by William Kilmer, Managing Partner, C5 Capital –
Last week we announced C5 Capital’s investment in Synack, the Silicon Valley-based leader in crowdsourced security testing. C5 Capital co-lead the $52M Series D round with B Capital Group, joining a prestigious group of investors that includes Kleiner Perkins, GGV Capital, M12 (Microsoft’s Venture Fun M-12GV (formerly Google Ventures) and Hewlett Packard Enterprise, among others.
Synack was founded in 2013 by Jay Kaplan and Mark Kuhr, two red team experts who envisioned a new model for cybersecurity testing. The company has shown strong growth, an enviable customer base, and many industry accolades. But as a venture investor, we believe that Synack’s best growth days are still ahead as they become one of the industry’s next great security leaders. Here’s why:
First, is the they are fulfilling a need in the underlying shift to continuous penetration testing. Once driven mostly by regulatory requirements, penetration testing is moving from a static to a continuous model. This is happening not only because of the nature of how applications are being developed in agile models that require a “shift left” testing model; it’s being driven by how hackers themselves are attacking—continuously. Running static penetration testing is like stress testing an application once before opening it up to millions of users; it doesn’t mimic reality. The Synack model of offering continuous testing 365 days per year aligns itself with market demand now and in the future and positions them well to meet growing market demand.
Second, we believe Synack solves the real cyber talent gap. While the cyber talent gap (already between 1.5-2.5 million open jobs) is old news, there is a more concerning problem. The talent gap quantum only looks at headcount. The problem is amplified when we look at the quality gap of that headcount. The market can’t turn out cyber professionals fast enough, and it certainly can’t accelerate the experience required to be an elite ethical hacker. As the crowdsourced testing leader, Synack has created a platform that utilizes AI to leverage the talents of 1,500 of the very best security researchers from around the world from 82 countries. Synack’s emphasis on acquiring the best quality security researchers gives their customers access to talent they would never be able to hire themselves, resulting in the best output possible.
Third, Synack can satisfy the increasing demand in the security market for surge capacity, the ability to quickly scale with customer needs. Cybersecurity is a demanding market, and time to respond is a constraint The current Covid-19 pandemic is a case in point. In March alone, Synack saw a 250% increase in vulnerabilities discovered due to the shift to work from home and acceleration of digital transformation projects, resulting in a 70% increase in their hacking activity. The need to surge to meet those demands would overwhelm internal teams and traditional penetration testing schemes at the point when they are needed most.
Finally, while there is much to like about Synack—the exceptional team, technology, the ability to harness the power of their crowdsourcing community—the number one characteristic we appreciate is the company’s results orientation. The testing market, really the cybersecurity market as a whole, needs to move away from a risk reporting to a risk remediation mindset. Organizations today don’t need another penetration test to tell them they have yet another 1,000 vulnerabilities, they need help to become more resistant to real attacks. Synack’s focus on fixing vulnerabilities and innovations such as their Attacker Resistance Score demonstrate their orientation toward truly solving customer problems and making them more resilient.
It’s become a cliché to note how much things have changed or that we have entered a new normal under the spectre of the pandemic these last three months. In many ways, we now simply live with our finger on the fast forward button, accelerating much of what was already happening. As we have lived through the early stages of our current crisis, it’s clear that cybersecurity needs to adapt to new, accelerating conditions. We believe that Synack has the ability to continually adapt their solution to better solve current problems and apply their AI and crowdsourcing expertise to future cyber security problems as well.
At C5 Capital, we look not only for strong investments, but for companies where we can apply our unique value add—network, growth acceleration, and international expansion—to help them succeed. We look forward to working with the Synack team and board of directors in their next phase of market leadership.