I don't think it should be flagged either, but it's wrong in a lot of ways. Some of those ways are boring, e.g. paying investor board members a salary isn't really a thing. Less boring observations:
Cybersecurity is somewhat unique in that historically most of the big VCs haven't paid much attention to it, relative to other things. Greylock, specifically Asheem Chandna and more recently Saam Motamedi, is the main exception that comes to mind. (This broad lack of interest is changing given the overall growth of the industry and the success of companies like Palo Alto Networks and CrowdStrike, though.)
Smaller VCs have spent a lot more time in the space, both because they haven't had to compete with the big firms and because cybersecurity has lower variance than other industries. The companies generate massive returns a lot less often, but also rarely fail, which makes them attractive to angels, second- and third-tier firms, and specialists.
It's an interesting dynamic, but I'd say the most problematic aspect of cybersecurity investing today is the existence of groups like SVCI (https://www.svci.io) and CyberStarts (https://cyberstarts.com). SVCI's investors are tech CISOs, i.e. potential buyers. It's pay-to-play with extra steps. CyberStarts and a few other Israeli VCs are even sketchier, flying CISOs around the world on lavish vacations billed as industry events where they socialize with the portfolio companies.
I know a handful of CISOs who've walked into new gigs only to discover a dozen CyberStarts portco products laying around, basically unused, that they then had to rip out when the contracts were up. It's all deeply unethical.
Cybersecurity is somewhat unique in that historically most of the big VCs haven't paid much attention to it, relative to other things. Greylock, specifically Asheem Chandna and more recently Saam Motamedi, is the main exception that comes to mind. (This broad lack of interest is changing given the overall growth of the industry and the success of companies like Palo Alto Networks and CrowdStrike, though.)
Smaller VCs have spent a lot more time in the space, both because they haven't had to compete with the big firms and because cybersecurity has lower variance than other industries. The companies generate massive returns a lot less often, but also rarely fail, which makes them attractive to angels, second- and third-tier firms, and specialists.
It's an interesting dynamic, but I'd say the most problematic aspect of cybersecurity investing today is the existence of groups like SVCI (https://www.svci.io) and CyberStarts (https://cyberstarts.com). SVCI's investors are tech CISOs, i.e. potential buyers. It's pay-to-play with extra steps. CyberStarts and a few other Israeli VCs are even sketchier, flying CISOs around the world on lavish vacations billed as industry events where they socialize with the portfolio companies.
I know a handful of CISOs who've walked into new gigs only to discover a dozen CyberStarts portco products laying around, basically unused, that they then had to rip out when the contracts were up. It's all deeply unethical.