Tag: cybersecurity

Enterprise SoftwareInfrastructureOpen SourceSecurityVenture Capital

boldstart 2018 recap and what’s hot in enterprise 2019

Posted on by Ed Sim

2018 Recap

Welcome to our annual boldstart recap and enterprise predictions letter. We had another solid year filled with learning, growth, laughter, and new projects and partners. Thanks to all of the amazing founders, advisors, co-investors, corporate partners, and others that helped make 2018 an amazing year. We are truly grateful for your support.

boldstart 2018People often ask us why firstcheck.vc or what is first check and our response is that the seed landscape is so confusing, and what founders need is an investor with courage and conviction to lead their rounds and support them from day 1. This initial round could be $500k or it could be $3mm. We are purpose-built to not only invest pre-product but also to help accelerate your path to product-market fit with our decades of entrepreneurial and investing experience along with our active CXO advisory board.

To that point, we are most excited when our founders are able to go from slide deck to product-market fit and Series A and beyond. This year was a banner year as boldstart portfolio cos raised over $150mm of follow on capital from some of the top Series A and B investors (highlights below).

    1. First check leads in 5 founding teams, all in stealth. Some of these themes include privacy/ML, next gen CMS, intelligent automation, and developer productivity.
    1. First check to Series B — congrats to BigID on its $30mm Series B led by Scale Venture Partners, Kustomer on its $25mm Series B led by Redpoint, and Snyk on its $22mm Series B led by Accel and GV. Truly amazing that all of these companies went from slide deck to B in approximately 3 1/2 years.
    1. First check to Series A — congrats to Fortress IQ on its $12mm Series A led by Lightspeed and a stealth co on their $13.5mm Series A led by Bessemer Venture Partners. Once again, we led each of these rounds at slide deck stage and helped land the first handful of customers to accelerate path to product market fit and their Series A rounds.
    1. First check to seed — congrats to Blockdaemon on their seed round led by Comcast Ventures and Wallaroo Labs on its seed led by RRE Ventures. In each of these cases, we led much smaller rounds before they raised proper seed funding.
    1. SmallstepClayDark, and Windmill emerged out of stealth. All are developer first companies respectively in zero trust security, automation, and developer productivity.
  1. Rebel exit to Salesforce. Dev-first API for interactive emails — will be a great fit with the Salesforce marketing cloud.

7. New CXO advisors join — Tony Saldanha (P&G Next Gen Svces, Transformant), Farhan Shah(Allstate, CTO, Head of Platform Eng), Munu Gandhi (VP Infrastructure, AON), Virginia Lyons (CISO, Williams Sonoma) and GTM advisors — Natalie Diggins (Neustar, ex-VP Cloud Platform/DevOps), Francesca Krihely (MongoDB, Dir. ABM/Demand Gen), Richard Crowley (Slack, Ops Architect), Misha Brukman (JanusGraph, co-founder). This means more collaboration with the Fortune 500 and more go-to-market experience as our portfolio companies navigate their path to first customers. In 2019, we’ll be doubling down on this effort as we are hiring a GM for our CXO Advisory Board & Network (job description here).

AWS Reinvent Survivor Dinner with founders, Fortune 500 execs, and VCs

9. Ongoing press coverage of boldstart themes: every Fortune 500 is a tech company, developer first, and security including FortuneTechcrunchWall Street JournalBusiness InsiderSaaStr podcast, and more…

Fortune December 2019 Investor Roundtable

No matter what economic cycle we go through, Fortune 500 companies need to invest in software.”
Ed Sim, Boldstart Ventures

Enterprise Tech in 2019

Amara’s Law: “We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.”

While the cloud wars, AI, automation, and digital transformation dominated the enterprise headlines in 2018, we have to remember that we are still early in the cycle. In our enterprise world, a large Fortune 500 can’t just flip a switch and close data centers and move to the cloud wholesale. There are other considerations like people, process, culture (see Dean Delvechhio’s, CIO Guardian Life,keynote at AWS), dreaded legacy technology and debt embedded in mainframes, COBOL, and other stuff they don’t want to mess with. Consider 2019 another year of blocking and tackling as the Fortune 500 continues their march to the cloud.

