Baltimore City and the Cyber Corridor

Ellen Hemmerly, Executive Director of bwtech@UMBC, has offered a compelling vision of Baltimore’s Cyber Security future in this recent Baltimore Sun Op-Ed.  In the headline she asks, “Could Baltimore be the next Cyber Security hub?”

I’d like to re-frame the question slightly.  I am already (loudly, repetitively) on record that the Cyber Corridor is already the the next Cyber Security hub.  Let’s be clear how substantial a statement this is.  I mean globally.  And for generations.  My vision and expectation for the Cyber Corridor is that in 5 years, there are only two regions where you would relocate to build and grow your Cyber Security company: Silicon Valley and the Cyber Corridor.  Other regions will spawn new companies, sure.  Most notably Boston, Atlanta, Austin, Seattle, London, Eastern Europe, Buenos Aries and Sydney.  But when you consider moving somewhere to start your company, moving somewhere to scale your company, or opening your first office beyond your headquarters, only Silicon Valley and the Cyber Corridor will be on your radar screen.

The Cyber Corridor — stretching from Belcamp, MD to Dulles, VA, more or less — has at least as much technical talent in cyber as the San Francisco Bay Area.  There is plenty of capital, even if not enough of it is unleashed in productive ways on our start-ups.  And there is a growing entrepreneurial drive.  The main lagging assets are repeat entrepreneurs, repeat CEOs with exits, experienced and connected angel & seed investors, and product management expertise.  The Cyber Corridor is turning the corner on all of these — to be explored in future posts.

What does this mean for Baltimore City?  In my opinion it means not worrying about building a cyber hub.  It means instead identifying and leveraging Baltimore City’s unique assets within this regional economy.

In short, Baltimore City is the affordable urban living environment within the Cyber Corridor.

Large swaths of the workforce that drive the cyber industry forward are young workers; single or coupled, either with no children or very young children.  I’m writing this post from The Daily Grind in Fells Point. This is precisely the kind of neighborhood this demographic craves.  So too with Canton, Federal Hill, Charles Village, Hampden, Mt. Washington.  Tech workers who live in Georgetown, Soho, or San Francisco’s South of Market would be perfectly comfortable here on about half the rent.

IMG_3653

Baltimore already has at least its fair share of headquarters of Cyber Corridor companies.  ZeroFOX ($27m Series B) and Red Owl ($17m Series B) are in the same building in Federal Hill, just blocks away from Inner Loop portfolio company Terbium Labs.  Spark Baltimore houses three cyber companies in its co-working space in Power Plant Live! just across from CyberPoint International.  And just outside the city limits, bwtech@UMBC hosts 41 cyber security start-ups!

I predict that in coming years regional giants like Tenable, FireEye’s Mandiant, Cisco’s Sourcefire, Booz Allen, Raytheon, Symantec, and others will open branch offices in Baltimore.  Probably in Federal Hill, Fell’s Point and Canton, maybe at Kevin Plank’s Port Covington or elsewhere.

As I’ve stressed before, Baltimore is part of the larger DC-Maryland-Virginia economic region.  A region that is on the cusp of a permanent, globally-important cyber security boom.  Baltimore has more than its share of unique assets to benefit from this boom, and is well on its way to capitalizing on those.  I see a great things in Baltimore’s cyber future.

Advertisements
Baltimore City and the Cyber Corridor

Thanks, Google Play!

Early Wednesday morning, Google Play removed Cybrary’s Free Cyber Security Training Android app from their App Store.  This was presumably motivated by concerns that lessons on Penetration Testing (a core skill for any cyber security practitioner) could be abused.  This concern was misplaced, as I wrote about last week.

I am so pleased to share that Google reconsidered their position over the holiday weekend, and the Cybrary App is now live again and fully functional on the Android App Store.

