Friday, March 31, 2017

Mobile Monday's Cybersecurity for RSAC 2017

I have been poring over my notes from several recent business events I have attended, and I would be remiss if I did not share some key lessons from a Mobile Monday event that coincided with last month's RSA Conference 2017. I take my time to get this stuff right. The MoMo Silicon Valley team convened a cybersecurity panel on February 13, and I had to be there after being too busy too attend their sessions in 2016.

Alfidi Capital always notices Mobile Monday's cybersecurity events.

Cybersecurity startups are going to be a hot new investing trend for Silicon Valley venture capital. I now come away from these cybersecurity events convinced that startups with the strongest tech often have people with US military or intelligence community backgrounds. Those career fields are inundated with cyber practices that have life-or-death outcomes, so the challenge of running a cyber startup should be a piece of cake for those veterans.

It's great that the federal government sees the leverage it can apply in Silicon Valley's growing cybersecurity. Your tax dollars are hard at work in the DHS Silicon Valley Innovation Program, a companion of the Homeland Security Innovation Programs (HSIP). The assessed TAM for cybersecurity is over half a trillion dollars according to DHS, so expect a flood of VC investment into the types of portfolio companies that get some US government seed capital. Some VCs are of course stage agnostic investors, but they recognize that different stage companies have different needs. I despair to think that heavy late-stage funding still convinces some startups that they "need" gourmet catered lunches and expansive campuses.

The VCs on the MoMo panel liked retail and financial service verticals as target markets for cybersecurity startups, but I wonder which end of the enterprise is the best focus. I have long believed that apps are much more vulnerable to security breaches than enterprise infrastructure. Millions of people can download an app and ignore its security protocols, but an enterprise's internal geometry may have only a few thousand entry points to monitor (depending on employee headcount, server connections, etc.).

Rest assured that the US government is hard at work creating cybersecurity standards. The NSA's Simon (for hardware) and Speck (for software) ciphers level the playing field for new cyber entrants. I expect to see them mentioned in GitHub documentation for new IoT security apps. I also expect the smartest startups to identify leading managed security service providers (MSSPs) as targets to become their CustDev cases and early channel partners. A few Google searches reveal widely available lists of MSSPs.

There must be a market opportunity for a knowledge management (KM) cybersecurity dashboard that integrates different security tools and prioritizes a CISO's monitoring efforts. The difference between this type of enterprise solution and your PC's anti-virus solution is its integration of the cyber dashboards in use at all levels of the enterprise. The CISO should be able to monitor every business unit's IT tools and use gamification to encourage compliance. I look forward to finding a startup that can solve a CISO's monitoring pain points.

If anyone can figure out how to make cyber ideas work, it's the US government veterans I mentioned above who depart public service for the wilds of tech startup life. They should know what right looks like even if they got frustrated from working with things that obviously went wrong in the government. I hinted in my article on RSAC 2017 that I did not want to tip my hand about leveraging openly available public resources to launch tech startups. I know what I'm doing here, and I know how to get the right people involved. Keep watching the genius of Alfidi Capital for next-generation cybersecurity amazement.