San Diego For Stephan Chenette, the time seemed right.
After working in cybersecurity for the better part of two decades, Chenette figured October 2013 was the optimum time to start his own business.
He and business partner Rajesh Sharma formed AttackIQ Inc., a cybersecurity vendor with a twist: Instead of writing software meant to defeat malware, the Sorrento Mesa startup’s product tests all of the other software that its clients have deployed against hackers, to see if there are any holes that hackers can worm their way through.
Chenette isn’t alone. Other businesses and their financial backers also feel the time is right for cybersecurity. Venture capital is pouring into the space, several knowledgeable observers said. Established companies are seeing growth and young ones are forming.
The last five years have seen “significant interest” in cybersecurity among investors, said Alan Stewart of RA Capital Advisors LLC, a registered broker-dealer in San Diego.
Interest has been especially high since 2013 and probably peaked in 2015, Stewart said. During that period, data breaches involving Anthem, Home Depot and Target gave cybersecurity a high profile.
“Money is flying into cyber,” Stewart said, adding that cloud security and security analytics are two hot subcategories.
One notable recent deal involved a San Diego company and Goldman Sachs Private Capital Investing. The big New York entity put $35 million into iboss Cybersecurity, the partners said in November. Prior to the series A investment, brothers Peter and Paul Martini owned 100 percent of iboss.
Iboss recently moved into a new headquarters near La Jolla and has increased its staff from 162 employees in mid-November to 181 now. In January, the company announced it hired several sales executives.
The company plans to open an office in downtown Boston by mid-April. A post on the BostInno website said the company expected $50 million in revenue this year.
No Silver Bullets
Some see too many choices in cybersecurity today.
The security vendor landscape today is “incredible,” said Tim Brown,
executive director for security at Dell Software Group. There were 551 vendors at the RSA cybersecurity trade show early this month in San Francisco. Hundreds were new vendors and startups, Brown said.
Brown spoke before the local chapter of the Society for Information Management on March 10 at the regional FBI headquarters in Sorrento Valley. He is one of eight engineers at Dell Inc. with the title of Dell Fellow.
One of his messages was that all cybersecurity software is not the same, and that chief information officers must find a solution tailored toward their company’s particular needs. He warned CIOs against vendors promising “silver bullets.”
After several enthusiastic years, venture capitalists feel they need to be choosier about cybersecurity.
Venture capitalists invested $3.3 billion in cybersecurity in 2015, up from $2 billion in 2014, said RA Capital’s Stewart. There were 230 venture capital transactions in 2015.
During the peak period, venture capitalists rushed to get deals done, compressing transaction times from six months or longer to four or even three months, Stewart said.
Those who want to get into the business now might not find the reception as friendly.
“I think capital is getting harder to get,” said Sunil James, vice president with Bessemer Venture Partners in Silicon Valley. Investors are “raising the bar,” demanding both usability and elegant solutions to problems.
Some solutions rely on what James called raw horsepower. “Just because you have a phenomenal engine,” he said, “doesn’t mean you have a car.”
Stewart said that many cybersecurity entrepreneurs have found that what they thought was unique at first isn’t so unique after all.
“The money is getting a little smarter. … People are seeing through what is really cybersecurity and what is wannabe cybersecurity,” Stewart said, noting that venture capitalists want evidence of what has been accomplished with previous funding rounds.
In 2015, there were 142 mergers or acquisitions among cybersecurity companies. Acquisition targets may not get the 10- to 12-times revenue multiple they had been hoping for, Stewart said.
Cybersecurity is not just attracting investors and customer interest. Companies and even governments are busy grooming a new generation of security professionals.
Security On-Demand is among the latest San Diego companies to offer internships. Under a new program with National University, Security On-Demand is welcoming students to work in its local operations center alongside senior security experts. The business offers managed security services under the software as a service model.
ESET, one of the biggest names in cybersecurity in San Diego, said it hosted three interns in 2015 and just welcomed three more college students to work in various departments at its downtown San Diego office.
Many companies see the 2010s as a good time to germinate or grow a cybersecurity company.
Chenette, the CEO of AttackIQ, is banking on B2B clients wanting to measure how well their cybersecurity approaches are working. The company’s FireDrill software exposes client computer systems to real-world hacker scenarios — all without harming the systems. The average client has invested in about 75 security products, the CEO said, and does not use 60 percent of them.
Companies need a metric to evaluate their security, Chenette added. “If you can’t measure your security posture, you can’t improve your security posture.”
The business has 10 employees.
Moving on a perceived lack of security in cloud storage, Eric Tobias and business partner Linda Eigner founded another still-small company, Fhoosh Inc., in late 2012. Fhoosh specializes in object storage — the storage of very big files such as high-resolution digital images. The product keeps the data secure by breaking the data into fragments and disassociating it. Tobias, the CEO, said he has five full-time-equivalent employees.
ESET is experiencing “significant growth,” said Gerald Choung, the company’s vice president of sales for North America. The business, which has 201 employees in San Diego, is the fifth-largest security vendor globally, according to a 2015 survey from Gartner Inc. By year-end the company reached an all-time high of 110 million users worldwide.
Cybersecurity will continue to be an economic force. There is definitely a demand as hackers continue to find new ways to enter computer systems.
Recently, the hacktivist group Anonymous distributed what it purported to be personal information about presidential candidate Donald Trump.
People are scared of hackers, Stewart said.
“Money will flow to try to solve the problem.”