When I speak with investors about the information security market and the advantages of partnering with a vertically focused accelerator, they typically ask me to characterize our ideal opportunity for investment. My canned response is almost always that we look for teams whose founders embody two targeted sets of skills: 1) deep technical and analytical security domain expertise; and 2) strong entrepreneurial and communication skills.
However, as an accelerator that invests at the very beginning of a start-up’s lifecycle, we often find entrepreneurs before they have had the opportunity to build out their teams. Generally, that one founder frequently only embodies the first of the two target characteristics.
Honestly, that’s just fine with us.
The truth is that we are overwhelmingly biased toward investing in those entrepreneurs who have the technical and analytical depth and operational experience required to understand the most challenging security problems we face today. We believe that depth and experience can be found more abundantly in the security researcher, or hacker, community, than anywhere else on the planet.
If you believe security industry analyst Keren Elazari as we do, hackers are the immune system for the information age. The hacker community is driven by the desire to understand how things work and, importantly, how to break them and make them better. The innovators in this community spend years developing a depth of understanding that is required to birth the next generation of disruptive information security products.
My observation is that our focus may be slightly contrarian, as early-stage investors often overlook the hacker community as an attractive source for investment opportunities. (I’ll concede that there are several exceptions to this observation, but since Bruce Schneier and Dan Kaminsky had already achieved rock star status, I view them as outliers.) If I were to contrast hackers with the legions of entrepreneurs filling the ranks of accelerators worldwide, I do think they are different.
As one would expect, hackers are focused on those activities that leverage the first set of target skills mentioned above. Hackers solve difficult technical challenges that underlie vexing security problems. They are driven by a desire to see their hard work make a significant impact, versus being satisfied by a quick financial flip of their intellectual property. They invest their time inventing things, versus polishing a presentation to convince you why you need to buy the thing they invented.
We think most angels and institutional VC’s are perilously biased toward the second set of target skills and often lack the patience and technical depth required to ferret out the most compelling security innovations. Said differently, for most early-stage investors, a flashy PowerPoint presentation from a recently minted MBA with strong communication skills carries more weight than a technologist with a decade of technical experience in the security domain.
However, the dirty little secret in start-updom is that while it can take years of technical and analytical experience to inspire truly disruptive security innovation, technical founders can buy, borrow, partner with or be taught the second set of target skills within a few months. Our strategy at Mach37 is to identify the best technical founders and reinforce their deep technical expertise with the curriculum, co-founders, mentors, advisors, and capital they need to be successful.
Next week, Black Hat and DEF CON will mark the largest annual gathering of the U.S. hacker community and will showcase the work of several of the community’s brightest. Within this gathering, Mach37 will likely identify several founders for future cohorts. Perhaps ironically, most early-stage investors will not be there.
Honestly, that’s just fine with us.