Gili Raanan - Cybersecurity Investment Playbook - [Invest Like the Best, EP416] - Invest Like the Best with Patrick O'Shaughnessy

Summary7 min read

Invest Like the Best with Patrick O'Shaughnessy Episode Summary: Gili Raanan - Cybersecurity Investment Playbook Release Date: March 25, 2025

1. Introduction

In this episode of Invest Like the Best, host Patrick O'Shaughnessy interviews Gili Raanan, the founder of Cyberstarts—a venture capital firm specializing in cybersecurity. Gili shares his insights on the evolving landscape of cybersecurity, investment strategies, and the methodologies that have driven Cyberstarts' exceptional success.

2. The Perfect Storm in Cybersecurity

Gili Raanan begins by outlining the current state of cybersecurity, describing it as a "perfect storm" due to global conflicts and advancements in artificial intelligence (AI):

Gili Raanan [05:29]: "We live in a very dangerous world, way more dangerous than it was just a few years ago. So that's one element making the cybersecurity threat vector so real, so dangerous, so available."

He emphasizes how modern conflicts, such as those in Ukraine and Gaza, have turned offensive cybersecurity into a strategic weapon, escalating threats beyond traditional criminal organizations to state-sponsored actors.

3. Evolution of Cyber Warfare

The discussion delves into the analogy between traditional military advancements and modern cyber warfare. Gili compares the progression from muskets to nuclear weapons with the evolution of cyber offensive and defensive tools:

Gili Raanan [07:46]: "With AI, there are additional steps—workflow, automation, and then the final step where AI takes control. It's no longer just human-augmented; AI agents are launching attacks autonomously."

He highlights that AI is revolutionizing cybersecurity by enabling attackers to execute sophisticated and large-scale operations that were previously unimaginable, rendering older defense mechanisms obsolete.

4. Offensive Strategies and Attack Targets

Gili discusses the ROI-driven nature of cyberattacks, where attackers aim to inflict maximum damage with minimal effort:

Gili Raanan [09:38]: "The best offensive tactics are always ROI driven. How do I apply the highest damage to you with the smallest effort?"

He provides examples of simple yet devastating attacks, such as taking down name servers to cripple a country's power infrastructure, illustrating how AI can amplify these threats by generating thousands of attack scenarios simultaneously.

5. Building Enduring Cybersecurity Companies

Addressing the challenge of longevity in the rapidly evolving cybersecurity sector, Gili asserts that companies must be "AI-first" to remain relevant:

Gili Raanan [12:21]: "AI would redefine cybersecurity. Founders would have to create cybersecurity companies that are AI-first and AI-native just to have a chance to build lasting important cybersecurity companies."

He notes that traditional rule-based and behavior-based systems are becoming obsolete, necessitating a complete architectural overhaul to incorporate AI capabilities effectively.

6. The Genesis of Cyberstarts

Gili recounts the inception of Cyberstarts in 2018, fueled by his experiences at Sequoia Capital and as a founder:

Gili Raanan [13:53]: "The venture model is completely broken. It's broken in so many ways for investors and entrepreneurs. We focus solely on the person ahead of us—on talent."

He explains his decision to pivot from conventional VC approaches by eliminating traditional criteria like market size and product viability, instead prioritizing founder resilience and the ability to overcome adversity.

7. Success of the First Fund

Cyberstarts' inaugural $50 million fund grew exponentially to nearly $2 billion within three years, positioning Gili as a formidable figure in cybersecurity investments:

Gili Raanan [16:52]: "Luck is definitely important, but on top of luck, a clear thesis and a commitment to deliver real value to the founders we partnered with were major factors."

He attributes this success to a well-defined investment thesis, stringent founder selection, and a dedication to achieving product-market fit through the Sunrise methodology.

8. Founder Selection Criteria

Gili emphasizes the importance of founder resilience over traditional metrics like intelligence:

Gili Raanan [19:55]: "The most important thing is the adversity and the ability to overcome it. High IQ helps, but it's not the most important thing."

He shares the story of Michael Scholar, founder of Fireblocks, highlighting how personal challenges can forge the resilience necessary for startup success.

9. The Sunrise Methodology

The Sunrise methodology is Cyberstarts' proprietary process to ensure startups address genuine market pain points:

Gili Raanan [23:27]: "We first identify the most important pain point in the market by speaking with dozens of organizations, then we build solutions that directly address those needs."

This systematic approach involves extensive market research, direct customer engagement, and iterative feedback to refine product offerings before development begins.

10. Case Study: Wiz Acquisition

Wiz serves as a flagship example of Cyberstarts' investment prowess. The company achieved unprecedented growth and was ultimately acquired by Google:

Gili Raanan [40:10]: "Wiz was the fastest unicorn to reach $500 million, demonstrating the effectiveness of our investment and support strategies."

Key elements contributing to Wiz's success included identifying an urgent pain point in cloud security, achieving rapid product-market fit, and securing large enterprise deals that accelerated their growth trajectory.

11. Lessons Learned and Future Outlook

Gili shares valuable lessons from Cyberstarts' journey, including the importance of embracing high valuations when justified and maintaining productivity through specialized talent sourcing:

Gili Raanan [47:30]: "High-priced companies are not bad if they're justified. Companies like Wiz were expensive from day one, but that was part of their DNA."

Looking forward, Gili remains optimistic about the future of cybersecurity investments, driven by continuous technological advancements and a steady influx of talented individuals dedicated to solving evolving security challenges.

12. Personal Stories and Resilience

Gili opens up about his personal resilience, sharing the heartbreaking loss of his daughter and how it fueled his determination to build Cyberstarts:

Gili Raanan [50:40]: "I lost my daughter in a terrible tragedy, which paused my world. Founding Cyberstarts helped me channel that pain into building something meaningful."

This personal narrative underscores the profound impact of resilience and purpose in both personal and professional realms.

13. Conclusion

Gili Raanan's journey with Cyberstarts offers a compelling blueprint for successful investment in the cybersecurity sector. By prioritizing founder resilience, leveraging AI-driven methodologies, and maintaining a clear investment thesis, Cyberstarts has not only achieved remarkable returns but also contributed significantly to advancing cybersecurity solutions. His insights provide invaluable guidance for investors seeking to navigate and thrive in the complex and ever-changing landscape of cybersecurity.

