Justin Somaini spent the last decade as an adviser to and director on the boards of several of YL Ventures’ portfolio companies. Now the veteran cybersecurity specialist has joined the $800 million AUM firm full-time as a partner.
Somaini was chief information security officer, commonly called a CISO, at global giants such as Symantec (from 2008-11), Yahoo (2011-13), SAP (2015-19) and Unity Technologies (2019-24). In shifting his career toward the business side of cybersecurity, he decided he would rather do it as a venture investor than by forming his own company.
CISOs are always being pitched products that are nice-to-haves, not need-to-haves, he told Venture Capital Journal. His goal at YL is to “make sure that we focus on, grow and mature solutions that are focusing on the need-to-haves and are being true to the problems they more broadly are trying to solve.”
Because dealmakers should commit to a VC firm over multiple funds, his thinking was, “if it’s ever going to happen, it’s got to be now, as I’m getting a little bit longer in the tooth,” Somaini joked.
Although he’s faced his share of challenges over a long career, mostly in CISO roles, he said he joined YL because, “I really wanted to push myself, and this is a completely new muscle, even though it’s still attached to a domain that I’ve been close to for well over 30 years.”
As a partner, Somaini focuses on three areas. First, building up sourcing capability for repeat founders in the US cybersecurity industry. Second, supporting existing portfolio companies by serving on their boards and assisting in their product development, messaging and go-to-market strategies. And lastly, managing YL’s extensive network of advisers to further support founders.
Most of the time in the first few months in his new role has been spent on strengthening relationships with security practitioners at Fortune 2000 companies in YL’s advisory program. That includes ensuring the right tools and policies are in place to be able to provide the support needed in the first two areas.
“Because we’re focusing on products and services across all of cyber, you can imagine the various disciplines that would be really helpful to not only making sure that we’re investing our funds in the right space, but also that we’re supporting those companies with the right advice from the industry,” he noted.
In addition to improving ties with the CISOs in residence that have been part of YL for a long time and others in the partners’ personal networks, “We’re out there learning who’s new, introducing them to YL and getting to know them and their skills sets,” said Somaini. “More frequently than not, those relationships go well as CISOs want to have a finger on the pulse of new innovation in cyber and that’s what we can provide.”
Fresh capital
Co-located in Mill Valley, California, (14 miles north of San Francisco) and Tel Aviv, YL has raised five venture funds and has about $800 million in assets under management. In 2022, it closed on $400 million for its fifth fund, which it described as the “largest seed fund ever raised for cybersecurity.”
Fund V is expected to back 12-15 companies. It has invested in five companies so far. Check sizes for seed investments are $4 million-$10 million, but they can exceed the top end of that range. The firm also continues to invest in its portfolio companies in follow-on rounds.
For all of the ideas that are in the market for solving cybersecurity issues, Somaini sees a need to also consider how those solutions would be managed within the operations of client companies. That includes having a clear perspective on operational costs, given the increasingly demanding workloads of security and engineering teams.
“I have not seen many [cybersecurity solutions] gain a lion’s share of the market or have huge traction because of those operational costs,” he said. “But then again, we’ve always had innovations and evolutions of things that finally solve problems, and if that is one of them, I’d love to hear about it.”
Incorporating more automation into cybersecurity workloads would help reduce operational costs, he noted. Audit and compliance functions, which likely account for 50-70 percent of the modern tech stack today, can be automated, and some products and services on the market already make that possible, Somaini said.
Within the security operations center, he cited the emergence of security, orchestration, automation and response (SOAR) solutions, which enable security operations teams to automatically execute repetitive tasks, such as responding to phishing alerts and endpoint detection and response (EDR), which historically have been done manually.
“In my career, labor has been anywhere from 50 percent to as much of 90 percent of my overall budget, so it’s a huge cost that should be automated as much as possible to get scale,” he explained. “And you can’t hire enough people, so you need to invest in technology to do it.”
Getting hands-on
Somaini currently serves on the boards of six portfolio companies. One of them, Miggo, based in Tel Aviv, has developed an application detection and response platform designed to prevent application breaches. YL led the $7.5 million seed round that Miggo raised in April.
Somaini also sits on the board of Aim Security, which focuses on how to secure the generative AI capabilities that companies are deploying and actively working through. YL participated in Aim’s $18 million Series A round, which Canaan Partners led in June.
Another board Somaini sits on is for Gutsy, which takes a data-driven approach to security governance. “As an auditor way back in the day, processes are very important to me,” he said. “Gutsy is putting in actual telemetry of a company’s processes so they can get proper metrics and efficiencies and accountability out of vulnerability management, [with the ability to] hire and retire processes, which we’ve never really had before.”
All of these companies address what Somaini sees as material problems that need to be solved. His time is spent primarily on engaging multiple times a week with founders, ensuring that feature functionality is aligned with market needs. He sees his role as “not only giving my advice, but also understanding their challenges and how can I pull in my network of advisers – or even outside that community – to make sure that those portfolio companies are armed with the right information and points of view that they can deploy into their products and bring them to market.”
Somaini also helps founders discard ineffective marketing techniques in favor of “a more personal relationship-driven sales motion [that] brings integrity and relevancy to the process,” he said. That comes down to simple messaging and using common language to describe the problems a company is trying to solve, how it’s trying to solve them and directing those solutions to the right people, he explained.
Many of YL’s portfolio companies are based in Israel, which is currently fighting a war and whose logistical security challenges can’t help but shape a unique sensibility among its tech founders.
“You’ve got a whole country that is conscripted into [military] service,” said Somaini. “You have this culture of defense and security that’s pretty much ingrained, and I think that carries over into what we see coming out as far as cybersecurity solutions.”
He believes the comparatively large number of cybersecurity companies being built in Israel reflects that reality.
This profile is part of an occasional series about new partners at venture firms. Read other new partners profiles here. If you know of a new partner who should be profiled, please contact David Bogoslaw here.