Insights
Thinking from the Stroom team.
We publish when we have something worth saying — at the intersection of AI, cybersecurity, and the European digital economy. Investment notes written after close, market observations based on diligence, and direct opinions on where the security infrastructure category is heading.
All articles
May 1, 2026
Fund Updates
Stroom Fund III: Where We Are Looking in 2026
The four AI-security convergence themes driving Fund III deployment: autonomous detection, identity re-architecture, developer-embedded security, and zero-knowledge compliance infrastructure.
Mar 19, 2026
Founder Perspectives
What Founders Actually Want from Security-Focused Investors
Based on conversations across the Stroom portfolio: the things security-focused investors often get wrong, and what operators actually value when they take capital from a technically credible firm.
Feb 4, 2026
Deep Dives
Trust by Design: Principles for the Connected Enterprise
Six architectural principles for building durable digital trust — from identity-first access models and zero-trust microsegmentation to supply chain provenance and security-by-default API design.
Dec 11, 2025
Market Analysis
The Convergence of AI and Cybersecurity Is Not a Trend — It Is a Restructuring
The arrival of LLM-generated attack tooling, AI-assisted phishing at scale, and autonomous vulnerability chaining means the security operations model built for human-speed threats is architecturally obsolete.
Oct 23, 2025
Ecosystem
Why Amsterdam Has Quietly Become Europe's Cybersecurity Capital
The combination of Dutch engineering pragmatism, GDPR-shaped product discipline, and proximity to European financial infrastructure has made the Amsterdam corridor a natural origin point for defensive security companies with genuine technical depth.
Aug 28, 2025
Fund Updates
Fund II in the Rearview: Lessons from €72M Deployed
What we got right, what we got wrong, and how the Fund II portfolio's evolution sharpened the criteria we are now applying in Fund III.
Jul 3, 2025
Investment Notes
Encryption at the Data Layer: Why We Backed Cossack Labs
The case for application-layer, field-level encryption as the correct architectural response to shared-tenancy cloud risk — and why Cossack Labs is solving the usability gap that prevents most engineering teams from deploying cryptography correctly.
May 14, 2025
Investment Notes
Unified Threat Management at Scale: The Sequretek Investment
Why the enterprise demand for consolidated XDR and SIEM-SOAR capabilities is real, and how Sequretek's unified detection architecture addresses the operational fatigue generated by point-solution sprawl.
Mar 27, 2025
Investment Notes
Code Quality Is a Security Property: The Case for Sonar
Static analysis in the IDE and CI pipeline is not just a quality tool — it is the lowest-cost point in the development lifecycle to prevent the class of vulnerabilities that dominate CVE databases.
Feb 6, 2025
Investment Notes
MDR for the Mid-Market: Why Eye Security Matters
The European mid-market — organisations too large to ignore NIS2 obligations but too small to staff a 24/7 SOC internally — represents the largest underserved segment in managed detection and response.
Dec 19, 2024
Investment Notes
Compliance as Code: The Sprinto Bet on Zero-Knowledge Proofs
ZK-based compliance attestation solves a fundamental tension in European data sovereignty: organisations must prove what they know without sharing what they hold.
Oct 31, 2024
Investment Notes
When the Cloud Becomes the Threat Surface: Backing Orbit Security
Cloud workload protection built on signature-based detection cannot keep up with the rate at which containerised and serverless environments change — behavioural baselining per workload is the correct architectural answer.
Sep 5, 2024
Investment Notes
Developer-First Security: The Aikido Thesis
SAST, SCA, and secrets detection tooling built for CISOs produces developer resistance — Aikido's consolidation of these capabilities into a low-noise, developer-workflow-native platform addresses the adoption problem that has kept shift-left security theoretical for most engineering teams.
Jul 18, 2024
Market Analysis
Europe Needs a Sovereign Security Stack
The concentration of European critical infrastructure security in US-origin tooling is not a strategic preference — it is a gap that European security companies are now positioned to close, given the right capital.
May 22, 2024
Investment Notes
Biometric Infrastructure at the Foundation Layer: Why We Backed Ondato
The identity verification infrastructure layer is being rebuilt for mobile-native workloads — and Ondato's developer-oriented SDK approach gets the adoption model right where incumbent KYC providers have consistently got it wrong.
Apr 4, 2024
Investment Notes
Autonomous Red-Teaming at Scale: The Hadrian Investment Note
Manual penetration testing is episodic; the external attack surface is continuous — Hadrian's autonomous offensive testing platform addresses the frequency mismatch that leaves most enterprises flying blind between engagement cycles.
Feb 15, 2024
Deep Dives
Red Team Thinking Applied to Venture Diligence
The methodology Stroom uses to evaluate security companies: assume the product works as described, then systematically enumerate every path an adversary — or a well-funded competitor — would take to defeat it.
Dec 7, 2023
Market Analysis
The Identity Layer in the AI Era
When AI agents act on behalf of humans, the identity question shifts from "who is this person" to "what is this agent authorised to do" — a change that requires rebuilding the identity infrastructure layer, not patching it.
Oct 12, 2023
Founder Perspectives
Stop Building for the CISO. Start Building for the Security Engineer.
Security tools that close deals with CISOs but fail adoption by engineering teams don't produce the security outcomes the buyer bought — founders who understand this build differently from those who don't.
Aug 24, 2023
Deep Dives
Zero Trust Is Not a Product. It Is a Posture.
The vendor conflation of "zero trust" with any product that enforces least-privilege access has diluted a genuinely important architectural principle — here is what zero trust actually requires at the network, identity, and workload layers.
Jul 6, 2023
Investment Notes
Secure Communication in Regulated Industries: The Zivver Thesis
Misdirected email in healthcare, legal, and financial services is a notifiable GDPR breach — Zivver's accessible encryption model addresses the human-error dimension of data loss that technical controls alone cannot solve.
May 11, 2023
Market Analysis
AI-Driven Verification: Why Identity Infrastructure Is Ripe for Reinvention
Legacy document-check pipelines were not built for the synthetic identity fraud rates that ML-generated identity documents now make possible — the verification infrastructure layer needs to be rebuilt, not patched.
Mar 16, 2023
Ecosystem
NIS2 as Catalyst: Regulation That Forces the Security Upgrade
NIS2's expanded scope — covering essential and important entities across energy, transport, health, finance, and digital infrastructure — creates a compliance mandate that functions as a deployment pipeline for European security vendors.
Jun 9, 2022
Deep Dives
Attack Surface Management Grows Up
External ASM has moved from a niche red team capability to a mainstream enterprise requirement — driven by cloud migration, shadow IT proliferation, and the collapse of the network perimeter as a meaningful security boundary.
Apr 23, 2020
Fund Updates
Fund I: Lessons from Backing EclecticIQ in Its Earliest Days
The EclecticIQ investment was Stroom's first — a test of the conviction that structured threat intelligence would become a foundational layer of enterprise security operations, not an analyst workflow add-on.
Feb 18, 2021
Market Analysis
The Case for AI-Native Threat Intelligence
Human analysts curating threat feeds cannot keep pace with the volume and velocity of indicator data that modern threat actors generate — the intelligence layer must be machine-speed from collection through correlation to action.
Sep 5, 2019
Thesis Formation
Why European Identity Infrastructure Needs a Rethink
The first piece published by Stroom Capital after Fund I close — the argument that European identity verification was built around document-centric trust models that could not survive the eIDAS and GDPR compliance environment ahead.