As Cybrary co-founder Ryan Corey eloquently explains in his own post today, the core problem was a misunderstanding of the cyber security process.  “Breaking software or networks?  Searching for vulnerabilities?”  These sound like the things “bad hackers” do.  But the approximately four million cyber security professionals worldwide know that these are critical steps to improving code and networks.

Obviously, other parts of Google know this.  As I pointed out on Twitter last week, Google accepts advertisements from Penetration Testing firms, and even lists Penetration Testing as a minimum requirement for their Security Engineering jobs.  One step toward getting the broader public (and the latest adopters of all — policymakers) to understand “Hacker Culture” is aligning first with the broader tech community.

The 5,000 Twitter mentions on the day before Thanksgiving, nearly all of which implored Google Play to reinstate the Cybrary app was a gratifying step in the right direction.

Another step would be to stop associating the word “Hacker” with the underbelly of the technology world.  The term originally meant simply someone who uses clever techniques to solve a problem.  Who could be against that?!

Hacker Culture currently suffers from at least two distinct challenges: (1) This public perception, and (2) A lack of diversity among its most prominent practitioners.  Perhaps we could help solve both issues at once, if the standard image run with every “hacker” article in the media were changed from this:

Hacker

to this:

Georgia Weidman

For those not familiar with her, that’s Georgia Weidman, world renowned penetration tester, author of Penetration Testing: A Hands-On Introduction to Hacking, and instructor of the Advanced Penetration Testing course on Cybrary.

Which, did I mention, is available once again on Google Play?  Thanks, Google!

Thanks, Google Play!

Party Like It’s 1995

Cyber Security has long had its own subculture, and sometimes this leads to clashes (misunderstandings) with the mainstream tech and policy culture.  The most common example of this is the ongoing (and on, and on) debate about encryption and law enforcement. Amazingly, we seem to be re-litigating these questions as if we’ve learned nothing and formed no new consensus over the last twenty years.  This is frustrating.

Equally frustrating are renewed conflicts because some people cannot distinguish analysis, education, and defensive preparedness from black hat hacking.  This fog is apparently what has led Google Play to remove (weeks after approving!) the free Cybrary cyber security training app from its app store.  The Cybrary founder has posted the arc of the events here.  His frustration is evident and understandable.  It’s as if the cyber and broader tech communities are no better at discussing these topics than they were twenty years ago.  To take you back…

In 1995, in partnership with Wietse Venema, security researcher Dan Farmer, a brilliant and audacious student of legendary expert Gene Spafford, invented the Security Administrator Tool for Analyzing Networks — SATAN.  It enabled a security admin to efficiently find flaws in their networks so that they could address them.  Its accuracy and ease of use was a watershed moment in the security industry.

And what did Dan receive for his scientific and industrial innovation? Commendations?  A promotion?  $10m in venture capital to build a business around his open source tool?  None of these.  He received threats of legal action from the Department of Justice and a pink slip from his employer Silicon Graphics.  Thank you very much.

All because SATAN could also be used by the bad guys.  It was a tool to analyze networks and find their vulnerabilities.  It was a tool the same way a VHS machine, or an encryption engine, or an internet connection, or a crowbar is a tool.  Presumably those leading the backlash against Dan felt that if the good guys didn’t invent and distribute tools, the bad guys wouldn’t be smart enough to do so.

In 1995, when most of the bad guys were between 13 and 45 and lived in their parents’ basements, maybe, MAYBE this was true.  In a world of cyber criminal syndicates and state-sponsored actors, it is insane to think that we are safer if we can restrict the flow of scientific and technological knowledge.

One of the few advantages we have in the cyber war is that most people are basically good.  There are many, many, many more people who want to defend data, networks, e-commerce, e-government, free market capitalism, intellectual property, freedom, transparency and democracy than want to steal from them or destroy them.  The vast majority of people would rather make $180,000 a year as a cyber security technician (and live openly within the law) than try to make millions and live in darkness and fear forever.

