When ambition knocks on the door, an entrepreneur has to answer it.
In the case of Dean Sysman, a young Israeli who is CEO of a hot-shot firm called Axonius, the door-knock came on a client visit. He was CTO of an already successful cybersecurity startup, Cymmetria. But as he was installing Cymmetria’s sophisticated security solution at a big retail company, he realized the company faced a simple problem: It didn’t have an inventory of its devices.
Sysman was stunned. He couldn’t forget the insight. As he visited other clients, he kept asking: “How many devices do you have?”
Eventually, he realized that many large companies didn’t have any way to keep track. “They answered: either I don’t know, or a very wide range,” he said. “This problem I saw was foundational.”
In retrospect, it was a classic internal turning point: a problem or an insight, lodged in a would-be entrepreneurs’ mind, that just won’t go away.
Sysman knew he had recognized a large market and a chance to be part of solving a problem that he could be certain was important. New York City-based Axonius was born in March of 2017. It now has $1-5 million in recurring revenue; and it expects to double its recurring revenue between now and the end of this year.
Sysman’s first step in building the company was telling his co-founder at Cymmetria that the idea was so compelling he needed to leave. It wasn’t an easy conversation, he acknowledged. “It was a process.”
He also had to leave behind the seductive nature of working at the sophisticated end of the business.
“We’ve called (Axonius) the Toyota Camry of ideas,” he said. “There’s a common phenomena in cybersecurity of being interested in only the sexy things.”
“But the odds are stacked against the defenders, and the job of making an organization secure is a very difficult job. What we are helping with is the most basic groundwork.”
In June 2017, he met with YL Ventures, which offered $4 million.
Within 16 days, he had the cash.
Israelis and Cybersecurity
YL Ventures, run by Yoav Leitersdorf, is a $140 million fund that invests only in Israeli cybersecurity startups, including Vulcan and Medigate, according to its web site.
It’s an interesting example of the focus that has made Israeli a powerhouse in the cybersecurity market. The position is fostered by its government, which in turn has been supported by the easy flow of technology between the United States and Israel. Israel is traditionally one of the U.S.’s largest recipients of foreign aid, which today mostly comes in the form of defense spending.
Many young Israelis each year finish their mandatory service and start their own companies. There are usually dozens in cybersecurity minted each year. A couple years ago, Israel’s National Cyber Security Bureau reported the country exported about $6.5 billion of cybersecurity services a year. There are dark sides to this business, however, as The New York Times and Haaretz have reported: Israeli companies are some of the best in the world when it comes to aiding governments who need to spy; and many are also on the cutting edge of decisions about how companies should gather, or not gather, and use, or not use, consumer data.
Sysman said he’s firmly committed to steering clear of “the dark side” — technologies that attempt to break into systems, rather than guard them. “Every company needs to make an ethical choice,” he said. “Are we in this business to take advantage of people? Or are we going to use these abilities to make people secure?”
Sysman relocated to New York to growth the business. Axonius has 30 customers, including The New York Times, Appsflyer, Natera and Schneider Electric. The technology works, he says, by surveying the systems a company already has and gathering data from them. An example of a system might be an identity authentication interface. CB Insights lists a competitor as Ordr.
Axonius has since landed other funding, bringing its total to $17 million. California-headquartered Bessemer Ventures led its A round.
One of the reasons I was interested to speak with Sysman is that I am curious about the evolution of cybersecurity, especially for individuals, over the next decade. California has passed a tough new privacy law that regulates how companies use consumer data, as has the EU. Only about 14% of companies meet the strictures of the new law, which goes into effect in 2020, according to a survey by security and compliance firm TrustArc.
Laws are one thing, as we all know from signing mountains of HIPAA paperwork at the doctor’s office. They can be burdensome for businesses, especially small businesses, and have their effect mainly in creating fear of legal liability and giving consumers a recourse for truly abusive situations.
It’s far better if companies and consumers develop a culture of respect that allows the market to function while keeping government regulation at a minimum. That seems impossible, given the way so many companies have acted like hogs at a trough when it comes to the personal data unearthed by AI. One privacy experiment showed 5,400 apps on an iPhone guzzling data in a week.
So what’s next for the nascent world of cybersecurity? When I asked Sysman what event he fears, I expected him to say a major hack, like that of a government system. No, he said: It’s the moment that a major hack, like Anthem’s, or Equifax’s or Yahoo’s, goes unremarked. Then the environment in cybersecurity will have turned into a sort of Wild West, where it’s every person for herself.
“When people take this as inevitable, that will be a problem.”