What's 🔥 in Enterprise IT/VC #299
What's 🔥 in cybersecurity + why developer security is the next big thing
Richard Stiennon who runs Security Yearbook (also a former Gartner analyst and security CMO) recently shared a detailed breakout of what subcategories received the most funding in cybersecurity for the first half of 2022.
However, if you mapped out the go-to-market motion of 99% of these companies, you’d find that they are mostly top down CISO sales. But there’s a movement that’s been building for the last 5 years focused on end users, namely developers with many elements of your standard PLG motion from traditional SaaS companies. While this starts with a developer first movement in application security, there are other categories above ripe for disruption with an end user first perspective in operations, threat intel, and even endpoint security.
On the app sec side, here’s a simple analogy - imagine the reputational damage and cost associated with a recall of a Mercedes that’s been delivered to millions of buyers. The logistics are a nightmare, the reputational damage is huge depending on how severe the recall, and the cost is enormous. Now imagine if this defect could have been caught on the assembly line, during the build process, before it left the factory? The same goes for software development as it’s an order of magnitude better to find and fix vulnerabilities before production.
Kyle Alspach from Protocol recently interviewed the Snyk founders and others including myself to share how the developer security movement was created and why it’s the next big thing…
"From its early days, the company set out to make developer tools rather than security tools. And to create a business around tools for developers, Podjarny knew the key would be to build a devoted user base and then use that as a springboard to close deals over time for additional features such as unlimited code security tests and reporting."
Read on as Guy Podjarny and Peter McKay emphasize the importance of patience, especially in the early days and why obsession with developer experience is a constant key from start and to scale.
It's no coincidence that those three startups (Jit, Slim.AI, CloudQuery) are all backed by Boldstart Ventures, which invested in Snyk's seed funding round and led the company's series A. Ed Sim, the founder and managing partner of the VC firm, said Snyk paved the way for the developer-oriented application security companies that are now emerging. Others include code analysis startup r2c and Kubernetes security startup Armo.
The whole idea of taking anything that is top-down, and shifting it to developer-first — I think it's a huge growth opportunity," Sim said. "I think it's still very early in the maturity and adoption cycle.
While it’s easy to say I’m developer first, many a security company I meet fails the test of being as easy to use as Twilio or Github. Here are a few basics I look for when determining if a founder is truly building a developer first motion vs. a top down one:
Can a developer instantly try the product via download or simple auth through Github
Does this make a developers life 10x better? For example, please don’t show me problems without a fix. Its 1000x worse for a developer to know a vulnerability exists than not knowing it. The last thing you want to tell a dev is that there is a problem and you can spend hours researching it here and here.
Can a developer easily share this with their team?
Do your first few company milestones include 5 enterprise design partners or getting 10 users inside of 10 orgs to absolutely ❤️ the product and share with its team and result in a “I can’t live without this moment.”
In other words, security vendors can’t just slap down a marketing post and one liner saying they are dev first but truly have to live it. I can’t tell you how many companies say they are developer first and then when you click through, it says book a demo or talk to a sales person.
Not to pick on anyone as NoName Security is a fantastic company and a market leader but when you click on the link for “Shift Left API Security” it leads me to a page to input information and download a whitepaper. That doesn’t meet criteria #1 above.
Cybersecurity is on 🔥, PLG opportunities starting with developer first motions abound, and it’s going to be an exciting next 5 years as many established categories are turned upside down! LFG!
As always, 🙏🏼 for reading and please share with your friends and colleagues!
Thanks for reading What's Hot in Enterprise IT/VC! Subscribe for free to receive new posts and support my work.
Amazing tribute to the creator of Visa - David Stearns is a true pioneer
How did Ramp scale when others were slowing down? Eric shares the Ramp playbook and what’s most fascinating the market share it is starting to take in the expense management software space from cos like TripActions and Expensify with the card as the lead-inLast month was @tryramp’s fastest growth month (new business closed) ever. Most businesses are slowing down. How did we accelerate during what appears to be the early months of a recession? Our playbook 👇 (1/8) techcrunch.com/2022/07/19/fin…techcrunch.comFintech isn’t dead; Ramp reports accelerating revenue growth – TechCrunchCorporate management startup Ramp says it has seen its business grow exponentially across all segments in 2022 so far.
how to think about your time
SBF shares some crypto use cases and more importantly what needs to be built - still early! 🧵
Congrats Blockdaemon, a portfolio co, on acquisition #4 in last two years - playbook in action…
Quantum still way into the future but Google just launched a quantum virtual machine to emulate the experience and results of programming one of their quantum computers
For all the aspirations of quantum computing, the reality is that unlocking its potential to solve real-world problems is as challenging as building the quantum computers themselves. This got us thinking…how can we empower more people to join us on the quest to discover quantum algorithms and applications? Can we make prototyping quantum algorithms for near term quantum computers free of cost and easy to get started with so that people can focus on the challenge at hand? Can we provide people with the tools they need to equip themselves with the quantum programming skills required for application development?
On the dangers of AI
All about the merge as ETH goes from proof of work to proof of stake and why it will be deflationary and LT bullish for price of ETH
and to this point on near term softening of IT spend but LT bullish - Jamin Ball in his latest Clouded Judgement
net net I’m going to double down on my thinking that in the short term numbers will come down. UBS came out with a great note yesterday on cloud infra talking about AWS, Azure and GCP. The takeaway? “Bottom line, our checks down-ticked relative to 3 months ago, with references to slower new migration activity and longer sales cycles on new deals that we haven’t heard over the last 18 months.” Later on they stated: “The second – and still looming – risk is that the current economic downturn motivates enterprises to a) search for “infrastructure optimization” savings, basically finding “leaky faucets” to turn off and thereby trim cloud infrastructure spend and/or b) slow on-premise to cloud migration activity.” Said another way, we’re starting to see cracks in the demand environment.
One important point. As I said earlier, these projects will be put on pause, not canceled. This most likely means that we’ll see a short term (more rapid) deceleration in revenue growth, followed by acceleration (as companies start spending again, and as vendors face easier YoY comps). We saw that with Datadog coming out of 2020.