Tidal Cyber Inc.

https://www.tidalcyber.com

Tidal Cyber is a private cybersecurity company headquartered in Reston, Virginia. Founded in January 2022 by former MITRE experts, its core mission is to make threat-led defense practical and sustainable for all enterprises. The company aims to empower organizations to assess, organize, and optimize their cyber defenses by aligning security efforts to real-world threats and adversary behavior, primarily leveraging the MITRE ATT&CK framework.

Tidal Cyber offers a platform that includes both a free Community Edition and an Enterprise Edition, along with products like NARC AI and integrations. Key services include custom threat profiling, coverage mapping, and MITRE ATT&CK® product mapping. Their solutions are designed for Security Operations Center (SOC) teams, detection engineers, threat intelligence and research teams, red/purple teams, and threat hunters, serving market segments such as financial services, healthcare, critical infrastructure, and the public sector. The platform helps organizations understand how their existing defensive stack performs against adversary tactics, techniques, and procedures (TTPs).

The company was co-founded by Rick Gordon (CEO), Richard Struse (CTO), and Frank Duff (CINO), all of whom have extensive backgrounds from MITRE. In September 2025, Tidal Cyber raised $10 million in Series A funding, bringing its total funding to $15 million, with investors including Bright Pixel Capital, Capital One Ventures, Squadra Ventures, and USAA. More recently, in December 2025, they released their 1st Annual Threat-Led Defense Report, and in February 2026, they announced a redefinition of Threat-Led Defense to focus on adversary procedures. CTO Richard Struse was also appointed to the MITRE ATT&CK® Advisory Council in March 2026. Tidal Cyber positions itself as a leader in Threat-Led Defense, emphasizing the operationalization of adversary procedures to enhance cybersecurity resilience.

Latest updates

SageTap Report Validates AI-Driven Threat Prioritization, Boosts Tidal Cyber's Market Position

Event summary

  • Tidal Cyber was included in the SageTap H2 2025 Cybersecurity Report, a study analyzing 264 security leader buying decisions.
  • The report focuses on verified cybersecurity initiatives across threat detection, risk management, and application security.
  • SageTap’s findings indicate a shift towards platforms that convert threat intelligence into measurable defensive actions.
  • Tidal Cyber’s Threat-Led Defense platform extracts adversary procedures from unstructured intelligence for actionable prioritization.

The big picture

The SageTap report confirms a growing trend among enterprises to move beyond traditional vulnerability management and prioritize actionable threat intelligence. This shift, driven by the accelerating adoption of AI in security, creates a significant opportunity for Tidal Cyber, which has positioned itself as a leader in Threat-Led Defense. The report’s validation of this approach suggests a potential inflection point for the cybersecurity market, favoring vendors that can demonstrably reduce attacker success probability.

What we're watching

Market Adoption
The pace at which other cybersecurity vendors adopt procedure-level intelligence and AI-driven prioritization will determine Tidal Cyber’s ability to maintain its category leadership position.
Competitive Response
How established security vendors react to the growing demand for Threat-Led Defense will influence Tidal Cyber’s pricing power and market share.
Execution Risk
Tidal Cyber's ability to scale its platform and maintain its technological advantage will be critical to capitalizing on the validated market demand.

Tidal Cyber CTO Joins MITRE ATT&CK Council Amid Shift to Procedure-Led Defense

Event summary

  • Richard Struse, CTO and Co-Founder of Tidal Cyber, has been appointed to the MITRE ATT&CK® Advisory Council.
  • Struse previously co-founded MITRE's Center for Threat-Informed Defense and led the creation of STIX™ and TAXII™ standards.
  • Tidal Cyber is repositioning its Threat-Led Defense platform to focus on adversary procedures, moving beyond technique-level classification.
  • The company claims to be the 'category creator and global leader' of Threat-Led Defense.
  • The MITRE ATT&CK Advisory Council provides strategic guidance but lacks governing authority.

The big picture

Tidal Cyber's move to prioritize adversary procedures represents a potential shift in how organizations approach threat defense, moving beyond simple technique classification. This evolution, coupled with Struse's appointment to the ATT&CK Advisory Council, suggests a desire to shape the future of cybersecurity frameworks and operational practices. The company's claims of category leadership will be tested by broader market adoption and the demonstrable effectiveness of its procedure-led approach.

