Check out all the on-demand sessions from the Intelligent Security Summit here.
Andy Ellis, the former CSO of Akamai Technologies, has joined YL Ventures as an operating partner. Ellis will draw upon his experiences as a security decision-maker to advise startups on a broad range of services, including product development, go-to-market strategies, and customer pipeline management.
YL Ventures funds Israeli cybersecurity companies from “seed to lead,” but the support goes beyond just funding, Ellis said in an interview with VentureBeat. YL Ventures provides strategic and operational guidance to the companies in its portfolio “in the time that YL’s going to be part of their journey,” Ellis added. The firm also publishes the CSO Circuit, a newsletter that tells startup founders what CSOs need and what the market is currently looking for to help shape product roadmaps and sales strategies.
The support could be as straightforward as access to a marketing or press team before the company is big enough to have its own. It is also about time and practical advice, with YL acting as an advisor on anything the founders and their teams need help with. Ellis makes himself available “anywhere in the pipeline that I can be useful,” such as joining the company on a customer call, providing feedback on product design, advising on the product roadmap, helping develop the marketing presentation, and advising on how to recruit and develop talent.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Ellis spent 20 years at Akamai and grew the security business to more than $1 billion in annual revenue. As the CSO, he dealt with the challenges enterprise security leaders face in developing a security program, as well as deploying and integrating multiple platforms and technologies. One thing he regularly encountered was the question of how to protect as many people as possible — security at scale. “I can bring some of the lessons about solutions that didn’t always work because they were great on paper and in the pilot [but not across the entire organization],” Ellis said.
He also has the vendor perspective, thanks to “secondhand experiences across thousands of CSOs” while working with Akamai customers. He knows enterprise leaders have budget constraints and integration challenges and can advise security companies on how to address those specific needs. On the selling side, he understands how different dynamics play out in different marketplaces and knows the difference between selling to financial services, retail, and manufacturing.
One of the challenges early startups face is shifting their focus from investors to customers. The first slide deck a startup creates typically leads with how much it has already raised and is designed to sell the company to VCs. You almost have to throw that entire deck out and start over with a presentation that considers the target market and what the customer cares about, Ellis said. A cloud-native business, for example, will want to know how the technology will solve the problem it is having.
“How much money you raised is a signal that says, ‘Maybe you have a great idea, but the idea [technology] is what you want to talk about and should always be what you’re talking about in selling the business,'” Ellis said.
What enterprises care about
YL Ventures consults with CSOs — there are over 90 CSOs on the advisory board, as well as a less formal network of a thousand security leaders — to “get market feedback before making an investment,” Ellis said. These conversations help YL Ventures stay up to date with the challenges organizations are facing and understand any needs and gaps in the industry. This collaboration helps YL Ventures decide which areas to focus on and which security companies to add to their investment portfolio. Ellis joined that advisory board about four years ago.
“Sometimes the input was ‘Wow, brilliant people, but this technology is never going to sell in the market,'” Ellis said. “Other times it was, ‘Oh my goodness, I want to do this one.'”
YL Ventures currently manages over $300 million and is investing from its fourth $135 million fund. Its portfolio is currently focused on the following areas: application security and securing code; security controls for software-as-a-service applications; extended detection and response (XDR) capabilities; next-generation cloud security solutions; and data security. YL Ventures is betting on these technologies as the areas enterprise leaders are most concerned about.
Over the last 15 years, organizations have built out extensive security platforms to protect the applications and data they have, but those security platforms are left behind when organizations move their applications or data to the cloud, Ellis said. Most public cloud platforms already have “fantastic” security tools, but the challenge is finding them and knowing how to use them, Ellis said. So he will be looking at ways to make it easier to deploy security services in the cloud. This kind of thinking applies to SaaS applications as well, since security teams have to make sure the employees are using them safely and that information remains secure.
“It really does come down to ‘How do we make security easy? How can we give security teams scale?'” Ellis said.
Another area where Ellis sees a lot of CSO interest is in application development, in helping developers build secure code.
“That said, any idea is on the table,” Ellis said. “If a company comes with a brilliant idea and it’s not in those three spaces, I’m totally excited about that too.”
While YL Ventures didn’t provide aggregate totals on how much it has invested in each of these areas, it offered some insights into recent funding decisions.
Key areas of security investment
The sheer number of attacks against applications and the ever-widening attack surface is driving organizations to allocate more resources to application security and secure software development. One emphasis is on security solutions to “shift left” to implement security earlier in the software development lifecycle. The firm led the seed round in application security startup Enso Security, vulnerability management company Vulcan Cyber, and source code protection startup Cycode.
The growing attack landscape means organizations are also increasingly looking for new ways to detect threats and respond quickly. XDR is a new approach that collects and automatically correlates data across multiple security layers so threats can be detected faster and security analysts can improve investigation and response times. YL Ventures led a seed round in autonomous threat intelligence startup Hunters and participated in follow-on rounds.
The shift to the cloud, the growing remote workforce, and rapid adoption of digital transformation initiatives mean enterprise leaders are willing to spend to protect cloud platforms and software-as-a-service applications. This is especially true as more employees are connecting remotely to corporate assets and accessing sensitive data from private devices and networks. YL Ventures led the seed round in Orca Security, a security startup that reached a unicorn valuation in less than two years.
Data security and governance is another big area for YL Ventures, especially as enterprises try to manage the massive amount of data being generated. Organizations have to figure out how to comply with a growing slate of regulations, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. As more states follow California’s example, organizations have to ensure their governance processes and data management practices keep up with each regulation’s requirements. YL Ventures led a seed round in data protection and management startup Satori in 2019.
Other areas YL Ventures invested in recently include authorization (build.security), medical device security (Medigate), and embedded security for connected systems (Karamba).
VCs often straddle the fine line between investing in companies that address the needs of the market and trying to anticipate future problems and find startups that are beginning to tackle those issues. There is an educational opportunity for companies to prepare for the moment when organizations realize they have a particular problem. Ellis gave the example of how organizations started buying technologies to deal with distributed denial-of-service (DDoS) attacks. Akamai was already working on the technology in 2004, before most organizations were even thinking about it. When Operation Payback — a series of coordinated DDoS attacks against financial services and other major organizations — hit in 2010, Akamai was ready. Vulcan Security, a company in the YL Ventures portfolio, is another example. When the company was raising its seed round, very few organizations were thinking about vulnerability remediation orchestration. Just a handful of years later, it is something organizations are actively looking at.
“My favorite part of this business is helping,” Ellis said. “How do you make the internet safer by finding things that scale as solutions that the market needs?”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.