The role of a company’s Chief Information Security Officer has evolved over the past few years…to put it lightly.
From pen testing, to vulnerability assessments, and everything in between, a CISO appointment is increasingly becoming a requirement for safely and securely growing a business. And with the industry changing so rapidly, it’s important to stay on the cutting edge of innovation to ensure a security program remains comprehensive and effective.
As expected, the market has responded in kind. There are red hot security startups everywhere you look these days, and the associated investment capital has hit staggering levels. And while all these new ventures claim to fulfill a current industry need, most of them won’t be winners over the long term.
As someone who loves being a hands-on technical leader and is constantly evaluating tools and solutions across the technology spectrum, I was excited to learn about Silicon Valley CISO Investments (SVCI), an angel syndicate made up of 60 of the world’s leading CISOs. And I was honored when I was invited to join the group and help them in their mission to fuel the next generation of cybersecurity innovation.
SVCI is all about high engagement. Each company that becomes part of the SVCI portfolio (eight to date) is assigned a team of leading CISOs to help them with everything from technical roadmapping to customer outreach. We don’t invest and disappear after the round has closed and the press release has gone out. We take a personal touch to our companies to ensure success in their respective markets.The companies we work with are provided capital, connections, and unmatched industry expertise.
Only a small percentage of the pitches we receive go on to our due diligence process, which is rigorous. We evaluate the market, product, potential risks, and perform a comparative analysis against other players in the space. And while many companies we review seem well suited to fill a need, it ultimately comes down to the team and the ability of company leadership to execute and really dominate a market. Members of SVCI have the experience, technical acumen, and understanding of market gaps to make an informed decision when it comes to investing in the future of security.
In my case, I was exceptionally interested in companies that could help automate security and compliance, allowing for next-level monitoring and remediation. I’ve always been a proponent of letting the robots do the work, and compliance has been a ripe opportunity in this regard for some time. When SVCI decided to invest in Drata, a compliance automation platform, it was because the group saw Drata’s technology as one that would dominate. Compliance automation is becoming an increasingly crowded field, but Drata’s deep integrations, engineering approach, and understanding of the customer clearly differentiated them from the pack. And the founders, three friends who’d already had a successful exit, were standout leaders on every level.
In the case of Drata, I believed so much in the technology and team that I chose to join as the company’s CISO. For a Series A company, the appointment of a CISO is unique, and showcases the investment Drata is willing to put into the platform. In my new role, I’ll be providing guidance as we expand the platform beyond SOC 2 and ISO 27001 into new frameworks like HIPAA and PCI. I’ll also be supporting Drata’s customers in their own security and compliance efforts, ensuring they get the highest level of industry expertise alongside the most advanced technology available.
SVCI is a unique opportunity for those of us that do the job of CISO. We understand the goals, motivations, and challenges that come with the role, and how technology can help us in our quest to keep businesses safe and secure. For me, it’s also provided the opportunity to be part of a company that’s set to completely transform the way we’re handling security and compliance. And with the backing of the world’s top CISOs, I look forward to where we go from here.
Drata didn't build a product they thought the market wanted. They did the work to understand what the market actually needed. This customer-first focus is clearly reflected in their platform's technical sophistication and features. I feel like their team really did their diligence in appreciating what we do at the CISO level, and providing the industry with a solution that could start delivering immediate impact.