What we're watching

Governance Dynamics
The influence Struse can exert on MITRE ATT&CK's evolution, given his prior involvement in its creation, warrants observation, particularly as Tidal Cyber pushes its own procedural model.
Market Adoption
The pace at which Tidal Cyber's 'procedure-led' approach gains traction within the cybersecurity market will determine if it can solidify its position as a category leader.
Platform Integration
How effectively Tidal Cyber integrates its NARC AI engine and expanding Procedures Library will be crucial for demonstrating the practical value of its Threat-Led Defense platform.

Tidal Cyber Integrates Crimson7 Hunts to Bolster Threat-Led Defense Scoring

Event summary

  • Tidal Cyber and Crimson7 have partnered to integrate Crimson7's threat hunt intelligence into Tidal Cyber's Threat-Led Defense platform.
  • The integration maps Crimson7's hunts as 'Detection Capabilities' within Tidal Cyber, aligning them with MITRE ATT&CK techniques.
  • The partnership aims to enable organizations to prioritize threat hunts based on coverage gaps and measurably increase their 'Threat-Led Defense Confidence Score'.
  • Crimson7 provides threat research and offensive research capabilities, while Tidal Cyber focuses on procedure-level intelligence and confidence scoring.

The big picture

The partnership reflects a growing trend towards operationalizing threat hunting and integrating it directly into broader defensive strategies. Security teams are increasingly seeking measurable outcomes from their threat hunting efforts, moving beyond ad-hoc exercises to a more data-driven and confidence-based approach. This integration addresses a common pain point for security teams struggling to connect threat hunting activities to overall risk reduction.

What we're watching

Adoption Rate
The success of this partnership hinges on Crimson7's existing client base adopting Tidal Cyber's platform, which could reveal the relative strength of each company's market position.
Confidence Scoring
The efficacy of Tidal Cyber’s Confidence Scoring system will be critical; if the metric proves difficult to quantify or lacks predictive power, adoption will likely be limited.
Competitive Response
Other cybersecurity platforms will likely observe this integration and may accelerate their own efforts to incorporate threat hunt intelligence, potentially intensifying competition in the Threat-Led Defense space.

Tidal Cyber Shifts Threat Defense Focus to Procedure Modeling

Event summary

  • Tidal Cyber is redefining its Threat-Led Defense model to focus on adversary procedures, the step-by-step actions attackers take.
  • The company claims existing security models focused on techniques are insufficient to prevent breaches.
  • Tidal Cyber's Procedures Library currently contains over 20,000 objects and is expanding.
  • The company expanded its NARC AI engine to translate unstructured threat intelligence into structured procedures.
  • Tidal Cyber is positioning adversary execution as the primary unit of measurement in Threat-Led Defense.

The big picture

For years, cybersecurity has struggled to keep pace with increasingly sophisticated attacks despite investments in visibility and exposure scoring. Tidal Cyber's shift to procedure-based defense represents a fundamental challenge to the prevailing paradigm, arguing that simply identifying vulnerabilities and techniques is insufficient. This move could signal a broader re-evaluation of how organizations approach threat mitigation, potentially disrupting the established vendor landscape and forcing a more granular focus on attack execution.

What we're watching

Market Adoption
Whether Tidal Cyber's procedural approach gains traction within the cybersecurity industry, or if existing technique-based frameworks remain dominant, will determine the long-term success of this shift.
AI Integration
The effectiveness of Tidal Cyber's NARC AI engine in consistently translating unstructured threat intelligence into actionable procedures will be critical for demonstrating the value of the new model.
Competitive Response
Other cybersecurity vendors will likely respond to Tidal Cyber’s move, potentially leading to a broader industry shift towards procedure-based defense or a reinforcement of existing techniques-focused approaches.

Tidal Cyber Bolsters Threat Intelligence with MITRE ATT&CK Expert

Event summary

  • Tidal Cyber appointed Cat Self as Senior Director of Adversary Research, effective immediately.
  • Cat Self previously led the macOS/Linux team for MITRE ATT&CK and founded the ATT&CK Evaluations threat intelligence team.
  • Self's prior roles include military intelligence in the U.S. Army and red teaming at Target.
  • The appointment reinforces Tidal Cyber’s focus on 'procedural-level threat intelligence' and testing capabilities.
  • Tidal Cyber's Threat-Led Defense platform emphasizes adversary execution specificity to disrupt attacks.

