Tech is flush with venture capital money, and information security is getting a good chunk of the investments. Even with the crowded field of VC firms, many security startups still face barriers to funding. Former security analyst Chenxi Wang plans to remove some of those obstacles for early stage security startups with her just-launched VC firm, Rain Capital.
As the former vice president of research at market research firm Forrester and former chief strategy officer at container security company Twistlock, Wang saw firsthand the demand for cloud-native security tools. As enterprises move workloads from data centers to Amazon Web Services, Google Cloud, and Microsoft Azure, they have have changed how they buy security. They need cloud-native security tools that works “as is,” and they want platform-independent security tools so that they aren’t locked into a specific cloud platform.
“Customers brought us [Twistlock] into their labs [for a proof-of-concept demo] and next week, they were in production without us even knowing about it,” Wang said. “That was such a wakeup [call] for me. The product needs to just work.”
“We are different because we have a deep understanding of the market and technology.“
Wang is drawing on her industry experiences—she was also a vice-president in Intel Security and cloud security company CipherCloud as well as a cybersecurity professor at Carnegie Mellon University for five years—to identify early-stage security companies developing new approaches for IT security delivery and orchestration. This includes new approaches to fraud detection, monitoring capabilities that are platform-independent and provide real-time visibility and response, and artificial intelligence with security implications.
DevOps, a collaborative approach which unifies developers and IT operations to speed up how applications are built, tested, and deployed, has also impacted IT security. When developers can deploy their applications directly onto a production server because business agility demands it, they can’t stop to figure out security roadblocks. DevOps has enabled a really different way of doing security, and there is a lot of opportunity for security automation.
Rain Capital closed the first $10 million of its $20 million goal with investments in Altitude Networks, Capsule8, and Claroty. The goal is make small investments, from about $300,000 to $700,000, in five to six early-stage companies in the next year, Wang said. Along with the three already named, Wang said the fund was close to finalizing the details for two more investments, one of which was with a cloud-native security startup similar to Capsule8.
Altitude Networks, which was founded by Michael Coates, the former CISO of Twitter, and Amir Kavousian, the lead data scientist at Capital One, is currently in stealth mode. Dino Dai Zovi’s Capsule8 provides real-time attack protection for cloud-native environments. Claroty, co-founded by former Siemens executive Galina Antova, is a bit of an outlier as it is “more mature than the usual“ types of companies Rain Capital would invest in, Wang said. As an industrial control systems security startup, Claroty is planning a push into Asian markets, a strategic direction that Rain Capital can help with.
“We are different because we have a deep understanding of the market and technology,” Wang said. For example, Wang is excited about what service mesh, a configurable infrastructure layer for a microservices application which handles communication between service instances, can do for network security.
Unlike most other investment firms, Rain Capital will also provide strategy, critical resources, and insights along with writing checks. An early stage company typically uses this round of financing to hire key personnel and product development, so founders tend to be more focused on tactics than on overall market strategy. Investors increasingly see the financial benefits of providing market overview and strategic guidance to the companies they invest in.
“I am feeling a tremendous amount of responsibility about spending other people’s money,” Wang said. “I have to look at market size as a critical factor and be conscientious about thinking, ‘How many people are going to buy this?’”
Instead of waiting for companies to come knocking, Wang plans to build new startups by seeking out teams capable of solving complex security challenges. “We will be on the ground floor working with them, looking at business plans, and urging people to consider different paths,” Wang said. “If I see a problem and can identify people with good ideas, we'll ask, ’How about starting a company?’”
“Rain is a sign of good fortune. To us, Rain is at once feminine and strong.“
There are many VC firms pledging to invest in more women- and minority-led companies, but for Rain Capital, it is a core part of the fund’s goals. Female and minority founders face a lot of obstacles when trying to get funding, so Rain Capital plans to take a more active role in finding these companies, Wang said. She said she had more than 40 meetings over the course of four days at this year’s RSA Conference in San Francisco, and not a single meeting was with a female or minority founder. This made her realize that Rain Capital has to actively reach out to bring them to the funding table.
“It was clear to me that as a VC, if you sit and wait for projects to come to you, you will not see many women-led or minority-led companies,” Wang said.
Many of the referrals are coming from other security executives in her personal tech network. Claroty’s Antova and Wang are working together on a panel for the Grace Hopper Conference, where Wang serves as program co-chair. The recommendations and referrals from Rain Capital’s advisory board have been particularly helpful because the advisors are already using the technology, or thinking about using it for their own organizations, Wang said.
As enterprises move workloads from data centers to Amazon Web Services, Google Cloud, and Microsoft Azure, they have have changed how they buy security.
“We aren’t just relying on referrals and word-of-mouth networks. We are going out proactively to have discussions with women technologists that I know, and that I think would make great entrepreneurs,“ Wang said.
It’s not just the startups that are invisible. Wang consulted for venture capital firms in Silicon Valley over the past year while putting Rain Capital together, and saw very few female partners at investment meetings. At a time when tech companies are pledging to hire and retain more women and people of color, the VC world was falling behind.
“Very rarely did they have a woman partner sitting at the table,“ Wang said.
While the new firm advisory board reads like a Who’s-Who-in-security and include both women and men, the funding partners are women. Wang is the managing general partner, and veteran investor Amena Zhang is the operating partner. Zhang brings to Rain Capital her experience investing in startups in Asia.
“We are the first cyber investment firm with an all-female partner team,“ Wang said.
The advisory board includes Renee Guttman, chief information security executive at Fortune 50 companies; Aetna CSO Jim Routh, Lending Club CISO Richard Seiersen, CISO at MGM Resorts International Scott Howitt, ClearSky Security managing director Jay Leek, and Icon Ventures managing partner Joe Horowitz. Jamie Lewis, founder of the Burton Group and former president of Gartner, will lead Rain Capital’s market research effort, and Charisse Castagnoli will be the firm’s general counsel. The venture capital partners are currently unnamed.
“Rain is a sign of good fortune. To us, Rain is at once feminine and strong,“ Wang wrote on Twitter.