Investing in lines not dots: Our investment in Secure Code Warrior

Hanging out with Pieter (CEO — middle) and Eddie (Chairman — left)

A lot of founders get advised that the best time to speak to an investor is only when you’re ready to raise money.

I’m not sure where this comes from — but I think it’s terrible advice.

Many of our best investments have been with teams we met extremely early on in their journey. Often they weren’t fundraising when we first met. Often they hadn’t even started the company. But in every one of those meetings we loved the vision and wanted to get to know the team better.

Sometimes this means we’ll have known a company for a year or more before they’re ready to raise. This gives us time to understand what really makes founders tick. The same also works in reverse — founders can get to know us and understand how we work with our companies.

Each interaction we have with a team is a dot, and over time we can connect those dots into a line.

This is what happened with our latest investment — a cybersecurity company called Secure Code Warrior — and shows exactly why we love investing in lines, not dots.

We first met Pieter, the CEO, in August 2017. At the time they didn’t need to raise any money — and they’ve continued to grow so fast that they still don’t. But we loved the vision and so spent the last 12 months getting to know the team, helping them recruit and develop their go-to-market strategy, while we waited for the right time to invest and help them accelerate even faster. By the time we actually closed the round I think we both felt like we’d been working together for ages already.

Secure from the start: empowering developers to write secure code

What we really love about Secure Code Warrior is that they are building a cybersecurity platform aimed squarely at developers. They started as a training platform that helped developers better understand how to write secure code, and have since built out a suite of tools that sit within their development environment (IDE) and identify code vulnerabilities in real time.

Empowering developers to write secure code is exactly the sort of ambitious vision we love. With the high-profile attacks on companies like Equifax and Target — cybersecurity has become a board-level issue for every large organisation worldwide. And as software eats the world, even traditionally non-tech companies like banks and retailers are essentially becoming giant software companies. Companies like JPMorgan and HSBC now have more developers than Facebook.

And with developers pushing code to production on a daily (or even hourly) basis, there’s no longer time for a separate security ops team to ensure code security. Teams are moving towards DevSecOps — a paradigm that shifts responsibility for cybersecurity from the security ops teams to the developers themselves. There are 23 million software developers around the world — and nowadays every single one of them needs to be thinking about the security of their code.

This is exactly why Secure Code Warrior has been growing so quickly.

We’ve looked at a lot of companies in the cybersecurity space in the last few years, and they are easily the fastest growing we’ve come across in a long time. They only started out a couple of years ago, but have already pulled together a great list of bluechip clients — including Australia’s largest six banks and many of the world’s largest companies in telecommunications, technology, retail and airlines. More than 70% of their revenue is already coming from Europe and the US. This is already a global company that just happens to be headquartered in Sydney.

Australian cybersecurity — an emerging ecosystem

Five years ago, the ecosystem of Australian cybersecurity startups was virtually non-existent. Compared to the rich environment for cybersecurity startups in places like Israel and the US, the Australian landscape was more like a primordial soup — a few talented individuals working on different projects, but no real sense of momentum or co-ordination.

But a lot can change in 5 years. With the success we’ve seen with companies like Nuix, Upguard and Bugcrowd, along with great initiatives like AustCyber and incubators like Cyrise — there is a real sense that a strong cybersecurity ecosystem is emerging here in Australia.

This is an area where Australia can play to our strengths. We have a deep bench of highly technical founders as well as real strengths in areas which are becoming critical to security — such as dev tools, internet of things & artificial intelligence. I think we’re going to see more and more ambitious cybersecurity companies like Secure Code Warrior emerge from Australia and go on to build big global category leaders. We’re looking forward to helping them get there faster.


Any other cybersecurity players out there with a big vision — send me an email james@airtree.vc or tweet me @jamesdcameron… Never too early to get in touch! Also, sign up to our newsletter, if you’d like to get more updates like this in your inbox.