Notable Quotes with Timestamps

Patrick O'Shaughnessy [00:00]: "I'm looking for Maniacs on a Mission. This is the basis for our investment firm Positive Sum..."
Gili Raanan [05:29]: "Cybersecurity today is the perfect storm where global conflicts and AI advancements are creating unprecedented threats."
Gili Raanan [07:46]: "With AI, there are additional steps—workflow, automation, and then the final step where AI takes control."
Gili Raanan [09:38]: "The best offensive tactics are always ROI driven. How do I apply the highest damage to you with the smallest effort?"
Gili Raanan [12:21]: "AI would redefine cybersecurity. Founders would have to create cybersecurity companies that are AI-first and AI-native."
Gili Raanan [13:53]: "The venture model is completely broken. It's broken in so many ways for investors and entrepreneurs."
Gili Raanan [19:55]: "The most important thing is the adversity and the ability to overcome it. High IQ helps, but it's not the most important thing."
Gili Raanan [23:27]: "We first identify the most important pain point in the market by speaking with dozens of organizations."
Gili Raanan [40:10]: "Wiz was the fastest unicorn to reach $500 million, demonstrating the effectiveness of our investment and support strategies."
Gili Raanan [47:30]: "High-priced companies are not bad if they're justified. Companies like Wiz were expensive from day one, but that was part of their DNA."
Gili Raanan [50:40]: "I lost my daughter in a terrible tragedy, which paused my world. Founding Cyberstarts helped me channel that pain into building something meaningful."

Key Takeaways

Resilience Over Intelligence: Cyberstarts prioritizes founders who have demonstrated the ability to overcome adversity, believing that resilience is a stronger predictor of success than traditional metrics like IQ.
AI-First Approach: The integration of AI is not just an add-on but a fundamental aspect of modern cybersecurity solutions, essential for staying ahead of sophisticated threats.
Sunrise Methodology: A systematic approach to identifying and solving real market pain points ensures that startups have a validated product-market fit before scaling.
High Valuation as a Positive Indicator: High valuations from early stages can signify strong DNA and growth potential, contrary to the conventional advice of keeping valuations low to minimize dilution.
Personal Resilience Fuels Professional Success: Gili's personal story underscores the importance of channeling personal challenges into professional endeavors to drive impactful and meaningful work.

This episode offers a deep dive into the strategic mindset behind successful cybersecurity investments, blending personal resilience with professional acumen to navigate and capitalize on the dynamic threats in the digital age.

