The opportunities that come from bridging the CISO investor gap
Cyberspace is a messy battlefield with an asymmetric nature. Nation-state actors and cyber-crime hackers are conducting guerilla warfare with security teams lining up in bright red field coats, says Elik Etzion, managing partner at Elron Ventures and alliance member at CyberFuture.
These malicious threat actors operate outside of the law, striking at will at small, yet vulnerable points. Cybersecurity teams and CISOs, on the other hand, are bound by business requirements, regulations, finite budgets, and an ongoing talent shortage. The tools they have available to defend their business and tech assets are developed by fellow cybersecurity practitioners working for commercial cybersecurity vendors and cybersecurity startups fuelled by venture capital funding.
To bring these new security tools to life, entrepreneurs must be certain that they have a market in need of this solution and can operate a profitable business. To walk into a room confidently and present their idea to investors, who can fund their venture until a market-ready MVP is developed, it helps to have a CISO stand behind them and vouch for their efforts.
Yet, this very juncture is where CISO needs, and investor requirements experience a rift.
The CISO’s Perspective
As both the ultimate security decision maker in an organisation and their ideal buyer persona, a CISO’s input is invaluable to a young startup. Entrepreneurial dreams hinge on a security team’s willingness to spend their budget, integrate, and welcome the product.
As a result, CISOs are constantly bombarded with new ideas and must make decisions based on the enterprise buying landscape and evolving threats that appear in their SOC hourly. Being pitched on top of their other priorities demands that they rapidly differentiate between needs and wants, as well as read the business to see what kind of experience they will have once deployed on their entrusted network.
The Investor’s perspective
Some of a CISO’s strongest intuitions are simply blind spots for many investors, and vice versa. While years of experience have shown what can make a product useful, investors are keen on identifying which ideas are scalable.
The traditional CISO is a buyer in the eyes of investors, not a venture builder.
Their ability to assess the team’s capability to capture the right go-to-market motion, grow the business, and maximise efficiency is different from a seasoned investor. An investor is looking at how the team works together, asking:
- Does the team suit the venture?
- Are they well-rounded outside of the niche problem they are looking to solve?
- How do they blend business expertise and tech expertise?
- “What’s the right market entry strategy?”
- What is the ideal customer profile?” – financial enterprises on their way to their digital transformation or digital native e-commerce business?, “Born in the cloud” companies or traditional on-prem corporates that are shifting workloads to the cloud? Mid-market organisations with relatively short sale cycles and small-medium ACV (annual contract value)? Or large enterprises with high ACVs, or something different altogether?
CISOs spend time in the trenches, helping a company improve its overall security posture without creating unnecessary friction that disturbs business growth. But only a few hold the broader market perspective to create strategies for a superior product market positioning and advise on the cost-effective market entry strategy through direct sales and suitable GTM partnerships etc.
Filling the gap by working together
While cybersecurity investors can recognise market needs and trends through research, CISOs hold domain expertise that defines them over a career.
Bringing CISOs and cybersecurity investors together creates a powerful force where talented entrepreneurs can launch a company in the right place at the right time.
From the product side, CISOs can help recognise revenue opportunities, such as understanding how ‘sticky’ a product will be once deployed on its network. This ‘stickiness’, the need for the product to stick around after deployment, reduces churn, simplifies contract renewals, and minimises the risk of a competitor poaching customers. It also allows for collaboration regarding a smoother user experience, as developing a smooth low-touch easily-deployable solution may be more of a savvy decision than developing new bells and whistles.
But as much as they are in tune enough to streamline proofs of concepts (POCs), they lack the insight into fundraising strategies.
Investors can guide on what kind of funding structure to execute, understand market timing, and other critical financial decisions. For example, Investors are experienced in creating a balanced equity distribution between founders, key employees, and investors to drive motivation and meet the interests of these different company stakeholders.