I think just about a week ago or so, I wrote a blog as to
how the Merger and Acquisition Activity Is going to further fuel the growth of the
Cybersecurity industry in the coming years.
Part of this is the larger companies buying out the small ones, and also
Venture Capital (VC) and Private Equity (PE) firms taking part in the mix as well.
Obviously, these latter group of people don’t want to hold
on to their new assets for too long, as they want to make money them as well.
This has prompted a new trend in the Cyber industry for
people to launch startups with all of the bells and whistles, so that they will
look attractive to a potential buyer.
But that is far as they will go, and now it is starting to backfire on
them, as the VCs and PEs want something of substance and value as well when
they make their purchases.
After all, they just can sell air either, right? In fact, in many ways it feels eerily resemblant
to that of the late 90’s – as long as you had a .com in your name, you were
guaranteed to get something. So, what is
an investor looking for, and how can you increase your chances of getting some
funding?
Well, I came across an article that actually takes the opposite
approach, and instead, points out the warning signs that a VC or PE looks for.
So what are they?
Here we go:
1)
Hiring from the Dark Side:
In simpler terms, this means that a
company has hired an individual(s) who have been illegal, hard-core hackers in the
past (hence the name “Black Hat”), but now have turned over to the good side.
Who knows why they do this, but businesses want to scour up these individuals
in order to have access to their knowledge and hacking skills. Unfortunately, VCs and PEs don’t look at this
away. They simply will not invest in a
startup that has hired these kinds of individuals. They simply don’t want their good name associated
with anything illegal that may have happened in the past. I can see where they are coming from on this,
after all, they are potentially investing a lot of money, and don’t want anything
bad to happen. But I don’t agree with
this. To me, what has happened in the past stays there. You have to evaluate what the assets you have
now, and everybody deserves a fair chance to prove their worth. What I would tell a VC or PE is that you are
taking a risk in other areas of the transaction, so why are you afraid of this one?
2)
Stop the bells and whistles:
This goes back to what I said before. Cyber startups need to come up with something
solid, whether it is a product or service.
In other words, just don’t chase what is red hot at the moment, because given
the ever-changing dynamics of the Cyber Threat Landscape what is red hot today could
turn out to be ice cold tomorrow, to varying degrees. Also, make sure that your new product or
solution actually meets the needs of your existing customer base and
prospects. Sure, this could take some
market research, but if you want to get that funding or be acquired, you need
to do this. VCs and PEs are looking at
this very heavily now, especially from a business model standpoint. They all know it will take time to get something
to market and to start making money off of it, but they want to see that the
potential actually exists, and that could be something viable. Some of the areas that they are interested in
are services surrounding the Cloud, the Remote Workforce, and especially given today’s
times, the Zero Trust Framework. Cyber
vendors are also notorious today for creating solutions that creates alerts and
warnings for the Cyber team, but that is fay as they go. They do not make an attempt to actually
solve a problem. This is yet another key area that VCs and PEs look
at, as they think that this will give them a differential advantage in the
marketplace after the acquisition has been complete.
3)
Hiring former government or military
personnel:
For some reason or another, VCs and
PEs will not invest in a start up that is run by individuals in these
backgrounds. Honestly, I don’t why. They simply feel that they do not have the real-world
experience. But IMHO, this is the most ludicrous
statement ever concocted. For example, I
have had the honor and privilege of interviewing many ex-government and military
personnel who have started their own Cyber companies, and are quite successful
at it. If I ever reach to the point
where I can invest in a Cyber startup, I would rather spend my $$$$ on a
startup headed by these kinds of individuals rather than some kid right out of
Harvard or MIT. These people have the discipline
to get things done, and have even deeper levels of experience, given any covert
work they may have done for the government.
4)
Creating solutions that are not defensive in
nature:
This is yet another one I cannot quite understand. Simply put, VCs and PEs will not invest in a
Cyber startup if there solutions and/or products are offensive in nature. In other words, forget about developing the next
generation of Penetration Testing Tools, but instead come up with a softer
version of it, one that is defensive in nature. To me, this does not lead to a
proactive approach or mindset which is so badly needed in Cybersecurity
today. If it was me, I would much rather
invest in a company that is developing solutions that will help businesses take
this kind of approach when it comes to building up their respective lines of
defenses.
My Thoughts On This
So long story short, if you are Cyber startup, and want to
receive some sort of VC or PE funding, or even want to be bought out for that
matter, go back to the traditional ways of creating something. Find something you are passionate about in
Cyber, and then go from there.
Your passion will be your guide in building something that
can not only meet the needs of people, but will be attractive to investors as
well.
Perhaps just a build a better mousetrap to get started
with. And don’t forget this one cardinal
rule: Always provide great customer service. With all of the technological advancements
that are happening today, people yearn for the days when life was purely simple
and straight.
They are sick of bells and whistles. Deliver something of quality and value that
could meet their needs, and you will be all set.
No comments:
Post a Comment