Interview with Bob Ackerman, founder of San Francisco-based Allegis Capital, a pioneering venture capital provider that specialises in cyber-technology companies.

Cybersecurity no longer a niche activity

Bob Ackerman founded Allegis Capital, a venture capital firm specialising in cybersecurity, in 1996 in San Francisco. As a serial entrepreneur, he had already set up two companies before deciding to seek out and support the most promising cybersecurity firms in the United States. Among the startups that Allegis Capital helped to fund is Ironport Systems, which develops an Internet security portal for companies and was acquired by Cisco Systems in 2007 for the large sum of $830 million.

Against the background of predictions by Gartner that 40% of the world’s largest firms will have drawn up formal plans to address cybersecurity business disruption attacks by 2018, Bob Ackerman talks in this interview with L’Atelier about the importance of cybersecurity for companies and the current main trends within this field.

Bob Ackerman, fondateur d'Allegis Capital

Bob Ackerman, founder of Allegis Capital, a VC fund specialising in cybersecurity

L’Atelier: How’s the general level of knowledge of cybersecurity among companies these days?

Bob Ackerman: At the moment rarely a day passes without an event that has to do with this subject making front page news. So it’s hard not to be aware of how important it is. Of course not all players have the same level of knowledge and sophistication. Large corporations and governments are certainly in the front line but smaller companies are also faced with these issues.

However, there have been some significant changes over the last five years. The figures speak for themselves: the worldwide cybersecurity market is set to top $170 billion by 2020. Being aware of the problem is only the first step, though. The problem is by nature so huge, so complex, that most firms don’t even know where to start.

Could you give us an overview of the venture capital landscape in this field in the US?

BA: If we go back fifteen years, as a VC firm specialising in cybersecurity, we had the feeling that we were dealing with a subject that no-one really wanted to touch. This field was regarded as too specialised, too ‘geeky’ if you like – a niche activity, basically. Today this has all changed. Both VCs and entrepreneurs have realised that this issue is not going to go away; in fact it’s getting bigger all the time.

Nevertheless, it does remain highly technical. There are sectors where it’s easier to start up a business now than it was a few years ago – the collaborative economy might be one example – but this is not at all the case when it comes to cybersecurity. A cybersecurity team needs to have people who are at PhD level in math and physics on board. We also see a lot of former NSA [National Security Agency] people setting up their own businesses.

For the same reasons, not just any VC can get involved in cybersecurity. You need to have an excellent knowledge of the field, which usually means several years of experience. Last year the US journal ‘The Information’ published a list of ‘Cybersecurity’s Money Men’ and there were no more than ten names on it. This is no coincidence. The financial appeal of the sector can’t override the need for expertise. It’s a highly sensitive area.

You invest in early-stage ventures focusing on two main themes: the Internet of Things and Analytics. Why did you choose these two?

BA: Well, we’ve been investing in security analytics, a market that’s set to grow exponentially, for the last twenty years. In fact the main challenge for companies is still to identify which information constitutes a threat, from among an infinite volume of data.

As regards the Internet of Things, we made our first investments ten years ago. Today this phenomenon is becoming crucially important, with the huge increase in the number of devices in use. Of course we shouldn’t forget those virtualisation technologies that help to boost network security.

At the same time we’re seeing a lot of initiatives to do with data encryption, although the underlying technology it there it still needs to be beefed up. Solutions for encrypting information call for an understanding of the data, keeping control over where it’s going and maintaining data integrity. Built-in automatic responses to attacks will also become more and more common.

What initiatives are worthy of note today?

In our portfolio we have a number of promising startups. In the data analysis field for instance there are two ventures – E8 Security and RedOwl – which are focusing on detection and analysis of both serious external cyber-attacks and internal company threats.

Meanwhile vArmour is working on security at data centres, providing firms with a system to protect them against cyber-attacks. In similar vein, Bracket focuses on virtualisation, offering a Cloud-based protection software solution.


By Pauline Canteneur