Loading summary

Transcript103 lines

[00:01]
Patrick O'Shaughnessy
Something I speak about frequently on Invest like the Best is the idea of life's work. A more fun way to think about it is that I'm looking for Maniacs on a Mission. This is the basis for our investment firm Positive Sum, and it's the reason why I am so enthusiastic about our presenting sponsor, Ramp. Not only are the founders Karim and Eric Life's work level founders certainly maniacs on a mission, they have created a product that is effectively an unlock for founders and finance team to do more of their life's work. By streamlining financial operations, saving everyone their most precious resource time, Ramp has built a command and control system for corporate cards and expense management. You can issue cards, manage approvals, make vendor payments of all kinds, and even automate closing your books all in one place. Speaking from my own experience using Ramp for my business, the product is wildly intuitive, simplistic and makes life so much easier that you'll feel bad for any company who hasn't yet made the switch. The Ramp team is relentless and the product continues to evolve to save you time that you would never have dreamed of getting back. To me, there is nothing more interesting than technologies that reduce friction for other entrepreneurs to be able to build the thing that they want to so much attention has gone to cloud computing, APIs and other ways of making life easy for founders. What Ramp has done and is doing is build yet another set of tools in this category. To get started, go to ramp.com cards issued by Celtic bank and Sutton bank member FDIC. Terms and conditions apply.
[01:27]
Gilly Renan
As an investor, staying ahead of the game means having the right tools and I want to share one that's become indispensable in my team's own research. AlphaSense. It's the market intelligence platform trusted by 75% of the world's top hedge funds and 85% of the S&P100 to make smarter, faster investment decisions. What sets AlphaSense apart is not just its AI driven access to over 400 million premium sources like company filings, broker research, news and trade journals, but but also its unmatched private market insights. With their recent acquisition of Teagus, AlphaSense now holds the world's premier library of over 150,000 proprietary expert transcripts from 24,000 public and private companies. Here's the kicker. 75% of all private market expert transcripts are on AlphaSense, and 50% of VC firms on the Midas list conduct their expert calls through the platform. That's the kind of insight that helps you uncover opportunities, navigate complexity and make high conviction decisions with speed and confidence, ready to see what they can do for your Investment Research? Visit AlphaSense.com invest to get started. Trust me, it's a tool you won't want to work without.
[02:29]
Patrick O'Shaughnessy
Ridgeline gets me so excited because every investment professional knows this core challenge. You love the core work of investing, but operational complexities eat up valuable time and energy. That's where Ridgeline comes in. Ridgeline is an all in one operating system designed specifically for investment managers and their momentum has been Incredible. With about $350 billion now committed to the platform and a 60% increase in customers since October 1, firms are flocking to Ridgeline for good reason. They've been leading the investment management, tech industry and AI for over a year, with 100% of their users opting into their AI capabilities, putting them light years ahead of other vendors thanks to their single source of data. You don't have to put up with juggling multiple legacy systems and spending endless quarter ends compiling reports. Ridgeline has created a comprehensive cloud platform that handles everything in real time from trading and portfolio management to compliance and client reporting. It's worth reaching out to Ridgeline to see what the experience can be like with a single platform. Visit ridgelineapps.com to schedule a demo.
[03:32]
Unknown Host
Hello and welcome everyone.
[03:34]
Gilly Renan
I'm Patrick O'Shaughnessy and this is Invest. Like the Best, this show is an open ended exploration of markets, ideas, stories and strategies that will help you better invest both your time and your money. If you enjoy these conversations and want to go deeper, check out Colossus Review, our quarterly publication with in depth profiles of the people shaping business and investing.
[03:51]
Unknown Guest
The.
[03:52]
Gilly Renan
You can find Colossus Review along with all of our podcasts@joincolasis.com Patrick O'Shaughnessy is.
[03:59]
Unknown Voice
The CEO of Positive Sum. All opinions expressed by Patrick and podcast guests are solely their own opinions and do not reflect the opinion of Positive Sum. This podcast is for informational purposes only and should not be relied upon as a basis for investment decisions. Clients of Positive Sum may maintain positions in the securities discussed in this podcast. To learn more, visit Psum vc.
[04:26]
Patrick O'Shaughnessy
My guest today is Gilly Renan. Gilly is the founder of cyberstarts, a VC firm focused on cybersecurity and the world's first VC that is majorly backed by cyber entrepreneurs. Cyberstart's $50 million first fund exploded to close to $2 billion in just three years. Gilly describes cybersecurity today as the perfect storm where global conflicts and AI advancements are Creating unprecedented threats. He talks about cyberstart's Sunrise methodology, which uniquely identifies customer pain points before building solutions. We discuss a focus on finding resilient talent, overcoming personal adversity, the evolution of the cybersecurity landscape, and Google's recent acquisition of Wiz, where cyberstarts was one of the earliest investors. Please enjoy my conversation with Gilly Renan.
[05:12]
Unknown Host
Gilly, I've been so excited to do this with you in part because in the 500 or so episodes of this, I don't think I've ever talked about the thing you invest in, primarily cybersecurity. And because your personal investing story and life story is so damn interesting, we're going to go all over the place. Maybe you can just give us the very high level state of the Union in cybersecurity today.
[05:29]
Unknown Guest
CyberSecurity for over 35 years. Not happy to admit it, but that's reality. So I believe I do have a perspective on it. We live in days where it's actually the perfect storm in cybersecurity for various reasons. And when I look back at the days I founded cyberstarts short of 7 years in 2018, it wasn't the case in 2018, cybersecurity was considered the boring portion of it. I think that what we see today is that there's a global powerhouse conflict that drives major forces into cybersecurity. It's the Ukrainian conflict, it's the Gazan conflict, it's all over the world offensive cybersecurity became a, a lethal weapon or even strategic weapon for state and powerhouses involved in that in those conflicts. So that's one element that's making the cybersecurity threat vector so real, so dangerous, so available. And there's a constant drift from state level cybersecurity weapons to criminal organization and then just creep kiddies. So we live in a very dangerous world, way more dangerous than it was just few years ago. So that's one of them. The second element is technology. I think that we've seen the iPhone moment for AI in 2023 or maybe even 2024. AI is not going to improve cybersecurity, it's going to redefine it. The same technology, the same LLMs, the same AI agents that you'd use to predict attacks and prevent them would be used against you to deliver attacks at scale and level of sophistication we haven't seen before. And the methods that we developed maybe for the past eight years starting in World War II would be useless because the speed, scale and Sophistication of those attacks would be something that we haven't seen before. The world is a way more dangerous place today. There's lots of risk ahead of us.
[07:21]
Unknown Host
I'm curious if you could analogize cybersecurity, offense and defense to simple military concepts or something like this. If I think about the evolution of kinetic warfare from muskets up through nuclear weapons or something, is there some similar escalation of the tools being used by attackers and defenders in cyber? Have the targets changed over time? The goal of the attackers changed over time? If I were to think about the evolution of the battle, what are the key steps in that evolution?
[07:46]
Unknown Guest
Think about modern warfare and the use of technology. It started with better analysis, better decision making process, then it moves to human augmentation. Think about introduction of the first tanks in the first World War or the introduction of the Kalachnikov. It made humans more lethal. But with AI there are additional steps. It's the workflow, automation and then the final step where AI takes control. And if you think about a modern warfare, you think about LLMs that quickly put together attack plans that you didn't practice for, you didn't plan for. You don't have a B plan and a C plan for. They're already using AI agents to take control and launch those attacks. On the different side. That means that human augmentation would be an improvement for time being. It might be enough, but it won't be a great solution for the long term. For the long term, you'd have to use LLMs to predict attack vectors in the very same way and give AI agents the control so you have a chance to respond to those attacks in a timely manner. That's the future we are going to, there's no question about it. If you've been a fan of the Arnold Schwarzenegger Terminator movies, that's been a science fiction future. I think this is reality today.
[09:00]
Unknown Host
What does that mean in terms of attack targets? What are the offensive system, let's say a bad actor? What are they trying to disable? What are they trying to shut down? What is the primary, most damaging strategy of the attacker today?
[09:12]
Unknown Guest
