InjexionSTRATEGY
15 / 15Realism & benchmarking

Reading the model against the market

This stress-tests the base case against external benchmarks for boutique cybersecurity consultancies, IT/security services firms and cybersecurity software companies. It gives the board a second, more conservative reference point and names the execution risks that separate the two.

MetricBase caseExternal benchmarkRead
Revenue CAGR 2027–2032~102% / yr30–60% is a realistic ceiling for organic growth at a talent-constrained boutique.Aggressive
Gross margin 203271%55–70% typical services-led security firm; 70%+ needs productized low-touch revenue.Reasonable, back-loaded
EBITDA margin 203225%15–25% is strong for scaled security consultancy; platform businesses can exceed.Achievable if growth dialled back
Revenue per FTE 2032~$405k$180k–$300k typical in elite offensive security; higher needs large SaaS/IP share.Requires SaaS/IP to hit target
Conservative case

What we watch if execution slips

Watch · 01

Slower ramp in US enterprise sales — closing takes 6–12 months longer than base case assumes.

Watch · 02

Recurring revenue mix trails the base case by ~10 percentage points through 2030 as Portal and Shield adoption compounds later.

Watch · 03

Gross margin caps at 65–67% because managed services and hosting drag on productization.

Watch · 04

Revenue per FTE stays in the $250k–$320k band — closer to industry norms.

Closing statement

Injexion doesn't sell fear. It sells proof — that risk is real, and that risk has been removed. Every chapter of this plan compounds that one promise.