Today is Lunar Near Year, and we officially enter the Year of the Dragon 🐲 which is the only mythical creature among the 12 Chinese zodiac signs. In Chinese culture the 🐲 represents good luck, justice, prosperity and strength. Perfect timing as dragons in the venture industry mean any investment that returns the whole fund. As you can imagine, we much prefer 🐲 over 🦄 as the latter represent paper valuations instead of realized returns.

Speaking of dragons, I was surprised to see this 👇🏼 when doing a bit of research on the cybersecurity industry.

And furthermore, this…

So we have about $300 Billion in market cap concentrated in 4 public cybersecurity companies and 1/2 of all revenue concentrated in 5 companies!

And here’s what funding for cybersecurity companies looked like the last 3 years according to crunchbase news:

Just two years ago venture funding to cybersecurity was on fire, with more than $23 billion flooding the sector.

In 2023, cyber startups saw only about a third of that, as venture funding dipped to its lowest total since 2018. Security companies raised $8.2 billion in 692 venture capital deals last year — per Crunchbase numbers — compared to $16.3 billion in 941 deals in 2022.

In terms of creating 🐲, what will this mean for the cybersecurity industry in 2024?

1. Cybersecurity still remains #1 or 2 in terms of IT priorities and spending so that’s great news.

2. Vendor consolidation continues to be the name of the game in large scale enterprise sales which means startups who are 1 product features are finding it harder to close deals when the larger vendors have a good enough offering.

3. There are way too many cybersecurity companes with too high a valuation which are just features of a larger platform who will likely go out of business. That’s ok, it’s just the natural law of startup evolution.

4. For those building tech in newer markets, expect to see lots of exits in the $50-500M range as Palo Alto Networks, Crowdstrike and others continue to extend their platforms by buying smaller companies building new pure play tech like DSPM, browser isolation, etc and stuffing it into their channel. VCs and founders who have raised too much capital at too high a price are realizing that on Noah’s Ark only 2 make it, so if you’re not one of those, and are making a conscious choice to go long, then you better be ready for

5. There are 62 cybersecurity 🦄 , and not all will make it. I can tell you that these companies all want to go public but will have to be a platform company to do so selling multiple products. On the flip side, being stuck at $50-100M ARR with slow growth means that some of these companies will have to make moves as they are too big to be acquired and too small at the moment to be a successful public company. Once again, expect to see more M&A of smaller tuck-ins in the $10-50M range as these 🦄 look to become platform players. In addition, you may see 2 unicorns merging together to dominate a market and accelerate a path to liquidity. Finally, this is also where PE firms will come in and buy a $100M revenue cybersecurity company as a platform to become a rollup.

6. We will see some 🦄 at scale perhaps go public later this year or sometime next year as companies like Netskope, Rubrik, Wiz and Snyk (a portfolio co) continue scaling and becoming their own platforms. Once again, public stock will only create a better currency in which to buy smaller startups.

7. I remain optimistic as we will continue to see new cybersecurity startups getting funded along 2 vectors. That being said, founders and investors will think long and hard about how much capital startups should raise especially if amazing exits are likely to be in the $500M to $1B range versus the $1-5B range. As each round of capital comes into a company, it begins limiting exit options as startups price themselves out of the market for acquirers unless they can deliver.

8. Buckle up, it’s going to be an exciting and active 2024 in cybersecurity 🎢!

As always, 🙏🏼 for reading and please share with your friends and colleagues.

Scaling Startups

1. Great 🧵 on M&A from Brett Goldstein who worked at Google in Corp Dev. I concur with almost all of the lessons.

   I worked on Google's M&A team when we were doing 40+ acquisitions a year 21 things founders should know about getting acquired
   

   1. your team will likely have to pass interviews at the new company, so hire well. 2. every time your valuation increases, the number of potential acquirers decreases.

   3. deals that come in through the corp dev team have a <1% success rate, so talk to actual product people.

   4. build relationships with product teams years in advance of a potential acquisition.

   5. your largest customers and partners are the best potential acquirers.

   6. M&A is a FOMO game, so it's good to play acquirers off each other (when you are legally able to).

2. when taking on incumbents, this is pure gold from Marc Randolph, Netflix co-founder. If interested in what the product build and differentiation between new category creation vs. incumbents, read What’s 🔥 #277

   You don’t have to sprint forever.