    1. Still in second inning for enterprise move to cloud: Regardless of what economic cycle we endure, the Fortune 500 march to a cloud-native architecture will continue. For the more advanced enterprises who have migrated to the cloud, this will be a year of net new technology and building applications. Along these lines, we are starting to hear serverless more and more from the Fortune 500 and see this trend reflected in the sales pipeline at iopipe which has gone from mostly startups to larger companies. While developers can now spin up applications faster than ever before, one of the downsides is the complexity of managing these distributed applications and technologies. Watch for startups solving this problem with a focus on observability, reliability, security and automation.
    1. Privacy engineering rules: We can’t go a week without a new data breach or privacy violation; Marriott, Google, Facebook and more. Large enterprises are also complaining about keeping up with so many different regulations like GDPR and the California Consumer Privacy Act (CCPA). Other states are also creating legislation around privacy of a consumer’s data and expect 2019 to be the year that the US creates a national standard. This will be a boon to startups as this encompasses finding PII, securing data, and incorporating privacy by design. This is hitting every market from security to data infrastructure to cloud. Designing software with a privacy-first mentality becomes a core theme in 2019. This will be similar to how AI became embedded in most applications in 2018. BigIDand Dropout Labs address some of these areas, and we are actively looking for new opportunities.
    1. Year of HQ2 and Distributed Teams: It was a banner year for non-Silicon Valley cities as NYC and Northern Virginia were selected as Amazon’s HQ2. Google also unveiled plans to double its NYC employee base to 14k. In startup board rooms all across the United States, founders and investors are asking how do we keep scaling our teams? We will see many more startups created with fully distributed teams from the beginning or layer in an HQ2 as it becomes even more expensive and difficult to scale in the prime geographies. Rather than be seen as a negative to funding and scaling a business, this will be seen as a huge positive!
    1. Balanced growth vs. growth at all costs: No conversation about 2019 will be complete without considering the uncertain economic, financial and geopolitical environment in which we are currently living. The 10 year bull market where every company’s revenue chart is up and to the right is over. Many startups were funded on growth alone and this is the year that efficient growth plays a huge part in determining who the next winners will be. Startups should also make sure they are well funded for 24 months and have contingency plans to put on the brakes in case another nuclear winter occurs. Look at 2001 and 2008’s Lehman collapse and Sequoia RIP Good Times deck for lessons learned.
    1. Seed funds back to basics in 2019: We highlighted the barbelling of VC in the year-end 2017 update and see this continuing in 2019. Either you’re a mega fund or an early stage fund, being caught in the middle is a place you don’t want to be. On the seed side, we are seeing more firms focus on smaller and more concentrated portfolios instead of a spray and pray mentality. Consider this a back to basics approach the way VC used to be in the Arthur Rock days. There is so much money out there at the seed stage and specializing, focusing, and concentrating paves a path to success. This is what boldstart is all about, leading that first check round, rolling up our sleeves, and leveraging our Fortune 500 CXO network to accelerate the path to product-market fit.
    1. Enterprises buy new technology, stop selling them: When speaking with IT Execs in 2018, I repeatedly heard the common refrain of “I wish startups would stop spamming me” and “my voicemail is filled with vendors.” When we asked how they find new technology, their answer was clear; research on the web, word of mouth, and their teams, i.e. what are devs using. The script for selling and catering to the enterprise is flipping to the point that these large organizations will find you instead of being sold to. This has huge implications for how startups build their products and go-to-market teams with a focus on ease of use, dev evangelism, content marketing, a tilt towards inside vs field sales, and much more. This “bottom-up” strategy, especially for developer first and product-led growth companies, will continue in 2019. Winning the hearts and minds of developers matters and building the GTM around conversion and upsells will be key.
    1. Low code, no codeThere are 31 million developers on Github and more added in 2018 than the first six years combined. That stat is simply astonishing, and this theme is all about bringing on the next 31 million devs or what we call “citizen developers.” Much of the technology today has been built around abstraction making it easier and easier for devs to go from code to production. Many of today’s applications are actually a polyglot of APIs, third party packages, and services like Twilio, Auth0, and others allowing developers to rapidly assemble new scalable applications.This trend of allowing less experienced developers or even business analysts to build apps in a day will continue and unlock the next wave of “new devs. While they may not be building mission critical applications, this will certainly remove the bottleneck for many business departments to do it themselves without waiting for engineering. See a recent Business Insider article with more of my thoughts. Manifold and Dark are inline with this theme with a dev services marketplace and an IDE to build an application in a day.
    1. RPA moves to intelligent automation and more software, less services: Companies like UIPath and Automation Anywhere had banner years for growth in 2018 and will do so again in 2019. That being said, RPA while automated is still not intelligent so expect 2019 to see more ML and NLP layered into these processes. One other opportunity is that 1/2 to 2/3 of every automation project at the Fortune 500 is still spent on services and not software. 2019 will be the year we see further segmentation in the multi-billion dollar automation market and opportunities for startups to bring new solutions characterized by shorter deployment times, ease of use, and less maintenance. Enter portfolio companies Catalytic and Clay as examples with a respective focus on people friendly and dev-friendly automation. FortressIQ is also one to watch as it uses machine vision and NLP to mine business processes to help determine how work is being done and what to automate.
  1. Blockchain = supply chain: The crypto markets were white hot in early 2018 until they weren’t. Many of the smartest entrepreneurs were leaving their companies to start a new blockchain or crypto company. Many of those went back to doing other things. For those who have the fortitude, 2019 will be the best year to build an enterprise blockchain company with all of the hype removed. That being said, blockchain will not solve all of the world’s problems but we believe use cases in supply chain and data governance will be two big areas in the future. Mstate and blockdaemonwill be well positioned for this opportunity.

