5 days at RSA makes you appreciate how hard enterprise selling is. It’s the Super Bowl of cybersecurity and hand to hand combat every hour. As I’ve said 🥩 dinners are back, and here’s to the founders and sales folks who are grinding it our every day.

My son’s football coach once said, “football is not a full contact sport, it’s a collision sport” and that is exactly what the last few days felt like. The economy is in rough shape, competition is fierce, and sales forecasts continually to revise 📉 . According to Richard Stiennon this year’s RSA Security Conference had 401 cybersecurity vendors, up 20% YoY. Standing out from the crowd with buzzwords galore becomes even harder this year. With that backdrop, let me share some sights and sounds from the week.

Kicking off Sunday night, my firm boldstart ventures hosted a CISO panel with Emilio Escobar from Datadog, Adam Fletcher from Blackstone, and Prabhath Karanth from TripActions with my partner Shomik Ghosh moderating.

Some key takeaways from CISOs:

1. CISOs talk - there are lots of slack channels, etc. where CISOs share information with one another. Bad news travels fastest so if a vendor is aggressive with sales tactics, annoying as hell on outbound, or product just is not great, the CISOs will all know. On flip side, if product experience and communications is amazing, they will also share.

2. Time to value matters - the faster the better, the easier to get up and running and manage and learn to use, the better.

3. AI and security - no consensus - some let their folks use ChatGPT and to be smart about it while others have developers leveraging for product development. One point is clear, however, if you’re a SAAS co selling into any regulated entity (fin/health), you’re going to have to have an answer of how is their data being used.

4. Innovation budgets - it’s there but harder to crack.

The days were filled with meetings with founders, CISOs, investors and strategics while the evening kicked off with networking events from 4pm to midnight. At one event, the host mentioned that there were over 300 cybersecurity investors alone in that room. Given the sheer number of VCs, I decided to find a new day job 🚚 to stand out from the crowd. BigID (leader in DSPM) and Dope Security (fly direct SWG) went old school with IRL marketing campaigns with trucks driving around SF and placed at strategic locations throughout the week.

As for investors, what I heard during the week at RSA is no different than what I see every day in enterprise - AI is 🔥 and sales efficiency matters when it comes to growth rounds. Investors have lots of dry powder and were on the prowl all week.

If you want to get over 100 CISOs in a room then one way to do it is to host George W. Bush, the 43rd President of the United States, for an unfiltered, raw and honest conversation. It was a fantastic event and congrats to my friend Richard Seewald and Evolution Equity for bringing together a great group with the help of Robert Rodriguez from SINET.

Alex Yampolskiy, co-founder of Security Scorecard (a boldstart portfolio co), got a chance to meet with the former President before the dinner and got these words of advice:

I asked him: “What leadership advice would you give?” and he said “Too often leaders stop listening to their teams, thinking they know it all. Know what you don’t know.”

On the show floor developer first security was on 🔥 as David Melamed from Jit Security (a port co) presented in front of a packed house of 300+ folks.

AI and security was also a top theme ranging from AI for hackers (Wired - NSA Director)…

“It is going to help rewrite code and make it in ways that will change the signature and the attributes of it,” Joyce said. “That [is] going to be challenging for us in the near term.”

In terms of defense, Joyce seemed hopeful about the potential for generative AI to aid in big data analysis and automation. He cited three areas where the technology is “showing real promise” as an “accelerant for defense”: scanning digital logs, finding patterns in vulnerability exploitation, and helping organizations prioritize security issues. He cautioned, though, that before defenders and communities more broadly come to depend on these tools in daily life, they must first study how generative AI systems can be manipulated and exploited.

to AI to turbocharge existing security solutions (Axios has nice writeup and refers to new offerings from Google Cloud, Veracode, and Security Scorecard (a portfolio co).

Yes, but: Gartner and other consulting firms recommend companies hold off on using ChatGPT for code generation, code security scanning and secure code reviews since large language models still struggle to write clean code and are prone to misinformation.

to the Security of AI itself…

Hidden Layer won the RSA Innovation Sandbox as top company (YouTube).

Keep an eye out for ProtectAI (a boldstart portfolio co) which is bringing a different approach to AI Security and focus on the SBOM for AI which includes data and models.

As always, 🙏🏼 for reading and please share with your friends and colleagues.

Scaling Startups

1. Must read for founders

   

2. We’ve seen this 🎥 before

   

3. 👇🏼 Reminder - the right kind of crazy 🤪 needed to start a company

Enterprise Tech

1. 👇🏼 Yep

   

2. Replit raises $97M extension at >$1B valuation and going after Github CoPilot

3. The race is on…

   

4. What a big burn will do - Cybereason raises at 90% discount to last round and no longer a cybersecurity 🦄 (Axios)

5. chatGPT enterprise - OpenAI releasing fast and furious and clear it knows how to pay the bills - the enterprise

   We are also working on a new ChatGPT Business subscription for professionals who need more control over their data as well as enterprises seeking to manage their end users. ChatGPT Business will follow our API’s data usage policies, which means that end users’ data won’t be used to train our models by default. We plan to make ChatGPT Business available in the coming months.

6. more GPT in enterprise- PWC to pour $1B into Generative AI (WSJ)

   For PwC, the goal isn’t only to develop and embed generative AI into its own technology stack and client-services platforms, but also advising other companies on how best to use generative AI, while helping them build those tools, said Mohamed Kande, PwC’s vice chair and co-leader of U.S. consulting solutions and global advisory leader.

7. GitLab’s new security feature uses AI to explain vulnerabilities to developers (TechCrunch)

8. Top 10 Takeways from KubeCon EU from Daniel Bryant…

   1. Developer experience continues to get more attention
   2. Platform engineering is increasingly focused on DevOps

   3. Debugging K8s-native applications shouldn’t be a slog (but it often is)

9. The new generation of cloud providers: Why some programmers are moving away from megaclouds (Michael Yamnitsky - Insight Partners)

Markets

1. ☁️ numbers from Jamin Ball

   AWS (Amazon): $85B run rate growing 16% YoY (last Q grew 20%)

   Azure (Microsoft): ~$60's billion run rate (estimate) growing 31% YoY (last Q grew 38%)

   Google Cloud (includes GSuite): $30B run rate growing 28% YoY (last Q grew 32%, neither are cc)

2. As I’ve said in past, best in class NDR will be redefined from 130% to 115%…more from Francis as Cloudflare Net Dollar Retention continues to decline to 117%, down from 122% in Q4 last year and 127% from one year ago