Thoughts from RSA and the Climate for Security Startups The year ahead in security tech and VC

Just getting back from a few days at RSA. We kicked it off Sunday night with a boldstart founders and execs dinner where we talked about what’s next in cybersecurity with some of our portfolio companies like security scorecard, bigid, snyk, stealth co and many friends from the industry representing strategic partners and IT buyers. After a couple more days of straight security talk with lots of new vendors, VCs, strategics and CISOs, I wanted to share a few observations. Many of these are not earth shattering but important to cover nonetheless.

  1. There are way too many cyber security startups. A record $3b went into these companies in 2016 and $2.5b in 2015. Many startups are features or products and not businesses. Each category and mini category used to only have a few vendors and now you can expect up to 10. Lots will struggle and go out of business and industry consolidation is ahead.
  2. That being said, cyber security budgets keep increasing! Banks like JP Morgan spent $500mm on security and yet they are still not secure. While many large cos will still buy from best of breed startup vendors, the landscape is changing as Palo Alto Networks and Symantec keep incorporating new tech and provide an integrated seamless stack.
  3. Which leads me to my next point. One CISO of a large bank told me that his team met with over 300 vendors last year. Large companies can’t possibly integrate all of these disparate technologies and the more you have, the more false positives you have.
  4. Rise of Nation State attacks – more sophisticated and deadly – many are targeting the largest financial institutions.

    Read More

our journey to an oversubscribed fund iii for first check enterprise boldstart closes $47mm fund iii for first check, enterprise founders

 

This is a story about starting an enterprise seed fund called Boldstart in 2010 and our journey in enterprise since 1996. Despite our firm being a little over 6 years old, our individual stories go further back. We each independently fell in love with enterprise software 20+ years ago as seed investors (cos like gotomeeting/Citrix, greenplum/EMC, livperson/IPO LPSN) and founders (workmarket, onforce/Adecco, spinback/buddymedia/salesf0rce) and are now benefiting from the ecosystems, knowledge and network that we’ve collectively developed.

What seemed like a big bet in early 2010 was only us pursuing our passion. Our goal was to be the best first check partner for enterprise founders, bringing the value add of a VC firm while moving with the speed and conviction of an angel investor. We set out to build boldstart at the height of mobile app mania and viral growth and were faced with questions about our focus on enterprise and NYC. At the time there were only a handful of micro-VCs in existence, and despite going against the tide, we felt that the opportunity to build the first and best enterprise seed fund was a dream worth pursuing.

Today, we are super excited to announce our final close of $47mm for fund iii. This was oversubscribed from our initial target of $30mm

Read More

One VC’s take on NYC and Enterprise Tech enterprise tech in NYC on the rise!

When Willie Sutton, the prolific bank robber, was asked why he robbed banks, he answered, “because that’s where the money is.” When asked by investors in early 2010, why we were starting a seed fund focused on enterprise and leveraging NYC, I answered with Willie’s quip but also said, “because that’s where the customer-driven talent is.” One of the key criteria for successful enterprise investing besides team, product, and huge markets is ensuring that you invest in a “must-have” and not a “nice-to-have” solution. When companies are born out of real pain, more often than not this criteria is wholly satisfied!

I bring a unique perspective to this conversation having been a VC based out of NYC for the last 19 years (wow — am I dating myself!). While I have had my fair share of failures, I have also been a first round investor in many enterprise successes both in and outside of NYC, including leading or seeding the first round in LivePerson ( NYC, current market cap of $650mm), Greenplum (sold to EMC, now Pivotal), GoToMeeting (sold to Citrix, now Citrix Online doing over $600mm+ revenue), Divide (NYC, sold to Google), blaze.io (sold to Akamai), GoInstant (sold to Salesforce.com) and a few others.