The best offensive tactics are always ROI driven. How do I apply the highest damage to you in the smallest effort? Lowest cost, fastest way? And what damage is always contextual question, depends who you are. But we've seen examples of so many different ways to inflict pain on you on a target. And some of those attacks had very, very simple measures that use, but the outcome was unbelievable.
[09:38]
Unknown Host
Could you give an example?
[09:39]
Unknown Guest
If you like to take off a countering and put it on its knees. That takes using conventional methods, huge amount of resources, times and coordinated efforts by a lot of people. If you do that through cybersecurity, you can use very simple ways like taking down name servers for their power stations and you leave that country with that power for a few days. It's not a highly sophisticated attack. You don't have to have an army of people doing that. And it can happen to any country any day. Now think about an AI agent that's able to produce thousands of scenarios like that and execute all of them simultaneously. That's the technology today. This is not the future thing that's today.
[10:24]
Unknown Host
What does that mean in literal terms? So when you describe it that way, what comes to mind is an agent that can brute force create ways in and just try them all. One lands and is successful in its attack. Is that the right way to think about it or is it, if that's a shotgun approach, is it more of a rifle approach enabled by the agent in a way that wasn't possible five years ago?
[10:40]
Unknown Guest
The deduction model would always be as good as the data provided. Take the analogy. In the drugs development industry, if you provide enough information about a certain disease, you build a LLM that can take that patient data, that can take a lot of research and offer recipes for drugs that can, for instance, heal diseases that considered unhealable, let's say Alzheimer. You can use the same LLM and ask for recipes for drugs that can kill people. It's the same system, it's the same method, it's the same software. Now think about LLM that's fed on data around the software infrastructure of a bank and an AI agent that you use to ask questions like what are the potential breaches in my infrastructure and how should I protect myself? It's a very useful agent. The same agent you can ask directly or click to answer the question, how would an attacker breach the defenses of that bank and take that bank offline? So the same technologies that we use for the defense are the technology that would be used on the offense. You've seen that even if you put a lot of guardrails into the model, there are many ways to bypass those guardrails. And that's when AI is in a walled garden. Now you have open source models and Deep SEQ is just one example of it, where AI is not walled garden anymore, it's in the wild. And anyone can download the model and modify the model.
[12:01]
Unknown Host
If I think about the average lifespan of A cybersecurity company in this state of the world today, and let's say the next 20 years, there's that famous chart of the average lifespan of a company in the S&P 500 that's getting shorter and shorter and shorter. Does that line look even crazy or steep for cybersecurity companies? If the attack and defense factors are evolving so quickly, how can a company build enduring value?
[12:21]
Unknown Guest
The answer is fairly straightforward. AI would redefine cybersecurity. It would replace the old ways cybersecurity solutions were architected. The old systems of building rule based systems and behavior based systems so the good guys can fix misconfigurations or patch buggy software systems. Those days are gone. And founders would have to create cybersecurity companies that are AI first and AI native just to have a chance to build lasting important cybersecurity companies. And that's the reason you see existing players, major players like our own portfolio companies. You see the level of effort that a major cybersecurity platform like Wiz or Sierra or island, the level of effort they put in AI understanding, learning AI and applying AI into their platform. That's not an additive capability to the product. That's re architecting the product to make sure they are useful and effective. When the attacker is not human and is not just human augmented, it's a machine that attacks you.
[13:22]
Unknown Host
Can you tell the story of the first fund which I think will probably go down as one of the most spectacular early stage investment funds ever. I would love you to share the numbers and the companies and just what happened. So sort of thing of legend now and then. I want to build on that for how you've built the business afterwards. You started in 2018, the first fund was small. Tell the story of that first fund.
[13:38]
Unknown Guest
A lot of what happened in that fund relates to a lot of learnings and mistakes I've made earlier in life.
[13:45]
Unknown Host
Can you give those touch on like some of the major learnings and mistakes and lessons like the key ingredients that were in place in 2018. From your experience that went into that.
[13:53]
Unknown Guest
First investment fund in 2018, I just exited one of the best VCs in the world, Sequoia Capital, Amazing team. Spent a decade as a general partner and beforehand I've been a founder and CEO of two software companies. And my conclusion back in 2018 was that the venture model is completely broken. It's broken in so many ways. It's broken for investors and it's broken for the entrepreneurs. Investors have spent endless amount of time asking about markets and products and technologies which founders at a very early stage, at the seed stage. Clearly they don't have the right answer, they don't have an idea, and whatever they tell the investor anyway, it would change within a few weeks and then change again and change again and change again. And everyone are simply playing a game and dancing the dance. But they are just paying tax to the system. It has no value. Especially it has no value for the recipient of the solution because they are not even involved in that dialogue. So when I founded Cyberstarts, I made one very important commitment to completely avoid questioning the market, the technology, the product, the competitive advantage, and focus on one thing only, which is the person ahead of me. Focus on the talent. The other thesis I had is hunting for adversities. I'm looking for people who are not straight lines, who didn't have a perfect start for their life and manage to overcome it and become successful, although they didn't have a perfect starting point for their life. I had a very stumble beginning for cyber starts. Started with a $50 million fund, super small. The first fund I was investing alone out of my office was, still is today, a shipping container I converted into an office situated in my backyard. And I invested in nine teams and I was the lead investor in all those teams. Made re bets in people without ideas. And many people thought that's pretty crazy. A grown up writing large checks to people without idea, that seems pretty odd. And then three years later in 2021, I I realized that the portfolio of those nine teams is valued over $25 billion. Converted the $50 million into close to $2 billion. And more importantly had a terrific set of companies. Companies like Wiz, Edecacon, the leader in cloud security. Amazing team, we can talk about them a lot. Companies like Island Security that invented the enterprise browser space and today is a company that valued at around multibillion dollars. Companies like Fireblocks, which is the largest blockchain custody service for enterprises which valued at $8 billion. And as you know, in our business, if you invest early on in terrific companies, if you invest early on in Doordash or Airbnb, you'll do disgustingly well. But a hit rate of 4 or 5 unicorn, including 1 decacon and few other companies that each of them got acquired for hundreds of millions of dollars each. That hit rate was a proof point that there's something right about the model, about the thesis.
[16:52]
Unknown Host
If you think about that outcome and you decompose it into a couple things. A bet on cybersecurity, a bet on these nine people, a bet on the business models or the way that they approach the market and then some other catch all bucket. What do you think were the most important contributing factors to that first fund's success and the success that has continued to happen since? The hit rate's crazy, the number of huge outcomes is crazy. Maybe the fourth bucket is luck. How would you break out the reasons for the success?
[17:18]
Unknown Guest
Luck is definitely important, but on top of luck, I think Warren Buffett once said as he works harder and harder, he becomes luckier and luckier. So definitely luck is important. But I think the major factors here are a clear thesis. Cyberstart is one simple thesis, one sector and a commitment to deliver real value to the founders we partnered with. The clarity of that teases and the fact we focus just on a single sector and we own it. The founder selection criteria, and I would love to share some example later on, and the fact that we made our decision making process super simple by completely eliminating considerations like market, technology, product competition, business plan, pricing, whatever it is. So we do not waste time on those things initially. We spend our time making sure that we bet on the right athletes. So luck, thesis, founder selection criteria. And then I would add two other factors. One is the commitment we have to get to product market fit as fast and as efficient as you could. And that's the whole story of our Sunrise program. The Sunrise program means that you do not develop technology or solutions in a vacuum, that you build software, that you build software solutions that people really need and can use on a daily basis. And I would say the last element is that I'm surrounded by four amazing partners. Each of them is adding tons of experience and value and knowledge. And coming from different backgrounds, I think all those five elements make cyberstarts what it is today. And just to continue the story of cyberstarts today, with all the humble beginning we had, we managed more than $700 million under management across five funds, four seed funds and one continuation fund. The portfolio value today cumulatively is around $45 billion, which is 50% of the worldwide market cap of private cybersecurity companies. 50%. That means that we seeded 50% of the worldwide market cap for private companies in cybersecurity and that's under seven years.
