What's 🔥 in Enterprise IT/VC #299

What's 🔥 in cybersecurity + why developer security is the next big thing

Richard Stiennon who runs Security Yearbook (also a former Gartner analyst and security CMO) recently shared a detailed breakout of what subcategories received the most funding in cybersecurity for the first half of 2022.

However, if you mapped out the go-to-market motion of 99% of these companies, you’d find that they are mostly top down CISO sales. But there’s a movement that’s been building for the last 5 years focused on end users, namely developers with many elements of your standard PLG motion from traditional SaaS companies. While this starts with a developer first movement in application security, there are other categories above ripe for disruption with an end user first perspective in operations, threat intel, and even endpoint security.

On the app sec side, here’s a simple analogy - imagine the reputational damage and cost associated with a recall of a Mercedes that’s been delivered to millions of buyers. The logistics are a nightmare, the reputational damage is huge depending on how severe the recall, and the cost is enormous. Now imagine if this defect could have been caught on the assembly line, during the build process, before it left the factory? The same goes for software development as it’s an order of magnitude better to find and fix vulnerabilities before production.

Kyle Alspach from Protocol recently interviewed the Snyk founders and others including myself to share how the developer security movement was created and why it’s the next big thing…

"From its early days, the company set out to make developer tools rather than security tools. And to create a business around tools for developers, Podjarny knew the key would be to build a devoted user base and then use that as a springboard to close deals over time for additional features such as unlimited code security tests and reporting."

Kyle Alspach @KyleAlspach

New from me - a look at how a product-led growth mindset has been key to @snyksec. And why this approach could the future for #cybersecurity: protocol.com/enterprise/app… w/ insights from @guypod @edsim @ab415 @vcrama @janetworthing @PeterCMcKay

protocol.comHow Snyk proved developers are the new buyers of app security toolsCybersecurity has yet to embrace freemium in a major way. But investors say Snyk’s success is starting to change that.

3:12 PM ∙ Jul 18, 2022

---

Read on as Guy Podjarny and Peter McKay emphasize the importance of patience, especially in the early days and why obsession with developer experience is a constant key from start and to scale.

It's no coincidence that those three startups (Jit, Slim.AI, CloudQuery) are all backed by Boldstart Ventures, which invested in Snyk's seed funding round and led the company's series A. Ed Sim, the founder and managing partner of the VC firm, said Snyk paved the way for the developer-oriented application security companies that are now emerging. Others include code analysis startup r2c and Kubernetes security startup Armo.

The whole idea of taking anything that is top-down, and shifting it to developer-first — I think it's a huge growth opportunity," Sim said. "I think it's still very early in the maturity and adoption cycle.

While it’s easy to say I’m developer first, many a security company I meet fails the test of being as easy to use as Twilio or Github. Here are a few basics I look for when determining if a founder is truly building a developer first motion vs. a top down one:

1. Can a developer instantly try the product via download or simple auth through Github

2. Does this make a developers life 10x better? For example, please don’t show me problems without a fix. Its 1000x worse for a developer to know a vulnerability exists than not knowing it. The last thing you want to tell a dev is that there is a problem and you can spend hours researching it here and here.

3. Can a developer easily share this with their team?

4. Do your first few company milestones include 5 enterprise design partners or getting 10 users inside of 10 orgs to absolutely ❤️ the product and share with its team and result in a “I can’t live without this moment.”

In other words, security vendors can’t just slap down a marketing post and one liner saying they are dev first but truly have to live it. I can’t tell you how many companies say they are developer first and then when you click through, it says book a demo or talk to a sales person.

Not to pick on anyone as NoName Security is a fantastic company and a market leader but when you click on the link for “Shift Left API Security” it leads me to a page to input information and download a whitepaper. That doesn’t meet criteria #1 above.

Cybersecurity is on 🔥, PLG opportunities starting with developer first motions abound, and it’s going to be an exciting next 5 years as many established categories are turned upside down! LFG!

As always, 🙏🏼 for reading and please share with your friends and colleagues!

---

Scaling Startups

1. So true…

   

   Aaron Levie @levie

   Complexity is always a killer of productivity. Every time we’ve *reduced* pricing and packaging options, we’ve grown faster; *standardized* on an internal process, we’ve moved faster; *simplified* our architecture, we’ve built faster.

   4:28 PM ∙ Jul 18, 2022

   ---

2. Amazing tribute to the creator of Visa - David Stearns is a true pioneer

   

   Patrick Collison @patrickc

   .@deewhock, creator of Visa, died this week at 93. A very underrated innovator and someone who inspired me and @collision. David Stearns, author of the definitive book about Visa, works at Stripe and shared the below. RIP.

