Recapping AV's Birdies and Breaches at Black Hat

Frequently Asked Questions

FAQ

• Where can I view the full transcript of the video?

  You can find the full transcript below:

  Narrator:

  If you miss birdies and breaches at Black Hat, don’t worry. Mike Collins and Lucas Pash are here to tee up the best moments from AV’s Topgolf Networking bash with drinks, swings, and inside insights from cyber leaders. Let’s drive in.

  Mike:

  Hey, I’m Mike, founder and CEO of Alumni Ventures. I’m here with my partner Lucas. We’re here to talk today about cybersecurity and one of the big events of the year is something called Black Hat and I didn’t attend, but Lucas did. So I thought it’d be great to kind of catch up with him and get the big takeaways. So Lucas, how you doing?

  Lucas:

  Doing well, thanks for having me, Mike. Yeah, Black Hat is one of the biggest global stages for cyber founders, investors, and ecosystem builders. People come to Vegas every August from around the world. I don’t know why they pick Vegas and August, but that’s what they do every single year. And you have researchers showing off exploits on stages. You have big vendors jockeying for attention on the expo floor, and then all these big networking events where chief information security officers are trying to sort out what up and coming technologies they need. And at av, we’re one of the most active early stage cyber investors globally. We’re always bringing together folks in the ecosystem. So we actually hosted an event at Black Hat as well. We reserved the big, big top floor suite at Topgolf on Wednesday evening that week and had a lot of people came out. It was really fun

  Mike:

  That’s a highly desirable event right here.

  Lucas:

  Especially by Wednesday evening of that week. People are a little exhausted of the strips to get off the strip for a couple hours. People were pretty excited

  Mike:

  So what were the big takeaways this year? Everybody had to be talking about AI, right?

  Lucas:

  Yeah, definitely. I think more broadly this year really crystallized a shift that we’ve been sensing for a while, which is cyber has genuinely moved from a defensive posture to more of an innovation engine that touches every part of the enterprise. So when you’re at a place like Black Hat, you really feel this collision between these two forces. And on one side you have attackers who are just moving faster, they’re using AI to exploit supply chains and push the boundaries of what’s possible. And then on the other side, you’ve got these startups and these big cybersecurity vendors who are racing to build smarter, leaner, more adaptive defenses. And so there’s this real keeping up with the bad guys mentality in the industry right now. Yeah, AI is everywhere. It’s been a practical enabler in the industry. You hear security operations center leaders saying that they’re already leaning in on AI agents to summarize incidents and write queries and cut through this alert fatigue in the organization. But at the same time, everybody’s acknowledged the flip side. Attackers are using the exact same tools to launch deep fake voice scams or refactor malware in literally seconds. So it really drove on the AI and cyber is this classic arms race, whoever in a base fest or whether it’s the attackers or the organizations are going to win.

  Mike:

  It’s a global story. I mean, there’s clearly a global dimension to good guys, bad guys and the race there that this really is now a matter of kind of national security, not just an inconvenience or huge disruption to a private business, but really life and death.

  Lucas:

  I mean, yeah, geopolitics is one of the undercurrents that makes cyber such a dynamic market. Every flare up between the US and arrival nation is mirrored almost immediately in the cyberspace. You see Russian ransomware groups targeting US infrastructure, Chinese a PT probes at probing telecom networks. You have Iranian threat actors. One very real example of this came out recently around North Korea. It’s now very well documented that North Korean operatives have posed as freelance developers and are getting hired by western companies. And that was, a lot of people were talking about that on stage at black hats at Black hat, and in some cases there weren’t obvious red flags. They looked like normal remote engineers and companies are starting to crack down and leveraging new technologies to crack down on those types of practices.

  Mike:

  I think it is the return of the in-person interview. It is around the corner for some of these very reasons. Was there a surprise or two, something that was a surprise to you, something that was a bigger point of emphasis than you expected? What was the delta in your own mind from what you expected going in Lucas?

  Lucas:

  It’s interesting. I’ve kind of felt for a while that cybersecurity is the most innovative piece of the enterprise and has been for some time. But I think what surprised me was I hadn’t actually seriously looked at the data that shows this is being seen across the market. And what I mean by that is even in 2022 and 2023 when tech funding slowed dramatically, cyber held up meaningfully this year, funding venture funding and cybersecurity has already blown by last year’s total we’re at over $14 billion raised before Labor Day. That was the total amount raised over the course of 2024. So there’s this resilient story in cyber where in my mind it was no matter what the macro environment looks like, cyber is all about non-discretionary spending in the organization. It’s going to hold up nicely. I think my surprise was, oh no, it’s not just holding up nicely. It is a real growth path within the organization. The CISO has board level visibility than ever has been in the past. And a lot of it is driven by CEOs today, like yourself, Mike are saying, we need to be an AI first organization or else we’re going to die. And CISOs are sitting in the boardroom saying, we don’t know how to secure any of this yet and we need to start adopting new technologies in order to make that possible.