The big picture

The cybersecurity industry is increasingly focused on moving beyond signature-based detection to understand and emulate attacker behavior. Tidal Cyber's emphasis on procedural-level threat intelligence, coupled with the appointment of a recognized expert like Cat Self, signals a continued push for more actionable and context-rich threat data. This approach contrasts with broader, less specific threat intelligence offerings and aims to provide organizations with a more targeted and effective defense strategy.

What we're watching

Intelligence Integration
How Self's expertise in ATT&CK Evaluations will be integrated into Tidal Cyber's Threat-Led Defense platform, and whether this will lead to more granular and actionable threat intelligence for clients.
Competitive Response
Whether other cybersecurity vendors will respond to Tidal Cyber’s procedural-level intelligence focus, potentially leading to a shift in industry standards and competitive differentiation.
Client Adoption
The pace at which Tidal Cyber’s clients adopt and utilize the procedural-level threat intelligence, and whether this drives increased platform adoption and revenue growth.

Tidal Cyber Cultivates CISO Network to Drive Threat-Led Defense Adoption

Event summary

  • Tidal Cyber launched 'Waves of Influence,' a thought leadership program for CISOs, on February 9, 2026.
  • The program consists of exclusive, off-the-record dinners across the United States, convening small groups of security leaders.
  • Rick Howard, founder of First Principles Consulting and CyberCanon Project, will facilitate and moderate the sessions.
  • The dinners will focus on Threat-Led Defense and shared challenges in cybersecurity, avoiding product-focused discussions.
  • Tidal Cyber positions the program as an investment in industry collaboration and leadership alignment.

The big picture

Tidal Cyber's 'Waves of Influence' program signals a shift towards a more collaborative and community-driven approach to cybersecurity leadership. The company's focus on Threat-Led Defense, coupled with the curated nature of the dinners, suggests an attempt to establish itself as a central hub for shaping industry strategy. This move is particularly relevant given the increasing complexity of cyber threats and the growing pressure on CISOs to demonstrate resilience and risk reduction.

What we're watching

Adoption Rate
The success of Waves of Influence hinges on attracting and retaining a critical mass of influential CISOs, and whether the program’s exclusivity fosters genuine collaboration or becomes a networking exercise.
Influence on Strategy
How the discussions within Waves of Influence shape the broader adoption of Threat-Led Defense and whether Tidal Cyber can genuinely influence industry best practices beyond its own customer base.
Competitive Response
Other cybersecurity vendors will likely observe Tidal Cyber’s initiative and may attempt to replicate it, potentially leading to a fragmentation of industry thought leadership and a dilution of its impact.

Tidal Cyber's 115% Growth Signals Shift to Threat-Led Cybersecurity

Event summary

  • Tidal Cyber achieved 115% growth in 2025, placing it among the top-performing SaaS businesses.
  • The company is positioned as a 'category creator and leader' in Threat-Led Defense.
  • Co-Founders Rick Gordon and Frank Duff attribute growth to a shift in security leaders' approach to risk.
  • Tidal Cyber is targeting continued high-growth performance in 2026 with a focus on capital efficiency.

The big picture

Tidal Cyber's rapid growth reflects a growing recognition within the cybersecurity sector that traditional risk assessment methods are insufficient against increasingly sophisticated attacks. The company's focus on 'Threat-Led Defense' represents a shift towards proactive, adversary-centric security strategies, which is gaining traction as organizations face escalating cyber threats and regulatory pressures. While the cybersecurity market is vast, Tidal Cyber's success will depend on its ability to maintain its technological lead and expand its customer base beyond early adopters.

What we're watching

Market Adoption
The sustainability of Tidal Cyber's growth hinges on continued adoption of Threat-Led Defense, which may require broader industry education and standardization.
Competitive Landscape
Increased success will likely draw competitors into the Threat-Led Defense space, potentially eroding Tidal Cyber’s market position and requiring further differentiation.
Scalability
Maintaining capital efficiency while sustaining 115% growth will demand disciplined operational execution and potentially necessitate strategic investments in infrastructure and personnel.

Tidal Cyber Partners with CGS to Embed Adversary Intelligence in Security Advisory

Event summary

  • Tidal Cyber, a provider of Threat-Led Defense, has partnered with CGS CyberDefense, a cybersecurity advisory firm.
  • The partnership aims to integrate Tidal Cyber's procedure-level adversary intelligence with CGS's advisory services.
  • Tidal Cyber's platform utilizes a Procedures Library containing tens of thousands of real-world technique observations and an AI engine called NARC.
  • The partnership will initially focus on highly regulated industries including financial services, healthcare, and critical infrastructure.