[19:19]
Unknown Host
Pretty good.
[19:19]
Unknown Guest
Yes, we believe in cybersecurity. Give us another seven years and let's see where we can go from here. Each of the four active funds delivered over 100% IRR to investors. So this is not just a case of one successful first fund and then living on the success of that fund. I think that we deliver value to founders and to limited partners across all the funds systematically.
[19:43]
Unknown Host
Let's step through that process, starting with founder traits. So you're betting on people, many of whom don't have an actual idea yet. And so you're really just incredibly focused on the quality of the person. Have you learned about what matters? What are you looking for?
[19:55]
Unknown Guest
My personal experience as founder and builder taught me that startup is an insanely painful journey. It's super hard, and like it or not, you're going to face a lot of challenges. And that made me believe I shouldn't simply look for the smartest person in the room. High IQ helps. It's not a bad thing, but it's not the most important thing. The most important thing, in my view, is the adversity and the ability to overcome it. For me, this is the greatest signal, the best signal for a terrific founder. Take, for instance, Fireblocks founder and CEO Michael Scholar. Let's start with the company so you understand the context. But Fireblocks is the leading crypto asset custody service for enterprise. It's valued at around $8 billion. Thousands of customers, including BNY Melon and BNB Paribas and ABN Amber. Fireblocks was my first investment in Cyber Styles in 2018. June 2018, we invested $3 million, and that was the seed for Fireblocks. It's an $8 billion company today. And Michael's personal story is that he immigrated to Israel from the former Soviet Union as a child. He grew up without a father, raised by a single mother. And he learned early on in his life to navigate through uncertainty, moving to a new country, learning a new language, learning how to deal with things and push through challenges. I loved it. I thought that's the most important thing. Michael is a friend, he's a brilliant guy, but I'm sure that there are people out there with higher iq. But that's not what important. When he started the company, just few months after the first investment, we got into the First Crypto Winter. 6 out of the 10 First Design partners of Michael went bankrupt.
[21:38]
Unknown Voice
So how do you deal with that?
[21:39]
Unknown Guest
That's a major blow to your plan. Design partners are so important to build a solution, and he had to simply rethink about the entire plan, about the focus and who the customers are. I think that his childhood experience, the roughness in him, the life experience, that you'd face challenges and you'd manage to overcome them, that what kept him moving forward and overcoming those challenges and building an amazing business.
[22:04]
Unknown Host
How much of your evaluation of these people is effectively just saying, tell me your life story. And if they literally just answered that question in detail, it would be all you need. And if it's not all you need, what else do you need?
[22:13]
Unknown Guest
It's part of what I need. It always goes there. But I learned that what's important in the story is not the what, it's the why. It's not about what you did, it's about why you did, why you choose to do that, why you pick job A and not job B, why you pick that partner in life, not another partner. It's always about the why. So it's not just about a unique, heartbreaking life story. It's spending time with an individual and understanding the way they make decisions, the way they analyze the situation, what drives them, what really makes them tick. And it's not so much about what they did and what accomplishments they managed to achieve, et cetera. It's always nice to know that. But that's not what important.
[22:54]
Unknown Host
If you think about the next step, you select someone, they've got this personality type that you love, you then go on a hunt for the right problem. And maybe this is just the excuse to talk about the Sunrise methodology that you've established. Walk us through that process. I want to highlight how strange this is relative to if you think about the outcome. So far I'm not aware of another early stage investor that's this systematic with this high a hit rate in such a narrow field. And so I think spending extra time on the methodology from here, let's just assume you can find great people, which I know is hard, but you've got a batch of great people. What was the origin story behind Sunrise? What is it? How did it come to be?
[23:28]
Unknown Guest
I think that in order to tell the full story of the Sunrise, I have to go back to 1997 and my first startup experience. By that time I just finished a decade of service at the Israeli NSA in 8200. Tell you more about it in a few minutes. And by the way, the 8,200 formation years for myself and got to work with brilliant set of people. And in many ways those were the years where the cybersecurity market in Israel was created. I worked with folks like Shlomo Kramer, who is the founder of Check Point and Cato Networks today, and Gil Schwed, the Checkpoint CEO and founder was just two years older than I am and we heard many stories about him. The officer that was sitting next to my office was Nir Zuk from Palo Alto Networks. So those were formation days and I left the service and started a company and we raised money from Sequoia Capital. So that was the first time I encountered into Sequoia Capital. Pierre Lamond was on my board. We didn't have a clear idea what we want to build. One of the first technologies we thought to develop the company around was a challenge response system that would distinguish between a human and a bot and a machine. Years after I realized that the name for that technology is capture. So we had the luck to invent Captcha and build the first working prototype of Captcha. I hired two 16 years old kids. At that point we were not well funded enough. I hired two 16 year old kids. Later Ohad Pressman who was the CTO of Chegg and Eyal Navon who later became the CTO of Hippo Insurance. Two very successful companies and two very smart individuals. But their first real project in the commercial world was to build the first capture. So we built the first capture and we tried as hard as we can and we couldn't find business model for the technology. And that taught me a lesson and we had to pivot into something else and luckily we pivoted into the web application firewall space. We were the first team to build a web application firewall. That was the path that company Perfecto Technology that later renamed into Sanctum, managed to build itself. That company later merged with Watchfire and got acquired by IBM. But that lesson of capture that you can invent and build a very impactful technology almost every person on the planet uses and still you're unable to find a business model for the technology. That lesson convinced me that I was completely wrong about the way I approach my startup. Starting with the technology and then search who has a problem that that technology solves. The process should be reversed completely reverse. We should first look at what are the important pain points in the market. What are find the customers, find who's willing to spend money on solving that problem and then go and build a solution that Mere motors can use and that shift in order. As simple as it sounds, I think that what made cyberstarts as successful as it is and that's what helped all those amazing founders really feel the full potential of their talents. We continue to evolve the Sunrise methodology because it's not just around product market fleet. It's actually a program that takes an entrepreneur from day one, from inception through the first three or four years of running the business. But the early days of the Sunrise is all around focusing on Finding the most important pain point in the market. And you do that by going out and speaking with large organizations, making sure you understand their priorities, what gives them the most and only that.
[26:55]
Unknown Host
Can you describe that piece specifically in some detail? The tactical method for who you're talking to, how many people you talk to, how often you do like the real details here. I think it's such an interesting process.
[27:03]
Unknown Guest
So keep in mind that our company is B2B SaaS. So all of them sell to large organizations. So obviously large organizations are the customers and they are who you like to ask the questions. And the best person to ask is the chief information security officer that oversees the security operation for that business. The idea behind Sunrise Process is that you're going to chase pain and identify pain. That requires a lot of smartness because if you're going to ask, go out and ask the chief information security officer this week, what's your biggest pain? You'll get one answer. You ask the same person the same question, in a week you get a different answer and then another week you'll get another answer. And they are not playing games, they are just being human. There are other ways to identify pain. For instance, one of my most favorite questions is who's the vendor you hate the most? Because if you don't like a vendor, that's a big motivation for you to displace that vendor. Another important observation is words are cheap. So don't look at what the customer says, look at what the customer does. Which means if you are running security for a large bank, you probably manage budgets of hundreds of millions of dollars. And if you claim that is one thing that inflicting a lot of pain for you, you worry about that, you think that your bank is at risk and you haven't done anything about it. Probably not as important as you claim. So you probably has done something. You have downloaded an open source package to try it out. You put two consultants to develop