Cybersecurity Spotlight: DoControl

Today the spotlight is on DoControl an New York based cybersecurity startup.

Source: docontrol.io

If you’re active in the Cybersecurity space you may already know about DoControl, if not this article will act as a preface to their services and a brief analysis from an investors lens.

For context, I first heard about DoControl through my Crunchbase research. DoControl recently has secured $3.4m in seed funding through several seed stage funds.

Now is the perfect time to be adding DoControl as a “company to watch”, whether you’re a traditional growth fund with a cybersecurity investment thesis.

Now what exactly does DoControl do? Here’s a snippet about them; DoControl enables fine-grained policies to control how employees, external users, and admins access, share and manipulate data stored in SaaS apps.

The problem they’re solving? The complexity of SaaS apps, users, and admins results in a ton of user interactions and a dynamic attack surface that are hard to follow. DoControl provides on-going visibility to data exposures across multiple SaaS apps.

Different SaaS apps offer different security features, making it nearly impossible to enforce security policies consistently across the board. DoControl’s Data Access Controls redefine how threat prevention is done at scale.

Protecting against unknown or unusual activity requires security teams to ingest logs from multiple apps, organize the metadata, detect anomalies, and take actions. DoControl automates all of it right out of the box.

A bit about the founders: Co-Founded by Adam Gavish, Liel Ran and Omri Weinberg.

• Adam brings 15 years of experience in product management, software engineering, and network security. Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy of Assured Workloads (GovCloud) customer experience serving Fortune 500 customers. Before Google, Adam was a Senior Technical Product Manager at Amazon, where he launched customer-obsessed products improving the payment experience for 300M customers globally. Before Amazon, Adam was a Software Engineer in two successfully acquired startups, eXelate for $200M, and Skyfence for $60M.
• Omri brings 13 years of experience in sales, business development, marketing, and operations. Prior to founding DoControl, Omri was a General Manager USA at SafeDK, where he led customer acquisition, sales strategy, and US operations. There he helped grow the company from pre-revenue to a few million dollars within two years, resulting in a successful acquisition by AppLovin. Before SafeDK, Omri was a Senior Vice President of Performance Marketing at Matomy Media Group, where he led 60 full-time employees to acquire thousands of new customers globally, and grew sales to $80M. Before Matomy, Omri Co-Founded GETONIC, a marketplace for digital goods, raising $500K from The Time VC.
• Liel brings 10 years of experience in large-scale system architecture design, multi-cloud engineering, DevOps, and technical leadership. Prior to founding DoControl, Liel was a Software and Cloud Architect at Amenity Analytics, where he led software architecture design for multiple large-scale and big data applications, as well as migration from legacy systems to cloud-native applications based on microservices and serverless technologies. Before Amenity Analytics, Liel was a Technical Lead and the first engineering hire at Hibob, where he led engineering design and implementation for building a SaaS product and scaling the user base from 0 to 100K monthly.

The market demand? I think DoControl is coming to market in a very timely manner. Over the past several years, we continue to hear ground breaking stories about cyber breaches within major corporations. The laundry list of ground breaking breaches is quite astonishing. At the root of the problem we can see breaches stretch far beyond just these major headlines, data breaches often stem internally from improper practice with the current companies tech stack.

The beauty of SaaS is having the provider handle all of the back end infrastructure which means they’re storing sensitive company data and internal security protocols may not always be implemented.

The deeper problem: SaaS companies aren’t properly prepared or battle hardened for possible breaches. Especially when you have a robust tech stack the protocols vary from provider to provider. DoControl is able to take back control in these instances.

TAM: As always, let’s take a look at just how large the addressable market really is. According to IBISWorld, the industry market size for IT Consulting services is $15.2bn in 2020. The market size of the IT Security Consulting industry in the US has grown 5.7% per year on average between 2015 and 2020. A deeper bottoms up analysis can be done here by looking on a regional level starting with NY, and projecting out the potential market share they can capture within each specific strategic location. The best way to do this would be to look at the amount of organizations that are large enough to implement wide lens cybersecurity protocols and begin to capture a reasonable percentage of those organizations.

KPIs: KPIs that we would seek to dive further into management about would include:

1. LTV/CAC (Target 4:1)
2. MoM Growth (15%+)
3. Margin Profile (targeting high margins here, 70%+)
4. ARR Growth (90%+ at this stage, targeting 50%+ at growth stage)

Far from exhaustive but always a good starting point. Any red flags that are raised at this point can be inspected further before deeming it a deal killer.

So who is the right investor for this opportunity? The list can go on and on for this portion, but lets take a look at some of the prominent investors from early to growth stage that are active in this sector.

• Amit Karp, Partner at Bessemer Venture Partners
• Rama Sekhar, Partner at Norwest Venture Partners
• Ping Li, Partner at Accel
• Saam Motamedi, Partner at Greylock
• Deepak Jeevankumar, Managing Director at Dell Technologies Capital
• Lenard Marcus, General Partner at Edison Partners
• Arun Mathew, Partner at Accel
• Matt Carbonara, Managing Director at Citi Ventures
• Matt Robinson, Vice President at TCV
• Enrique Salem, Partner at Bain Capital Ventures
• Thomas Krane, Principal at Insight Partner
• Anthony Georgiades, Partner at Innovating Capital

It’s a bit early for many of these funds, none the less it’s best to begin tracking and forming relationships as early as possible. Promising cybersecurity startups can glide through funding rounds exceptionally quick.

Exit Strategy: There is no shortage of strategic or sponsors when it comes to exits and for that matter an IPO is certainly not out of the equation either. Let’s look at some data to unpack industry exit multiples.

Source: Raymond James

Multiples are certainly rich, with multiples souring into double digits. A few sponsors that are active in the space:

1. JMI Equity
2. Thoma Bravo
3. Paladin Capital Group
4. Summit Partners
5. Updata Partners
6. Edison Partners
7. Columbia Capital
8. IDG Capital

Closing thoughts: I certainly am bullish on the cybersecurity landscape as a whole, but the competitive market is very real. Cybersecurity startups are coming about all of the time and for good reason. There is a market, and a plethora of investors. This doesn’t mean all are winners and careful vetting is required as always. To close out this piece and to tie everything back to DoControl, personally, I see DoControl as a fast moving startup that has amassed an impressive advisory board and provides a real value add service.