The Hustle Daily Show: The Billion-Dollar Value of Cybersecurity Startups

John Weigel:
Hello everybody, it’s Sunday, and you know what that means. I’m John Weigel, and this is the weekend edition of The Hustle Daily Show.

The cybersecurity industry is a highly populated field projected to generate over $400 billion by 2030, according to Fortune Business Insights. A large portion of that could come from Google’s potential $23 billion acquisition of cybersecurity startup Wiz. Given how much money is moving through the industry, we wanted to take a deep dive into it — what are the intricacies of the cybersecurity field, and how can you get into it?

To help us with that, I’m pleased to have David DellaPelle, CEO and founder of Dune Security, here on the show today. He’s going to share insights on the future of cybersecurity, the startup ecosystem, and of course, how AI is reshaping everything.

Welcome, David — thanks for coming on.

David DellaPelle:
Hey, thanks so much, John. Really appreciate it.

John Weigel:
It’s great having you. I’m excited to talk cybersecurity. I wanted to start with something big happening right now — Google’s potential acquisition of Wiz for about $23 billion. Can you help me understand why a company like Google would want to pay top dollar for a cybersecurity startup?

David DellaPelle:
Yeah, that’s a great question to start with. First, hats off to the team at Wiz. In under five years, they’ve built a phenomenal company — a brand name that virtually everyone in cybersecurity knows, especially in the U.S. I believe around 40% of the Fortune 100 are Wiz customers.

That $23 billion number is huge. For comparison, Google’s acquisition of YouTube was somewhere between $2 and $4 billion. But Google has good reason to make a deal like this. They’ve already acquired Mandiant, which focuses more on threat intelligence.

I like to describe cybersecurity as a system of medieval castle walls. The enterprise network is like a city surrounded by defenses. Twenty years ago, that defense was the perimeter — firewalls protecting employees who came into the office. But that’s changed. The public internet has effectively become the new corporate network as employees access systems remotely.

Most organizations have also moved from on-premise servers to cloud infrastructure like AWS, Google Cloud, or Microsoft Azure. The “castle walls” have shifted to the cloud. Wiz has done an incredible job giving companies visibility into cloud vulnerabilities quickly and at scale.

At Dune Security, we have 74 CISOs on our advisory council, and when we talk to them about Wiz, they consistently point to its speed and clarity in helping them understand where their vulnerabilities are in the cloud layer. Wiz has dominated that space.

John Weigel:
That makes sense. You mentioned Google already owns Mandiant, but Wiz is very different. For Dune Security, what type of cybersecurity company are you, and how do you differ from others?

David DellaPelle:
Yeah, that’s a good way to frame it. Google’s strategy with Wiz and Mandiant is to build a broad cybersecurity platform — something that can rival Palo Alto Networks. Dune Security focuses on a different layer entirely: the human layer.

Over the past 20 to 30 years, around 90% of breaches have started not from a vulnerability in the network or cloud, but from human error. Attackers use phishing, smishing, vishing, and now even deepfakes to trick employees.

At Dune, we collect data about employee risk at the individual level and quantify it — showing who creates risk, how, and to what extent. We can then automatically reduce that risk by treating every user differently, whether through personalized training, limited access, or additional controls.

John Weigel:
That’s fascinating. There are a lot of players in this space. Why did you decide to start Dune Security?

David DellaPelle:
I’ve spent the last eight years helping build AI and cybersecurity companies from pre-seed to post-Series D. Before founding Dune, I worked at a cyber insurance company and saw firsthand that human vulnerability was the root cause of most breaches.

My co-founder Michael Waite and I started Dune because we saw an opportunity to pioneer a user-centric model of security — one that focuses on employees instead of endpoints or networks. Wiz did this for cloud; we’re doing it for people.

Legacy training platforms try to solve this problem with standardized modules and phishing tests, but they’re ineffective. Employees ignore them. We saw a massive gap and decided to fill it with an AI-first solution designed for modern enterprises.

With backing from investors like Craft Ventures, Alumni Ventures, Antler, and the Sequoia Scout Fund, we’re now working with some of the world’s largest companies — names most listeners would recognize.

