Digging in 2019 — Part I: Cybersecurity
2019 has come roaring in and post our annual Flybridge strategic offsite, I was inspired (ok, truthfully, nudged by my partner Chip) to write about investment areas that currently interest me. Here’s the first installment.
One important theme for me continues to be cybersecurity. Having been a researcher in the field back in grad school and developed infrastructure scale solutions back at Bell Labs, I’ve been investing in the sector since I started in the venture business in 1996. Although I took a planned hiatus from it when I saw the market as overheated/over-invested, I have been more active over the last eight years because of some key drivers in which I still have conviction. The bad guys keep getting badder, and smarter, and the attack vectors more complex and sophisticated. That said, the market remains overheated/over-invested. With this in mind, the three cybersecurity areas that have me most interested right now are the connected home, vulnerable Internet infrastructure and cyber business intelligence.
Connected Home: Homes have become fertile ground for cyber compromises because while most people know how to connect new IoT devices to their WiFi, they have no ability to manage or secure them, leaving those devices and sensitive personal data, available for the taking. Witness the recent Nest cam takeover in the name of PewDiePie and North Korea. Last year, alongside Jeremy Hitchcock, Alec Rooney and Nicole Hayward, I helped found and co-led the seed round in Minim, a company focused on this market need. Minim has built and launched a SaaS solution for managing and securing WiFi devices in consumer homes. As consumers become more aware and concerned about their privacy, I think there is an opportunity to build massive new companies to help protect connected homes. I think there will be multiple winners and I continue to look for innovative approaches to the problem set.
Internet Infrastructure: The Internet is over forty years old and has become brittle / unscalable / un-resilient (next blog post) and incredibly vulnerable, because they were not built with today’s workloads, use cases or bad guys in mind. A few years ago I started looking at the Internet’s core protocols and was fortunate to meet some innovative thinkers who were developing solutions consistent with my hypothesis. I invested in NS1 — rebuilt DNS to make it better, stronger, more secure — and ValiMail — built a messaging security solution to fight impersonation attacks like phishing. I’ve been wondering what other protocols could be taken on in similar ways? Which core Internet services are ripe targets for cyber criminals? Some candidates I want to investigate, include NTP (Network Time Protocol) and Random Number Generation, but I’m open to others.
Cyber Business Intelligence: There’s a dispute over the real number of unfilled cybersecurity roles, but all the pundits I’ve researched estimate it’s currently in the millions. Regardless of the actual number, it seems clear we won’t be able to fill all these open job reqs any time soon, and some technological force-multipliers are needed to help bridge the gap. One area of interest is bringing enterprise-scale business intelligence to cybersecurity — tie together not only the myriad cyber solutions but also integrate other critical operations systems and use AI/ML and visualization to derive signal, insights and produce recommendations. Can this be more than SIEM on steroids? What other ways can the gaps be closed? Are there ways of bringing coordinated automation to help businesses do more than simply try to confront threats?
More on some other areas I am investigating later. In the mean time, please let me know your thoughts, comments, complaints, suggestions!