Phishing for Answers: A Chat on Cybersecurity Startups
Cyber threats and attacks have arrived in full force. They threaten not only individuals, but corporations and nation states. Within corporations, the types of cyber threats and the various methods of protection have exploded. Universities are rising to the challenge, as the level of research around security detection, prevention, and encryption has significantly increased.
We selected cybersecurity as the topic for our second industry-sector webinar because over the last few years we have seen a significant uptick in the number of quality university spinouts in the security space, mirroring the uptick in activity in the security market overall. OUP tracks all of the spinout activity from our partner universities, and our data shows that 2016 was a record year for new university spinouts in the security space. Our webinar aimed to decipher the increasingly complicated cybersecurity space from a startup and investment perspective.
One of our guest panelists was Partner Jake Flomenberg of Accel Partners, who focuses on investments in data, security, cloud, SaaS, all things enterprise. Accel invests in all stages, with a focus on seed and Series A in technology driven businesses. Our other panelist was Amir Ben-Efraim, Co-Founder and CEO of Menlo Security — a university startup commercializing security technology from UC Berkeley in which OUP is an investor.
Key Takeaways
- For VCs, early on in the diligence process the majority of time is spent understanding what the real world viability is for a security startup. VCs see the most opportunity in the transition from core technical prototype to real world applicability, but it’s also where most companies fall down.
- The key to validating product is getting outside the office and having as many conversations with different types of customers — big, small, medium — to help you asses where the opportunity is ripest to you. People vote with their time; if the problem matters, they will speak to you. These conversations will narrow down to a specific use case, which is often required to get adoption of the technology.
- As far as the landscape today, there is an uptick in the number of quality cybersecurity spinouts from universities. In recent years, these have included companies focused on next-generation encryption, improved network visibility, novel forms of detection using machine learning or binary analysis, and much more. OUP is tracking 100 recent security companies spinouts of partner institutions, and looking to see this increase over the next several years.
- There’s been a strong general increase over the last 10 years in security funding. It peaked in 2015, but there is still a strong environment around early stage financing in cybersecurity companies.
Biggest areas of Growth in Cybersecurity:
- Specialized Threat Analysis and Protection solutions
- Industrial IoT
- Regulatory and Compliance Focused
- Security Validation and Automated Orchestration
- Cloud Security
- Data encryption and Protection
- App Centric Security
- Container Security
- Next generation endpoint security
- Isolation Security (Menlo Security’s area)
Areas of decline:
- Specialized threat protection
- Endpoint security solutions
- Fraud prevention
- Advanced Security Analytics on Big Data
- Threat Intelligence
- Machine Learning for Log Analysis
Sound Bites
On Advice for Entrepreneurs:
Jake: “The advice I like to give to technical entrepreneurs is to take an hour of each day to help validate this initial stage of real world viability. That will de-risk the project far more than another hour spent in the code or unlocking the next level of technology.”
Amir: “Focus on what’s rising, what’s hot tomorrow, not what’s hot today. You’ll be 2–3 years behind industry leaders if you work on today’s problems.”
On what your data points need to look like to show validation for your company’s product:
Jake: “Contracts and money are great, but the earliest proxy is that people vote with their time. You can’t call it a customer reference, but a viability check.”
Amir: “The only way to solve a problem is go outside the office and talk to customers. You have to market test it and have conversations. Customer conversations lead to points where pain is sharpest and the articulation of value is clearest, so follow that path.”
On the challenge around management:
Jake: “It’s the rich versus king dilemma: the notion that you can be the king of nothing, or you may not be king but get rich. That is the acid test that we look for at the early stage: one of awareness. Do you have a sense of what your critical skill set is? Do you have a willingness to put the success of the company before your ego or otherwise?”
Amir: “For entrepreneurs coming out of academia doing this for the first time, I strongly suggest for people to get advice. There are infinite pitfalls you can avoid by simply finding experienced folks who have done this before that can save you from making common mistakes that are going to be very costly down the road.”
Perspectives on open sourcing as it relates to security technology:
Jake: “It’s a huge opportunity. With open adoption software, the beauty is the adoption part. It helps you during the first phase of your company — the project phase — validate the number of people that experienced this problem. Thinking of a go-to-market perspective, how do we get people to try and pick up this tool in a time of need? Then if they get some value out of that free tool or that open source software, you have an advocate or someone who cares about your product before you try to go in and make a commercial sale.”
On what the current political climate means in terms of cybersecurity growth:
Amir: “I think we’re seeing the grave consequences of how porous our cyber defenses really are. It played as a factor in our election. It has elevated the need for society to think about this problem and do things better. Unfortunately there aren’t a plethora of amazing solutions out there, which is why people keep getting hacked. I suspect we’ll continue to read about these situations for a long time to come.”
Our academic partners can request a link to the webinar by contacting Natasha Azar at nazar@osagepartners.com.