An Intro to Cybersecurity for VC's
A cyber operator's guide to learning about the cybersecurity industry for people working in venture capital and private equity.
Introduction
The cybersecurity industry is noisy and it changes. Fast.
There's no shortage of cybersecurity firms starting up every week and there's no shortage of venture capital firms investing in them.
For some people familiar with the venture world, here's a hot take 🔥
There are not enough good companies out there to justify the amount of venture funds in existence.
Full post of hot takes on the VC industry can be found here.
In a previous post on On the Art of Selling to Cybersecurity, I summarize the industry like this:
Cybersecurity is field that has daily news of attacks, breaches, and failures combined with a barrage of marketing approaches promising solutions, fixes, and ways to solve all your problems.
As a result, there is TONS of content about cybersecurity. Much of it, however, is very technical for people already in the cybersecurity world as an operator or it's straight sales material.
There's also TONS of content on the business of venture capital. Much of it is very financially technical and covers valuations, multiple of invested capital (MOIC), and internal rates of return (IRR) concepts.
But there isn't a lot of content that helps both audiences. It's really hard to find content that gives you enough context to live in both the cybersecurity and the venture capital world.
Why The Need?
So why the need for this kind of content?
Part of the onus for writing this comes from how often I've been asked about it.
Many VCs I speak with are experts in investing but not in cybersecurity and are looking for an orientation or a guide to make cyber make more sense. So I made one!
I also like the Three Strike Rule about creating content, so the timing was right.
These worlds are fast changing and there has been a widening disconnect between companies, industry analysts, and venture capital funding.
Ross Haleliuk goes into more depth on that very topic here:
Ross Haleliuk
The real reason is that I think the venture and cybersecurity worlds are more related than you might think on the surface:
- Both fields require you to go “a mile wide and an inch deep” (and at times go “an inch wide and a mile deep”)
- Both fields require assumptions
- Both fields require value trade offs
- Both fields require you to put your time, money, and effort into something that may not be fully proven yet
- Both fields require you to make future bets on imperfect data
- Both fields are hard to get into and even harder to become an expert in
With public valuations dropping, capital being more scrutinized, and fewer deals happening in the broader markets at thr time of writing this (late 2022), there's no better time than to get smarter on your investing thesis.
Private and public markets, macroeconomic forces, and the state of current global affairs affects everything and everyone. If you're not looking at these global puts and takes, you might miss something.
This is a guide for both the seasoned investor and those new to the game.
Use this guide as a primer to help you get valuable cybersecurity industry context from a number of angles.
Newsletters & Blogs
The business side of cyber
- Venture in Security - a newsletter about cybersecurity, product-led growth (PLG), and venture capital.
- Momentum Cyber - highlighting M&A activity, Venture Capital, Initial Public Offerings, public market valuations, sector trends and unique industry perspectives.
- Unsupervised Learning - a newsletter finding the patterns in security, tech, and society
- Security, Funded - a weekly newsletter recapping the business of global cybersecurity funding and M&A news.
If you're looking for more "business of cyber" content, check out this list:
Ross Haleliuk
The business of VC investing in public and private companies
- What's 🔥 in Enterprise IT/VC - market observations and commentary from Ed Sim, a VC investing in IT and cybersecurity for decades
- Clouded Judgement - for the more technical and financially savvy investor, Jamin Ball talks about public and private company valuations, MOIC, and more
Cyber news, stories, and current events
- Risky Biz News - news and in-depth commentary from security industry luminaries
- This Week in Security - A weekly tl;dr cybersecurity newsletter of all the major stuff you missed, but really need to know.
Podcasts
Cyber news, stories, and current events
- CyberWire Daily - The daily cybersecurity news and analysis industry leaders depend on.
Get the cyber founder's perspectives
- Sales Bluebird - proven strategies to grow sales at a cyber security company (also has a newsletter).
- Secure Ventures with Kyle McNulty - interviews with founders, executives, visionaries, and creators in the cybersecurity industry.
The macro view
- All-In - covers all things economics, tech, political, and social.
Industry Reports & Papers
For context on evolving threats
- Verizon DBIR - the annual data breach investigation report from Verizon
For context from the Venture Capital side
- State of the Cloud - the annual report from Bessemer Venture Partners on top trends and insights in the global cloud economy
- State of the OpenCloud - the annual report from Battery Ventures on the state of cloud markets and building SaaS companies
Conferences
The events you don't want to miss
- RSA Conference
- Gartner Security & Risk Management Summit
- BlackHat
- Global Cyber Innovation Summit
- Cybertech Global Tel Aviv
(I'll add more international conferences as I continue to add to this list)
Wrapping Up
Why this collection of seemingly unconnected resources?
This isn't meant to be an exhaustive list, but more of a digital garden. Start here and to get acclimated or go even deeper if you're already in the game.
I'll prune, trim, and add to this list as time goes on and as I discover new and different content.
See something missing from this list that absolutely needs to be there? Reach out and let me know!
Cheers,
Mike P