Sramana Mitra: I don’t know if you have seen it on our blog. We have a Thought Leaders in Cyber Security series. Ray has actually been on it. He’s running a company these days. In that series, one of the questions that comes up a lot is, if you put yourself in the shoes of a CISO, you have to make decisions about which vendors to work with.
There are hundreds of vendors coming in with hundreds of point solutions. It’s really a complicated job. Let’s say your portfolio company in security, it’s very difficult to get these meetings. How are your companies dealing with this? What are you advising your companies to do?
Dafina Toncheva: That’s a very good point. That goes back to me saying that there’re thousands of companies with a similar marketing message. It’s very important to really think about the differentiation. It’s important for me, as an investor, to think about it. It’s also very important for the founders to think about what truly makes their product stand out among others. It starts with understanding the problem space.
I’ve been lucky to be a part of security companies where, while sales cycles have been long, differentiation has not been an issue. It’s really important where you focus your energy as a founder and what you select as a problem space to solve. I, very recently, invested in a company in the anti-fraud and abuse space. I’ve never seen this amount of traction from a security company. They would grow from zero to $4 million in one year, which usually takes about two and a half years.
Sramana Mitra: That’s huge.
Dafina Toncheva: Security companies book about a million in year one. $2 million in year two. $4 million in year three. This doubling is what defines their success. The reason why it takes a little bit longer is that sales cycles are long but the deal sizes are big. This company that I’m talking about is going after the anti-fraud space. That is such a prevalent problem.
They try to recognize humans from bots. In doing so, they prevent fake account creation. With retail and banks, they’re trying to prevent account takeover. At the core, they’re trying to be the best at identifying human from a machine, which is very important for businesses that run online where the interaction is anonymous anyway. It is a real and critical pain point, and there’s a budget to solve it. It’s top of mind.
My recommendation for entrepreneurs thinking about starting a security company is to understand very well the priority of the problem that you’re trying to solve relative to the customer. As you pointed out, CISOs have a hundred things to think about, but they usually focus on the top three. That’s where the budget and time goes. If you’re solving a must-have problem, then you’ll probably be fine. You will find the budget. You will get the attention. Ultimately, there will be a market for the solution.
One of the issues is that founders think a problem is an important one to solve but the customer puts it down in the priority stack. They either don’t have a budget for that or they don’t think about it day in and day out. We, as investors, should need to be really careful about it. Sometimes, entrepreneurs are very smart. They are ahead of the market. Entrepreneurs will think of a problem, which will truly be a problem two years from now. Getting the attention and getting people to listen to that can be a real challenge.
For those founders, my advice is, you need to wait for the market. It’s difficult, if not impossible, to create markets. If you’re really clever about how you manage your capital, you can wait that out and gradually engage with the market and early adopters who think about these issues. That’s the long answer to your question.
Sramana Mitra: We are very much on the same page. We see lots of security all the time.
Dafina Toncheva: I love it. I love security. I love thinking about new ways of solving existing and growing problems in the cyberspace.