John Weigel:
Impressive. Once you had the idea, what was the process of scaling up? It’s a dense field — was it tough to break in?

David DellaPelle:
Building a large company quickly is one of the hardest things you can do. The cybersecurity market is crowded, but we focused on two things.

First, product differentiation. We didn’t want to accept the “hard facts” of the industry — like manually assigning the same training to everyone. We built an AI-driven platform that automatically identifies who’s creating risk, contextualized by role and industry. When we show our product head-to-head against competitors, we don’t lose.

Second, we leaned into network effects. Our CISO Advisory Council has been key — we describe Dune as built by enterprise CISOs, for enterprise CISOs. They tell us what to build, and we build it.

John Weigel:
Got it. You mentioned AI earlier. Are most cybersecurity companies actively using AI now, and what does the future look like?

David DellaPelle:
We’re at a turning point. Attackers are already using AI to make their operations faster and smarter — from brute-force technical exploits to social engineering campaigns. Security teams need to fight fire with fire.

Companies that stick to manual, legacy methods will get breached. Attackers always target the weakest links — the least-prepared companies and individuals. AI helps defenders analyze data at scale, detect risks sooner, and automate response workflows.

At Dune, we use proprietary AI models to quantify risk across entire organizations. Everything is handled internally — no outside training data — so security and privacy stay intact.

John Weigel:
Across the industry, what are the biggest problems cybersecurity teams face today?

David DellaPelle:
A big one is vendor sprawl. CISOs are deciding whether to manage multiple best-in-class tools across each security layer or consolidate under one platform like Palo Alto Networks or Google’s expanding stack.

Another huge challenge is the rise of deepfakes and AI impersonation. Earlier this year in Hong Kong, ten executives were on a Zoom call — nine of them were deepfakes. The tenth wired $25 million to attackers. That’s how realistic synthetic media has become.

We also saw Disney breached this past weekend with over a terabyte of leaked data. These incidents are only increasing. Many security teams aren’t ready for AI-driven attacks — whether they’re technical intrusions or social engineering — and the stats will likely get worse before they get better.

John Weigel:
That’s wild. It’s terrible for victims, but good for the cybersecurity business. Fortune Business Insights projects the market will jump from $172 billion in 2023 to $400 billion by 2030. Do you agree?

David DellaPelle:
Absolutely. A lot of money is made in conflict. Historically, we’ve gone from swords and shields to guns and bombs — now it’s cyber and AI warfare. Former Joint Chiefs Chair General Mark Milley said 20–30% of the U.S. Army could be AI-driven robots by 2030.

Conflict is moving digital, and cybersecurity is the new defense industry. The best-in-class companies — like Dune Security, which focuses on the human layer — will benefit massively. I think it’ll grow to a trillion-dollar market sooner than people expect.

John Weigel:
Wow. Finally, for anyone looking to get into cybersecurity or even start a company in the space, is now a good time?

David DellaPelle:
There’s never been a better time. I often say it’s never been easier to win. I’m a first-time founder — Dune’s only 14 months old — and we’re already working with Fortune 500s and top-tier investors.

AI has leveled the playing field. It helps founders move faster and narrow the experience gap. You don’t need decades in the industry to innovate anymore. Even if you’re not building an AI company, you can use AI to increase efficiency and accelerate growth.

We’re a 15-person team today, growing to 25 by year-end, but it feels like we’re operating with 100 because of how fast we move.

John Weigel:
That’s incredible. After just over a year, that’s huge progress. Congratulations, David, and thanks for joining us.

David DellaPelle:
Thanks so much, John. Really appreciate it.

John Weigel:
Thanks again to David DellaPelle for joining us today.

And thanks to all of you for tuning into The Hustle Daily Show, part of the HubSpot Podcast Network. Our editor is Robert Hartwig, and our executive producer is Darren Clarke.

We’ve got plenty more tech and business coverage in our newsletter — if you’re not subscribed yet, sign up at thehustle.co/email. See you Monday.