How venture capital teams can optimize success in cybersecurity

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 — 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Few aspects of the cybersecurity industry evoke more polarizing reactions than the use of venture capital to fund startups. 

On the one hand, startup founders seek the attention of investors with the ferocity of authors searching for publishers. Without investment capital, new companies cannot grow properly, especially if their technology requires a period of long stealth development in advance of any customer revenue.

On the other hand, security practitioners tend to exhibit lukewarm, even hostile, emotions toward investors. This should not be surprising when one considers that venture capitalists might be viewed as growing rich by betting the dice on technologies required to protect citizens and businesses from attacks. 

One fact that everyone agrees on, however, is the staggering growth of the aggregate investment being made in this segment. According to Statista, the size of the venture capital market for cybersecurity grew to over $21B USD, up from roughly $9B USD just one year before.

Another fact everyone agrees on is the common interest held by investors, founders and practitioners that investments eventually lead to good solutions. Technologies being funded range from methods to rid the world of passwords to machine learning that predicts where the next threats will occur. Everyone benefits if these investments succeed because the risks of attack are increasing on a daily basis

The ongoing conflict in Ukraine, for example, introduces the great possibility that nation-state offensive cyber campaigns will be directed at business and civilian groups around the world – perhaps to target enemies, or to just create chaos. New commercial security products and services will be necessary to mitigate this potentially hazardous and growing risk.

My team has met with more than 2,000 cybersecurity startups during the past few years, many of which are supported by venture capital. In the course of our work, we’ve come to recognize three primary factors that seem to correlate with commercial success in the cybersecurity marketplace. When I share my observations with venture capital teams, however, they often do not match up well with the typical investment evaluation formula. Most venture capital teams tend to obsess over factors such as aggregate market size for a given company, the problem being solved, the types of competitors that exist, and so on. While these are important issues, I still do not think they are the primary drivers of success.

Accordingly, below is a summary of the three factors that I and my team use in our work to advise security practitioners on which startups are worth considering for long-term partnership:

Factor 1: Belief system 

When we ask a founding team what they believe and why they started their business, their answer is often wrapped in some muddled description of what they do. This vacuous and circular reasoning of starting a company “to stop threat X because the world needs to stop threat X,” is insufficient to connect with customers at a visceral level. 

In contrast, consider the belief system of General Keith Alexander, cofounder of IronNet Cybersecurity, which recently completed a successful SPAC. If you ask founders such as General Alexander why they started the company, they will point to their lifelong commitment to protecting their country — whether in uniform, on the physical battlefield, or across virtual networks. 

Such personal belief systems connect with buyers. In fact, a useful exercise for founders is to explain why they started their company without ever mentioning their product. It is a delightfully painful experience because it exposes the real purpose behind their company. God help the startup that can only cite making money as their reason for being.

Factor 2: Attention to design

When we ask a startup to describe the company, we usually see one of two approaches. On the one hand, a team will lead us into PowerPoint hell with chart after chart of buzzwords, disjointed clipart and meaningless quotes. The platform diagrams in these presentations are usually haphazardly cut-and-pasted from the engineers, as if the technology is some afterthought.

On the other hand, we sometimes find a startup that understands the value of design. In such cases, we see a carefully crafted story, developed from top-to-bottom with the combined inputs of the platform developers, marketing team and leadership group. When done right, the only word that comes to mind is elegance. And it is not just the elegance of the technology, but also of the overall story.

Take SentinelOne, for example. When we first met this now-public company, we were struck by their attention to detail in explaining their behavioral analytics. This technique involves establishing which behaviors are considered normal and then sounding an alarm when something looks unusual. It was obvious to us that considerable time and effort had gone into developing their crisp messaging. 

And just like quality, design elegance in any solution (think Apple) is hard to define. But you certainly know it when you see it.

Factor 3: Domain knowledge

Finally, we always ask founders to share their experience in the domain being addressed by their new company. The worst responses come from serial entrepreneurs hopping aboard the security bandwagon from some nonrelated area. Cybersecurity is a complex arena, and poor domain knowledge will eventually catch up with inexperienced founding teams.

The best responses come from startup leaders who have committed their lives to their chosen discipline. A favorite question we like to ask is whether a founder would continue doing what they are doing for free. Only a select group of founders can honestly answer yes to this question – and these are the ones to bet on.

Consider Sanjay Beri, CEO and founder of Netskope; Nir Zuk, founder and CTO of Palo Alto Networks; and Ken Xie, CEO and founder of Fortinet. Each of these successful entrepreneurs would certainly continue doing exactly what they do now, even if they never earned another penny. Buyers connect with this type of domain passion, and investors should take this essential factor into full account.

Ed Amoroso is founder and CEO of Tag Cyber.


Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers