RSA 2019: 10 Cybersecurity Execs On The Most Interesting Private Equity & VC Firms To Watch

CRN asks 10 security CEOs, technical leaders, and sales leaders attending RSA 2019 which private equity and venture capital firms have been making the biggest waves in the cybersecurity industry.

Doubling Down On Cybersecurity

The venture capital industry has become a critical part of the evolution of the cybersecurity business, and much of the innovation in the industry can be traced back to between 10 and 20 core VCs, according to McAfee CEO Chris Young.

Cybersecurity incubators in Israel and the Washington, D.C. area bring both capital and perspective to the table, Young said, and are trying to facilitate dialogue between the tech companies and the buyer or user population to accelerate the pace of innovation.

Private equity firms, meanwhile, can add value by providing detailed best practices around everything from sales and marketing and product development to financials and human resources, said Infoblox President and CEO Jesper Andersen. This allows portfolio companies to pinpoint the areas of the operation where they don't measure up and quickly take steps to improve, Andersen said.

Here's a look at the private equity and venture capital firms that CEOs, technical leaders, and sales leaders attending RSA 2019 feel have been making the biggest waves in the cybersecurity industry.

Dan Schiappa, Sophos Chief Product Officer

TenEleven Ventures partners with industry experts to guide its decisions and has been very selective with its investments, Schiappa said. As a result, Schiappa said TenEleven has built up a really nice portfolio of cybersecurity companies.

TenEleven comes from a deep background in cyber and has an intimate understanding of how the market has grown over the past 20 years. The firm focuses exclusively on cyber, Schiappa said, and doesn't dabble in any other spaces.

The firm excels at identifying real companies at the forefront of a trend in the market with experienced leadership and technical expertise, according to Schiappa. Instead of just buying into a market that's already been established, Schiappa said TenEleven thrives at picking trailblazers in the market.

Larry Lunetta, Aruba Vice President, Security Solutions

Kleiner Perkins's support of cybersecurity firms is about more than just the funding, Lunetta said.

Legacy venture capital firms like Kleiner have a deep understanding of how the industry flows and what the most common challenges for early-stage firms looks like, Lunetta said. Landing an investment from a large discerning fund like Kleiner provides a useful narrative when approaching a new customer, according to Lunetta.

Kleiner also excels at bringing in other powerful investors who help validate the portfolio company in certain verticals such as the U.S. federal government, Lunetta said. The firm also has both a CIO council and a CISO council, Lunetta said, and portfolio companies are brought in to tell their stories and help find early betas and proof of concepts for their offering.

Peter Evans, Optiv Chief Marketing Officer

Thoma Bravo has made intelligent investments in a lot of good companies with strong incumbency and intellectual property, Evans said. Many of its portfolio companies are in the process of shifting from an on-premise, hardware-delivered appliance to an as a Service platform that could more broadly address security needs in the marketplace, according to Evans.

A lack of product interoperability has made it difficult to manage, operate, and integrate dozens of different tools that aren't in any way integrated, Evans said. If Thoma Bravo were to move toward a platform approach with all of its portfolio companies, Evans said it could help resolve the complexity issues abundant in the cybersecurity industry today.

As a private equity firm, Evans said Thoma Bravo could invest in creating a platform without having to worry about it cutting into earnings, a stock drop, or potential issues in the marketplace. But given the lack of industry protocol, Evans said Thoma Bravo would lack a common standard to design to so that all the platforms fit together.

Nate Fick, Endgame CEO

General Atlantic brought on the CISO of General Electric to sit at the table across from vendors and have him evaluate the company pitches, Fick said. Most outside investors provide valuable to their portfolio companies through capital, but Fick said only the best capitalize on market dynamics and pattern recognition as well.

Having a former user evaluate company pitches results in a much more operational and pragmatic approach where traditional metrics like total addressable market (TAM) and efficacy scores are considered alongside examinations of integration opportunities, ease of deployment, and learning and training portals, according to Fick.

Recognizing patterns in business requires knowledge of both operating challenges as well as investor fundamentals, Fick said. And the deep experience of the General Atlantic team means that portfolio companies can be provided with situational awareness exposure without actually having to make mistakes themselves, according to Fick.

Stu Solomon, Recorded Future Chief Strategy and Development Officer

TenEleven Ventures has done a good job of making thoughtful investments in cybersecurity companies in the Series A or Series B timeframe, Solomon said. TenEleven does a good job of ensuring that companies receiving Series B funding have their product thought out and have made the right investments in sales, marketing and productization to capitalize on the go-to-market opportunity.

ClearSky, meanwhile, has an excellent track record of picking winners, serving as a very early-stage backer of both Cylance and Demisto, Solomon said. The firm gets heavily invested in the success of the frims they've selected, Solomon said, and provides portfolio companies with positive mentors who have a good set of relationships and knowledge in the space.

Mike Viscuso, Carbon Black Co-Founder and Chief Strategy Officer

Companies like Greylock Partners, Bessemer Venture Partners, and Accomplice have brought really good people into the business who understand the go-to-market motion in security and employ people that have spent at least a decade holding an operational role within a cybersecurity organization, according to Viscuso.

Cybersecurity is different than any other market venture capitalists invest in since there are adversaries looking to tear down everything that's been built, Viscuso said. As a result, Viscuso said a more patient investor is required who's supportive in the early stages of building and understands the need for a slow build to avoid mistakes.

Venture capital firms investing in early-stage cybersecurity companies shouldn’t be focused on traditional performance indicators like amount of revenue, number of customers, and average sale price, Viscuso said.

A more seasoned security investor would focus on product engagement rather than revenue, examining the number of customers visiting the console each day, the amount of time they spent in the console, and their NPS results.

Eddie DeWolfe, Fidelis Cybersecurity Vice President Global Channels & Alliances

Brand-name investors like Blackstone have created a market for emerging technologies like next-generation anti-virus and next-generation firewall, DeWolfe said. Blackstone has put a lot of money into the channel through companies like Cylance, who hit the market hard a couple of years to grow its base of resellers, according to DeWolfe.

This money made it possible for Cylance to introduce significant spiff programs for partners, and invest in keeping VARs engaged and excited about working with channels and new technologies, DeWolfe said. In addition, DeWolfe said Blackstone's extensive C-level connections across verticals meant that a lot of potential customers had already been captured.

Nelson Fonseca, Cyxtera President and COO

Venture capital firms like Andreessen Horowitz have been very aggressive in looking at the early technologies and investing capital, Fonseca said. Andreessen Horowitz helps early-stage startups find the right resources, and puts them in front of potential partners and customers, according to Fonseca.

Andreessen Horowitz takes advantage of its Silicon Valley location to hire talented people and get up close and personal with local startups, he said. The firm has talented people scouting the market for investment opportunities with good capabilities, Fonseca said.

Dino DiMarino, Mimecast SVP Of North American Sales and Channels

Advisory and consulting firms like Momentum Cyber has bubbled to the surface with a very narrow focus on cybersecurity to accelerate awareness of new technology, DiMarino said. Outside equity can be immensely powerful beyond the dollar investment, DiMarino said, especially if the investor has built relationships in the cybersecurity industry and is able to get the vendor in front of Fortune 500 CISOs.

Companies like Momentum Cyber are not only aware of the technology and trends in emerging areas like SOAR (Security Orchestration, Automation and Resposne), but will also ensure that vendors know how to stitch all of that together, according to DiMarino. Specialized firms are in a better position to generate value for the market and company as a whole than generalist ones, DiMarino said.

Tom Turner, BitSight President and CEO

In addition to their own investment thesis, private equity firms like Blackstone and ClearSky can provide access to the other portfolio companies that exist among the broader set of organizations they serve, Turner said. This is a good platform for a startup company to mine for new customers, according to Turner.

Cybersecurity has long enjoyed strong outside investment and innovation, but Turner said the industry is just now starting to develop companies of significant size and scale. The surge in large initial public offerings has resulted in late-stage private equity players paying more attention to the cybersecurity industry, Turner said.