Recapping AV's Bytes and Brews Event

Frequently Asked Questions

FAQ

• Where can I view the full transcript of the video?

  You can find the full transcript below:

  Narrator:

  Missed our Bytes and Brews cybersecurity event at RSA. Don’t worry. We’ve distilled the buzz and breakthroughs from our gathering of top CISOs, visionary founders and leading investors. Mike Collins. The CEO of Alumni Ventures sits down with Bozhena to unpack the evening’s most compelling insights in trends at shaping Cybersecurity’s future.

  Michael Collins:

  Hey Bo, how are you doing today?

  Bozhena Kulchyckyj:

  I’m great. How are you, Mike?

  Michael Collins:

  I’m good. And you’re out in San Francisco still?

  Bozhena Kulchyckyj:

  Yes, I am. I’m right next to the Moscone Center where RSA is happening.

  Michael Collins:

  So tell folks a little bit about RSA. What is it and why did we host this event? Bytes and Brews, I think we called it.

  Bozhena Kulchyckyj:

  Yeah, absolutely. Happy to. I think a few things, and I’ll start with a big inflection point that we saw in cybersecurity specifically with over the past 18 months, we’ve seen an extraordinary surge with new products, new developments across a lot of different sectors. And while innovation is obviously exciting, it’s also intensifying challenges specifically for CSOs. And so we’re entering the space where you’re building on AI with AI, some call it AI versus AI, and security and privacy tools in specific have to match the sophistication of AI infrastructure and applications being deployed today. And so RSA was one of the world’s largest and most influential security conferences that happens out in San Francisco, and we saw that as the ideal venue to convene cybersecurity leaders, professionals, innovators, to bring together within our goal and really foster a dialogue and learn from those individuals that are building around the most robust defenses in this rapidly evolving landscape.

  Michael Collins:

  So as AI becomes bigger and more powerful, its ability to do harm and as well as do good. And cybersecurity is clearly about that arms race, right? Is like mouse, mouse trap, and really important at levels of personal security, company security, and nation security, right? I mean, that’s the big, big picture.

  Bozhena Kulchyckyj:

  Yeah, absolutely.

  Michael Collins:

  What was your biggest aha moment or surprise or what will you be thinking about two months from now that you kind of heard from this event and get together?

  Bozhena Kulchyckyj:

  Yeah, I think, and something that keeps coming up in one of my favorite phrases that just continues to be very relevant is that technology is moving faster than it ever has been and slower than it ever will be. And that was very clearly reiterated through the event, where we’re moving faster than we think. It’s clear we’ve entered this AI versus AI era where both attackers defenders are using machine intelligence in real time, and that used to be theoretical. Now it’s operational, and you have to keep building and iterating in order to keep up. And so I think that was mentioned again and again, I wanted to touch on a specific conversation, and specifically what I learned from some founders was within around that the number of founders thinking about identity, not just for people but for agents, for bots and code, was striking. That shift in framing is huge, and it’s happening faster than the industry expected. As AI systems become autonomous actors, they need to authenticate, authorize, and monitor their behavior, and it mirrors what we’ve done with human users, but with added complexity and scale. And so it’s pushing

  Michael Collins:

  what’s real, what’s fake, right?

  Bozhena Kulchyckyj:

  And so that is pushing identity from the static access to just dynamic trust for non-human actors operating across the space.

  Michael Collins:

  Yeah, I think one of the things, standing still is just not an option here because if you are not leaning in, your risk is personally, company countrywide is just existential. So the stakes are also really, really high here when it comes to cyber criminality is going to happen. And so you need to, and that obviously creates opportunities for businesses, business problem solvers, entrepreneurs, those kinds of things. Any surprises, anything that you would like? Wow, I was really taken aback, hadn’t thought of this. Again, for our audience who couldn’t attend the event, what was a big surprise for you?

  Bozhena Kulchyckyj:

  And I think this builds off of, I think the identity part was something that I was very interested in learning from the founders, and going off of what I shared about how fast paced everything is moving, and really the goal of this event of building around the surge of innovation. Something that I learned and that surprised me was because attackers are innovating too, and faster security is kind of the response game to that. And so the biggest companies don’t show up during a tech shift. They show up after. And a few kind of things to solidify that is if you look at AWS, that launched in 2006, and then Wiz showed up in 2020, SOC2 compliance in 2010, then Drata in 2021, and then GitHub, what was that? 2008 Snyk 2015. And so the gaps between the innovation following the tech shift just get smaller and smaller because security doesn’t lead. It responds to where attackers go first. With AI, that pattern is obviously accelerating. New risks are emerging weekly, and we’re in a phase where every layer of the stack is up for reinvention. So there’s so much to do, and that timeframe only continues to get smaller.

  Michael Collins:

  Again, from a venture capitalist perspective, these disruptions and they’re reshuffling of the deck, and there’s going to be new winners and new opportunities, and that’s music to our ears when these technologies happen and there’s opportunities for disruption. Any particular companies that just, you heard their pitch, you heard the story, you just found really, really compelling? Again, I know this is in the eye of the beholder a bit, but yeah, what caught your eye?

