RSA 2018 - what was in it for a UK cyber start-up?
RSA 2018 - what was in it for a UK cyber start-up?
Never mind what journalists think about RSA, Nik Whitfield, CEO, Panaseer gives an industry insider view of what a UK start-up got out of the event via his daily diary of the show.
The RSA Conference is one of the biggest dates in the cyber-security calendar. Cyber -eaders and vendors, big and small, descend on San Francisco in droves – so much cyber-geekery all condensed into one place. But does it live up to its hype? And, crucially for UK cyber-start-ups, what's the RoI (return on investment) of attending? It's my third year attending as a UK cyber-start-up - hopefully by reading my experience you can judge for yourself!
Monday – day one at RSA
A sleep miscalculation across time zones meant I had a mere three hours sleep. Not the ideal preparation for what is typically the hardest day of RSA, which is dominated by the wonderful but gruelling America Growth Capital (AGC) conference - an RSA staple for CEOs and investors alike. Set in the Hilton Union Square Hotel, the AGC begins at 7 am and runs until cocktails are served at 5 pm. The format comprises two components, the first being presentations from security companies, from global giants like RSA, down to superstar start-ups vying for a place at the table.
However, the conference is dominated by the ballroom setup for the geekiest speed-dating event of the year - more than a hundred tables play host to thousands of flirtations between coy companies pretending not to look for funding, and investors pretending not to be interested. The time lapse video for this gargantuan tango displays occupancy rates for the tables that any restaurant would admire - on this evidence, cyber-investment is looking smoking hot. I'm delighted that my own company's messaging about the importance of Enterprise Cyber Hygiene has been picked up by major industry players – in many ways you can use RSA as a litmus test to check that you are going in the right direction.
For yours truly we accomplished ten meetings and a presentation before retiring, hoarse but happy, back to the hotel to deal with a few emails. It was rewarding to bump into - literally in one case - old friends and acquaintances, and I was struck not just by how vibrant this investment scene is, but how much compassion and goodwill was on display throughout the day.
Personally my highlight of the first day was an intimate Founders Only event, featuring fifteen -minute presentations of brutal lessons learned from twelve of the cyber-industry's founders. This was a real gem of a find, courtesy of our Chief Data Scientist (always finding new insights). I truly believe that start-up CEOs succeed when they admit they don't know it all, and events like this are priceless for picking up nuggets of advice from those with more scars, more failures and more experience. Stories ranged from disastrous pivots to disastrous inaction, disastrous funding and disastrous lack of funding. The final founder to speak talked in detail about his multi-billion dollar exit to a major tech firm. A positive note to end the day.
Tuesday – day two at RSA
The day kicked off with a typical US bagel breakfast and a team get-together in our hotel suite. The concept of the suite is something I'm still getting used to. We decided not to formally exhibit at RSA, but we wanted a quiet space to meet people - clients, investors, partners, lawyers, friends, etc. So we decided to take a suite at the conveniently located and reassuringly expensive Intercontinental Hotel, where we hosted meetings and gave demos.
It's a little odd to invite people up to the room, but it does mean I have an amazing view and much more luxurious accommodation than I would normally allow. The team get together is a quick run through of the activities yesterday (our Chief Scientist won a Chromebook - lucky sod) and confirm the complex schedule for today.
The suite turns out to be a great success. The hotel lobbies are full of loud, gesturing cyber-security enthusiasts, and so the suite allows tranquil meetings and space to talk properly. I meet several potential investors, a headhunter, a really big US technology company, a fellow start-up CEO, a consultancy firm, and a potential client - it's a lot of context switching.
My favourite time was FaceTiming my wife and kids to cries of “Wow, that's a massive telly!..... Wow, that's another massive telly!”
Wednesday – day three at RSA
At the instruction of my VP of marketing, today I ventured (for the first time) to the actual RSA show – it's really important to get a feel for how your proposition and messaging fares against what other companies are exhibiting.
Bumping into old friends and acquaintances is my favourite part of the show, and I was pleased to meet some en route to the sprawling exhibition hall. The exhibition is spread across two halls - Moscone North and Moscone South. I spend an hour in South, concentrating on the small, cheap stands around the edge, as this is where the new, innovative companies can be found. Some themes emerge quickly, both heartening for my own business - Visibility is key, and Enterprise Cyber Hygiene, a phrase we've been promoting heavily, is being adopted more widely.
The best stand I saw was constructed like a Snake Oil sales pitch from the Wild West, with a lady in fancy dress selling bottle of Machine Learning, a cure for all ills! Gotta love that. Albeit I can't recall the company name, so perhaps it was more style over substance.
The day ends with a social for a birthday and a few drinks with a bunch of old mates - a good day at the office.
Thursday – day four at RSA
It's my last day in San Francisco but there's no let up in activity. Everywhere you look you can see relationships being formed and deals being done, to the roar of background conversation. My meetings run from 8 am until 4 pm, when it's time to leave for the airport.
By lunchtime it's clear the crowds are thinning out, and some people are visibility fatigued from a hard week of pitching and partying.
My final thoughts turn to our industry and how sustainable all this is. For each sub-category within cyber-security, there are simply so, so many companies competing. Whether it's end-point protection, container security, AI detection or something else, there are so many ‘me too' plays. True, step changing innovation is hard to find, and harder to turn into a viable business. If I had a crystal ball I would say that we will continue to see increased consolidation - clients want to buy fewer point solutions from fewer suppliers. They want partnership around tech, not just the gear, with products to live up to their marketing.
Finally – is it worth the effort? Absolutely, when you have a strategic plan and keep focused. The competition for clients and funding is fierce – if that's your only objective you may be disappointed. For start-ups I'd recommend doing reconnaissance for the first year/s of attending – just using it as an opportunity to benchmark your proposition and network with peers to get guidance. Once you ‘get' RSA you'll be in a much better position to get the best out of it.