In this guest collaboration, Alberto Yépez shares his expert vision of innovation in the security sector. Alberto is co-founder and Managing Director of Trident Capital Cybersecurity, the largest global venture capital firm focused on cybersecurity startups. Alberto has extensive experience as an investor in companies such as Alien Vault, Mocana or Bluecat. In addition, he has served as a consultant for the US Department of Defense, is a member of the Board of Advisors of SINET (Security Innovation Network) and actively participates in global initiatives such as the World Economic Forum Partnership for Cyber Resilience.
Panda Security: How has the cybersecurity landscape evolved over the 30 years that you have been in the sector?
Alberto Yépez: I think that cybersecurity has evolved from being a very technical and isolated issue to becoming something that is important for executives and boards of directors. I think that’s the biggest shift from a business perspective. We live in a digital age. Information is a premium, and information comes from data and is produced by applications that provide the context of the data for it to become information. And given that we are trying to protect that information, you see businesses that can succeed or fail just because that information gets compromised.
From a technical point of view, given the complexity and the multiple platforms of computing that we use today, it has become complicated to protect. So every time there is a shift in a computing platform, there are new attack vectors that appear. And in order to defend them, you have to invest a lot of money to protect our mobile devices, our applications in the cloud, our data centers, privacy information for individuals, IoT… now you have this whole interconnected world.
The third thing that has happened, besides business and technical, is that now that we live in a digital age, to rob a bank you don’t need to go in there with a gun to steal the money. You can sit in your living room or your basement, and attack a bank and get the money. Therefore, the threat is real, the cybercriminals have changed, and these are more sophisticated individuals, very technical, that basically do it for different motives — because they are activists, or hacktivists, or they do it because they are really criminals and they want to enrich themselves and use the money or information for ransom. Or, more importantly, as we’ve seen as of late, there are a lot of state-sponsored cyberattacks, where they’re trying to destabilize democracies and governments. They’re trying to attack the national grid, or the critical infrastructure of a government, etc. So the frequency and sophistication of attacks has increased exponentially. Therefore, it is becoming harder to defend, and it all comes back to, if it’s becoming harder, then the amount of money that needs to be invested is increasing, and not just by choice. The whole industry is really in a huge inflection point, where cybersecurity has become a fact of everyday life, both for the individual, the business, and for the government.
PS: What would you say are the most relevant trends in the cybersecurity industry right now?
There’s a shortage of cybersecurity professionals. Therefore the suppliers are trying to build products that are easier to deploy, easier to consume, and they’re using new technologies like the cloud and mobility to make sure that it becomes easier to protect information. In summary, it’s mobile security, cloud security, IoT security, and privacy. Especially in Europe, as you know, there’s a big push for some of the privacy directives, including the GDPR, which are at the front of the mind for business.
PS: How can security benefit from AI and Machine Learning, and what are the risks?
That’s an excellent question. So how do you solve the problem of the shortage of cybersecurity professionals? You bring in automation. Not to replace, so much, but to help the humans. The role of AI is basically to automate tasks of mature segments of the security industry, using human knowledge.
PS: You’ve invested in many successful cybersecurity companies. How do you decide that a company is right for investment? What catches your eye?
We look at five different areas — so this is a good note for entrepreneurs!
Number one, we’re really market driven. We like to get a sense of what the areas are where no commercial technologies exist so emerging solutions can be funded. So we look at, how big is the market?
Number two, we look at the intellectual property — how hard it is to replicate the solution.
Number three we look at the go-to-market strategy — how the company can scale not just by selling one at a time, but by creating alliances. Which is one of the basics to reach a global audience.
Number four we look at the team — whether the people have the experience, the context, the knowledge, and the relationships to be successful.
And number five, we often look at the co-investors. The investor group is important, because companies go through several iterations and several fund-raisings, so you need investors that are committed to support a company through all this.
PS: In ten years from now, do you think the world will be more or less safe? Why?[Laughs] I think we’re a long way from not needing cybersecurity. The world will continue to be safe to the degree that there’s investment that is put into cybersecurity. One of the problems that we need to solve is we need to explore more careers in universities and encourage young people to pursue careers in cybersecurity. And not just technical, there are also analysts, operations, strategies, etc. So I think we need to make an investment in education.
I would imagine that as more regulations come about, businesses would be more willing, rather than less willing, to invest in cybersecurity. So I think overall there will be the logical tension at balance. We’re going to live in a safer world, but the fact of the matter is that new threats will be created and it will be harder to protect against them.