  Bozhena Kulchyckyj:

  Yeah, there’s a handful of stealth companies that I’m pretty excited about.

  Michael Collins:

  So that’s one interesting thing. I’ll just pause there. A lot of the most interesting companies in this space are stealth, right? Yes. Are they coming out of universities? Are there teams coming out of bigger companies?

  Bozhena Kulchyckyj:

  It’s very much experienced professionals coming out of CrowdStrike, Okta, people that have built some of the world’s best Cybersecurity companies.

  Michael Collins:

  Yeah. CrowdStrike, Mafia, kind of thing. This is the reinvention of the, again, a lot of our listeners know the story of kind of PayPal, and we’re now in the third or fourth generation of that group founding companies. And this is a pattern you see in VC that a lot of times they see disruption and they want to act on it. And the company that they’re part of has a lot to lose. And so they’re a little slower. And that is why these things happen, including people leaving Google with the frustration of PACE and AI to start. The names we all recognize today, but you’re seeing companies in stealth coming out of the last generation of big security companies, that is a class is really exciting.

  Bozhena Kulchyckyj:

  Yes, exactly.

  Michael Collins:

  Sorry, but I interrupted you. Anything else you wanted to share in that frame? Like specific companies or types of companies?

  Bozhena Kulchyckyj:

  In specific? I can share two quick conversations. One, just to call out, and one of our, we had three portfolio companies that had been sat there in earlystage expo at RSA, which were Octo, Merit and AKA Identity. One of the partners for the event was AKA Identity, and they’re doing fantastic in the space, but I will call it, I had a specific conversation with the founder of Octo, and I think they’re in a fascinating position. They’re tackling the challenge of API security, especially as APSCo AI native, and then just a second company that as well was very impressive is Promptfoo. I spoke with the CTO there and they’re kind of an open source framework for testing, evaluating, benchmarking LLM prompts for reliability and performance. And they similarly, were at the early stage expo booth floor at RSA.

  Michael Collins:

  Cool. And how about for the people that are just not in the business, but maybe relatively new to the area of cybersecurity? It makes a lot of sense. What’s your best advice for getting smart on this? Understanding how to invest in it, how to think about it, what would your advice be?

  Bozhena Kulchyckyj:

  Yeah, I think we’ve touched on this, but follow where the attackers are going and then find startups, building defenses right behind them. Cyber is best learned at the edge, and so don’t just study the frameworks, but study the behaviors, the incentives, the adversaries. I think that’s where the real learning happens.

  Michael Collins:

  Cool. How about you personally? Just tell me a little bit about your fascination with this space. You and your team are obviously super active, investing in it. We obviously have deep tech funds, strategic tech funds, AI funds that all have portfolio companies in this space. But talk to me personally, what part of it fascinates you? What are you excited to invest in? How are you thinking about it personally?

  Bozhena Kulchyckyj:

  Absolutely. And I had come from, I’d worked with one of our partner, we partnered with Sorenson Ventures M12, which is Microsoft’s venture arm, NCR Ventures on the event. And so I’d previously worked with Sorenson Ventures around cybersecurity. So a few years ago, I scanned through all of the companies that were coming out of RSA and had some experience in the space. And so my fascination, it has continued to grow. And I’d say specifically now on the seed team, what is so interesting around it is there is so much innovation happening around AI within it, and the space is changing, and those people are coming out of that legacy of security and building on top of AI. From the experiences that they’ve learned, the number of founders is increasing. I think specifically what I’ll touch on and something we did is we asked everyone for their responses of what they thought the biggest trend in cyber was. And AI was mentioned 90% of the time. If it’s talking about AI, SocGen AI identity for non-human actors or model security, there is an AI level across all of it. And so really teaching ourselves and learning from what we can read and from the events that we put on is something we’re very excited to do and to continue and do. And this was a great start for that.

  Michael Collins:

  I think one of the things we’re going to see, too. Is the pace at which it’s not only using AI to address cybersecurity, it’s using AI to accelerate the pace of building your business. And I’ve talked about this before, is what a small team of highly motivated, dedicated people can do is orders of magnitude faster, more and faster and cheaper than 10 years ago. But what used to take a team of 50 and 20 million dollars in two years can now be done by a team of five with a million dollars and four months. So I think it works on a couple of different levels, and it makes the space you’re in, you’re working in this whole area, I think, is very investible. I think it is. Unfortunately, what we’re also going to see is we’re going to see some tragedies, some hacks, some bad events that are going to unfortunately just all of a sudden turn this into front page news. And so again, this is part of our job as a venture capitalist is being investing before its headlines. And so, thanks for holding the event, thanks for sharing your thoughts. For everybody that couldn’t make it, hopefully they got a few tidbits out of it. Directionally. This is really, really important. So thank you, Bo.

  Bozhena Kulchyckyj:

  Yeah, absolutely. Thanks man.

  Michael Collins:

  Alright. Talk soon.

  Bozhena Kulchyckyj:

  Yeah, bye.