
Bain Capital Ventures’ Kevin Zhang: The ‘Unlockable Potential’ in Lending, Investing, and Insurance
Kevin Zhang, partner at Bain Capital, assess the technological tailwinds for emerging players in lending, investing, and insurance....
I spend most of my time in enterprise software, particularly around cybersecurity and infrastructure. I work closely with companies in similar peripheries within the cybersecurity ecosystem.
We've invested in a lot of different parts of what I believe is the modern security stack. This includes the identity space, endpoint detection, compliance automation, cloud workflow and protection, zero-trust security, cyber IT asset management, and more.
Going a layer deeper, from a thesis standpoint, there are two themes, or core pillars, within cybersecurity that I’m most excited about.
The first is what I believe is developer-centric, software value chain security. This involves recognizing that stack for the CI/CD workflows and ensures that there is a full level of visibility and access into the code and products that are being pushed.
The second is security automation. Automation has always been a core pillar in a lot of companies and a lot of businesses, especially in environments that are more constrained by the macro economy, so what we’re looking for specifically are more ways to automate security workflows. We are starting to see a proliferation of a security stack, as CISOs demand more and more attention and focus in terms of technology, budget and security. There's a lot of opportunities to automate and reduce cost and focus on that.
Q: In regards to the source of decision pressure for adoption, who are the most likely candidates?
A: "I think the pressure will come from people recognizing that their security spending has become meaningfully bloated. And they recognize that there's an overlap between many security tooms. The question is - even if you have the ‘best-of’ across every different kind of attack vector - will these platform companies provide similar use cases across additional attack vectors.
As a result, if you're a CISO, CTO, or CIO, you recognize that you can solve different problems in a more consolidated and effective way. Those solutions, longer term, might win. That would probably increase the impetus to truly think about creating more automation in these workflows, reducing the cost, maintaining better visibility, and most importantly, connecting different systems to eliminate isolated alerts and responses as much as possible."
Q: How does incumbent pressure affect this market?
A: "While there are certainly multi-product, multi-category tech conglomerates on the public side that do really well in terms of innovating and growing, a lot of people have realized that there’s a lot of cake left uneaten by public companies with scaled business that aren’t doing things effectively. I think there's a pretty real opportunity to find innovation in those under addressed areas."
Q: On a broad level, what new technologies are in play and enabling more effective automation tools.
A: "When people think of automation and security, they often think of the Security Orchestration Automation and Response/Remediation (SOAR) category, many of these solutions were acquired by large security public companies. Over the last couple of years, a new generation of automation vendors have become more effective at creating tools that focus on addressing incidents, streamlining compliance, reducing alert fatigue, remediating low-level vulnerabilities and more as they arise.
Going a step further, automation is addressing many of these challenges, but it itself is requiring broader and deeper proactive visibility around system interactivity, which isn’t typically the case today. A lot of security orchestration tools were more focused on how to navigate things like the ticketing and more painful workflows through that, and I think there's something to be said about even just having data connectivity between different security platforms and systems. The pace of innovation for what that looks like right now is still a big question mark, but it's an area that I'm most excited about over the next five years."
Underlying homogeneity across security stack vectors could indicate future consolidation when security is a lower priority for enterprises. “In general, many of these tools claim that they are doing lots of research about different vulnerabilities and scanning these tools, but, at the core, a lot of these use cases are pretty similar. The big differentiator is, oftentimes, just the vector or surface area that they protect or respond to. The bigger question is whether we will see convergence and overlap for security platforms,” says Joshi. Typically, there are long-term cycles of consolidation for security. In five years, what was once a wide and disparate stack could be much more narrow.
Kevin Zhang, partner at Bain Capital, assess the technological tailwinds for emerging players in lending, investing, and insurance....
Jill (Greenberg) Chase, investor at CapitalG, assesses the feasibility of several business models amid a massive wave of funding into the AI/ML space. Across different delivery modes and business models, large standalone businesses will be built on differentiation....
John Cowgill, Partner at Costanoa Ventures, points to some of the more overlooked and contrarian business models within this closely watched ecosystem. As the space matures, competition between emerging companies and quick-to-adopt incumbents will determine the winners...
Technology, innovation, and the future, as told by those building it.