Necessity is the mother of invention

As I think about common characteristics of great enterprise startups that I have had the pleasure to work with in NYC, I think about entrepreneurs building companies based on great pain, a deep understanding of the customer problem because they are customers themselves, and from that, using their computer science backgrounds to engineer a better and more scalable solution. Many of these great founders are simply hidden in larger companies, developing software for non-tech firms and functioning where tech is more of a support role versus front and center in terms of driving revenue growth. This is much different from entrepreneurs leaving established software vendors wanting to create a bigger, better, and cheaper mousetrap with a “great technology in search of a problem to solve.” While starting with a customer pain is great, the big question for many of these startups is whether or not this pain is a one-off or a market problem that is massive enough to attack.

Success Breeds Success

Divide

1 NIGdT5UjTHoG1GEtLB5GQw

When we first met Andrew Toy and Alex Trewby in mid-2010 they were VPs Wireless at Morgan Stanley and experiencing a huge pain point — employees were bringing in their iphones and android devices for personal use while still using their blackberrys for corporate purposes. Like any great entrepreneur, they asked the question, how do I solve this problem with software and allow companies to have the peace of mind and security policies needed for them while also allowing employees to use their existing devices. The challenge was to create a separate sandbox that could be easily used and understood. Rather than forking off android, Andrew and Alex built an App, something consumers could easily understand and yet make it easy for huge enterprises to deploy. The big bet in 2010 was that we would move to a BYOD world and that Android would become a dominant mobile platform (at that time, it was a big bet!) Hence Divide was born and 4 years later sold to Google and now branded as Android for Work with a stated goal of being on a billion devices. Pretty cool for two ex-technology execs at a financial services firm!

Security Scorecard

1 yyZnxDy2wAUnj5Yin0KuOA

We first met Alex Yampolskiy and Sam Kassoumeh in-mid 2013. They were both formerly Chief Security Officers at Gilt Groupe and were experiencing major pain in their day to day jobs. They were in charge of auditing the security of every vendor that touched the Gilt platform and all of it was done manually through intensive Q&A and when in doubt, via an expensive security audit from a consulting firm. As Alex and Sam spent many cycles on this method, they asked themselves if they could continuously scan the security of their partners in a non-intrusive way. It was already clear that software was moving to the cloud but less certain was the belief that a company is only as secure as its least secure partner and continuous monitoring would be imperative. From this, security scorecard was born. SecurityScorecard provides precise global threat intelligence and risk awareness continuously and non-intrusively so businesses and their partners can collaboratively predict and remediate data security issues. Fast forward 15 months from the initial seed round, and they have landed several large customers and closed a $12.5mm Series A with Sequoia Capital, founding investors in some phenomenal, multi-billion dollar security companies — netscreen, palo alto networks, and fireeye.

I could go on and on about many other great enterprise companies in NYC, but you get the point — find a massive pain that you are experiencing and living with first hand and create a software solution around this. It is this unique understanding of the customer that we will see time and time again as new enterprise-related startups in NYC are launched. It is also this deep domain expertise and understanding of the customer that will allow many enterprise startups in NYC to flourish, especially as we live in a cloud-based world where switching costs are not as high as they once were.

Bottom Line

The idea of NYC enterprise startups succeeding should no longer be a laughing matter. We have great entrepreneurs, companies, talent, and investors ready to capitalize on Willie Sutton’s vision — NYC is where the money is (see Jonathan Lehr’s great overview on NYC Enterprise Tech). We at boldstart ventures feel quite fortunate to be invested in a number of enterprise related startups in NYC like security scorecard, divide, truly wireless, handshake, yhat, and bowery.io and are excited about the future of enterprise tech in NYC. We have seen more success stories in the last 3 to 4 years versus the 10 years before that, and we expect this rapid innovation to continue. While many of these companies are engineers coming from large Fortune 1000 type companies here in NYC, we are also increasingly seeing founders leaving the more established tech companies like Google, OnDeck Capital, and Gilt to pursue their dreams.

