Thanks to Galina Antova (co-founder of Claroty), Sid Trivedi (driving Foundation Capital’s focus on cybersecurity), and Ambriel Pouncy (Intertrust), WiL had the privilege to host our latest talk about trends, barriers, and diversity in the cybersecurity sector.
Cybersecurity Landscape – Trends and Opportunities
Cyber attacks have affected hundreds of millions of people – impacted banks, local governments, small businesses, hotels, and social networks have all been in recent news. Gartner projected global information security spending in 2019 to reach $124B (~9% growth from 2018). Cybersecurity startups raised $6.2B of total capital in 2018, as Sid wrote in a recent viral blog post, a 15% increase from 2017.
During the panel, Galina highlighted tremendous industry change tied to the underlying global digital transformation of large and national companies. While many benefits come with digitization, there is an exponential increase in risk and exposure of business assets and processes. Companies must act now to proactively protect these assets.
Trend: There are about 3,000 security vendors currently; the average Fortune 1000 organization has anywhere between 40 to 110 security products running in their security operation center at any given time. Security has become an unmanageable nightmare.
Opportunity: How companies will accept automation and replace five or 10 security products with one product that will work successfully across the board.
Opportunity: CISOs, CTOs, CIOs have even more responsibilities to lead and push for innovation. It is difficult (and unrealistic) to solely rely on your team to go and figure out what are the best technologies to go after. What differentiates great leaders in cybersecurity from the average is their ability to really focus on innovation, on going after the newest and best technologies out there. Lack thereof, companies will still end up with the same tens or hundreds of vendors, and the most established vendors with big sales and marketing budgets will dominate, stifling real innovation.
Trend: Exponential growth in a number of new companies and innovation in the kinds of software attacks in the last decade. Hardware and human attack vectors have in contrast seen relatively limited growth.
Opportunity: There is still huge growth potential in these areas. Claroty is leading the way in the operational technology (OT) security market, and Sid believes we will see much innovation both in OT and IT, as well as IoT security.
Trend: Unless it's made explicit, there are inevitable turf wars between IT and OT in ensuring industrial networks are protected.
Opportunity: Having clear visibility of who is actually responsible is key. Start with a designated group, and have just one person with a clear line of responsibility.
Talent in Cybersecurity - Challenges & Opportunities
We next delved into the talent challenges in cybersecurity – from finding, recruiting, and retaining the right talent – to driving awareness to existing opportunities where the current structure can do better to promote them.
Challenge: Finding talent is a key issue in cybersecurity. Cybersecurity Ventures estimated that by 2021, 3.5 million cybersecurity positions will go unfilled.
Opportunity: Driving awareness to existing opportunities. There is little cross-generational awareness about cybersecurity work, and there needs to be a more diverse strategy for recruiting diverse talent. Recruiters should be recruiting from minority conferences and looking at the room in insider security groups. Examining the data and having a people-first operation is essential – breaking down the segments as to how many women and minorities can be counted across the board, then assessing if there really is an effort to close the gender gap or is there just the awareness it exists.
Challenge: We still need more and better cybersecurity education in schools.
Opportunity: Increasingly, universities are creating majors, masters programs and professional degrees in cybersecurity. The hope is that more of our young professionals will be excited about cybersecurity and in taking on roles in the sector.
Challenge: There isn’t a lot of visibility around opportunities in cyber beyond traditional sales, marketing, and technical roles.
Opportunity: As the industry increasingly migrates to the cloud, we are now seeing more hybrid roles between security and engineering, such as privacy engineering and security engineering. Another emerging role is around incident response, which requires less technical experience but more about psychology and about how attackers might go about breaching an environment. Education about these roles and marketing them is key.
Challenge: Cybersecurity roles are often seen as “thankless roles”, and the industry is at times seen as closed off and unwelcoming to newcomers.
Opportunity: Our panelists all agree that cybersecurity companies can all do better in not only marketing themselves, but in intentionally putting in measures to recruit new team members from non-traditional backgrounds.
Challenge: We could use more role models and mentorship in the industry.
Opportunity: Mentorship on every level is crucial, from starting the job to getting to the executive level. Women can disproportionately lose out on mentorship opportunities and level off in organizations. Adding to a difficult climb, many women should be mentored to the executive leadership board seat roles. Having models to emulate in senior executive roles with people that advocate for women in the workplace helps them, us, climb up the ladder.
Diversity & Inclusion in Cybersecurity – Breaking Barriers
Speaking of “people challenges,” diversity and inclusion is also a major concern in cyber. Given how hackers come from all walks of life, it is imperative for a cybersecurity team to be as diverse as the hackers to preempt attacks. However, only about 20 percent of information security practitioners are women today.
I asked our panelists Galina Antova, Sid Trivedi and Ambriel Pouncy how we could fix this, as company leaders, as investors, and as employees championing diversity. Here are some thought-provoking ideas:
- For every senior hire, consider hiring someone from a non-traditional background.
- From an investing point of view, it is important to have a diverse team of investors and acknowledge that successful startup founders or CEOs could have diverse backgrounds and not just be of a certain stereotype.
- Consider redefining the onboarding process, e.g. conducting an initial conversation with new hires to integrate different perspectives and further company culture.
- Assign a brand ambassador and a mentor to every new employee who is from different department is a best practice at Intertrust. This means a new hire would have a mentor in a different department and with a dissimilar role, leading to the exchange of diverse and differentiated points of view and past experiences. The ultimate goal of this is to foster not only appreciation of diversity but also innovation within the company.
- Companies should be upfront about their views on diversity in their communication not only to their customers but also prospective hires. For instance, the company website should highlight how the company thinks about D&I. On top of messaging and communication, “walking the talk” is the ultimate testament to a company’s commitment to diversity. Foundation Capital, at its inception, had three founders in 1995 and one of them was a female, setting the tone for diversity from the firm’s onset. The firm started hosting female founders happy hours and sessions more than 7 years ago, and the investment team today includes GPs from various backgrounds.
At WiL, diversity is at the core of what we do. We invest in startups in the US, Japan, and Asia, adding value by helping US companies enter the Japan market, and vice versa. We aim to amplify learning lessons from experts on how to best leverage and promote diversity in the industries we are excited about, and naturally, cybersecurity is one of our focus areas with our partnerships with Auth0, Digital Shadows, and Intertrust.
Through our workshops, WiL is connecting diverse global teams in game-changing companies, who offer different perspectives that are crucial to innovation. This is why we’re excited about cohosting talks around diversity, which we will continue to explore and define in forthcoming events.