The broad distribution of knowledge primarily means the distribution of knowledge to the good people.  Believe me, the bad people are already sufficiently motivated to find the information they need.  Taking the Cybrary app off Google Play today makes us no safer than sanctioning Dan Farmer did in 1995.

Not to mention the commercial implications.  SATAN paved the way for next-generation vulnerability assessment tools nmap and Nessus. Tenable Network Security (right here in the Cyber Corridor!) provides services on top of Nessus, and just raised a $250m venture capital round.  The Vulnerability Assessment market is now a $1.5 billion market.  The penetration testing market — which apparently got Cybrary banned from Google Play — is a $2.5 billion market.

Too much rides on getting this right.  Billion-dollar markets, and the effective protection of our entire online economies.  The security community has got to be able to effectively communicate to the broader tech and policy community that the creation and distribution of security knowledge and tools benefits us all much more than it harms us.

A good, small place to start would be to get the Cybrary app back up on the Google Play App Store.

Party Like It’s 1995

Comcast Password Dump Opens New Front in Enterprise Cyber Security

CSO Online reported that 200,000 valid Comcast login/passwords were offered for sale on a Dark Web marketplace.  Comcast has prospectively required password resets for all 200,000 accounts, a reasonable response.  How did Comcast learn of existence of the list?  Through the Good Samaritan actions of security researcher @flanvel, and the subsequent coverage at CSO. Now, I know bug bounties are all the rage, but you wouldn’t rely solely on “the crowd” to find your vulnerabilities, or APTs, or Insider Threats, or compromised social media accounts. You hire Qualys, Tanium, RedOwl, and ZeroFox to help you do it proactively and professionally.

Why is it still okay to wait for a researcher, the press or the FBI (or bad actors!) to tell you your sensitive data is floating around the Dark Web?  How much longer will that practice be accepted?  These questions are not brand new.  They motivated the founding of Inner Loop portfolio company Terbium Labs, “way back” in 2013.  Today Terbium is convincing the market one enterprise and one industry at a time that this practice needs to evolve, with some strong early success.

The reason the Comcast dump represents a new front is that Comcast insists the data did not come from a breach of their systems.  There is some skepticism of this claim, but for now let’s take them at their word.  Comcast’s customers’ data are for sale, Comcast feels some responsibility to protect it, and yet they are not the ones who lost it.

Any Comcast security or privacy officer surely recognizes the massive increase in the scope of their responsibilities that just implicitly occurred.  They now are accountable to protect Comcast customer data wherever it is and however it got there.  Securing your perimeter or your endpoints is no longer enough.  You now have to secure the entire data universe, including the Dark Web.

As I explained back in May, this is what was fascinating about Cyota (acquired by RSA) and ZeroFox (funded by NEA.)  They help customers secure not the finite space of their own networks, but the near infinite space of all of cyberspace.  Or at least try to.  Or at least provide a better, systematic approach to that problem.  There is no “perfect security” in these scenarios (or others!), but alternatively the bar is set so low by current “best” practices, these companies can add a lot of value, even early in their product life cycles.

Now that Comcast has implicitly committed themselves — and by extension all their peer companies — to monitoring the Dark Web for their customers’ information, I am sure they will be developing a plan to do that other than waiting for @flanvel to alert them again.

Comcast Password Dump Opens New Front in Enterprise Cyber Security

A Framework for a Start-Up’s “Degree of Difficulty,” Or Why ZeroFox Might Be the Next Great Company From the Cyber Corridor

The ingredients for a successful start-up have been well-covered: A great idea, a large and untapped market, a visionary founding team, an ability to attract talent, great product- and market-execution, and capital efficiency, among others.  As a very early-stage investor, and as someone intrinsically attracted to ideas, I spend a lot of time reflecting on whether a young company has a particularly compelling idea.  What is the mix of not-too-cold and not-too-hot that makes some ideas seem to burst onto the scene like they’ve always been destined to be a billion-dollar company?

