 Downtown San Francisco, it's the Cube. Covering RSA North America 2018. Welcome back everybody, Jeff Frick here with the Cube. We're in downtown San Francisco at RSA North America 2018, 40,000 plus professionals talking about security, enterprise security. It's a growing field, it's getting baked into everything. There's a whole lot of reasons that this needs to be better and more integrated into everything that we do as opposed to just kind of a slap on at the end who better to have on who's investing at the cutting edge keeping an eye on the startups and Sean Cunningham our next guest, he's a managing director, Forge Point Capital, the newly named, so welcome to Forge Point Capital I guess. Thanks Jeff, we're pretty excited about it. So we were branded Trident Capital Cybersecurity. We're a $300 million cybersecurity only fund. We closed the fund about a year and a half ago. We've invested in a dozen companies and we decided that now is a great time to rebrand. Forge Point really tells more about what we're doing. We're forging ahead with our series A, series B funded companies as well as a few growth equity. So it made a lot of sense, but we were pretty excited about the market and obviously RSA with all 1700 cybersecurity companies makes it interesting. Right, so you've been at this for a while. I wonder if you can speak to some of the macro trends as we've seen the growth of cloud, the growth of IoT will soon be more industrial IoT enabled by 5G. We've got all these automated systems and financial services trading and ad tech that we're gonna see more and more of that automated transaction happening. You've got APIs, everything's connected to everything else to enable my application. So really, really exciting, huge growing threat surface if you will, but at the same time, these are the technologies that are driving forward. So what are you seeing from your seat at the table, some of the newer, more innovative startups? Jeff, I think you should probably tell me you have all the answers there. I talk to a lot of smart people that's the benefit of the job. I think the only two buzzwords you left off was Bitcoin and fraudulent payments. We can work a little blockchain in it if you want. Yeah, but it's absolutely been an interesting environment. I've been doing it since 2000 with Intel Capital for 15 years, but what's really changed, what hasn't changed is the fact that it's all about the hackers being able to monetize this. So that's not going away. The biggest change are the, I guess, overt nation-state attacks. And so between all of those things, the drivers are just continuing to force cybersecurity become better and better. And that's why the innovative startups are really, you're seeing these 1700, because the legacy companies can't fix these problems. And you talk about all these different paths for hackers to get in. It's absolutely the case. And we are really big on areas that, as you mentioned, Jeff, the automation. It has to be about automating. It has to be about having a real solution for a real problem. You look at, say, 1500 of these security startups, a lot of them are about technology for the sake of technology. And so we're pretty excited about a couple of areas. One is application security. If you think about the Equifax hack, as simple as getting into the website and being able to hack into all of the PII data, if you will. And we've invested a couple of calls, Previty. And what they do is they make it easy for the application security folks to meet with the DevOps folks and inject the software into these applications. And the reason why that's really interesting is if you think about how long it takes for the DevOps guys to get all their security or all their new updates out through that whole cycle, when you can automate that process and reduce that time to market, that's what it's really all about. So what's your take on GDPR? It was passed a little while ago. The enforcement comes into place next month. It's weird what's going on with Facebook right now. I don't ever hear GDPR in the conversation of what's going on. And yet it's just around the corner. And it seems like it would be part of that conversation. You see this kind of a white 2K moment where there's a lot of buzz and the date hits and we get past it and we kind of move on with our lives or is this really a fundamental shift in the way that companies are going to have to manage their data? Well, I can show you my scars from investing in compliance companies. I think the winners in that space from a business standpoint are going to be the consulting companies initially. And at some point then the legacy guys are going to be also involved as well as some of the startups. But clearly until you see some of the large penalties happen there's not going to be a lot of movement. There's going to be a lot of hand waving and consulting, trying to figure out what's your problem, how do we solve it? So you're going to see I'm sure on the floor a lot of GDPR stuff. But we're being very cautious about where we invest there because as you say, white 2K and a lot of this is going to be a lot of fun. The legacy guys are going to say, oh, we can handle that same as they did with cloud. Look how long it's taking cloud to get adopted. Oh my God, I mean, GDRP is a big piece of that. We did investments in that space around CASB. It's called, and we invested in a company