Ex-Akamai CSO will guide security startups on strategy as new YL Ventures partner

Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.

Andy Ellis, the former CSO of Akamai Technologies, has joined YL Ventures as an operating partner. Ellis will draw upon his experiences as a security decision maker to advise startups on a broad range of services, including product development, go-to-market strategies, and managing customer pipelines.

YL Ventures funds Israeli cybersecurity companies from “seed to lead,” but the support goes beyond just funding, Ellis said in an interview with VentureBeat. YL Ventures provides strategic and operational guidance to the companies in its portfolio “in the time that YL’s going to be part of their journey,” Ellis said. The firm also publishes the CSO Circuit, a newsletter that tells startup founders what CSOs need and what the market is currently looking for to help shape product roadmaps and sales strategy.

The support could be as straightforward as having access to a marketing or press team before the company is big enough to have its own, it is also about time and practical advice: YL acts as an advisor on anything the founders and their teams need help with. Ellis would be available “anywhere in the pipeline that I can be useful,” such as joining the company on a customer call, providing feedback on product design, advising on the product roadmap, helping to develop the marketing presentation, and advising the company on how to recruit and develop talent.

Ellis spent 20 years at Akamai and grew the security business to more than $1 billion in annual revenue. As the CSO, he dealt with the challenges enterprise security leaders face in developing a security program, as well as deploying and integrating multiple platforms and technologies. One thing he regularly dealt with was the question of how to protect as many people as possible–security at scale. “I can bring some of the lessons about solutions that didn’t always work because they were great on paper and in the pilot,” but not across the entire organization, Ellis said. He also has the vendor perspective, as he has “secondhand experiences across thousands of CSOs” — Akamai customers — about their problems. He knows that enterprise leaders have budget constraints and integration challenges, and can advise security companies on how to address those specific needs. Being on the selling side, he understood how different dynamics played out in different marketplaces and knew the difference between selling to financial services, retail, and manufacturing, for example.

One of the challenges early startups have is shifting their focus from investors to customers. The first slide deck a startup creates typically leads with how much the company has already raised and is typically designed to sell the companies to VCs. “You almost have to throw that entire deck out and start over,” with a presentation that considers the target market and what the customer cares about, Ellis said. A cloud-native business, for example, will want to know how the technology will solve the problem it is having.

“How much money you raised is a signal that says, maybe you have a great idea, but the idea [technology] is what you want to talk about, and should always be what you’re talking about in selling the business,” Ellis said.

What enterprises care about

YL Ventures consults with CSOs– over 90 CSOs on the advisory board as well as a less formal network of a thousand security leaders–to “get market feedback before making an investment,” Ellis said. These conversations help YL Ventures stay up-to-date with the challenges organizations are facing and to understand the needs and gaps in the industry. This collaboration helps YL Ventures decide which areas to focus on and which security companies to add to their investment portfolio. Ellis joined that advisory board about four years ago.

“Sometimes the input was wow, you know, brilliant people, but this, this technology is never going to sell in the market,” Ellis said. “Other times it was, Oh my goodness, I want to do this one.”

YL Ventures currently manages over $300 million and is currently investing its fourth $135 million fund. Its portfolio currently is focused on the following areas: application security and securing code; security controls for software-as-a-service applications; extended detection and response (XDR) capabilities; next-generation cloud security solutions; and data security. YL Ventures is betting on these technologies as the areas enterprise leaders are the most concerned about.

Over the last 15 years, organizations have built out extensive security platforms to protect the applications and data they have, but that security platform is going to be left behind when the organization moves that application or data to the cloud, Ellis said. Security leaders now have to solve the problem of protecting that application in the cloud. Most public cloud platforms already have “fantastic” security tools, but the challenging is finding them and knowing how to use them, Ellis said. So he will be looking at ways to make it easier to deploy security services in the cloud. This kind of thinking applies to SaaS applications, as well, since security teams have to make sure the employees are using them safely and that information remains safe.

“It really does come down to how how do we make security easy? How can we give security teams scale?” Ellis said.

Another area Ellis sees a lot of CSO interest is in application development, in helping developers build secure code.

“That said, any idea is on the table,” Ellis said. “If a company comes with a brilliant idea, and it’s not in those three spaces, I’m totally excited about that, too.”

While YL Ventures didn’t provide aggregate totals on how much it has invested in each of these areas, it provided some insights in recent funding decisions.

Key areas of security investment

The sheer number of attacks against applications and the ever-widening attack surface is driving organizations to allocate more resources to application security and secure software development. One emphasis is on security solutions to “shift left,” to implement security earlier in the software development lifecycle. The firm led the seed round in application security startup Enso Security, vulnerability management company Vulcan Cyber, and source-code protection startup Cycode.

The growing attack landscape means organizations are also increasingly looking for new ways to detect threats and respond quickly. XDR is a new approach which collects and automatically correlates data across multiple security layer, so threats can be detected faster and security analysts can improve investigation and response times. YL Ventures led the seed round in Hunters and participated in follow-on rounds.

The shift to the cloud, the growing remote workforce, and rapid adoption of digital transformation initiatives means enterprise leaders are willing to spend on ways to protect cloud platforms and software-as-a-service applications. More and more employees connecting remotely to corporate assets and accessing sensitive data from private devices and networks. YL Ventures led the seed round in Orca Security, a security startup which reached a unicorn valuation in less than two years.

Data security and governance is another big area for YL Ventures, especially as enterprises try to manage the massive amount of data being generated. Organizations have to figure out how to comply with a growing slate of regulations such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. As more states follow California’s example, organizations have to ensure their governance processes and data management practices keep up with each regulation’s requirements. YL Ventures led a seed round in Satori in 2019.

Other areas YL Ventures has invested in recently includes authorization (build.security), medical device security (Medigate), and embedded security for connected systems (Karamba).

VCs often straddle the fine line of investing in companies that address the needs of the market, but also looking ahead and trying to anticipate future problems and find startups that are beginning to tackle those issues. There is an educational opportunity for companies to prepare for the moment when organizations realize they have that particular problem. Ellis gave the example of how organizations started buying technologies to deal with distributed denial-of-service attacks. Akamai was already working on the technology in 2004, before most organizations were even thinking about it. When Operation Payback, a series of coordinated DDoS attacks against financial services and other major organizations, hit in 2010, Akamai was ready. Vulcan Security, a company in the YL Ventures portfolio, is another example. When the company was raising its seed round, very few organizations were thinking about vulnerability remediation orchestration. Just a handful of years later, and it is something organizations are actively looking at.

“My favorite part of this business is helping,” Ellis said. “How do you make the internet safer by finding things that scale as solutions that the market needs?”


  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article