a temporary solution. You had real conversation with Palo Alto Networks or Wiz to see if they can solve that issue for you. You've done something. So we are asking them not about their opinions but what they actually did to try and deal with that pain point. Eventually we reverse the power balance in the conversation because we are not asking for favors. We are telling those organizations, hey, this is a new cyberstarts team. That new team would spend about $100 million in the next three years on engineering alone to build one solution. That's the average for a cyber starts company, $100 million R&D budget for three years. What is the one thing that you care about that you'd like us to solve with our $100 million? You don't need to spend anything with that. We are giving you essentially $100 million of balance sheet to solve one pain point for your organization. And I found out that when you give people $100 million virtually they listen and they think and then you take those answers and you're not having one conversation or two conversations. I think that to have a meaningful, a statistically meaningful outcome, you need to talk to dozens of organizations. You speak with dozens of organizations and you make a choice. This is the one pain point I'm going to go after. And then you do another round of conversations. Assuming you go after that pain point and ask them questions how a solution would look like, because you really like the solution to be loved by the users. And only then, and sometimes it takes six months, only then, you start to build software. And if you think about the typical startup, when they get money from VCs, they start to get pressure to build software and push forward and hire people. And my approach is almost the opposite. Sit tight, don't get too excited. This is your last chance to pick the right problem to go after. So let's make sure we pick right. The outcome is that they built software that solves a major pain point. It's verified with dozens of real customers and they've built a solution that people would love because they talked to those people before they started to build code. Now it doesn't work every team, but as I think I've demonstrated, the success rate is quite high.
[30:31]
Unknown Host
If I back up now and think about the process so far, it's the identification of these people that have this super resilience history and gene. It's the application of the Sunrise program to start identifying and then ultimately pick a problem that's super valuable. Using these unique set of questions. What's the next phase? Are these things built in a distinctive way relative to the normal startup that you've observed before, or is it at that point a standard software building exercise?
[30:52]
Unknown Guest
It's a standard software building exercise, but perfectly done because you start on the end and walk backwards. It starts with the end in terms of value, what value the customer would like to produce with that piece of software. The signless process doesn't end at six months. It's a full simulation of everything you're going to face in the next three or four years as a founder, as a company, and how do you deal with it and how do you Architect your company in the best way to run as fast as possible in the first three or four years. So if you demo the product and then they didn't take you for product evaluation, why is that? If I tell you the man from the future tells you that they evaluated the product and didn't buy it. Why is that? We use a lot of simulations that assume failure and forces the founders to really analyze this situation, assuming a failure and build their company to deal with it. So it's not just about product, it's about go to marketing, it's about pricing, it's about channel strategy, it's about maybe location of headquarters. Those are many, many elements that are being evaluated, examined during the time of the sunrise.
[31:56]
Unknown Host
One of the things that is incredibly interesting to me is how you must drive low cost of capital for these companies because of your involvement. I would imagine you've got all sorts of other investors with deep pockets that desperately would love to sort of blindly fund companies that are partnered with you at seed, at the series A or the series B or beyond. How do you help the companies manage their future financing? And how do you think about how aggressive to be on valuation and how much capital you raise and dilution? This is a really interesting part of what you've built with such a high hit rate.
[32:23]
Unknown Guest
We think at Cyber Starts of co investors as partners. I don't take them lightly and we are fortunate to have amazing co investors that have backed repeatedly our portfolio companies and we have tons of respect to their contribution and their support of the companies because Cyber Starts can be as great as we like. But there are other smart, capable, knowledgeable people in the world and we happy to get their help. So we are definitely in the early days, we are highly involved in fundraising and helping our companies to finance their growth. My approach is that it is expensive to build important companies. Important companies are typically not cheap. When I hear founders getting advice like keep down valuations, make sure you don't raise too much money, My approach is your first priority as a CEO is to have enough money that you can build the right product, hire the right sales teams. That's expensive. So in order to raise enough money, the valuation should be high as well because no founder would sell 50% of the company in series A, not in series B. So I'm all for raising a lot of money. Assuming you've built the right product and you have the right team so you can scale and take on the opportunity.
[33:30]
Unknown Host
How do you think about pricing at seat for yourself? What's the right way to Think about this. How much variance is there between the valuation at which you've tended to enter companies? Has that changed a lot since 2018?
[33:40]
Unknown Guest
It almost didn't change in seven years. We typically see two type of deals, so if you like the pricing menu of two items, we see one market for first time entrepreneurs, people who that company is the first experience as founders and executives. And then there's a different price, a different market for repeated entrepreneurs.
[34:02]
Unknown Host
What are those prices roughly?
[34:03]
Unknown Guest
For first time entrepreneurs we've seen C deals that anywhere between the 15 to 20 million dollars post money and for repeat entrepreneurs I see a broader range starting from the 40 $50 million range and sometimes it's going up quite crazy.
[34:21]
Unknown Host
You don't mind paying it because of the extra information you have about the founder. On a repeat basis I do mind to pay.
[34:27]
Unknown Guest
I've passed on deals where the price went crazy enough and that's what I'm telling entrepreneurs that their job is to make sure that they are the most important company in each of their investors portfolio because at the end of the day they fight for attention and bandwidth and access. And when the investor ownership goes down significantly, it's hard to become the most important company in the portfolio when an investor owns 5% of their cap. TABLE High prices, in my view are double edged swords for entrepreneurs at the early stage.
[34:58]
Unknown Host
How many other places do you think in addition to cyber this method could be applied successfully? Or is there something still in 2025 really distinctive about cyber versus other space that make it by far the most fertile ground for applying something like Sunrise?
[35:12]
Unknown Guest
I believe that in any field where there's relatively uniformity of buyers that's applicable. I would assume it's applicable for fintech, it's applicable for gaming, maybe even applicable for medical devices. But you need a fairly active ecosystem, not just from end user perspective, but also from an M and a perspective that's important as well because not all your companies would go public. In the past 12 months we've sold five portfolio companies at cumulative value of two and a half billion dollars. That's important as well.
[35:40]
Unknown Host
How would you rate today's environment for prospective returns? Your returns have been crazy high. Do you think the next five years have the chance for similar returns? Or have prices made earning those kinds of returns and the market itself much harder?
[35:53]
Unknown Guest
Achieving amazing returns has always been super hard. It will continue to be hard, but I believe that with everything said earlier about the perfect storm in cybersecurity, the introduction of AI and the way it's going to redefine cybersecurity. I believe that the opportunity is there. Obviously, the quality of the talent we see is always getting better. And that what keeps me so optimistic just to see the endless stream of smart, eager, hardworking young individuals who are determined to build the next solutions.
[36:22]
Unknown Host
Speaking of those individuals, we talked a little bit earlier. I'm just so fascinated by the questions that you ask as you're identifying these people. And I'm thinking to your time with Mike and Dog at Sequoia. Again, famous for asking people about their early lives and whole life stories. Are there any other favorite questions that you have to ask people to understand them as deeply as possible that we haven't talked about?
[36:39]
Unknown Guest
I always speak with founders about their superpowers. What do they perceive as their superpower? What makes them confident that they can win the game? You speak with a founder, speak with any individual for a good hour. You've got a fairly good perspective of what you think is their superpower. And it's fascinating to listen to the way they perceive themselves. And I found out that some of the best founders are completely unaware to their superpowers. They're so natural in that they don't mean to use them. They are just so great at that. And a superpower can be anything a superpower can be. You're simply the type of person that people are dying to be their friend. You don't notice that. You think that that's a gift everyone has. You don't realize that this is your gift and that what paved you the way to be successful. In many cases, the superpower they claim they have is not necessarily the real superpower they have, but it shows you the way they view their weaknesses. Because the superpower they are aware of, they pay attention to. They had to develop it, and they had to develop it in compensation for something else. So that tells you a lot about the person ahead of you.