The big picture

The partnership reflects a growing recognition within the cybersecurity industry that traditional security models based on vulnerability scanning and IOCs are insufficient to defend against increasingly sophisticated and targeted attacks. Threat-Led Defense represents a shift towards a more proactive and adversary-centric approach, but its adoption requires significant investment in both technology and expertise, making partnerships like this crucial for broader market penetration. The focus on highly regulated industries suggests a willingness to pay for enhanced security posture in environments facing significant compliance pressures.

What we're watching

Market Adoption
The success of this partnership hinges on whether organizations will adopt Threat-Led Defense over traditional, IOC-driven security approaches, given the increased complexity and potential for operational disruption.
Integration Risk
Integrating Tidal Cyber’s platform with CGS’s advisory services presents integration risks; the partnership's value will depend on how effectively these two distinct offerings are combined.
Competitive Landscape
The partnership will likely intensify competition within the cybersecurity advisory space, as other firms seek to offer similar integrated threat intelligence and advisory solutions.

Tidal Cyber Appoints Product Chief to Scale Threat-Led Defense Platform

Event summary

  • Jessica Hall has been appointed VP of Product at Tidal Cyber, effective immediately.
  • Hall previously held senior product leadership roles at OpsCanvas, CoStar Group, 3Pillar Global, and CEB (now Gartner).
  • The appointment is intended to accelerate platform innovation and expansion within Tidal Cyber’s Threat-Led Defense category.
  • Tidal Cyber cites increasing customer demands and rapid growth as drivers for the external hire.
  • Hall is a co-author of 'The Product Mindset' and a TEDx speaker focused on product storytelling and outcome-driven innovation.

The big picture

Tidal Cyber’s move to bring in an external product leader signals a strategic shift towards accelerating growth and expanding its Threat-Led Defense platform. This approach, while common, carries execution risk, as integrating new leadership into established teams can be challenging. The broader cybersecurity market is increasingly focused on proactive threat mitigation, and Tidal Cyber’s positioning within this trend could drive significant growth if they can effectively operationalize MITRE ATT&CK and deliver measurable defensive outcomes.

What we're watching

Execution Risk
Hall’s success will hinge on her ability to integrate with Tidal Cyber’s existing product, engineering, and intelligence teams, and whether she can effectively scale innovation while maintaining product discipline.
Market Adoption
The pace at which organizations adopt Threat-Led Defense will dictate Tidal Cyber’s growth trajectory and Hall’s ability to deliver on the platform’s expansion plans.
Competitive Landscape
How Tidal Cyber differentiates its Threat-Led Defense platform against competitors like OpsCanvas, CoStar Group, 3Pillar Global, and Gartner will be crucial for maintaining market share and attracting new customers.

Tidal Cyber Award Signals Shift to Adversary-Focused Cybersecurity

Event summary

  • Tidal Cyber received 'Threat-Led Defense Company of the Year' recognition from GRC Outlook on December 18, 2025.
  • The award highlights Tidal Cyber's focus on 'Threat-Led Defense,' a strategy centered on real adversary behavior.
  • The company was founded in 2021 by former MITRE leaders Rick Gordon, Frank Duff, and Richard Struse.
  • Tidal Cyber’s platform utilizes NARC™ AI to transform threat intelligence into ATT&CK-aligned Procedures, creating Coverage Maps.

The big picture

The award from GRC Outlook underscores a growing recognition that cybersecurity is evolving beyond compliance and audit functions to become a core risk mitigation strategy. Tidal Cyber's 'Threat-Led Defense' approach, which connects security controls to real-world adversary behavior, represents a significant departure from traditional vulnerability-focused models. This shift is driven by the increasing sophistication of cyberattacks and the need for organizations to proactively defend against targeted threats.

What we're watching

Governance Dynamics
The increasing integration of GRC with proactive threat defense suggests a broader shift in corporate risk management, potentially increasing demand for specialized platforms like Tidal Cyber's.
Competitive Landscape
Given the founders' backgrounds at MITRE, Tidal Cyber's success will depend on its ability to differentiate its commercial offering from MITRE's open-source ATT&CK framework and avoid direct competition.
Adoption Rate
The effectiveness of Tidal Cyber’s approach hinges on the willingness of organizations to move beyond traditional vulnerability-centric security models and adopt a behavior-driven defense strategy, which may require significant cultural and operational changes.
CID: 535