Lately I’ve been thinking a lot about just one aspect of a great idea, what I am calling the Start-Up “Degree of Difficulty.”  Like in diving and gymnastics, your final score (exit) is a blend of Difficulty and Execution.  But unlike in the Olympics, more Difficulty is not always better.  Some ideas are just too hard to build into great companies, such as cold fusion and solar concentrators that violate the Second Law of Thermodynamics (sigh.)

The best Degree of Difficulty is that Goldilocks point where a very hard problem can be efficiently overcome by a small, dedicated team who can also erect significant barriers behind them to thwart fast-followers.  The trivial ideas are worthless, and so are the impossible visions.  (Unless you are Elon Musk, and apparently nothing is impossible.)

DoD 1

In addition to helping early-stage investors to look for companies in the sweet spot, this framework is useful to remind us what the company’s primary challenge is likely to be.  Companies on the the left side can expect a fair amount of competition.  Their fate is likely tied (even more so than usual) to exceptionally crisp execution in sales and marketing.  Companies on the right side should get more leeway in the marketplace — IF they can get their product to deliver the value they think it can.  Their next inflection point comes when they can prove the product is consistently working as expected.  These companies might get discontinuous step-ups in valuation around the Series A or B, whereas companies on the left will scale their valuations more smoothly and in step with their market success.

DoD 2

It is useful to know what kind of company investors will perceive you as.  And it is useful to know what kind of investor you are looking for!  For instance, I have always had a weakness for hard ideas, frequently to my detriment.  (e.g., A scripting language for cyber security, Automatic creation of semantic smart linksThe aforementioned solar company.)  [Please note the grit it takes to link to a reporter’s snarky review of your own worst professional mistake.]

Nonetheless, I continue to like to err on the side of the hard idea.  In part because (despite some big failures) I still believe I can assess a good idea better than I can predict a company’s future sales and marketing skills.  And if we get the idea and product mostly right, we will have a defensible space from which to iterate on our sales and marketing tactics.  I am looking for companies of type A, but when in doubt, I will frequently (though not always) err on the side of type B-1, over type B-2.  We should all try to avoid investing our cash or sweat-equity in type C’s.

DoD 3

Note that the y-axis is labeled “Potential Value,” not “Guaranteed Exit Value.”  Recall that this whole framework of Degree of Difficulty is just one subset of evaluating the Idea, which itself is one of five or six majority categories that go into a start-up’s likelihood of success.  Plenty of companies will fall off this curve.  It isn’t clear that Nest, Instagram, WhatsApp or Mandiant rise to the level of B-2 in Difficulty, but they found billion-dollar exits through viral consumer growth or fitting a key strategic need for an industry leader.  Conversely, Tesla should have died three times, but Elon Musk seemingly willed it to a $30 billion market cap through his personal grit and bank account.  Very likely team, timing, and sheer luck matter more than the idea itself, not to mention the Difficulty of the idea.  But all else equal (it never is), I’d like to be invested in the ideas that fit this framework, not try to break it.

Besides, isn’t early stage investing supposed to be fun and a little bit intellectually stimulating?  If we are going to do anything as early stage investors other than instantly back the next wunderkinds out of Twitter (team), try to find rocketships just as their traction metrics are taking off (timing), or Spray-and-Pray (luck), shouldn’t we be trying to evaluate an idea’s ability to generate a billion-dollar business?  We’ll be basing this mostly on what we’ve seen and worked on before, and that is what this Difficulty Framework is intended to facilitate.

So without further ado, next I plot select Cyber Security companies I have worked with in the past onto the framework.

DoD 4

Instantly we see these six companies do not easily fit the curve.  Still, there are some useful anecdotes.