called Preler. Had great traction, but then it just kind of topped out. So it's going to be an investable space and there's going to be a lot of money dumped in there because it's the lemming effect. All VCs are going to follow that. We'll see what happens. And then on the cloud, with the growth of public cloud with Amazon and Azure and Google Cloud Platform, and they've got significant resources that they're investing into the security of their clouds and their infrastructure. And yet we still hear things happen all the time where there's some breach because somebody forgot to turn a switch from green to blue or whatever. How did the startups kind of find their path within these huge public cloud spaces to find a vector that they can concentrate on that's not already covered by some of these massive investments that the big public cloud people are making? Yeah, I think some of the, you know, you point something out. I mean, we're going to think about cloud. You think about the public cloud. You think of private cloud and the hybrid model and so on. I think that's really where things are going to be for a while. The big guys, big companies, enterprises are not putting a lot of their crown jewels out in the public clouds yet. And so the private clouds are equally important to them. And so they have to be secured. And the public cloud, you know, there's definitely, they have some good security but they quietly are implementing security from innovative companies also. They're not as public about it because they wanna have, they're already secure so don't worry about me. But there's a lot of opportunity there. Okay, and then when CIOs are talking about security and thinking about security, ultimately they cannot be 100% secure, right? It's just, you cannot be. And so it's- It's called job security. Yeah, job security for us, right? But I would think of it as kind of an insurance model. You know, at some point you get kind of a law diminishing returns and you've gotta start making business trade-offs for the investment. How are these people thinking about this at the same time, seeing their competitors and neighbors showing up on the cover of the Wall Street Journal, breach after breach after breach? What's the right balance? How should they be thinking about managing risk and thinking of a risk problem as opposed to kind of a castle problem? Yeah, and that's the biggest problem with CIOs and CISOs right now. It's all about what's good enough. Where do I reach that threshold? And so there is definitely buyer fatigue. And I think it's a matter of, there are companies out there that look at the risk profile and are actually giving ratings of what does your environment look like? We just invested in a spin out from, we helped a spin out a company called Cybercube out of Symantec and it's insurance. And they're looking at, from a cyber insurance perspective, of what's your risk profile within your organization and selling, and that data from Symantec as well as the data they have and going back to the insurance, the underwriters say, hey, we can show you the risk profile of this company and you can properly price your cyber insurance now. And we all know how large a cyber insurance market is. So there's a lot of opportunities in that space to really look at the risk factors. All right, well, before I let you go to go visit all the 117 startups, which we'll be looking for your check, I'm sure. Human ATM. What is one or two things that you think about and in some of the more progressive startups that you talk about that still hasn't kind of hit the public eye yet, that they should be thinking about or that we're going to be talking about in a couple of years that's still kind of below the radar? Yeah, you know, if I told you, then everyone else would be there. That's true, definitely. So I have to be a little careful. No, I think the interesting thing is, a bit of a contrarian view is if you think about consumer space, people really don't want to invest, investors don't want to put money in the consumer, but you think about Symantec, again, LifeLock, identity protection, $2.3 billion Symantec paid to get LifeLock, that's a lot of money. But if you think about five years ago, how many consumers would pull out their Visa card to buy security? So we think that there's really a potential opportunity on the consumer side. Now, AV's pretty well scorched earth, a lot of places, a lot of these end point things are scorched earth, but consumer might be an interesting place to be able to take these enterprise applications and what I would call the consumerization of security and take some of those interesting applications and solutions and bring them down to consumer in a bundled type of environment. Yeah, well, certainly with all the stuff going on with Facebook now, people's kind of reawakening on the consumer level of what's really happening would certainly be a fuel for that fire. We have an investment company called ID Experts, which does breach remediation. And our goal right now is, we're continuing to add products from that space to be able to give the consumers a very robust offering. All right, Sean, well, thanks for taking a few minutes out of your day from prospecting over on the floor. East Ronald Cunningham, I'm Jeff Rick. You're watching The Cube from RSA North America 2018 in downtown San Francisco. Thanks for watching. We'll see you next time.