When we launched Mach37 three years ago, we acknowledged at the time that we were essentially running an experiment. At our inception, we believed that an accelerator could effectively harness the rich cybersecurity talent pool in the DC-Maryland-Virginia region (DMV) to create an ecosystem capable of supporting large-scale commercially-focused cybersecurity product companies. There were plenty of skeptics, including many in the institutional venture community, who believe you can’t scale a cybersecurity product company in the DMV. At the time, I privately admitted that we had no idea if we would succeed, and anticipated it would take us at least five years to really know if we are any good at this.
Three years later, I am confident that I have burned through any goodwill I had with my friends in the community and that I am deeply indebted to just about every person I know in the industry. But, it seems like our modest experiment is working out way better than most people ever expected, including us. Our small $50,000 investment in each of our 35 companies has been leveraged over eight times on average by private seed investors. What started out as one or two person companies have grown into ten and twenty person companies. Currently, our portfolio employs over 100 full-time equivalent employees, and we expect that number to increase dramatically over the next year as they receive institutional venture funding.
To be certain, all of us here at Mach37 know that there is still a lot of work left to do to transform what has been a government-centric business ecosystem into a thriving commercially-focused cybersecurity business epicenter. However, now I believe that this transformation is inevitable.
As we pass through the three-year milestone, I wanted to share a few important lessons we have learned from the experience:
Lesson #1: Accelerators can effect major changes to business ecosystems. Part of Mach37’s mandate was to cultivate an ecosystem that could transform the cybersecurity intellectual capital native to the DMV into a conveyor belt of successful security product companies. The conventional wisdom in 2013 was that we didn’t have a critical mass of talented individuals in our region that understood how to build security product companies. However, it looks like our brute force approach is working.
We started by building a mentor network of security professionals one mentor at a time. (Thank you George Schu for leading the way as Mach37’s first mentor.) What began as a small group of believers evolved into an unmatched 240+ person network of security business experts – all committed to our mission to launch the next generation of security product companies.
From there, the momentum increased. Since 2013, over 80 security and software business experts volunteered to teach our entrepreneurs critical skills that will enable them to be successful. Over 70 seed investors have fueled our companies, allowing them to mature and finally begin capturing the attention of the institutional venture community. And, the vital leadership and financial support offered by our sponsors at Amazon Web Services and General Dynamics has been humbling and validates the demand for security innovation from some of the most successful companies in our region.
Perhaps the skeptics were right that the DMV doesn’t have as many talented security product business experts as other more established regions. But, what I have learned to value much more than the quantity of experts is that members of the security community in our region rarely say “No.”
Lesson #2: The DMV has an unmatched volume of technical security innovation that is driven by government-centric missions. However, security innovation also comes from diverse populations around the world. As most people recognize, there are more talented security technology professionals in the DMV than any place else on Earth. In general, the security ecosystems supported by the DoD, Department of Homeland Security, and the Intelligence Community are driving significant demand for security innovation. Mach37 has been able to effectively leverage this regional asset. Founders from Huntress, Atomicorp, Disrupt6, Fast Orientation, Tensor Wrench, Eunomic, Cyber Algorithms, Anatrope, vThreat, and Hilltop all have been operating at the leading edge of security within this ecosystem for many years.
However, we failed to anticipate the large volume of high-quality security entrepreneurs that would come to the DMV from many diverse ecosystems. To date, of our portfolio of 35 companies, over 40% came from outside the DMV. Notably, Mach37 has received applications from 24 different countries (and counting) and we expect to increase our volume of investments in entrepreneurs from outside of the United States in coming cohorts. Additionally, since inception, Mach37 has funded 17 of 35 companies (nearly 50%) with a founder that is either from an ethnically underrepresented group, from the LGBT community, a woman, or a service disabled veteran.
Lesson #3: You CAN raise seed capital in the DMV. To be honest, three years ago, we were concerned about the limited volume of seed capital available to product companies in our region. We just weren’t sure it would support the volume of innovative product companies we intended to launch. However, about 70% of our graduates consistently raise capital beyond our initial investment. To be sure, we have reached out to seed investors from other geographies and, thankfully, their appetite to fund security companies in the DMV exceeded our expectations.
Further, the often-publicized concerns around the impending “winter” in security investment appear to me to be overwrought, at least in the DMV. Maybe it’s because we have never been spoiled with an abundance of early-stage capital and “winter” doesn’t feel any different to us. Perhaps it’s because the uninitiated investors who are fleeing the sector were never investing in our region to begin with. Or, maybe it’s because investors who understand security continue to invest in the DMV, in spite of the emergence of “winter” in other regions. Whatever the reason, the rate at which Mach37 companies continue to receive funding is increasing and it still feels pretty warm to us.