  Mike:

  I think it’s the twin of AI first, like you said, if you’re going to be AI first, you’re in a way going to be required to be cybersecurity first as well. So I think they’re actually very mirrored in the senior most levels of organizations. From what I hear, that if we’re going to invest a dollar in ai, we’re going to have to invest at least a dollar in cybersecurity because our surface area to defend is more exposed and things are moving so fast. And if you do AI without the cybersecurity elements, you’re really asking for trouble. So I think for me, that maybe was kind of a light under a bushel barrel a while ago, but really I don’t see that anymore. I think this is well known and it’s really appreciated and understood at the highest levels of more and more companies. And it sounds like that was reflected in the energy of black hat this year.

  Lucas:

  Yeah, absolutely. And it’s within every vertical of cybersecurity you’re seeing that level of excitement of how AI is impacting cloud security identity and access management, application security, data security. Cyber is at this moment where it’s sitting at the intersection of necessity and opportunity. And on the necessity side, it’s those threats that are escalating breaches are becoming universal and the cost of failure is becoming more catastrophic. So it really is a nondiscretionary category of it spend, and the landscape keeps evolving.

  Mike:

  So put on your VC hat for a second. Just everybody has their own take on how to invest in this space. What’s your take? What’s your, what do you look for?

  Lucas:

  Yeah, I mean, look, as an early stage investor, when you see some of the outcomes here, you have to be excited. I mean, think about the recent Wiz acquisition by Google. That’s 32 billion for a company that barely existed a few years ago. Cisco bought Splunk recently for 28 billion or something like that. These are signals that the largest tech companies see cyber as strategic and are really willing to pay up to fill gaps within their organization. So that tells you that there’s a healthy market for innovation and strong returns for investors. And unlike some parts of tech that might plateau, cyber keeps creating these fresh categories. Application security is exploding because of AI generated code security data pipelines are exploding because of all this log sprawl and seem costs. SOC automation is exploding because of talent shortages. These are systemic problems and they really do demand systemic solutions.

  Mike:

  And if you can fill it, somebody is going to come along and want to buy you. So they have a comprehensive solution for their partners. In the case of W, for example. So I do think it is, it makes a lot of sense for entrepreneurship, venture capital, you have multiple exit opportunities if you can solve a problem and find your niche, which is you pointed out every day with new opportunities, there’s new exposures and somebody to focus on solving that

  Lucas:

  And maybe some of the inside baseball here, Mike and why we need to be on the ground at Black Hat and RSA and potentially cyber tech and Israel and these conferences where you have all these ecosystem builders learning from each other on where the puck is heading in the industry. It’s really important in an industry like cybersecurity, because my goal for AV is to land us in the cap table of the next wiz. But it’s also a category where a lot of the big platform players just know that they organically can’t keep up with all the latest threats. So they’re gobbling up the best technologies maybe a little bit earlier than you want.

  Mike:

  Yeah, it’s like pharma. Yeah.

  Lucas:

  So we want to be in early in a category like this and know where the puck is heading. And that’s exactly what we’re working to do here at.

  Mike:

  Great. And for people that want to get involved, there’s a couple of ways to play, right? But we really encourage people to join our cybersecurity syndicate, see some of the deals that our team is doing, not just you Lucas, but among our 40 investment professionals. We’re very active in this space. And if this is something that is a whole in your portfolio and you want to start seeing deals, we’ll put the QR code at the end of this and people can join and start looking at the cybersecurity deals that AV is doing alongside really tier one VC verbs.

  Lucas:

  And to that end, Mike, we’re going to host an introductory webinar in the next few weeks to really walk through the details of that syndicate and answer questions and highlight what’s next. So timing on that to be announced shortly. But yeah, if you’re interested in being at the forefront of what we believe is one of the most compelling investment themes of the next decade, this would be a great way to get involved. Excellent.

  Mike:

  Alright, Lucas, thanks for the update. Appreciate it. And you saved me from Vegas into August. So much. You appreciate it. You’re welcome On.