   
   Entrepreneurship is a marathon, not a sprint. Except that sometimes you do have to sprint.
   
   The best analogy I can think of is the “mass water start” that some triathlons use: essentially, everyone has to run into the water at the same time, and start swimming for the same buoy 1/4 mile out. It’s an absolute mess, as you might imagine, with limbs everywhere and feet in your face.
   
   But the veteran triathletes know that an all-out sprint as soon as you hit the water means smooth swimming from there on out. It’s exhausting, but it also means a lot less work and confusion once the initial sprint is through.
   
   For startups, entering a crowded market is like a mass water start, and the best strategy is the same: go all out at first, build up, and get yourself some breathing room. After that, you can settle into a more sustainable pace. Yes, it’s a lot of work, but it sure beats getting your goggles kicked off.

3. Want to close deals faster? Then read the 2nd annual Common Paper Contract Benchmark Report w/data from >1000 cos, no better way to close deals faster than by knowing what's market + accelerate your sales cycle"

   How common is auto-renewal in a sales contract? What about baking in future fee increases? Should I expect a director to sign, or will it get escalated to a VP?
   
   We hear questions like these all the time at Common Paper, and to answer them, we analyzed the data set of contracts signed by > 1,000 companies on our platform
   
   Check out our benchmark report linked in the top comment below to find out about unlimited liability, charging design partners, how much longer it takes enterprises to sign vs SMB, and a ton more

Enterprise Tech

1. Is BLG (bootcamp led growth) the new PLG 🤣 - please no more acronyms! Pretty incredible how Palantir took the idea of long implementation processes with “forward-deployed engineers” to a more streamlined product and 1-5 day bootcamps to accelerate sales cycles. Remember product and GTM go hand in hand! From earnings transcript:

   AIP and bootcamps are accelerating our business, particularly in U.S. commercial, where fourth quarter revenue grew 70% year over year, evidencing a significantly expanding addressable market. In October, we set a goal of executing 500 AIP bootcamps within one year.
   

   We have already blown that goal out of the water, having completed more than 560 bootcamps across 465 organizations to-date. We are deploying AIP to implement hundreds of real tangible use cases in production for our customers. One bootcamp attendee remarked, "What your team did in just two days was incredible. We can already think of 100 use cases for this." While another said, "It seems there are endless solutions.

2. Infrastructure software tough, especially when it comes to monetizing OSS. No one is immune - Weaveworks, one of inventors of GitOps and creator of popular OSS project CNCF Flux, is sadly closing its doors after having raised over $60M from Accel and GV. Bummer to see one of OGs of OSS infra software reach >$10M revenue and still shut down - here’s Alexis Richardson’s post on LinkedIn.

   Hi everyone
   
   I am very sad to announce - officially - that Weaveworks will be closing its doors and shutting down commercial operations.  Customers and partners will be working with a financial trustee whom we shall announce soon.
   
   The company was turning over double digit (>$10M) revenue and had more than doubled the number of new product logos in 2023.  However this sales growth was lumpy and our cash position, consequently volatile.  We needed a partner or investor for long term growth.  Finally a very promising M&A process with a larger company fell through at the 11th hour.  And so we decided to shut down. 
   
   I can only apologize to everyone for this difficult turn.   I could say that this should not have happened, but I know that we are not alone in this market.  Bigger vessels have gone astray.  The Weaveworks team is a special group and it has been a long and tough journey.  I know that everyone has been so motivated to do their very best for our customers, our open source community, and each other.  You have done well and can be proud.  We shall always have a shared story.
   
   Our story has been so exciting - from the first days of containers, struggling to be born…

3. 🤯 cloud security for the win - “Wiz hits $350 million in ARR, plans to add 400 employees in 2024” (calcalistech)

   Israeli cloud security unicorn Wiz revealed on Monday that it has reached an impressive $350 million in Annual Recurring Revenue (ARR) just four years since its inception. Wiz, which serves over 40% of the Fortune 100, also announced the appointment of Dali Rajic as President and Chief Operating Officer. Rajic, the former President and COO of Zscaler, is an industry veteran with over 25 years of experience in building and scaling go-to-market teams and operations for tech companies. He will oversee Wiz’s growth strategy and operating models, and according to the company “help steer the company through the next phases of its rapid growth on the road to IPO.”

