That comes from Steve Herrod, managing director at venture capital firm General Catalyst Partners. It’s something I’d already been thinking, and when I met with him at RSA 2016, I’d intended to bring it up — but he beat me to it.
In more than 20 years of covering technology, I’ve been told repeatedly that security is overlooked, so in that sense, all this attention isn’t so bad. Security is in the spotlight, thanks to high profile breaches, the increasing consumer presence in technology, and the realization that every network is vulnerable.
But any time a sector gets hot, there’s a gold rush. Natural selection will winnow down the number of startups, but it sure can be annoying in the meantime.
That goes for the customers, not just for journalists. The security glut means chief information security officers (CISOs) are finding it harder to know what to buy — a sentiment I heard from another venture capitalist in February: “CISOs are saying, ‘Guys, I don’t need 20 different tools. Give me one.’ ”
Again, this is a natural part of the cycle. As more companies crowd into a space, newer ones have to find smaller and smaller niches to fill — hence the 20 different tools. It puts many startups, especially, in a temporary stalemate.
“There’s been a ton of investment in early-stage companies that has caused this conference to have more noise,” Herrod said. “I’m kind of happy there’s going to be a slowdown in funding this year. We’re kind of in the Hunger Games phase right now, everybody fighting for attention.”
Sometimes in these situations, you can count on bigger players to start vacuuming up startups. But security doesn’t have the track record for that.
Check out our full RSA Conference 2016 Coverage.
“By most accounts, cyber security is a $100 billion market. The largest player is $4 billion,” says Alan Cohen, chief commercial officer at Illumio. “There’s no superpredator, and there’s never been an aggregator.”
Still, security is vital, and it’s clear that new approaches are going to arise. So, Herrod does have investments in security startups — Illumio and Menlo Security, specifically.
And, to repeat, the awareness around security isn’t a bad thing. “It’s growing up, in the sense that public boards have to know about security for their companies,” Herrod says. “As a result, I think the conference has gotten more mature, in terms of more ‘suits.’ “