The Gately Report: DataTribe Co-Building Next-Gen Cybersecurity LeadersThe Gately Report: DataTribe Co-Building Next-Gen Cybersecurity Leaders

DataTribe, a cyber startup foundry, is focused on co-building tomorrow’s cybersecurity leaders, including helping them launch their channel business.

The Maryland-based, seed stage-focused venture firm primarily invests in cybersecurity companies. Its goal is to move companies from early stage development to market dominance. Rob Joyce, former director of cybersecurity at the U.S. National Security Agency (NSA), recently joined the firm.

Leo Scott, DataTribe’s chief innovation officer, said his firm first doesn’t just invest in cybersecurity startups.

“When we invest in a company, our team will then jump in and co-build with the founding team, with the idea of accelerating growth and de-risking things,” he said. “That's what the foundry part is. We’re not just someone that's investing, and then some general introductions and so on, like a normal venture capitalist. We're literally getting in the mix, embedded with the company and are building with the company … with the whole goal to find the next over-the-horizon-type cybersecurity company that's going to have an impact on the world and provide real solutions going forward.”

Shaping Tomorrow's Cybersecurity Leaders

Dragos, which provides cybersecurity for operational technology (OT) environments, is among cybersecurity leaders in which DataTribe has invested, Scott said. It launched its global partner program in 2023.

“Back in 2016, we invested in them and they were in the foundry for a little over a year before they graduated out,” he said. “Companies will graduate out of the foundry when they raise their next funding round and at that point they're off to the races. We continue to have a very tight relationship. We'll sit on their boards, but a little bit less co-building once they've ... moved to the next stage.

"Dragos grew quickly and is now the dominating company in industrial control systems security," Scott added. "They're working with power plants and energy companies throughout the world, water processing and water treatment plants, manufacturing facilities and so on. You can imagine, in a factory or these large plants, there are a lot of devices that are controlled by computers, and they can actually be attacked because they're controlling physical things. They're opening valves to let water into areas. They're sensing physical activity and helping to operate the plant, so a cyberattack on these items can have a physical world impact.”

Strider, which helps companies recognize insider risk, is another example of a cybersecurity company that got its start with DataTribe, Scott said.

“In the Strider case, we actually introduced two of the co-founders to the co-founding CTO and that was the beginning of the company,” he said. “They help companies understand relationship risk, so, 'Do you have an employee inside of your company that may be stealing intellectual property on behalf of the Chinese government? Do you have a whole team inside your company that may be receiving emails trying to influence them from bad-acting nation states, or you've just partnered with this other company and do they have some kind of interference going on that may impact the risk of your company?' It's these types of dynamics with large, open-source, collective intelligence to help companies understand all of these types. Strider is doing quite well. They raised a $55 million Series C funding round at a $450 million valuation.”

Channel Futures: A number of companies in DataTribe’s portfolio have been acquired by Microsoft, ID Technologies, etc. Is that one of your firm’s goals?

Leo Scott: We invest in the companies early stage, and we help them grow and become big. We're in the business of investing to make money and we do need to look at some kind of exit at some point in the future. So we'll stay in the company until whenever their final exit is and that may be an acquisition. In rare cases, companies may go through a public offering and then they're publicly available, and that's when there's an exit opportunity as well. We are generally looking for companies that are going to be market-segment dominating and have a notable impact on the world, and if they're doing that, hopefully that means they're pretty large.

CF: Do the companies in DataTribe’s portfolio have something in common?

LS: Today it's almost becoming a digital world first. The physical world is almost being driven by the digital world, so anything that is protecting, securing, safeguarding or just ensuring that there's reliable operation in the virtual world are companies that we may be looking at, so that's a similarity. In the early stages, we're looking for teams that have what it takes to be able to build a big company. We also, generally in the early days, are looking for over-the-horizon type opportunities. That's where you're going to have the companies that are going to really make a big difference in the future. But also, just because we're getting in so early, we have to look pretty far into the future in terms of what the trend looks like. Our insights report that we do on a quarterly basis is giving us insights in terms of what the over-the-horizon trends are, so we need to stay on top of that.

CF: How does your work benefit the channel?

LS: Most of our companies are selling into the enterprise, and large enterprises work with channels and work with channel partners, so there is a need to have that type of relationship. Many times our companies, even if they're doing a direct sale, some of the logistics of how the relationship works when they close the deal may be through a VAR, for example, just because that helps the large enterprise operate.

In the realm of service providers that are cyber-focused, of course, our solutions are often used by those service providers to help service their end customers. In fact, we have a company called ContraForce that specifically has a platform for service providers They have a platform that helps service providers automate and operate their security operations much more efficiently when they're working with their end customers to provide security operations support, particularly in the Microsoft space.

