introduction about the cyber security startup landscape, what are the drivers, why businesses and governments need to act, some predictions for 2015 and beyond, investment market and Palantir mini-case-study, market growth, 3 startup tips from founders, some references and additional material

1. Creating IT-Security Start-Ups
Benjamin Rohé,
Founding Managing Director

3. Sorry for the Layout
• It had to be that way !

4. Market, Predictions and Examples

5. Investors Perspective

6. Cyber Security Startups?
Cyber Security Startup!!
• Generations of Cyber Security
1993: Mosaic and the rise of the commercial Internet (FUD* 1.0)
• 2000: dot-com bubble burst (double-digit security spend as %IT)
- 2002: inflection point (FUD* 1.5)
• 2005: consumer Internet distraction & 2008: economic crash
• 2011: media focus on all things cyber (FUD* 2.0)
• 2013: Snowden and the fragility of the Internet (anti-FUD*?)
• 2015: ?
• 2020: ???
• * Acronym for fear, uncertainty and doubt. It is a marketing term that is often used to cast a shadow over a competitor's product when your own is unable to
compete. FUD is a technique used by larger companies who have a large market share. The FUD acronym was first freely defined by Gene Amdahl after he left
IBM to found his own company, Amdahl Corp, with this statement: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential
customers who might be considering Amdahl products."

7. No crystal ball is required to predict
that high-profile security breaches
will continue to make
the news in 2015

8. Two Real Cyber Security Drivers
• Governments and corporations are under attack
from cyber hacks (no longer simply a nuisance)
• IT budgets are being freed up for products and
services to strengthen digital defenses (convergence
of risk)

9. Businesses Under Fire
• Hackers are stealing around $250B/year in IP - NSA
Director, Gen. Keith Alexander, calls these attacks "the greatest wealth
transfer in history“
"Significant YoY increases in cyber attacks
DHS reported a 68% increase in cyber attacks in 2012 at federal
agencies, government partners, and against critical infrastructure -
Symantec reported attacks on companies rose 42% in 2012
• U.S. government is increasing spending in Cyber
Security (despite cuts elsewhere)

10. Business Under Fire

11. Money Follows Problems
• Driving investment in innovative technologies
- $391M in just 16 companies between Jan 2012 and Sep 2013:
• Cyber Security market is in a renaissance: -
– $1B invested in Cyber Security startups in 2012
– up 5% over 2011 (vs. overall venture funding down 10% YoY)
– 2011 Cyber Security funding was up 94% over 2010

12. Security Predictions For 2015
Security predictions
from: Blue Coat,
Damballa, FireEye,
Fortinet, Forrester,
Gartner, IDC,
ImmuniWeb, Kaspersky
Lab, Lancope, McAfee,
Neohapsis, Sophos,
Symantec, Trend Micro,
Varonis Systems,
Websense. Image:
Charles McLellan/
ZDNet

13. Exit Opportunities for Founders
and Investors
• Mergers and Acquisitions (M&A)
– Cisco <- Sourcefire ($2.7B or ~10x annual revenue)
– IBM <- Trusteer ($800M or ~10x annual revenue)
• Initial Public Offerings (IPOs)
• Private Equity etc

14. Intelligence Services:
Key Investors1
• 106 Startups Who Received Investment from
the C.I.A* Since 1999 In-Q-Tel has been
strategically investing in startup companies
that are used by the intelligence community.
• Today, these companies have amassed more
than $3.2 Billion in venture funding, and
employ more than 7,000 people.

15. Case-Study: One Of The Most Prominent
Intelligence Financed Startups
As of 2013, Palantir was used by at least 12 groups within the US
Government including the CIA, DHS, NSA, FBI, the CDC, the
Marine Corps, the Air Force, Special Operations Command, West
Point, the Joint IED-defeat organization and Allies, the Recovery
Accountability and Transparency Board and the National Center
for Missing and Exploited Children.

16. https://www.youtube.com/watch?v=VJFk8oGTEs4

17. Palantir Facts
• Founded in 2004 by Peter Thiel, Joe Lonsdale, Alex Karp, Stephen Cohen,
Nathan Gettings; 1.500+ employees;
• Palantir Gotham is used by counter-terrorism analysts at offices in the
United States Intelligence Community and United States Department of
Defense, fraud investigators at the Recovery Accountability and Transparency
Board, and cyber analysts at Information Warfare Monitor. Palantir Metropolis is
used by hedge funds, banks, and financial services firms.
• CEO Alex Karp announced in 2013 that the company would not be pursuing
an IPO, as going public would make “running a company like ours very difficult.”
• As of early 2014 the company was valued at $9 billion, according to Forbes,
with the magazine further explaining that the valuation made Palantir "among
Silicon Valley’s most valuable private technology companies.

