I’m leaving Napa Valley after attending the True Passwordless Summit hosted by Hypr, one of our portfolio companies. It was a great way to unwind and relax before RSA kicks off in SF. It was also a great opportunity to learn and collaborate with over 2 dozen forward thinking CISOs to discuss what was top of mind. First on the agenda, of course, was why they were deploying true passwordless solutions. Think about this - passwords for computers were created in the early 1960s when one would physically go the computer room, swipe a card for entry, and then sit at a machine to type it in. The inventor never envisioned being able to access a machine remotely from anywhere in the world and hence the security levels are not as high as one would think. Secondly the biggest problem with passwords is that most people have too many services and reuse the same one over and over. There are hundreds of millions of credentials on the internet and it is super easy to run those against a web site to hack in. Hence, true passwordless is the way to go - better security, better user experience, and much lower costs with no more password resets, etc.
Another top of mind topic was how there were way too many security vendors and point solutions and how hard it was make sense of it all. In fact, one CISO showed me his email inbox with 36,000+ unread messages, many from vendors trying to reach him. When asked what his approach to finding vendors was, it was word of mouth from other CISOs, investors, and friends in the market. Oh, and one last thing, if you are a security vendor, remember this, being a CISO is extremely stressful so anything you can do to make life easier is a huge win!
As always, please share and retweet.
This is often done way too late as your sales team ramps!
While not an enterprise startup, never forget to keep the faith. I suggest clicking and reading the full thread.
Worried about being second or third to a new market? Not to worry because “pioneers 🤠get 🏹 in their backs”- an oldie from my blog BeyondVC circa April 2009
If you’re interested in the business of VC, read Brett Bivens’ breakdown on how they’ve been one of the best for over 20 years. Also blows up the idea of thesis driven investing and why it doesn’t work.
Eric Vishria responding to a "request for startup" in the Open Source space:
"We're not top down like that. It is so organic. When an entrepreneur pitches and tells a story that provides an insight that makes you think about the world differently, that's when I get really, really excited. And that's why it is really hard to be top-down and why we don't tend to be particularly thesis-driven."
As for us, we like to send a beacon on the general area we are interested in (enterprise software, developer first, infra) but aren’t so presumptuous to believe that we have all of the answers. With that signal, we can draw in and meet amazing technical founders envisioning products that were never on any VC roadmaps. BigID is a great example of that. We funded it 6 months before GDPR was passed and no one was looking for a GDPR solution for a couple years after that as well. However, the fundamental breakthrough that Dimitri and Nimrod has was that you needed to tie the sensitive data to an individual and map accordingly, hence data discovery and PII catalogs. Whether GDPR passed or not was irrelevant to the need for this software.
The Hottest Enterprise Tech Startups to Watch in 2020 according to ComputerWorld; pretty awesome list with names like Snowflake, Cohesity, and Notion. Great to have two our boldstart portfolio cos on this esteemed list, Snyk and Front.
Food for thought on the ML/AI front
Automation and RPA: UIPath growth rate slowing but still cranking on a much larger base: $15.7m in 2017, $114.8m in 2018, and $360m in 2019 (other numbers via Techcrunch).
Also this partnership with SiSense is a big deal. Tying KPIs around automation is an ask I’ve often heard from heads of automation in the Fortune 500.
The result of this partnership is UiPath Insights, a new, business analytics solution built on the Sisense platform for UiPath users across the entire organization. It can measure, report, and align RPA operations with strategic business outcomes. And it allows business process owners to define, track, measure and share process KPIs that measure the value and impact of a company’s overall automation strategy. Users can easily share dashboards across the company, monitor the key performance indicators (KPIs) that matter, get push notifications of critical events, and optimize their deployment by using UiPath’s embedded machine learning (ML) to forecast future states and milestones.
If you’re wondering what DevOps and SREs do, then read this post from a Capital One engineer whose job it is to “provide easy, automated ways for developers to develop and manage their applications. This means ensuring: 1) We provide things that scale — Capital One shouldn’t need to hire more of me on a 1–1 relationship to teams; and 2) Developers have a good experience while deploying their applications.” As you can imagine infrastructure as code or IaC and consistent environments is one way to realize this vision.
As a quick overview, the I-A pattern represents a method of writing IaC and managing said infrastructure that abstracts out the shared infrastructure and allows developers control of the application-specific infrastructure. For my teams, that means abstracting out the management of the ECS cluster, ALB, Security Groups, R53 rules, databases, and S3 buckets into shared terraform that the platform/SRE team can manage. This gives the developers control of and responsibility for their individual application, it’s routing rules, ports, memory/cpu, environment variables, and the actual data stored in datastores like S3 and DBs. Here at Capital One, this extends even further for us, because in order to manage AWS at scale we have teams that manage VPCs, Subnets, and other pieces of massively shared infrastructure. Thus, our I-A pattern becomes a multi-layered pyramid of shared infrastructure that allows us to manage it with a shared responsibility model that scales.
Alex Clayton from Meritech Capital breaks out the 2019 Enterprise IPO class - TL;DR version here:
To make it public as a SaaS company in 2019, you were founded ~10 years ago, at almost $300M in implied ARR and grew ~50% year-over-year, have ~75% GAAP gross margins, losing money, have a dollar-based net expansion rate of ~125%, sell a product with an average ACV of ~$25K, have over 1,100 full-time employees, raised almost $300M from venture investors (or owned by a private equity fund) and burned through almost $200M of it, and sold almost $400M in stock to public market investors in an IPO at a valuation of almost $3.5B! And since then, you're up almost 60% from IPO price.
so much more opportunity but also challenges with big tech as per the Economist:
Meanwhile, the size of the opportunity is vast. As our special report in this issue explains, many parts of the economy have yet to digitise. In the West only a tenth of retail sales are online, and perhaps a fifth of computing workloads sit in the cloud with the likes of Amazon and Microsoft. Big tech operates globally, giving it more space to expand, especially in emerging economies where spending on digital technology is still relatively low.