As I write this I am wondering who the next entrepreneur will be that is hidden in the bowels of a more established company, feeling massive pain everyday, and ready to launch the next unicorn like MongoDb. Is that you?

(reprinted from my post at Medium)

Startups and Intellectual Property (IP)

Lately questions about Intellectual Property or IP have been cropping up left and right.  Eliot Durbin (my partner at BOLDstart Ventures) and I had a long discussion this morning in preparation for his panel today about IP and patents.  Last week, we met with a company and when we asked about their core IP, they launched into a 5 minute discussion about the various patents they filed.  Do startups really think patents are going to make or break their business?  Yes, having core tech or IP matters but patents are a different question altogether.  Your best protection is continuing to focus on building your business, your product, and getting market share.  So what is my and BOLDstart’s stance on IP and startups.

1. We look at the team and the product and market first

2. We like to think that all of our investments have IP.

3. IP does not mean patent.  IP in our mind is your “secret sauce” for doing what you do better, cheaper, and faster than anyone else. Its great if you filed for a patent but that is a long process taking 18-24 months and by the time you get a patent the market opportunity may have already passed you.  Focus on building your product and market share, not on patents.  That is your best protection and competitive advantage.  Waiting for the patent office to tell you that you have a patent is a nice to have, not a must have.

4. Even if you have a patent, it takes tons of time and shitloads of dollars to defend.  Trust me, I’ve been there, and it seems to me that the only person making money in these cases are lawyers.  In addition when defending patents you will inevitably fight with the big boys with billion dollar balance sheets so that is not a place to spend your time and money.

5. Don’t start a company where there is already a patent battle brewing like email on phones.  We are looking for innovations, the next big thing, not yesterday’s way of doing it.

Hopefully that gives you a good perspective on our view on IP, patents, and startups.

What entrepreneurs can learn from Jeff Spicoli you don't have to have all of the answers

I know I may be dating myself here, but over the past few weeks I couldn’t help but think about the movie Fast Times at Ridgemont High and one of the standout characters, Jeff Spicoli.  When asked by Mr. Hand, his teacher, why he keeps coming late and wasting his time, Spicoli answers, “I don’t know.”

 

In several meetings with entrepreneurs during the past few weeks, they would have been better off answering like Spicoli rather than giving me some hollow bull shit answer.  I want to make it very clear that I don’t expect entrepreneurs to have all of the answers to my questions.  In fact, many questions I have may not have an answer today so “I don’t know” will be your best answer. My one caveat is that the “I don’t know” is followed by a how might you figure out the answer or a when might you figure it out.  This line of questioning is really just another way to test how you think and determine how our working relationship might be were I to invest.  I would rather have the honest “I don’t know but I’ll figure it out” then a made-up answer that will never allow you or your investors to really understand what is driving your business.

Reflecting on passed investments important to look back and discover patterns on your decision making

Every 3 months I dig through my “passed company” folder to look at what investment opportunities we passed on and why.  Inevitably, there are a few companies that are near-misses, but we end up passing on for whatever reason.  Did we pass because we didn’t think the team was great or because we didn’t believe that they could get a product launched?  Did we pass because of lack of traction in the beta release or because of concerns on valuation?  Looking at my “passed company” folder gives me an opportunity to test our reasons on passing and to see 3 months later if the entrepreneurs could actually execute or prove our concerns wrong.

While many times I find doing this reflection further confirms our reasons for passing, I also find myself from time-to-time sending up a follow up note to check in on these near-misses or doing a quick Google search to see how the company has progressed since our last communication.  Inevitably, there will be a few that “got away” and seem to be doing quite well.  No one is perfect and looking back every quarter gives me an opportunity to better hone my investing acumen and further refine my understanding on what separates a potential winner from a loser.  Many times we are so busy that we can only look forward to the next new thing or next hot deal, but I encourage you to occasionally take a step back, look in the rear-view mirror, and learn from your past history.  I promise you that this reflection will only make you a better investor in the long run.