Thanks again for all of your support, and here’s to a healthy and prosperous 2019!!!

Sincerely,

Ed, Eliot, Jeff and Max

also posted on Medium

Enterprise SoftwareVenture Capital

boldstart in 2017, enterprise tech in 2018

Posted on by Ed Sim

2017 Recap

2017 was another year of growing, learning, investing and partnering with amazing founders. Once again, we are grateful to have the opportunity to work with so many amazing founders, advisors, co-investors, and other collaborators to bring the boldstart family together.

Before diving into yet another year and list of predictions for enterprise in 2018, we’d like to recap a few thoughts and moments from 2017.

  1. We were first check leads in 8 founding teams including Wallaroo Labs, MState (fka hyperfab), blockdaemon, and 5 in stealth.
  2. Thematically our new investments include 4 targeting the “Rise of the Developer,” 3 in “Intelligent Automation,” and 1 in “Decentralized Computing;” geographically 4 are in NYC, 3 in Bay Area, and 1 in LA (more on our themes)
  3. 6 portfolio companies raised Series A financings including ManifoldHypr, and 4 unannounced, 1 raised a Series B (unannounced), and Security Scorecard raised a $28mm Series C.
  4. 2 exits including yhat (sold to Alteryx — AYX NYSE) and init.ai, one an early investment in a data science platform and the other on NLP for developers.
  5. We co-founded MState (fka hyperfab, read Coindesk article) with Rob Bailey to help bring enterprise company building expertise and Fortune 500 connections to the blockchain community. Our partners include IBM and one unannounced Fortune 50.
  6. We built out our CXO advisory board and further cemented our Fortune 500 relationships to help our portfolio cos scale from “founder-market” fit to product market fit in an accelerated timeframe (meet our advisors). This resulted in tons of collaboration with large enterprises ranging from product feedback to pilots and customer relationships.

Enterprise Tech in 2018:

“The Law of Accelerating Returns” by Ray Kurzweil is truer than ever before: the rate of change in a wide variety of evolutionary systems (including but not limited to the growth of technologies) tends to increase exponentially.

1_T2mgRWcGugiSXs_kRsRQVg

In other words, today is the slowest rate of technological change you will ever experience in your life and doing nothing is worse than doing something. Keep this in the back of your mind as you think about the biggest transformation in enterprise tech; the re-platforming of corporate America from legacy to cloud/hybrid cloud and monolithic software apps to microservices driven development. With this pace of change accelerating, everyone will have to move earlier in the food chain; corporates will need to work with earlier stage startups (we are experiencing that phenomenon in our portfolio) and VCs will have to go earlier to invest in those founders before they take off.