   

   6:22 PM ∙ Jul 22, 2022

   ---

3. How did Ramp scale when others were slowing down? Eric shares the Ramp playbook and what’s most fascinating the market share it is starting to take in the expense management software space from cos like TripActions and Expensify with the card as the lead-in

   

   Eric Glyman @eglyman

   Last month was @tryramp’s fastest growth month (new business closed) ever. Most businesses are slowing down. How did we accelerate during what appears to be the early months of a recession? Our playbook 👇 (1/8) techcrunch.com/2022/07/19/fin…

   

   techcrunch.comFintech isn’t dead; Ramp reports accelerating revenue growth – TechCrunchCorporate management startup Ramp says it has seen its business grow exponentially across all segments in 2022 so far.

   6:03 PM ∙ Jul 19, 2022

   ---

4. how to think about your time

   

   Derek Thompson @DKThomp

   On average, time spent - with family peaks at <15yo - with friends peaks at 18 - with coworkers peaks at 30 - with children peaks at 40 - with your partner peaks at 70 - alone peaks at the end fascinating chart (ht @Alex_Radke)

   

   1:54 PM ∙ Jul 19, 2022

   ---

---

Enterprise Tech

1. SBF shares some crypto use cases and more importantly what needs to be built - still early! 🧵

   

   SBF @SBF_FTX

   1) To what end? Some potential use-cases for crypto.

   1:03 PM ∙ Jul 16, 2022

   ---

2. Congrats Blockdaemon, a portfolio co, on acquisition #4 in last two years - playbook in action…

   

   Blockdaemon 😈 @BlockdaemonHQ

   #Blockdaemon is excited to announce the acquisition of @SepiorCorp, a leading data and digital asset security company with a focus on institutional-grade cryptographic key management and protection. Learn about the acquisition below👇

   3:12 PM ∙ Jul 20, 2022

   ---

3. Quantum still way into the future but Google just launched a quantum virtual machine to emulate the experience and results of programming one of their quantum computers

   For all the aspirations of quantum computing, the reality is that unlocking its potential to solve real-world problems is as challenging as building the quantum computers themselves. This got us thinking…how can we empower more people to join us on the quest to discover quantum algorithms and applications? Can we make prototyping quantum algorithms for near term quantum computers free of cost and easy to get started with so that people can focus on the challenge at hand? Can we provide people with the tools they need to equip themselves with the quantum programming skills required for application development?

4. On the dangers of AI

   

   Ethan Mollick @emollick

   Of all of the “dangers of AI” papers, this is most worrying: AI researchers building a tool to find new drugs to save lives realized it could do the opposite, generating new chemical warfare agents. Within 6 hours it invented deadly VX… and worse things nature.com/articles/s4225…

   

   11:22 AM ∙ Jul 19, 2022

   ---

5. All about the merge as ETH goes from proof of work to proof of stake and why it will be deflationary and LT bullish for price of ETH

   

   Miles Deutscher @milesdeutscher

   .@VitalikButerin claims that #Ethereum will be able to to process "100,000 transactions per second", following the completion of 5 key phases: • The Merge • The Surge • The Verge • The Purge • The Splurge A quick breakdown of what each stage means for $ETH. 👇

   

   3:02 AM ∙ Jul 22, 2022

   ---

6. 🤣

   

   Joe Speiser ⚡️ @jspeiser

   Translating VC Language

   

   12:35 PM ∙ Jul 19, 2022

   ---

---

Markets

1. It’s coming

   

   Buck @BucknSF

   At what point are people going to really internalize that everyone in software ex security going to miss plan by double digits this yr

   10:53 PM ∙ Jul 20, 2022

   ---

2. and to this point on near term softening of IT spend but LT bullish - Jamin Ball in his latest Clouded Judgement

   net net I’m going to double down on my thinking that in the short term numbers will come down. UBS came out with a great note yesterday on cloud infra talking about AWS, Azure and GCP. The takeaway? “Bottom line, our checks down-ticked relative to 3 months ago, with references to slower new migration activity and longer sales cycles on new deals that we haven’t heard over the last 18 months.” Later on they stated: “The second – and still looming – risk is that the current economic downturn motivates enterprises to a) search for “infrastructure optimization” savings, basically finding “leaky faucets” to turn off and thereby trim cloud infrastructure spend and/or b) slow on-premise to cloud migration activity.” Said another way, we’re starting to see cracks in the demand environment.

   One important point. As I said earlier, these projects will be put on pause, not canceled. This most likely means that we’ll see a short term (more rapid) deceleration in revenue growth, followed by acceleration (as companies start spending again, and as vendors face easier YoY comps). We saw that with Datadog coming out of 2020.