June 14, 2022

Last Updated on January 19, 2024

Alberto Yépez joins The Virtual CISO Podcast to share his perspective as a venture capitalist working to help entrepreneurs build cybersecurity businesses. He started his wildly successful career at Apple and he is now the Co-Founder and Managing Director at Forgepoint Capital.

Join us as we discuss:

  • Information security challenges from the 2000’s that we still face today
  • Alberto’s insights from working at Apple
  • Criteria that make investing in a technology company worthwhile
  • Three models of private equity investing and why they’re important

Information security challenges from the 2000’s that we still face today

Who would have thought, back then, that we’re still facing the same roadblocks two decades later?

Sure, the world has rapidly evolved in many ways, specifically with regard to technology. But while some things have moved forward in leaps and bounds, it’s the security aspect that seems to have lagged or been forgotten in many environments.

Understand and protect original information structures

The way that Alberto describes something as basic as what we call an “app” really left us with a lot to chew on.

Alberto explained that an app is more like a browser and that there are often so many APIs and connections involved with bringing the information to display on your device’s screen that it can be nearly impossible to tell where the data actually originated from.

What Alberto has picked up on is that platforms and infrastructure has changed, while the fundamentals really haven’t. Working with a deep-rooted intention to protect information is something we still sorely need, despite the technical advances that we have seen over the past two decades.

Cybersecurity doesn’t happen in the lab. It really happens by understanding the changes in technology.” — Alberto Yépez

Alberto’s experience working at Apple

Spending the first half of his career at Apple gave Alberto a unique perspective. Despite being a visionary brand, Apple still faced constraints such as material supply, processing power and network capacity (among other things).

It goes to show that you can most certainly be so far ahead of your time that even the tools you need to build your solution have yet to be created.

In situations like this, people like Alberto are tasked with solving smaller (sometimes perpendicular) challenges that eventually enable the solution to the actual directly aligned challenges that the business seeks to solve. It means building the tools that get used to build the ultimate solution.

Criteria that make investing in a company worthwhile

Alberto shares five key areas that form the core of his evaluations:

  1. The marketLook for large, fast-growing markets.
  2. Intellectual propertyInvestment-worthy IP must be highly differentiated and hard to replicate. Given that most cybersecurity exits are mergers or acquisitions, IP is a critical component in the valuation process.
  3. Go-to-market strategyWhich segment of the market is being targeted and how will the solution reach this audience? With the normalization of security as a service, more people are open to innovative delivery methods today. Is this being leveraged appropriately?
  4. The teamDoes the founding team have the right contextual awareness, industry and working experience, contacts and networking power to confidently execute the go-to-market strategy?
  5. Syndication

    Companies take time to develop. Limiting contributions of value to only the direct founding team may impede product development and the go-to-market strategy. Great syndication can be found within open source development communities, for example.

Alberto also emphasizes that people are the basis for investment. It starts with people and expands outward from there, in terms of investment-worthiness evaluations.

“For us to invest, the intellectual property has to be highly differentiated and hard to replicate.” — Alberto Yépez

Three models of private equity

Investing in private companies happens mainly in three ways:

  1. Venture capitalAlberto refers to this as “minority ownership” because it’s not about gaining control of the company. There must be a collaboration with co-investors and the company itself to drive evolution over time.
  2. Private equity firmsThese institutions look to gain control of the business that receives investment. The founders have little to no say in key changes being implemented by the new controlling owners. PE firms prioritize efficiency and economies of scale over all else.
  3. Growth equity buyoutsThis is a hybrid of the first two models. It’s about becoming a minority investor in a business to fund restructuring or take the company in a new direction.

There are a lot of variables that form a cybersecurity company’s worthiness score for investment purposes. If you’re considering seeking out investment, this conversation is a must-listen for you and your team.

“Fundamentally, Forgepoint partners with the entrepreneurs who help scale and build businesses.” — Alberto Yépez 

To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.

If you don’t use Apple Podcasts, you can find all our episodes here.

Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player

Successful vCISO = All Security Roles Filled

This document outlines the 3 critical roles and responsibilities of a Virtual Chief Information Security Officer: Architect, Builder, and Operator.
Download the free inforgaphic now!