The fastest-growing outfits are chasing a growing deluge of security dollars flowing from corporate America. The stream of hacks that hit brand-name corporations like Anthem, Sony and JPMorgan created a storm of visibility that cybersecurity firms have been quick to monetize.
“Their boards are so afraid of incursions that they will buy anything available,” said J.S. Gamble, co-founder of Blu Venture Investors, an investment group based in Northern Virginia.
The companies that venture capitalists are targeting include those that contract with the government, and increasingly, those that sell to the private sector. In most cases, the start-ups often take their inspiration from the ideas and talent drawn from the government’s secretive spy agencies. For investors, the D.C. region’s obvious differentiator over competing hubs like Boston, New York and Silicon Valley is its proximity to the classified government work. For the Washington region, that means the companies tend to cluster around the military and intelligence hubs in Northern Virginia and Suburban Maryland.
“The most complicated problems in cybersecurity are not being solved inside Microsoft, they’re being solved inside a three-letter government agency…DARPA or the NSA or the CIA,” said John Backus, managing partner at Reston-based New Atlantic Ventures.
The youngest companies hoover up smaller investments from publicly-funded institutions like Maryland’s state-backed Technology Development Corp. (Tedco) or Virginia’s Mach37 Accelerator, meant to form a bridge between public and private investors. The Northern Virginia accelerator reached a landmark this week when, for the first time, one of its alumni raised a $4 million series A round from a broad group of investors.
Mach37 managing partner Rick Gordon says the media’s focus on high-profile corporate hacks has made it much easier for start-ups to raise money. But investors need to beware.
“What you saw from 2011 to a year ago was this peaking of the hype around early-stage investing,” he said. “A lot of uninitiated people stopped investing because they were losing money in companies that probably didn’t need to be funded.”
The investors that bear the greatest risk are so-called “angel investors,” which offer capital to young companies often before they have a proven stream of revenue. One of the more prolific angel outfits in the D.C. region is Blu Venture Investors, a consortium of experienced entrepreneurs who vet and then work with the early-stage startups they invest in.
From Blu’s view, the sector seems to be speeding up if anything; the group has made six small investments in the last three months alone. So competitive is the race for deals, Blu recently created a separate program for cybersecurity companies designed to make investments more quickly. The new program allows the group’s investors to close a deal within four or five days of meeting the company’s founders, compared to about six weeks for an investment in a slower-moving industry.
Further up the chain, a growing pool of large venture funds are investing in local cyber companies. One is Maryland-based New Enterprise Associates, a multi-billion dollar technology investment fund known for its close relationships with the CIA’s venture fund In-Q-Tel. NEA partner Harry Weller says the fund has cut at least 10 deals with cybersecurity companies in the last five years. District-based Paladin Capital Group reports it has made 14 investments in six local cybersecurity companies since 2011.
Alongside the local venture funds there are some deep-pocketed out-of-state players deepening their roots here. California-based Bessemer Venture Partners has scaled up its local presence in recent years, making sizable investments in a handful companies with strong roots in the intelligence community.
Private equity firms, which tend to invest in more mature companies, are playing a more active role here than they have in the past. Tenable Network Security, a Maryland based company that helps corporations identify holes in their networks, turned to a mix of out-of-state venture capital and private equity last year when it pulled in a massive $250 million infusion of cash from investors.
Elsewhere, New York hedge fund Hudson Bay Capital is putting its considerable financial weight behind Strategic Cyber Ventures, a D.C.-based venture fund set up in February by four investors with deep roots in the government cybersecurity industry, including a former cyber guru from the Department of Homeland Security, Ann Barron-DiCamillo.
The firm plans to make eight to 10 investments by February 2018, targeting relatively late-stage companies looking for large investments. Chief Executive Tom Kellerman says the firm set up shop in the District in order to be closer to the talent and ideas seeping out of the government intelligence community.
“The thought leadership on security issues happens here, period,” Kellerman said. “All the big banks have [senior vice presidents] of cyber intelligence who live and work in D.C., because those people need to have relationships and access to the people in government who are working on the front lines of national security and law enforcement.”
The fund’s first two investments — the second of which was made public as recently as Tuesday — went to California companies. But Kellerman says he is close to finalizing investments in two D.C.-based companies, which he declined to name because terms are being negotiated.
“We’re trying to convince folks not to manifest destiny and go West, but instead stay here and reach out to us,” he said. “We are now laser-focused on investing in the DMV.”