18. Global Cyber Security Spending to
Reach $76.9 Billion in 2015: Gartner
• According to the IT research and advisory firm, global
IT security spending reached $71.1 billion in 2014
year, an increase of 7.9% compared to 2013. 2015,
spending will grow even more, reaching $76.9 billion
(+8,2%)
• By 2015, approximately 10% of the security controls
deployed by organizations will be cloud-based,
particularly when it comes to small and midsize
businesses.

19. J.P. Morgan CEO: Cyber-Security
Spending To Double!
• J.P. Morgan Chase & Co. Chairman and Chief
Executive James Dimon said the bank would double
spending on cyber security over the next five years.

20. 3 Solid Tips From Founders
Of a Security Startup2
• To scale a startup too early or grow too quickly is not necessarily a good thing,
especially for enterprise startups. Things will go wrong, bugs will be revealed, and the
unexpected will always surprise you at the most inconvenient of times. Being slow and
steady at first allows time to optimise the advertising funnel and learn how to push
customers down the funnel effectively with a small budget. Don’t ramp up the model until
the conversion is consistently great.
• When attending business meetups and events, seek to build business relationships,
and genuinely help people to ‘pay it forward’. Many startup founders meet to sell their
idea, or to pitch. No one will be interested in buying from you or use your product if you
directly sell to them when meeting the first time.
• At the end of the day, a startup is a business, so think of revenue early and have a
solid business model, not just to build something cool or change the world. Don’t run out
of cash, because the longer the business can survive, the greater its chance of succeeding
and ultimately changing the world.

21. Reaching Out to the Growing
Community (Examples)
https://angel.co/cyber-security

22. 2014 surveys and annual reports
Publisher Title
Appriver Global Security Report: End-of-year report 2014
Cisco 2015 Annual Security Report
CyberEdge Group 2014 Cyberthreat Defense Report
Damballa/Ponemon The Cost of Malware Containment
EY Global Information Security Survey 2014: Get Ahead of
Cybercrime
Forrester Understand the State of Network Security: 2014 to 2015
HP/Ponemon 2014 Global Report on the Cost of Cyber Crime
Lumension/Ponemon State of the Endpoint Report 2015
Radware Global Application and Security Report 2014
SafeNet/Ponemon The Challenges of Cloud Information Governance: A Global
Data Security Study
Symantec 2014 Internet Security Report
Tripwire/Atomic Enterprise of Things
http://www.zdnet.com/article/cybersecurity-in-2015-what-to-expect/

23. Case Study: Steganos

24. 4 Key Products …

25. .. For a Post-Snowden World

27. Growing a Cyber Security Company
with Success
• B2C:
– PR: own the subject
(steganos: snowden/
data privacy)
– Affiliate Marketing
(blogs, (software)publisher,
software review magazines)
• B2B: Partner
distribution &
bundles; bottom-up
approach (used at the
bottom of the organization,
becomes “standard” within the
entire organization)

28. Affiliate Marketing (B2C)
http://www.startupnation.com/articles/affiliate-marketing-101-understanding-the-basics/

29. Closing the Loop
• Expertise Counts
– Domain expertise is key (for investors and buyers)
– Does the team really know its vertical market?

30. Closing the Loop
• Government Cyberwarfare & CIP
– More than 80 companies work with the NSA on
cyberwarfare and surveillance (Der Spiegel)
– Claims that U.S. National Security Agency is
funding “digital Blackwater” and “cyber Raytheon”

31. Final Remarks
• Security still a reflex reaction to an attack
• IT infrastructure security still a one-time, ad hoc effort
• Security as a broad collection of technologies
• Cyber Security never gets solved
Like an antibiotic-resistant bacteria: attackers
adapt to defenses and render them obsolete
(David Cowen, Partner at Bessemer Ventures)

32. Contact Information
Benjamin Rohé
br@gtec.berlin
+491739751021
www.gtec.berlin

33. References
1. https://mattermark.com/106-startups-who-received-investment-from-the-c-i-a-most-
frequent-in-q-tel-co-investors/
2. http://fromlittlethings.co/2013/10/09/three-solid-tips-from-founders-of-security-startup-
authopay/