Rain Capital Founder Chenxi Wang on the State of Security, Funding and Gender Diversity

Editor’s note: This post is the latest in Security Outliersa series of interviews with people who are tackling big security problems while questioning the status quo.

The way we live and work is being transformed by pandemic policies designed to keep people isolated, which has prompted even more reliance on computers and the internet. While restaurants, transportation, hotels and other industries are suffering severe losses, cloud, business communications and security companies are faring much better. There have been only a handful of tech IPOs so far this year, but others are pending, including AirBnB, Asana and DoorDash. That compares to more than 40 tech IPOs last year, even if some underperformed.

To get a sense of what’s going on in the security industry and the VC world, I thought I’d ask Chengxi Wang, founder of Rain Capital, whose portfolio is all cyber companies. We chatted over Zoom about the current startup climate, among other things. This is an edited version of our conversation.

I’d love to hear your insights into the cybersecurity VC market during this chaotic and uncertain moment in time. What are you seeing as far as startups getting funded?

When COVID-19 first came out in March and it was clear we were going into lock down, VC activity dropped significantly. I used to look at multiple pitches a day and that month the volume of new pitches was at a historical low. March was a shock to the system. It started picking back up in the second half of April and in May there was a steady pick up. Now, my activity level for companies seeking funding and my activity with portfolio companies is almost back to what it was pre-coronavirus. 

And in the longer term, especially if infection rates continue to rise?

It will take some time for the market to get back to normal. I’m in the B2B market, not the consumer world. In B2B, things are still happening. Companies still have to maintain technologies and products, especially for security. Folks are maintaining what they had before and investing in work from home and remote access infrastructure. Other areas that aren’t core or related to remote access are being put on the back burner. In terms of company operations, it will be a bit of time before we see things return to normal.

Do you think now is the right time to start a company? 

I think it’s the right time to be incubating new ideas. People are given a rare opportunity to not travel, to not spend time on potentially fruitless meetings. For example, I have more time to think about things more deeply, to dig deep on research. As far as starting a company, it depends on what the business is. If you’re cutting edge tech, you have to ask: is the market ready for it given that the market after COVID-19 will take time to recover? If you’re doing something that solves immediate pain, absolutely. If the technology is aspirational, you should think about the timing. 

What advice do you have for entrepreneurs trying to raise funding during this current climate?

Now is the time to incubate but also the time to build. I’m expecting entrepreneurs to come with well-thought-out ideas. I expect them to have taken the time to vet ideas with potential users, have well-prepared use cases, and be able to argue about their technology in a well-founded, sound way. If you don’t take the time to do that — and now is a good time — then I think it might not be the right fit.

If you’re cutting edge tech, you have to ask: is the market ready for it given that the market after COVID-19 will take time to recover? If you’re doing something that solves immediate pain, absolutely. If the technology is aspirational, you should think about the timing. 

I would expect that security will be one of the least impacted by the downturn? Do you agree?

Cyber is one area that is somewhat impacted but also somewhat protected because we haven’t seen a change in the fundamentals of the game. You still need protection for infrastructure, applications, data, and to be compliant with GDPR, PCI and other regulations. Those things haven’t changed. We still have a market and a need to produce tech and innovate.

VPNs and other technologies that enable secure remote work, as you mentioned, are doing well. What other technologies in this space are getting a lift from this workplace transformation we’re seeing happen from quarantine?

Offering services where you don’t have to have a footprint or presence in the company is hugely desirable. I have a company in my portfolio, Mitiga, that offers security services to the enterprise and before COVID-19 potential customers weren’t interested if they were told “we can do services for you without setting a foot on premise.” Now everybody wants that. 

Changing course a little bit… We’re in the middle of Black Lives Movement protests happening across the country. This has renewed discussion about diversity — a topic you recently wrote about in your Forbes column, which has some excellent advice. I wanted to ask if you have seen any real progress in narrowing the gender gap in cybersecurity and in the VC industry, which had its own reckoning a few years back. 

We’ve seen progress, even in the VC world. Many firms that were predominantly male have more women partners now. Even though they are still in the minority, they’re sitting at the same table as the male partners. I have a small women’s executive group that I put together. We meet every two weeks and discuss how to get more women into executive roles and the board room. Also, thanks to “Women on Boards,” the California state law that was enacted in 2018, there are more women at the highest governance level for different companies. There are many networks and industry bodies that can help you get your board ready. For the women executives, the Athena Alliance does a great job of building an ecosystem of senior women and helping position them for board work. There’s also a new initiative started by some people I know in the cyber industry, called the Fast Forward Group, to get women on to boards. 

What is Rain Capital’s approach to improving gender diversity?

Just under half of our portfolio companies are run by women and we’re always looking for women-owned startups to fund. And Rain Capital is run mostly by women — two of my three partners are women.

Going back to computer security, I’m curious how you got into the industry in the first place? 

It was purely accidental. At the University of Virginia, I was looking for a graduate research project and one of the professors was recruiting for a research assistant for an applied cryptography project. I was good at math, so I chose that project and that became my entree into the security industry. 

You have had an interesting career path. You went on to teach at Carnegie Mellon University and then you were a VP at Forrester, Intel and CipherCloud, and then Chief Strategy Officer at Twistlock. What prompted you to become a VC?

When I left academia to go into an industry job it was unusual, especially to leave a top-tier institution, but I always wanted to try my hand at new things. After those other positions I became a VC because it was something I hadn’t yet tried. In the VC world I’m a new kid on the block, and I feel that I do my best work when I have to prove myself.

One more, bonus question, if that’s ok. Can you briefly explain Chenxification?

Chenxification is a code obfuscation technique named after my Ph.D. dissertation. There is even a github repo called Chenxification that implements this technique. I was told that this technique was used in obfuscating software for military uses even today