Venture capitalists start to tap into cybersecurity potential
Experience matters as investors put cash into highly technical cyber innovations
By Byron Acohido, ThirdCertainty
As managing director of Allegis Capital, a leading seed and early-stage venture capital investment house based in San Francisco, Robert Ackerman has placed a number of big bets on emerging cybersecurity companies that have paid off handsomely.
This summer, Allegis added a pair of respected veterans from the cybersecurity vendor community as venture partners. John Stewart, the leader of Cisco Systems’ Security and Trust Organization, and Joe Levy, chief technology officer at security software and hardware supplier Sophos, joined Allegis as partners No. 7 and No. 8.
“John and Joe are two proven veterans in cybersecurity, and their experience will be invaluable,” Ackerman said in announcing his new partners. “They are deeply connected and have unmatched insights.”
ThirdCertainty recently sat down with Ackerman to discuss the wider implications of the continuing surge of VC funding seeking to back startups with the potential to deliver the next tier of disruptive security innovations.
3C: How would you characterize the threat landscape that companies of all sizes face today?
Ackerman: We are still playing a giant game of catch up. The OPM (U.S. Office of Personnel Management) breach is a classic example of that … 21 million compromised records later, here we are, asking why wasn’t the damn data encrypted? Not that encryption is a silver bullet, but if you’ve got data that is a target, why would you not encrypt the data?
There’s a whole shift in thinking that’s required. And I think we are in the very earliest days of understanding the cleverness of the adversary, the vulnerability of our networks, and the solutions needed to protect those networks.
3C: It’s clear innovation is coming. Where’s the smart money going?
Ackerman: Venture capitalists read the same news that you and I do, so you’ve got a lot of entrepreneurial activity jumping into the space. And you have a lot of capital that wants to find placement in the space. But this is a space where experience matters. In certain segments of the economy, there’s no penalty for lack of experience. Cyber is very different. Cyber is deep science. It’s deep engineering. It’s deep tech. And there’s a lot of context that you have to understand.
3C: What are some areas where innovation seems most likely to make a big difference?
Ackerman: I think we have to instrument everything. If you want to understand what’s going on in the network, you have to instrument the endpoint then you have to instrument the network.
I think that encryption is part of a broader theme of data integrity and data assurance. If the data were the target, why wouldn’t you encrypt it as another layer of defense? So work will be done on encrypting data without breaking information sharing.
Another part is what I call automatic response or automatic defense, which involves delegating automated systems to take threat intelligence and prioritize it, so we know when it is truly necessary for a human analyst to enter the picture. I think that’s a big theme.
3C: What about the notion that senior decision-makers want a baseline.
Ackerman: Yeah, we have to get to a point where we have that high-level view of situational awareness. That’s going to become a big issue. That’s something we’re actually working on now. It has to do with knowing where you’re strong and where you’re weak; understanding exposures and knowing what you really should be worried about.
3C: Getting back to funding, not all big bets will pay off, right?
Ackerman: The problem demands innovative ideas and capital to support development of those ideas. There is always a risk that when capital flows in at this accelerated pace, things will get funded that probably shouldn’t. That’s not unique to cyber.
There will be areas of innovation where it will be very difficult to differentiate between the companies. And when you have very brilliant, but inexperienced, engineers meeting venture capitalists in a hurry to get into cybersecurity, not everything that gets funded is going to make sense.
More on cybersecurity:
When it comes to cybersecurity, gap between IT, boardroom must be bridged
Third-party vendors are the weak links in cybersecurityNew encryption services boost confidence in the cloud