   Wiz, which has garnered $900 million in funding to date, boasting a recent valuation of $10 billion, has set itself a target of reaching a billion dollars in sales. With 900 employees across the U.S., Europe, Asia, and Israel, it plans to add 400 workers globally in 2024.

4. CrowdStrike and AWS Select 22 Startups for the AWS & CrowdStrike Cybersecurity Accelerator (interesting list of next gen cybersecurity startups, a few LLM prompt injection firewall companies, DSPM startups, browser isolation cos, cloud security vendors - with a $77.5B market cap that’s a lot of potential small M&A targets for Crowdstrike)

5. “Finance worker pays out $25 million after video call with deepfake ‘chief financial officer” - (CNN)

   A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.

   
   The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.

   
   “(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.

6. OpenAI hit $2B ARR run rate end of Dec 2023 😲 (FT)

   OpenAI’s revenues have surpassed $2bn on an annualised basis, as the runaway success of its flagship artificial intelligence product ChatGPT puts it among the fastest-growing technology companies in history. The San Francisco-based start-up’s yearly run rate — a measure of the previous month’s revenue multiplied by 12 — hit the $2bn milestone in December 2023, according to two people with knowledge of its finances.
   
   These people added that the Microsoft-backed company believes it can more than double this figure in 2025, on the back of strong interest from business customers seeking to use OpenAI’s technology to adopt generative AI tools in the workplace.
   
   The extraordinary growth is set to put OpenAI among a handful of Silicon Valley companies — including Google and Meta — to have posted revenues of $1bn within a decade of being founded.

7. Menlo Ventures AI Security market map - “Security for AI: The New Wave of Startups Racing to Secure the AI Stack” and yes Protect AI, a port co, is a true platform covering governance, model consumption, security for models with detection and response, and covering model building + serving with vulnerability scanning and monitoring

8. How does GenAI and code generation affect the work of software developers - more toil vs. the fun stuff? From “is this it” - an anonymous Head of Engineering Metrics initiative for a big tech company.

   I believe the most significant thing co-pilot and other software development GenAI tools do is to move work developers happily did into the category of toil. Specifically, a subset of software development tasks related to writing code and information retrieval (aka. googling).
   

   At first glance these aren’t toil. Toil is repetitive, manual, and time consuming work – fixing broken pipelines, running data fixes, or having to manually configure a server. Toilsome work prevents us from writing valuable code. But that definition has been eroding away. Large companies invest a lot of money in service templates and golden paths to achieve a couple of outcomes:

   • Faster zero to one for getting new services into production

   • Consistency in technologies and configuration of services

   Those outcomes are achieved by skilled developers not writing code. I see GenAI tooling as the next step along the continuum. It moves some next segment of code, beyond the initial service template, from the categorisation of value to toil. CodeWhisperer and its competitors are working on features to allow companies to augment their GenAI model with code that the company provides. This will allow the co-pilot to generate code using internal libraries that follow internal coding standards.

9. One of first studies quantifying impact of DevX (developer experience) from acm - as you read this, think about the impact AI will have as much more code is written and how AI will be needed to keep up with all of those changes…

10. This will get better faster than we think, and there will be compelling enterprise productivity use cases in the future (Jon M. Chu)

    Day 3 with the @Apple #VisionPro … I got stuck at the house because of the LA floods so I couldn’t go into the edit room. So I edited #WickedMovie remotely with my editor #MyronKerstein on @EvercastUS and it worked flawlessly. I need to repeat this out loud. I was in it for HOURS editing on a virtual giant screen (the size of a real movie screen) a major motion picture from the comfort of my house. With no headache. I can’t tell you what a revelation this was. This is big stakes cutting edge productivity work that is available to use today! I am still shook. I don’t think people fully realize the amount of workflow breakthroughs I think the VisionPro will lead to. This is not an ad. Just me being excited about technology and creativity. Hail to the nerds and artists.

11. 👇🏼 as always, The Simpsons see the future as usual

12. Our dystopian future - how will we verify identity in a world of fake licenses, passports…

Markets

1. Not all ARR is the same - CJ Gustafson breaks down how 20 tech companies calculate ARR