When we look at the different cyber segments that cybersecurity ventures are investing in, we have two segments that are AI related. One we call AI security, and the other we call autonomous cyber. AI security is about cybersecurity products that help you protect AI itself as an attack surface, whereas autonomous cyber is generally leveraging AI often to automate and improve cybersecurity defense efforts. ContraForce has Microsoft Security Copilot embedded in their system to help MSSPs or MSPs better automate their processes in supporting their customers. That would be a good example of one of our companies following what was actually the leading trend in the fourt quarter. Autonomous cyber was the biggest investment area in Q4.

CF: DataTribe recently released its Fourth Quarter 2024 Cybersecurity Investment Insights. What are the most surprising findings?

LS: There’s no shortage of hacks and breaches, and that trend is continuing upward.

If we look at the investment analysis part of our insights report, we look at some ebbs and flows there, and what was particularly interesting is that in 2022 and 2023, there was a general downturn, and in 2024 we were starting to see green shoots of investment. Particularly in Q4, there was an uptick in many of the investment rounds … the growth rounds. However, at the seed-round level, there was a downtrend in the volume of deals. What we think is happening is at the growth rounds, there are companies that, from the peak in 2021, there was a ton of investing in the early stage, and if you go a couple of years out, the companies that have survived are finally now hitting a market where people are willing to invest. I think that's causing the growth-stage investment volume to increase.

For seed-stage companies, they didn't exist back then, so that's all fresh, brand-new investing and I think there’s going to be a little bit of a lag there. People are taking a little bit more time to feel comfortable enough to jump off the cliff and take that risk of starting a new company and investing in a brand-new company. Our hope is that the green shoots in the growth stage are indicating that the seed stage will start to come back here in 2025, but we will see.

CF: What’s the difference between those that are receiving funding versus those that aren’t?

LS: There are different segments that are hot at different times. Sometimes there's a good reason for it in that there are very important trends that need to be fixed, and other times people just get super excited on a topic and it gets overinvested in as well. So both of those types of things are happening. In the realm of other segments that are big right now, there’s autonomous cyber.

Another area that’s been growing is the identity and access management (IAM) space. The IAM space has been around a long time and there are a lot of big players, but I think there are some new opportunities starting to come about in that space as people deal with an explosion of machine identities versus human identities – machine identities meaning service accounts that are operating – but now there's even a nuance that people are starting to look at and they're calling it non-human entities … kind of a piggybacking on top of a human identity.

So it’s leveraging the human’s credentials and so on, but it is not a human. It's a service running on behalf of the human. So baking that into IAM tools to manage this kind of activity is a new opportunity in that space. That may be one of the reasons for the increase and that segment being particularly popular right now.

CF: Are there any emerging trends in cybersecurity M&A? What makes a company an attractive acquisition target?

LS: In general, cybersecurity is a pretty active M&A area and part of the reason is cyber companies will grow up … and they get to a certain point to where they've built their company off of an earlier trend, and because of the continual cat-and-mouse game and the continual shift of the attack surface, cyber is continually changing and some of what you've built becomes stale. You get to a certain size and it's hard to innovate at high speed, so these companies end up being the ones that are going to innovate through purchasing new startups that have seen a new angle on an attack surface and have built a product around that. There's this type of company in all the big areas, whether it's identity, whether it’s the security information and event management (SIEM), and security orchestration, automation and response (SOAR) space, or the endpoint protection area. They are all looking at areas that they can innovate through acquisition.

CF: Do the fourth quarter insights point to any ongoing or emerging trends?

LS: One of the areas we haven't touched on — even though the volume of investments has increased, what we have seen is the number of down rounds or flat rounds has also increased. So people are raising, but the valuations on a relative basis have come down some. I would say that's kind of a healthy resetting. As you go through a boom period, valuations can get overinflated and now we're really just coming back to a more normal state, and then over time things will flatten out. I expect that trend will continue in 2025 in that we'll continue to see the valuations not be as inflated as they were a couple of years ago.

CF: What can we expect from DataTribe in 2025?

LS: We are continuing to find ways to help founders in the cybersecurity space realize their dreams and build impactful companies. At the foundry stage, we do a relatively small number of deals. We'll generally only do three deals a year, plus or minus one, and that is because we're so hands-on in building. You'll continue to see some interesting companies grow into the next stage and come out of the foundry. In addition, I think we're always continuing to look at ways to improve and expand our ability to support these cybersecurity companies on their complete startup journey. We're pretty focused right now on the early stage and getting them going, and in 2025, we'd like to continue to expand our ability to support even beyond the early stage.