How cybersecurity VCs find visionary companies in emerging sectors

33N Ventures is fundraising €150 million for investing in cybersecurity and infrastructure software companies across Europe, Israel, and the US. The fund will mostly target investments at Series A and B, with an average ticket size of around €10 million, and has an investment capacity of €20 million already committed by Alantra and its strategic partners.

Co-founders and managing partners Carlos Alberto Silva and Carlos Moreira da Silva have made more than 20 investments in cybersecurity and infrastructure software over the past 10 years, across Europe, Israel and the US – including most notably Arctic Wolf.

In this Help Net Security interview, they discuss the cybersecurity investment landscape in Europe, the strategies for finding the right companies, and more.

Company founders usually think mainly about California and Tel Aviv when discussing infosec investments. What’s your impression of the current cybersecurity VC landscape in Europe?

Carlos Alberto Silva: There’s no doubt that the US and Israeli startup ecosystems get more attention when it comes to cybersecurity. But that’s not to say there haven’t been success stories in Europe. Take IriusRisk, for example: the automated threat modeling platform raised a $28.7M Series B round just a few weeks ago.

By rights, Europe should be a world leader in this space. Talent is abundant here, and there is a very large addressable market. The challenge for companies in Europe is that, unlike their peers in the US and Israel, they often don’t get the specialized support they need to compete.

While there are a few specialized funds in Europe, most focus naturally only on one country or region and tend to invest in very early-stage companies. As a result, most entrepreneurs face the choice of working with a US investor (that lacks on-the-ground local knowledge) or working with a generalist fund that may not be able to open the right doors for them.

That’s why we’ve decided to create a fund with a truly pan-European focus. There’s such a large opportunity here for firms that are underserved by the current market. We’ll still be investing in some companies in the US and Israel – simply put, there are some amazing opportunities that we just don’t want to miss out on – but we’re most excited about capitalising on this relatively untapped opportunity in Europe.

What sort of challenges and opportunities are you currently facing? What’s your main focus?

Carlos Alberto Silva: Given that we only launched the fund last week, we’ve not run into too many challenges yet! That being said, of course, the economic climate is not the best. This is a challenge that every venture capital fund and company must face.

Cybersecurity as a whole is also well insulated from the economic downturn. That’s because strong cybersecurity is not a ‘nice-to-have’ – but critical. That’s not going to change – from digital transformation to national security, cyber will continue being a top priority for governments, institutions, companies, and investors across the globe, and the market is expected to reach $162 billion in 2022, with robust annual double-digit growth forecast for the coming years – and so the companies we’ll be looking at have some in-built resilience.

How can you find the right balance between locating promising new businesses and researching potential investments?

Carlos Moreira da Silva: This is not generally something we struggle with. This is probably because we follow a thesis-driven approach that means we spend a lot of time looking at which spaces we want to cover before making any investment decisions.

Of course, we stay up to date with the industry, look at all publicly available sources, and attend the most relevant cybersecurity events across Europe, Israel, and the US. This is all fairly common sense.

But we do rely heavily on our proprietary network of close VCs and advisors. Our network is always totally invaluable when we are looking to identify the best leads for future investments. Our strategic advisors – including leading entrepreneurs, experts, and cybersecurity decision-makers such Brian NeSmith (Arctic Wolf), Eyal Hayardeny (Reblaze), Nuno Sebastião (Feedzai), and Pierre Polette (Hackuity) – all founders of companies we’ve invested in in the past – possess an incredible depth and breadth of sector-specific knowledge and experience that, added to our own, really helps us identify and support the founders and companies with the biggest breakthrough and scaling potential.

We spend a long time talking to prospective investee companies, ideally as early in their journey as possible, and working out where we can help them. If we can make an introduction to a potential customer, for example, we will do so even before we have made any investment. We’ve worked hard to build a reputation in the industry for being supportive of the whole industry – that’s really important to us.

How much research does it take to identify companies you want to invest in? When it comes to cutting-edge technology, it can be complicated to distinguish between things that seem important but aren’t and things that don’t seem important but are.

Carlos Alberto Silva: For most first-time funds the process of identifying the right companies to invest in across such a large geographic area would be difficult. But our team has been together for many years now. We may be a first-time fund, but we’re far from a first-time team.

We know this space well and we have a strong network that reaches across the US, Europe, and Israel. In fact, much of the research you refer to has in effect already been done. We already have a list of companies that we’re interested in, and in many cases have already started the conversation.

We want to back visionary companies in emerging sectors. We want to invest in those who are the very first or one of the very first to solve a particular problem. In our view, jumping on bandwagons or entering already saturated markets will inevitably lead to meagre returns. Get in on the ground floor and you’ve got a lot more room to grow into.

What advice would you give to cybersecurity startup founders looking for investors?

Carlos Moreira da Silva: Beyond the obvious – how much are they willing to invest – there are a couple of really important things for founders to look at. Firstly, look at their track record. Cybersecurity is a space where deep technical knowledge is really important. Think of it this way: if you have to explain what your company does through metaphors and hand-holding, then they probably aren’t going to be much help beyond providing cash stimulus.

The second thing to look at is their network. Well-connected investors with the right contacts in cybersecurity will prove invaluable. Most venture capital investors will have a long list of contacts. You can pick that up by going to the right events and spending enough time in the space. But the investors that will provide you with real benefit are those who have a long list of friends – with deep and genuine relationships. The right introduction can be game-changing for a company, so it’s vital your investor’s network is robust.

What tips do you have for maintaining a positive rapport with company founders? What makes for a quality relationship?

Carlos Moreira da Silva: It may sound obvious, but in our experience, the most important thing for building rapport is having a solid understanding of the business. It is important to be there for the founders during the good times, but especially during the challenging times, when they really need that extra help. Of course, you must understand how the company’s key product or service works.

But beyond that, you must understand everything from the pain points of their customers to the market for talent in their sector to the opportunities for growth. This is not stuff you can pick up overnight, and entrepreneurs are good at picking those with genuine knowledge out from the blaggers.

And, in our case, we can share our global perspective regarding the wider market environment. You can provide an enormous amount of value here.

We also think it helps that we’ve been in their position before. We’re not just investors, we’ve held senior executive roles in cybersecurity companies and effectively built them from the ground up. So, we understand the nuances of the day-to-day running of a business, and that helps us build a foundation of trust – which really is essential to a successful relationship.