-page CV full of 12-month stints is going straight in the bin.

Let's dive in!!

Insider Insight: The Tenure Problem Nobody Wants to Talk About
Company Spotlight: KOI

Josh interviews Nick Palmer, VP International Business at Group-IB. Watch as they discuss his journey in to a Russian Intel Org, current Intel trends in Europe and what the future of Threat Intel looks like (from 5 years ago!!)

Nick Palmer started and currently is VP International business @ Group-IB. Nick has a deep understanding of threat intelligence, digital forensics and incident response, investigations, advanced network security and anti-fraud.

Stellar Cyber
Debt, $25M
Developer of an open security operations platform designed to unify and automate threat detection, investigation, and response. Delivers end-to-end threat detection by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface.

Category: Open XDR / Security Operations
HQ: San Jose, CA

Ditto.ID
Venture Funding, $14.83M (Talipot)
Developer of a cybersecurity platform providing safe digital connections through authentication technology. Provides remote secure access to business-critical applications, user information, and sensitive data for banks and financial institutions.

Category: Identity & Authentication
HQ: London, UK

SecondSight
Venture Funding, $11.68M
Developer of a digital risk management platform for cyber insurance. AI-powered tools for assessment, placement, monitoring, and mitigation of digital risks. Delivers definitive view of an organization's digital ecosystem.

Category: Cyber Insurance / Risk Management
HQ: Bloomington, IN

Ralio
Pre-Seed, $2.96M (Sure Valley Ventures)
Developer of programmable payment infrastructure for autonomous agent transactions. Offers tokenized identity verification, transaction intent validation, programmable spend controls, and human-in-the-loop mechanisms. Post-money valuation $7.3M.

Category: AI Agent Infrastructure / Payments
HQ: London, UK

LuxQuanta
Venture Funding, $1.03M (Big Sur Ventures, INNVIERTE)
Developer of quantum cryptography hardware enabling secure key distribution over optical fiber networks. Uses continuous-variable quantum key distribution, integrates with telecom infrastructure, operates at room temperature.

Category: Quantum Security / Cryptography
HQ: Barcelona, Spain

Cloud Storage Security
Series C, $850K
Developer of cloud storage security software to detect, monitor, and prevent threats across cloud environments. Storage inventory tracking, activity monitoring, sensitive data classification, and public exposure visibility. Post-money valuation $35M.

Category: Cloud Security / Data Protection
HQ: Sandy, UT

KnowSilo
Seed, $615K
Operator of a cybersecurity consulting and engineering company. Threat and data management automation, zero-trust consulting, DevSecOps engineering, cyber threat intelligence, and digital forensics.

Category: Cybersecurity Services / Consulting
HQ: Columbia, MD

KOI → Acquired by Palo Alto Networks (NAS: PANW)
Deal Type: Merger / Acquisition
Deal Date: April 14, 2026
Deal Size: $300M

Developer of suspicious IDE extension analysis platform. Secures software supply chain from malicious and risky VSCode extensions. Continuously analyzes extensions on the Visual Studio Code marketplace to detect malicious, risky, or vulnerable third-party extensions.

EfficientIP → Acquired by Francisco Partners
Deal Type: LBO
Deal Date: April 15, 2026
Deal Size: ~$232M (EUR 200M)

Developer of network automation tools for IP-based communication. Simplifies network management, enhances operational efficiency, and offers DDI (DNS, DHCP, IPAM) security services.

I'm going to say something that might upset some people: if you've had four jobs in three years, you have a problem. Not the market. Not your managers. Not the economy. You.

Before you close this email, hear me out. We recruit cybersecurity sales professionals for a living. We see hundreds of CVs a month. And the pattern we are seeing is getting worse, not better.

The data backs this up. According to my research, average AE tenure in SaaS fell to 2.2 years, down from levels that had remained stable since 2010. For SDRs, it's even worse: SaaStr data shows average tenure at just 14 months, with 52% not lasting even 12 months. Other agencies also report sales rep turnover at 35%, nearly three times the 13% average across all other industries.

And it's creating a vicious cycle that's hurting everyone involved.

Here's what happens when you leave a job after 12 months: you never get out of ramp. Most enterprise sales roles take 3-6 months before you're fully productive. Xactly's research shows reps hit peak performance between two and three years in role. If you leave at month 12, you've had maybe one or two quarters of actual performance. That's not a track record. That's a sample size of one.

Hiring managers see this. They do the maths. If someone has bounced three times in three years, they're going to bounce again. Why invest six months in ramping someone who'll leave before they produce? So the best roles, the ones with real equity, real territory, real support, they go to candidates who've demonstrated they can stick.

Now, I know what you're thinking. "But Ryan, the company was toxic." "The product was broken." "My manager was terrible." "They changed my comp plan." All of these can be true. Cybersecurity vendors do lay people off. Startups do implode. Products do fail to find market fit. Bad managers exist.