Type C: Elemental Security.  Brilliant and visionary, Dan Farmer’s idea was to create a scripting language that could translate English-language descriptions of security needs into automatic administration of a network environment.  He even recruited Guido Von Rossum, the creator of Python to the team.  Python is now the de facto scripting language for security administration.  There are a lot of things we could have done better, but in the end, the vision was probably just too big to practically implement in the time frame you need to succeed as a start-up.

Type B-2: Tripwire‘s initial product was fairly simple, but the company grew quickly because of a product vacuum in the market.  I have marked the sale to a private equity firm here, but after some M&A, Tripwire recently “exited” again for $710m. Lifelock was and is a sales and marketing machine, driving it to today’s $1.4 billion market cap.

Type A: What can you say about Counterpane?  It was a perfect idea.  It did not have a large exit.  But it created out of thin air the MSSP market, projected to be a $15 billion market next year.  Some execution issues, but also a lot of bad timing and luck.  Conversely, Postini simply went on a tear from 2003 to 2007.  After several years of modest growth as hosted anti-virus (a decidedly type B-2 idea), Postini hit their stride after pivoting to hosted anti-spam.  Spam was exploding, and companies were just beginning to be ready to move key functions to the Cloud.  (Salesforce.com revenues in 2003 were $51m compared to a projected $5.4 billion this year.)  Everything came together for the most rapid at-scale revenue growth I have been a part of.

Which brings me to Type B-1, which is what I really want to explore.  Cyota tackled a problem that in many ways was much harder than Postini’s.  Cyota wanted to help protect customers from phishing attacks, however they were launched.  Think about the inherently larger scope of that idea.  When Postini sold (say) Citibank, they had to parse all of Citibank’s incoming emails.  One beauty of the model was how narrow this scope is — just edit your MX records to send us all your incoming email!  But when Cyota sold Citibank, they had to try to protect all of Citi’s tens of millions of customers from getting duped in all of cyber space!  Of course they had to keep malware off Citibank.com.  But they also had to find and neutralize Citibanc.eu, Citi-bank.biz, etc., etc.  And they had to try to filter out emails from all of the internet to all of Citibank’s customers with suspicious links.  It’s a much bigger problem.  In the end, Cyota did this well, if not perfectly (who could?)  As such, they got a quick and very healthy acquisition offer from RSA.  (Cyota had a truly outstanding team.  One board member now runs RSA, and the CEO practically runs Israel.)  For our framework, it is noteworthy that as far as I know, Cyota generated the only venture return from that cohort of anti-phishing companies.  Whereas anti-spam generated over half a dozen phenomenal venture exits.  This is the value of finding the type A idea.

With more advanced phishing on the rise, a new cohort of anti-phishing companies is seeking new successes.  One of these within the Cyber Corridor is ZeroFox in Baltimore, backed by NEA and several prominent cyber security individuals including Enrique Salem and John Jack.  I had thought “Social Media Security” was a bit trendy and nichy, until I had the pleasure of meeting their COO and speaking in greater depth with their head of product at the RSA Conference.  “Social Media Security” doesn’t mean just protecting the social media accounts of Citibank — although it is that.  It means finding and neutralizing @citibanc-eu and Facebook.com/citi-bank.  It means protecting all of Citibank’s customers from social media hacks that try to play on Citibank’s strong brand in all current social media channels, and all the emerging ones too.  To me this is so evocative of Cyota’s goals, I had to create an entire framework to discuss why I am excited about this idea.

ZeroFox has a significant challenge, but they have been tackling it for a few years now.  If they can continue to execute on their product vision, I expect they will have substantial elbow room in the marketplace for years to come.  But you know me, I am an Ideas-First / B-1 Type guy.  Check out the company — and if relevant for you, the service — and decide for yourself.

A Framework for a Start-Up’s “Degree of Difficulty,” Or Why ZeroFox Might Be the Next Great Company From the Cyber Corridor

If Software is Eating the World, Cyber Security Has a Lot to Digest

Amit Karp of Bessemer Venture Partners recently did the cyber security investment community a service by asking in a thoughtful blog post whether we are now experiencing a bubble in cyber security.

