As a seasoned security practitioner with over 30 years of experience, Partner Justin Somaini discovered the power of getting in early on cutting-edge cybersecurity startups. In his latest blog, he explores how early adoption can revolutionize the security landscape. Justin discusses why waiting for established vendors to innovate may not be the best strategy and explores how partnering with early-stage VC firms provides security leaders with unprecedented access to groundbreaking technologies. Discover the immense value of early-stage solutions, here >>
Open ModalAs a security practitioner for over 30 years, my key priority has always been solving my organization’s security problems. Over those 30 years, my preferred strategy was adopting cutting-edge tools from early stage cybersecurity startups, for two main reasons. First, is the understanding that many security issues arise from introducing new technologies into the company, and a great example of how new tech impacts our security decisions is the growing need to secure the widespread adoption of generative AI. The second explanation for why I frequently chose products from early stage security startups, is the need to advance the existing solution domains with new technical capabilities that can increase visibility and controls and lower overall labor costs. A current example is the need to drive better AI capabilities to identify attacks and remediate them in our logging and analytics systems, like SIEMs. In the past and increasingly today, the challenge is getting visibility to these companies as soon as possible, and on as large a scale as possible. Ultimately, this need drove my determination to find the most groundbreaking solutions that enter the market, and my decision to prioritize my relationships with VCs that invest in seed stage cybersecurity startups that build these solutions.
While the core use of security solutions in many companies today still comes from well-instantiated security vendors, I’ve wondered why innovation doesn’t. I’ve learned that these well-known, legacy vendors do try to innovate, but their internal incentivization and processes greatly hinder that goal. To mitigate these challenges, they tend to identify innovative, young startups that have gained market share, acquire them, and then increase those acquisition sales capabilities along with their own. The challenge with that model for me and the organizations I worked for was that these processes just took way too long.
Examining the general timeline of new technology to market solutions helps us put our own needs and priorities into context, and underline the inherent value of early stage cybersecurity solutions. With any new technology developed over the past 20 years, it generally takes startups 5-7 years to implement basic security capabilities into their offerings. From day zero, founders base the foundations of their cybersecurity startups on securing this new technology. Industry awareness of new security startups and their innovative solutions may take years, as the startup journey itself – including customer validation, development, marketing and sales pipelines – is lengthy, and much of it takes place in stealth.
By the time general industry awareness takes place and security practitioners begin procuring their products, many startups have been around for approximately 4 years. While these are very general statements on the startup journey, passive security practitioners who wait for solutions to come to them may find that this waiting period has negative effects on their organizations.
On the other end of the industry, venture capital firms fueling cybersecurity startups vary in terms of their risk appetite and priorities when it comes to early stage investing. The majority of venture capital is a combination of risk prevention while making risky bets for high returns. One very common way of executing this strategy is waiting until a startup gets market traction before investing, meaning getting in at their Series A or B rounds. Other VC firms have a greater risk appetite and look to seed stage security startups, applying their deep domain expertise to identify the most innovative and material solutions. This forward-thinking approach, coupled with a proven track record of success in cybersecurity, is one of the primary reasons why joining YL Ventures was top of my list.
Having been recognized as an industry leader by Pitchbook and with over 17 years of successful seed stage investments, YL Ventures set the bar for early stage cybersecurity innovation. YL Ventures is a global VC investing in early stage cybersecurity startups, with an extremely disciplined investment strategy. Beyond our unparalleled domain expertise in the cybersecurity realm, our dedicated value add strategy dictates that we invest only in a handful of extraordinary startups throughout each fund’s lifecycle and provide them with support across all aspects critical to building a strong foundation for industry dominance.
A major part of this strategy entails exposure to our growing network of 100+ CISOs and global industry leaders, hailing from Fortune 100 and global corporations. These luminaries provide an entire suite of services that help our founders cut through the noise of early-stage company building and focus on the strategic elements they need for a strong head start – especially around product-market fit, GTM strategies and sales processes. These CISOs get in on the ground floor, helping our founders optimize their product and business strategies from the earliest point in their journey.
Being an adopter of early stage solutions is not for every security practitioner. The organization’s security team needs to have an innovator and development partner mindset and see the intent and grand design of what the founders are bringing to market, even at the most nascent stages of development. An early adopter must also be agile in the implementation, product feedback, and adoption of the solution. Being an active early adopter of security solutions requires more labor involvement than just procuring off the shelf, including more technical implementations of the solution, limited out-of-the-box integrations and limited dashboarding and reporting. However, the return and impact are much greater. As early adopters, we can enable the business with new technology adoption for growth, creating a more engaged security team and a more secure enterprise. While early stage solutions are not the sole tools to solve the security challenge, they are absolutely critical ones in my seasoned toolbelt.
In the rapidly evolving field of cybersecurity, constant innovation is key to staying one step ahead of threats. Venture capital, particularly firms like YL Ventures that specialize in seed-stage cybersecurity investments, has a pivotal role in transforming innovative ideas into effective, market-ready solutions. For security practitioners looking to address their challenges with advanced, groundbreaking solutions, engaging with YL Ventures not only provides early access to cutting-edge technologies but also contributes to shaping the cybersecurity landscape of tomorrow. If you’re a Security Early Adopter who doesn’t have four years to wait for a security solution and would like to get early access to the most promising tech in the industry, feel free to reach out to me at [email protected].