But here's the uncomfortable truth: everyone has a story. Every short stint has an explanation. The candidates who win are the ones who have one story, not four.

So what do you actually do about it?

If you're job hunting now: own the narrative before they ask. If you have short tenures, address them proactively in your cover note or first conversation. "I know my recent moves look choppy, here's what happened and here's why this role is different." Hiring managers respect self-awareness.

If you're in a role you're thinking of leaving: do the maths on timing. If you're at month 10 and miserable, can you get to 18? That's the minimum threshold where a tenure stops looking like a red flag. Two years is better. Three years with a promotion is gold.

If you're considering an offer: be brutally honest about whether you'll stay. Is the product real? Is the manager someone you can work for? Is the comp plan sustainable? Taking a job you know you'll leave in a year is worse than waiting for the right one.

If you're a hiring manager: look at the trajectory, not just the dates. Someone who did 18 months, then 2 years, then 2.5 years is trending in the right direction. Someone who did 3 years, then 18 months, then 12 months is trending the wrong way. The direction matters as much as the absolute numbers.

The market for cybersecurity sales talent is competitive. There are more open roles than qualified candidates. But "qualified" increasingly means "demonstrated ability to stay and perform," not just "has carried a bag before."

The candidates who build the best careers are the ones who pick their spots carefully, commit fully, and only move when they have to, not when they want to. The grass isn't always greener. Sometimes it's just a different lawn you'll get bored of mowing.

Build a career, not a CV.

Website - https://www.koi.ai

Palo Alto Networks continues its acquisition spree with KOI, an Israeli startup focused on securing VSCode extensions. The $300M deal closed on April 14th, adding another layer to Prisma Cloud's supply chain security capabilities.

The Problem KOI Solves:

Developers install VSCode extensions without thinking twice. There are over 50,000 extensions in the marketplace, and most of them have access to your code, your file system, and your network. A malicious extension can exfiltrate source code, inject backdoors, or pivot to cloud credentials. And nobody was really watching.

KOI built a platform that continuously analyzes every extension in the VSCode marketplace. They detect malicious behavior, identify risky permissions, flag vulnerable dependencies, and provide an API so enterprises can automate policy enforcement. If an extension starts doing something suspicious, KOI catches it.

Why Palo Alto Paid $300M:

This acquisition fits perfectly into Palo Alto's Prisma Cloud strategy. They've been building out software supply chain security capabilities since the Bridgecrew acquisition in 2021 and Cider Security in 2022. KOI adds coverage for the IDE layer, a blind spot that most security tools ignore.

The timing makes sense too. Supply chain attacks are escalating. The VSCode marketplace has become a target because developers trust it implicitly. Nation-state actors have already been caught distributing malicious extensions. KOI gives Palo Alto the ability to offer enterprises visibility into what their developers are actually installing.

The Team:

KOI was founded in Tel Aviv, adding to Palo Alto's growing Israeli presence. The company was relatively early-stage, making this a capability acquisition rather than a revenue play. Expect the technology to be integrated into Prisma Cloud's Code Security module within the next 6-12 months.

What It Means:

IDE security is now officially a category. Palo Alto just validated that securing the developer environment is worth nine figures. Expect competitors to start paying attention to this space, either through acquisition or organic development.

For security teams, the message is clear: your developers' extensions are part of your attack surface. If you're not monitoring what gets installed in VSCode, Cursor, or other IDEs, you have a blind spot that attackers are already exploiting.

Director of Information Security
💰 £160K
📍 UK (Remote)
Data integration platform helping enterprises unlock value from their data. Series D company with strong growth trajectory. Building out security function.
Contact: [email protected]

Senior BDR
💰 $90K
📍 US
Open-source security company with massive community adoption. Nuclei-based vulnerability scanning platform. High-growth environment with path to AE.
Contact: [email protected]

Regional Director - East
💰 $190K base
📍 US (East)
Enterprise technology solutions provider. Leading regional team across cybersecurity and infrastructure. Established company with strong customer base.
Contact: [email protected]

Account Executive - West
💰 $155K base
📍 US (West)
Cloud security remediation platform. Helping security teams fix vulnerabilities faster. Well-funded startup with strong technical differentiation.
Contact: [email protected]

Account Executive
💰 $120K base
📍 US
Threat intelligence platform focused on credential exposure and dark web monitoring. Growing customer base across enterprise and mid-market.
Contact: [email protected]

Account Executive
💰 $150K base
📍 US
Application security company helping developers find and fix vulnerabilities. Strong engineering culture with modern DevSecOps approach.
Contact: [email protected]

Ready to make your next move? These roles won't stay open long.

Four cybersecurity companies went out of business this week:

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.