[37:39]
Unknown Host
What if you had to answer that question for yourself?
[37:42]
Unknown Guest
First of all, congratulations, you're a fast learner. That's great. Few things, but I would say let's take self confidence. It's one answer I would give. I'm sure this is something I've developed over time. I wasn't natural in that it took time. And it was as compensation to a very insecure child that grew up in a small town in Israel that didn't feel really appreciated for his talents and didn't feel that he's part of something bigger. And I think only when I was 13, for my bar mitzvah, I got a Commodore 64 computer. That opened up a whole new world for me. I started to get to know people with the same mindset. Speaking about the 80s, I hop on a bus and went to computer geeks gatherings in Tel Aviv when I was 14 or 15. And I think that only when I joined the Israeli NSA When I was 18, I really found out that I'm part of something bigger. I felt that I belong to that group of people. So it took time to develop that self confidence beforehand. There was always a gap between the way I felt about myself and the type of feedback I got from the people around me.
[38:49]
Unknown Host
What do you think the hidden superpower is? That's your true number one. But you're not as consciously aware of my endless hunger.
[38:55]
Unknown Guest
I'm never happy, I'm never satisfied with whatever I achieve. I always look at the next step. I finish climbing on one peak of the mountain. I immediately look beyond that mountain and look for the next peak to climb. It's very daunting because I tell myself it would be nicer if I could just take a rest and enjoy the view from the peak of the mountain I just climbed. And I find very little satisfaction in that.
[39:17]
Unknown Host
Where do you find satisfaction Making impact.
[39:19]
Unknown Guest
On people that I really Care about The founders I partner with are people that I really care about. My partners at Cyber Starts, Leo, Emily, Hila, Adam are people that I care about trying to leverage the past 35 years of being in the different sides of cybersecurity, going through so many different experiences to really make impact on their life.
[39:38]
Unknown Host
We have the opportunity, given the timing here to talk about an incredible investment whiz. That of course is the item of the news of the last, I don't know, year in the venture world. An incredible outcome in the acquisition from Google. We won't talk so much about the outcome as the process and your experience and story of working with the company. We've talked a lot in our interview about why you do what you do, the process by which you found founders, what you look for in them, the process to find product, market fit, the sunrise methodology, et cetera. And here we have the ultimate case study in why these ideas are powerful in combination. So I would love to just hear the story from your perspective.
[40:10]
Unknown Guest
You're right.
[40:10]
Unknown Voice
Wiz in many ways is the front window type of use case for the Cyber Start recipe for building an important company. And for me the Wiz story really holds many of the key ingredients for building an important cybersecurity company. I'll talk about few elements. I hope that I'll do that in the right order. But most importantly, I think it's picking a really important pain point and getting to perfect product market fit. If you look at Wiz, the four founders, Assaf Ami Roy Non I think that the Wiz journey started eight years before founding Wiz in 2012. There was just a bunch of young guys, 27, 28 years old, straight out of the army. Asaf had spent maybe a year with McKinsey, but really inexperienced team and they started Adelon, a cloud security company. And that journey was quite short. In three years they sold the business to Microsoft, joined Microsoft in 2015 and spent five years at Microsoft building the Microsoft cloud security business brought it to a decent size of a billion dollars in revenue. And then they left Microsoft in 2020. And at that point in time they were the most experienced team in my view worldwide in running a cloud security business. And they started a company which wasn't called Wiz, it was called Beyond Networks. And they had a very, very different idea. They thought to go and secure satellite offices with Secure One access, et cetera, you know, some sort of a business that never took off. And at Beyond Networks we looked at the customer feedback and it was an important problem for customers, but it didn't have a very important ingredient, which is it was important, it wasn't urgent. And at the early stage, as much as you like to go after large market size and important pain point, the most important thing in my mind is to go after an urgent pain point that generates sense of urgency. And sense of urgency is almost everything you need as a small venture because that means that things would happen fast for you. You get to more customer engagements, you learn faster, you improve faster, you'll be able to build your revenue faster. And we didn't have that with the Secure one Access idea. And the Wiz team was smart enough to really pivot into a space they knew very well, which is cloud security, and renamed the company Wiz. And we ran our Sunrise program which is all focused on getting feedback, making sure that we understand the pain point, building the right solution that mere mortals can use. And three months later they had a product which would generate a sense of urgency. They spoke with customers and those potential customers prospects wanted to bring them in. And then I learned a very important lesson about the four customer profiles. When you sell a product, you are going to face four Personas. The person that has the pain point, that has the problem, the person who has the budget to pay for solution to solve that, the person that has the authority to decide on the product, on solution and the fourth person is the person that would actually use the product. Now, as a startup, if those four Personas map into a single person in real life, that's a mega hit. And that was the case of Wiz. If those four Personas are mapped into four real people, there's one real person that has the problem, one real person that has the budget, one real person that has the authority, and a fourth person that actually used the product. Don't do that, go and pivot. And if you map into two people, that would be a very nice company. If you're mapped into three people, that's a borderline. You may or may not like to pursue that. So for Wiz, it was a single person.
[43:58]
Unknown Guest
It was the ciso.
[43:58]
Unknown Voice
The CISO has the problem that the.
[44:00]
Unknown Guest
Ciso, the Chief Information Security Officer had.
[44:03]
Unknown Voice
The authority to decide on a cloud security solution. They obviously had the budget and most importantly, they had the AWS credentials that enabled them to really deploy the product. So Wiz was able to do something very unique just because all those four Personas mapped into one real life person. And Wiz built a really cool technology. They managed to build a product that during the first call with a prospect, they could ask for the AWS credentials and within the call show them real value for their own organization, not in a demo environment. And that really accelerated things for Wiz. And in three months we faced one major dilemma. We could go for a low entry point price product to get a lot of logos and build Wiz from the ground up, bottom up, or what people in Silicon Valley called PLG product led growth, or go after very large deals, enterprise deals to begin with and grow the ARR top line. Unlike the common wisdom within Silicon Valley, we decided to go for the large deals, scrap PLG and go for real enterprise deals to begin with. We thought that by growing our top line ARR, we would be better off. We would have real commitment by highly sophisticated customers. We would attract attention from outside investors, we would attract attention from top go to market talent and that would enable us to build a significant business. And while we spent the the first 12 months building a product, the next four quarters were quite unusual. The company closed a million dollars in ARR in the first quarter of selling the software, $2 million, I think $8 million and then $25 million in the fourth quarter. Wow, it was an incredible company. From the moment we actually launched our go to market for those three reasons, focus on the urgent, not the important. Build a product that has a terrific product Market fit for one person, one real person that owns the budget, the authority and the ability to use the product. And we went and sold that to large organizations at a high price point.
[46:09]
Unknown Host
Can you say a little bit about how you won such early involvement with a team that was obviously so strong? The ongoing lesson from the stories that have come out since the acquisition news is some of the very high multiples, nominal revenue multiples, that were paid by subsequent round investors who nonetheless earned an incredible return even though they paid high multiples. And I'm curious what you learned from watching that dynamic unfold, having been the earliest investor in the business.
[46:32]
Unknown Voice
That actually was an old lesson. I learned at Sequoia many years ago that the expensive deals, the pricey companies are pricier from day one. They are always expensive. They are expensive at the seed round, they're expensive at the A round, they're expensive at the B round. The worst reason for a venture capitalist to pass on an opportunity is for price. Cause it's part of those companies. DNA, pick a company. All of those companies were expensive. Airbnb was expensive, Instagram was expensive. So if you're going to pass on an opportunity just because of price, you're going to pass on all the good companies.
