More than 40 top security execs have formed an investing syndicate to back startups
Ensuring that a company’s information assets and technologies are protected remains a tall order for many a chief information security officer (or CISO). Cybercriminals can be both persistent and creative.
Now, a group of 46 of these professionals is taking the wraps off a syndicate that allows them to compare notes and war stories and will see them advising — and making small financial bets on — some of the nascent cyber security startups whose tools can potentially keep the bad guys at bay.
Called Silicon Valley CISO Investments or SVCI, the idea is to identify these startups, fund them, advise them on pitfalls to avoid, and introduce them to potential customers, including their own employers in some cases. In fact, one of newest bets, Orca Security, an Israeli cloud security firm that focuses on giving enterprises better visibility into their multi-cloud deployments, just announced its Series A round today, with participation from the group.
To learn more about how the whole thing operates, we talked yesterday with two of the founding members of the syndicate: former Splunk CISO Joel Fulton, who has more recently cofounded a stealth startup, and Oren Yunger, who is today a full-time investor with GGV Capital but previously worked as the CISO of two Israel-based companies.
They’d previously come together for a working group focused on helping early-stage executives to address security well before the point where they typically hire a head of security. As Fulton explains it, the more each CISO contributed to the project, the more they appreciated the strength of their collective insights, so decided to form this investing syndicate.
SVCI is invite-only, and members must be recommended by others in the group. “We prefer quality over quantity,” Fulton says. Even so, it’s growing fast. While the group began last fall with eight individuals, it now has 46 members, including the chief security officer of ServiceMax, Al Ghous; David Tsao, who is the vice president of security engineering at Marqueta; and Jonathan Jaffe, who is the head of information security at People.ai.
How it’s all supposed to work: one team of people will act as scouts, another will focus on due diligence. These roles change over time. “We had to have forced volunteerism” at the outset, jokes Fulton. “You don’t have to dedicate 10 hours a week” to SVCI,” adds Yunger, “but you have to be included in the conversation. There are no passive members.”
After settling on roughly 40 companies per quarter, the group winnows down their favorites to four, who present to the group. The companies can have just raised money or be about to raise again, but they have to be willing to leave a small portion of one of these rounds open to SVCI, should its members opt in.
If the startup gets the green-light, the group will contribute roughly $200,000, no matter the number of SVCI members who want to participate in the deal, which is entirely optional for each person. (The capital is bundled into special purpose vehicles so the startup isn’t stuck with potentially dozens of people on its cap table.)
It’s a small amount, obviously, just enough to form a relationship with a startup that the group wants to help — and that it thinks will make the group look smart as it works to establish its reputation.
It’s also just enough to form potential conflicts of interest on both sides of the table. You might imagine that Yunger’s ties to GGV could translate into signaling risk for a startup whose Series A doesn’t involve GGV, for example, though Yunger insists this shouldn’t be a concern, saying the two operations are “mutually exclusive.”
Companies might also be concerned about revealing too much about their products to a room full of security pros from big companies that could potentially replicate their offerings.
Fulton says that SVCI first filters out startups that “have an unreasonable expectation” of privacy, and that when it does invite companies to lay out what they do to the group, founders can “stay mum” on certain things, as well as drop out of the process at any time.
There is always the risk, too, that members of the group will promote to the employers startups in which they have an interest for their own gain, but Fulton says that to avoid it, all members agree to work within their companies’ conflict of interest policies and to disclose financial stakes where they exist.
In the meantime, none of the members is exclusively committed to working with SVCI or funneling deal flow its way. Some have and will continue to advise other venture outfits that are focused on cybersecurity startups.
In fact, in addition to seeing what’s bubbling up in their world, many advantages to members of SVCI are largely personal.
Yunger notes that while everyone “has a day job,” it’s a “really nice mesh of people” to be more tightly connected with, from execs at Fortune 500 companies to those at largely privately held outfits.
Fulton echoes the sentiment, saying the “interconnectedness” it provides is “greater than a Slack channel.” Besides, he adds, there is intellectual strength in numbers. “I love learning how CISOs who don’t think like me do think and stealing from tools from their toolboxes.”
In addition to Orca, SVCI has so far made two other investments. One remains in stealth mode. The other is Tonic, a two-year-old, San Francisco-based synthetic data provider created by former Palantir and Microsoft engineers and that has raised roughly $2 million in seed funding to date.
Ensuring that a company’s information assets and technologies are protected remains a tall order for many a chief information security officer (or CISO). Cybercriminals can be both persistent and creative. Now, a group of 46 of these professionals is taking the wraps off a syndicate that allows them to compare…
Recent Posts
- Apple’s earnings show that, yeah, it’s really time for some new iPads
- Spotify Supremium leak reveals what the new tier and some features may look like at launch
- When notifications remind us of things we’d rather forget
- Can Steam Deck get even better? Nvidia’s expanded GeForce NOW support is a resounding yes
- Surprisingly cheap Pro monitor provides unique features that even Apple Studio display doesn’t — AOC’s new monitors offer KVM capability, a whopping 11 ports and Hollywood-grade Calman software compatibility
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011