  1. NYC has deep enterprise tech: the NYC you imagine that is full of ad tech and media is not the NYC that we see. Some of our latest investments in NYC include founders building companies in serverless, open source data streaming, decentralized biometric security, splunk for customer data, and developer productivity for dynamic code testing. There will be more deep enterprise tech startups founded, funded, launched, and scaled out of NYC in 2018. The talent base is improving, the customers are here, and the west coast VCs are paying attention. A sidebar is that NYC is and will continue to be one of the best places to launch any crypto-related company with Consensys as a base, the large number of fin tech entrepreneurs in NYC, and also with IBM in close proximity, one of the leaders in the enterprise blockchain. That is why we are also so excited about Mstate.
  2. Continued barbelling of VC will continue in 2018:. Either we see lots of smaller or seed funds at one end of the barbell or mega funds on the other end. It’s increasingly becoming tough to be caught in the middle to maintain ownership in your winners, and we will see more established VCs like Sequoia raise mega funds to counter the Softbank Vision effect. As for us, we are continuing to double down on our old school VC model, first check in, leading or co-leading, and rolling up our sleeves.
  3. CIOs are the new VCs: this is the year that Chief Information Officers start acting more like VCs. Corporate America is pressured to decrease costs and improve customer interactions and every Fortune 500 is a technology company. Expect this trend to continue and what this means is that CIOs will take a portfolio approach, make some bets, and double down on their winners. There will be lots of room for startups to wedge their way into large corporates and they will have every opportunity to turn pilots into production. This speed of adoption of new tech will accelerate at the largest enterprises, and they will be reliant on early stage startups to do so.
  4. Rise of the developer in the Fortune 1000: According to Gartner 75% of app development supporting digital business will be built, not bought. There are more devs, more corporates who need more dev tools and services, and we are seeing continued adoption in the largest companies. Tied to this will be a need for a hybrid, cloud/on-prem deployment and we are excited about portfolio companies like replicated that play to this future.
  5. GDPR is the next Y2K: GDPR kicks off in May 2018, and we are convinced it is going to be a massive problem and will sneak up on many enterprises.GDPR is all encompassing and focuses on protecting a customer’s PII (personally identifiable information) and hits every segment of the data pipeline from how developers access data as they create new apps to finding and monitoring all of a company’s PII to eventually allowing end users the right to be forgotten. This will be a huge boon in data and security spend in 2018 directly tied to this.
  6. Enterprise blockchain will prove itself: Cryptocurrencies are hot but the tech powering this, blockchain gets less attention. 2018 will be the year that many Fortune 500s that are piloting this tech will bring applications into production. There’s been lots of buzz for the need for a shared, distributed ledger but 2018 is the year we see production level use cases in the wild.
  7. Rise of Chief Data Officers: As the value of an organization’s data continues to rise, we will see many more Fortune 500s create the Chief Data Officer position. This is a trend that kicked off over the last 2 years and will only accelerate in 2018. This role is crucial as companies look to consolidate to a data lake (cloud or hybrid cloud) to prep for a future driven by AI and machine learning. Investment opportunities will abound as data ops becomes the new dev ops and the need for pipelining software to go from raw data to prepped data increases. This Chief Data Officer will also be responsible to manage the impact of GDPR (see above).
  8. AI is not a market, AI is embedded in every application: AI is not a market, it’s an enabling technology just like Java, wireless, and blockchain are. We said this in our predictions last year for 2017 (AI is table stakes) and this will accelerate in 2018. Some call this “ambient AI” and I just call it software. The real enterprise use cases that will continue to scale is the automation of the back office and the move away from robotic process automation (RPA) to Intelligent Automation (cognitive layer) and the continued move from AI in the back office and moving to the front office in every industry.
  9. Move to cloud accelerates, serverless hits early majority: We are still at the tip of the iceberg as enterprises move from legacy to cloud or hyrbrid/cloud. AWS has dominant market share but multi-cloud becomes a must-have for most Fortune 1000 organizations. This includes choosing best of breed by cloud vendor (Google for tensorflow, AWS for s3 and serverless, etc) and also distributing workloads over multiple clouds. With this, serverless and event-driven workloads will continue to proliferate as companies move beyond AWS Lambda and start using Google Cloud Functions and other solutions.
  10. Dev Sec Ops is the hot topic in security: With the velocity of software development and the reuse of software components, building in security at developer level becomes a must have. Securing open source dependencies like our portfolio co Snyk, managing service to service authentication and policy, encrypting traffic and more become hot areas in 2018.
  11. Quantum dabbling: We will hear about more and more enterprises explore the use of quantum. In 2017, new languages were created from companies like Microsoft and IBM to take classical algorithms and help repurpose for quantum, and this will accelerate in 2018 as the Fortune 500s start building out skunkworks teams to explore use cases. We are still a few years away from having a quantum computer perform calculations faster than a classical machine but once that happens, there will be tremendous opportunity for startup activity.

Previously posted on Medium

SecurityVenture Capital

Thoughts from RSA and the Climate for Security Startups The year ahead in security tech and VC

Posted on by Ed Sim

Just getting back from a few days at RSA. We kicked it off Sunday night with a boldstart founders and execs dinner where we talked about what’s next in cybersecurity with some of our portfolio companies like security scorecard, bigid, snyk, stealth co and many friends from the industry representing strategic partners and IT buyers. After a couple more days of straight security talk with lots of new vendors, VCs, strategics and CISOs, I wanted to share a few observations. Many of these are not earth shattering but important to cover nonetheless.

  1. There are way too many cyber security startups. A record $3b went into these companies in 2016 and $2.5b in 2015. Many startups are features or products and not businesses. Each category and mini category used to only have a few vendors and now you can expect up to 10. Lots will struggle and go out of business and industry consolidation is ahead.
  2. That being said, cyber security budgets keep increasing! Banks like JP Morgan spent $500mm on security and yet they are still not secure. While many large cos will still buy from best of breed startup vendors, the landscape is changing as Palo Alto Networks and Symantec keep incorporating new tech and provide an integrated seamless stack.
  3. Which leads me to my next point. One CISO of a large bank told me that his team met with over 300 vendors last year. Large companies can’t possibly integrate all of these disparate technologies and the more you have, the more false positives you have.
  4. Rise of Nation State attacks – more sophisticated and deadly – many are targeting the largest financial institutions.

    Read More