[47:02]
Unknown Guest
Yes.
[47:03]
Unknown Voice
Wiz was super expensive to begin with and attracted a lot of attention and became the fastest unicorn, the fastest company to go to a hundred million dollars, the fastest company to get to $500 million. And this year when we get to a billion dollar IRR, it's probably going to be the fastest SaaS company to get to a billion dollar IRR. But that's part of the DNA. It's a fast company. Watching that just convinced me that as an investor, a high priced company is actually a good thing, not a bad thing, if justified.
[47:30]
Unknown Host
Is there any other novel lesson? I love the three points that drove the success that you outlined and I love the idea that the high price thing is an old lesson. Are there any other new lessons that Wiz taught you that are unique to your experience with that specific company?
[47:41]
Unknown Voice
The productivity at Wiz, the if you look was second to none. And when I looked at the number of engineers relative to the number of products and the number of capabilities we delivered annually, it was amazing. And when I look at the way we source engineers, there's always a debate how do you pick the best engineers and who are the best engineers for your business? And I discussed that with Roy Resnick.
[48:06]
Unknown Guest
The VP of R&D of Whiz, one.
[48:08]
Unknown Voice
Of the co founders, one of the four co founders. And he had a super special way to source engineers. He would not just source smart engineers who has been in good companies beforehand, terrific education, et cetera. He would source people that their hobby is writing code. He would source people that on a weekend, assuming they are married and have kids, if they have a couple of hours of quiet time, they would not go reading or watching a Netflix series or listening to music, they would go and write code. Those are the people you like to hire. When you have a hundred of these guys, it's like having three or four hundred terrific engineers. Because you know the rule that a great software developer is probably 10 times better than a good software developer. But having great software developers that their hobby, their sole hobby is writing code, that's a force multiplier. And I think Wiz realized that and capitalized on that.
[49:02]
Unknown Host
Is the outcome satisfying?
[49:04]
Unknown Guest
I think I told you as part.
[49:06]
Unknown Voice
Of the interview that I'm never satisfied.
[49:08]
Unknown Host
So just testing it, the answer is no.
[49:11]
Unknown Voice
And I know that you're going to laugh and say okay, I really feel that. But again, it's hard to live life twice.
[49:17]
Unknown Guest
I wish I could.
[49:18]
Unknown Voice
I would a b test that decision again. But I think it's setting the bar super high to get from zero to $32 billion valuation within five years. I didn't check history books, but I guess that's pretty good. But I can think about few other companies that has the potential at least to break that record. I dare to predict again, assuming these transactions go through and get approved, etc. And that's the real final outcome. My guess that within 10 years somebody would break that record.
[49:46]
Unknown Host
Do you think it can be broken in cybersecurity? Specifically, yes. Why? Why do you think that's possible?
[49:51]
Patrick O'Shaughnessy
Just because it's changing and so big.
[49:53]
Unknown Voice
Because you have all the ingredients, you've got the market size, you've got the evolving pain point, fast moving landscape and a lot of talent, a lot of experienced talent, not just on the engineering side but also on the business side. And I think that you have some.
[50:08]
Unknown Guest
Experienced investors as well.
[50:10]
Unknown Voice
So I think that you've got the ingredients now luck should be in the mix as well. And therefore I think that within the next decade we would see that record getting achieved and broken by a new player.
[50:22]
Unknown Guest
I think it's very, very feasible if it happens.
[50:24]
Unknown Host
I wouldn't be surprised if you're involved from the very earliest stages and if the Sunrise methodology and your approach works again. Appreciate that if you think about the stories of resilience that you look for in your Founders. It's a nice thing to say. Can you tell me the story of the hardest episode of resilience that you've had to personally go through?
[50:40]
Unknown Guest
Yeah. Before starting cyberstarts, I lost my daughter, my 19 years old daughter in a terrible tragedy. And the war just paused for me and it was very easy to stop everything and focus on the endless pain I felt. I managed to found the power and the strength to keep on going, build cyberstart and focus on building that organization and legacy. And that really helped me to continue live with the pain, but continue to live.
[51:09]
Unknown Host
How is that possible? Everyone listening, myself included with children knows that's the single worst thing one could imagine. How is it possible to get beyond something like that?
[51:20]
Unknown Guest
I think it's very, very difficult to give advice to. Hopefully nobody has to deal with that tragedy. It's really the most painful thing that you can go through. For myself, I did that instinctively. You know, I didn't spend time to think about it, I didn't make a decision, I just did it in a way. I managed to live with terrible emotions that previously I wouldn't imagine. I can contain them and live with them. And over time I taught myself to live with the pain, not fight the pain, just wait for the pain to is. And I think that working with younger people on innovation, on solving real world problems, on building solutions, that what kept me younger and healthier.
[52:01]
Unknown Host
I love the message of focusing on young people and building things for others. It seems like your orientation and your satisfaction in your strategy, in your search, in your work is very other oriented. Anything you would say to other investors out there that hear that part of your story and that's the piece that appeals to them most, helping other people and what they build and how they do their work.
[52:20]
Unknown Guest
I really think that there's many ways to become terrific investor. I don't think there's one canonical way to get there. By the way. It's not enough just to be first, you also need to be right. That's the difference between an investor and a terrific investor being right. But again, there are many ways to hell, but there's also more than one way to heaven. My recommendation is to really find your passion and do something that's not just wealthy generation or work. Do something that's a life project for you. When I look at cybersecurity, cybersecurity is not an investment area, it's not an area of interest for me. It's a life project. It's really important for me and I think that's the best thing you can feel about anything you do that it's super, super important for you, you really care about it.
[53:02]
Unknown Host
If you think about the future of cyber what challenges, evolutions, things that might happen, excites you most or worries you most? I guess both.
[53:09]
Unknown Guest
It's not the way I think about cyber security future. I don't keep a category of domains, etc. It's a common misconception to think about cybersecurity as a market standalone. There's no cybersecurity market. Cybersecurity is always a derivative of something else, of a new technology or a new business. So if cloud is new, you need cloud security, and if autonomous vehicles are new, you need autonomous vehicle security. Take for instance our conversation about AI. AI for short, redefines cyber security. It already does it, but you couldn't predict it. So an investor that focuses on cybersecurity, early stage investment. I'm not concerned about figuring out the best, the most important things, opportunities or domain in cybersecurity. I'm confident they will introduce themselves the same as Cloud introduced itself, IoT security introduced itself, mobile security introduced itself, AI security introduced itself. I'm focused on picking the right talent, picking the right athletes, partnering with them and making sure that you use the right system. See our conversation around sunrise to really build solutions that real customers, real users would love. If we do that, everything else would fix itself.
[54:20]
Unknown Host
It's totally remarkable what you built in a short period of time. I'm sure the cyberstart story is in its infancy and that we'll be able to do this in five years and a whole new set of challenges will have arisen. Like you said, probably unpredictable. Thank you for doing this with me. When I do these, I always ask the same traditional closing question. What is the kindest thing that anyone's ever done for you?
[54:34]
Unknown Guest
The kindest thing that someone has done for me is a couple of years ago my son told me that he spent a lot of time thinking about it and he realized that I'm his best friend. For me, that was probably the best thing anyone could tell you. It's not just about being a dad. It's the ability to create this level of trust and emotional connection that makes someone feel that you are his best friend. And when it comes from your son, that's the kindest thing you can hear from anyone.
[55:02]
Unknown Host
Close to 500 times. I've never heard that answer. These answers tend to cluster in a couple key themes, variants of key themes. 3 or 4. I've never heard that one with a son of my own. It hits you right in the face. All that must have gone into that thing he told you. Really a beautiful, amazing place to close. Gilly, thanks so much for your time.
[55:18]
Unknown Guest
Thank you Patrick. Really enjoyed it.
[55:20]
Gilly Renan
If you enjoyed this episode, visit joincolasis.com where you'll find every episode of this podcast, complete with hand edited transcripts. You can also subscribe to Colossus Review, our quarterly print, digital and private audio publication featuring in depth profiles of the founders, investors and companies that we admire most. Learn more@joincolasis.com subscribe.
[55:53]
Unknown Voice
Sat.