First, let us define some terms.  Credit to Amit for re-framing the question in his tweet to ask if we are in a “mini” bubble.  This is the right question.  History has seen some bubbles.  A single tulip bulb sold for 10 times the salary of a skilled craftsman.  Prime Tokyo real estate lost over 99% of its value between 1989 and 2004.  By these measures the U.S. sub-prime mortgage boom looks tame, but let’s grant that as a bubble too.

Even in my modest investment career, I’ve seen some bubble activity.  I had an opportunity to get into venture capital thanks to the “B2B E-Commerce” boom which was quickly proven a bubble. If memory serves, Internet Capital Group, the publicly traded B2B accelerator, traded at a market cap of $1 billion … per employee!  I was also a VC when hundreds of billions of “value” vaporized when expected demand for optical networking gear failed to materialize.  And I tried my hand at finding rational deals when investment activity in “Cleantech” was at its peak.

The enthusiasm for new cyber security ventures looks nothing like these examples, so let’s stipulate we are not in a bubble and investigate whether we are in a “mini-bubble.”

Amit cites CB Insights (a great service!) that $2.4 billion was raised by 269 cyber security companies in 2014.  That is surely a lot.  But so is the $1.9 billion raised by 350 Ed Tech deals in 2014. And the $12 billion in 730 deals in Fin Tech, and the $11.7 billion for 1,127 SaaS companies.

For every dollar in an innovative digital service for education or finance or the business cloud — not to mention mobile, healthcare, energy and transporation — we certainly need a few cents for innovations in security.  If Software is Eating the World, then the Cyber Security industry has a lot to digest.

Another popular CB Insights meme is that the value of every venture unicorn combined is less than one Facebook.  Similarly, if we assume the average venture financing might buy 20% of a company, then the aggregate post-money valuation of all 269 cyber security companies funded in 2014 is almost exactly the same as one Palo Alto Networks.  Not every one of these companies is going to generate venture returns.  But as of yet the funding does not seem out of line with the opportunity.

Amit makes a good point that the majority of recently-funded companies are point solutions. (I will admit to sometimes confusing ThreatTrack, ThreatStack and ThreatStream.)  Each one cannot expect to sell directly to CISOs who must buy platforms, if for no other reason than there are only 24 hours in a day.  This is surely true, but probably not a sign of a bubble.  Venture capital has long succeeded in funding point solutions (in cyber security and elsewhere) which find their way to market through a combination of direct sales, channel and strategic partners, and acquisition.  Moreover, while it sometimes seems easy to distinguish platform companies from the others, we shouldn’t be quite so sure of ourselves.  Checkpoint was a point solution.  And I would be willing to bet the early investors in Palo Alto Networks and FireEye saw a path to a venture return as a point solution, even if they had platform stars in their eyes at the same time.  (Making a $1 billion acquisition of a services company was certainly not part of the initial FireEye business plan!)  So of course, the vast majority of these new companies will not achieve $10 billion-value platform status.  The more important thing is to invest in teams who have a demonstrable track record and capability of getting their products and services to market.

Amit’s most compelling point is “there is a big difference between building a great new malware detection/protection/evasion tool and building a large company.”  This is certainly true.  Sitting at a global platform like Bessemer, Amit has access to probably 50 times more early-stage companies than I do, as I look primarily at seed deals in the D.C. Cyber Corridor.  So if the majority of the deals out there are more-automated-malware-detection-with-better-machine-learning-for-the-modern-corporate-network-infrastructure, that would be somewhat dispiriting.  Another trend in venture capital is that large funds seem willing to anoint winners earlier in the cycle (e.g., before customers have fully voted.)  As such, I’d be nervous about launching a new Advanced Persistent Threat tool into the teeth of Illumio’s $140m of funding, among others.

