LEAP:IN
Subscribe
Newsletters

Maps for the maze

Maps for the maze

Welcome to the 47 new techies who have joined us this week.

If you haven’t already, subscribe and join our community in receiving weekly tech insights, updates, and interviews with industry experts straight to your inbox.

Ideas to change your mind and transform our world – with insights and inspiration from the global LEAP community. 

This week we’re quoting…

Sounil Yu (Creator of the Cyber Defense Matrix)

What Yu said: 

“Security doesn’t have to be a black box. With the right frame, you can see where you are and what you’re missing.”

Clarity over complexity

Yu was talking to our colleagues at Black Hat MEA about the framework he developed to help businesses see their cybersecurity posture more clearly. Because…it can be really difficult to get a clear view of what’s strong and what’s not. 

If you’ve ever tried to choose a cybersecurity product, you’ve experienced the maze of acronyms, promises, and venture-backed claims. There’s a lot of noise in the market, and it’s hard to know who to trust. 

So for you, tech founders and leaders and innovators and investors, we’ve been exploring better ways to navigate it (with a lot of help from our friends at Black Hat MEA). And three perspectives stood out this week: a grid, a narrative, and a proof-point. 

Put the three together, and they can help you decide where to put your attention and money in 2026. 

1. The grid 

Sounil Yu designed the Cyber Defense Matrix to make sense of the chaos. 

It’s a simple 5×5 chart: the NIST functions (Identify, Protect, Detect, Respond, Recover) run across the top; the asset types (Devices, Applications, Networks, Data, Users) run down the side. 

When you map your tools and capabilities on it, the gaps become obvious.

Cybersecurity practitioners return to this grid often, because it strips away marketing language and shows where an organisation is heavy on ‘protect’ but light on ‘recover’, or where data security is underdeveloped when compared with device security. 

2. The narrative 

Not many people know exactly what a cybersecurity analyst’s role involves. But Richard Stiennon (Chief Research Analyst at IT-Harvest) sees them as advocates who track and shape the market.

His firm currently monitors 3,570 cybersecurity vendors worldwide and counts 67,000 open roles across the sector. In an interview with Black Hat MEA, Stiennon said: 

“An analyst's full time job is to monitor their space. They have to keep track of new developments, trends, changes in the market, and threatscape and government regulations.  While they can point out areas where vendors are making the wrong moves, they typically serve the industry by advocating for its efficacy. In effect, they are spokespeople for the industry.

Hiring and expansion patterns hint at where budgets will move next year. When analyst reports point to surging spend in a category, they’re often drawing on data that tells stories of real-world need and growth, not just opinion. 

3. The proof-point 

In Saudi Arabia, Datalexing is a great example of how local innovators can turn community presence into traction. The company engaged deeply with the Black Hat MEA ecosystem, built relationships with CISOs and founders, and translated that into product adoption and investor interest. It’s a valuable reminder that regional networks matter; they shape product-market fit and capital flows as much as technology does.

The right vendor for you might not be the biggest or most popular right now. It might be the one with links to your local networks, or to your specific industry vertical, or with a specific connection with the kind of product you’re working on.

The LEAP lens 

If you’re exploring cybersecurity innovation and looking for the right vendors to work with your tech business, use all three of these perspectives together. 

  • One grid: sketch your current defences on the Cyber Defense Matrix.
  • One narrative: track which analysts shape opinion in your market and read their hiring/expansion signals.
  • One proof-point: find a company in the LEAP or Black Hat MEA halls that’s gaining traction – ask how they’re doing it, and why they’re relevant to your business.

Then condense all of that to a single page. A small but mighty experiment to help you find clarity and focus on what your organisation needs to reach the next level of cyber resilience.

It’s a map to help you move faster through the maze, spend better, and build with confidence.

We’ll see you back in your inbox next week. 

PRE-REGISTER FOR LEAP 2026

Have an idea for a topic you'd like us to cover? We're eager to hear it. Drop us a message and share your thoughts.

Catch you next week,
The LEAP Team

Related
articles

The art of hiding

The art of hiding

Why tech development and cybersecurity are part of the same story