However, in my modest little corner of the cyber security start-up universe, this is not what I’m seeing.  I’m seeing brilliant, innovative, orthogonal, out-of-the-box concepts from deeply experienced technicians, security practitioners and entrepreneurs:

New APIs so that the world’s 30 million developers can easily employ advanced encryption without needing to be experts at what’s under the hood.

* New approaches to keep vital corporate information from being sold on the dark web.

* Platforms to organize the daily work of security analysts and SOCs, whose workflows remain far too ad-hoc for the threats they have to fight.

* New approaches to training the thousands upon thousands of new security analysts global industry will need in the coming years.

* New paradigms for protecting networks in a containerized world, when the (virtual) nodes number not in the thousands, but in the hundreds of thousands.

* And new ways for CISOs to digest all these changes and find and buy the best solutions for their networks.

Just to name a few. Investing in a boom cycle can be scary stuff.  And we all have a responsibility to force ourselves to stay grounded to some form of reality.  Amit has served us well to remind us of this central fact.  But as more and more of the world’s activities are digitized, and as bad actors have ever-increasing incentives to exploit weaknesses, I am confident that the cyber security industry needs to continue to push forward as well.

If Software is Eating the World, Cyber Security Has a Lot to Digest

BVP’s Associates: Where Are They Now?

I had just been thinking about this topic this week.  What an impressive list of professional accomplishments my former colleagues as Associates at Bessemer Venture Partners had racked up.  I decided next time Bessemer was hiring for that role, I’d help them out (as if they needed any) by letting their potential candidates glimpse some potential futures. Sure enough, the blog post came just days later: Bessemer Venture Partners is hiring for a position in Menlo Park to focus on early stage consumer internet investing.

So, in rough chronological order, here are the current titles (with links to LinkedIn) of some of the Associates I worked with at Bessemer.  (Apologies to any I missed of the top of my head.)

Co-Founder and Managing Partner, Volition Capital (Growth Equity)

SIA, Bridgewater Associates (Hedge Fund)

Managing Director, Symphony Technology Group (Private Equity)

Analyst, Whale Rock Capital Management (Hedge Fund)

Partner, Bessemer Venture Partners (VC)

Private Company Advisor (After successful run as entrepreneur)

Founder & Managing Partner, Bloom Tree Partners (Hedge Fund)

Co-Founder and Partner, Aldrich Capital Partners (Private Equity)

SVP and GM, Big Data, HP (Tech)

General Partner, Andreessen Horowitz (VC)

Partner, Bessemer Venture Partners (VC)

Investor, Yiheng Capital (Hedge Fund)

Partner, Bessemer Venture Partners (VC)

Partner, Bloomberg Beta (VC)

Partner, Bessemer Venture Partners (VC)

Founder & CEO, Business Connect China (Market Research)

Partner, Accel Partners (VC)

Partner, Light Street Capital (Hedge Fund)

Partner, Bessemer Venture Partners (VC)

Partner, Bessemer Venture Partners (VC)

Partner, Bessemer Venture Partners (VC)

Co-Founder, Generate Capital (Specialty Finance)

Product Manager (very early employee), Pinterest (Tech)

This list is obviously heavy with investors.  Only three of these alums are at operating companies.  But if you look more closely, six of these “financiers” actually founded their funds, requiring some serious entrepreneurial pluck.  And don’t overlook the three that got back into investing after successful stints joining or founding start-ups.  No matter how you cut it, the entrepreneurial spirit runs deep in this crew.

And the winner is: Larry.  With LinkedIn ID# 24,866.  Among a group that is supposed to be predicting the future of technology and business, that is impressive foresight.  (There are four names with LinkedIn ID’s in the first 100,000, and 3 more in the next 100k.)

So if you’re considering the position at BVP, I for one cannot recommend it highly enough.  Enjoy, and best of luck with everything.

BVP’s Associates: Where Are They Now?