Welcome to Startups Weekly, a fresh human-first take on this week’s startup news and trends. To get this in your inbox, subscribe here.
Gumroad’s Sahil Lavingia broke into the venture world as one of the early testers of the rolling fund, an AngelList product that allows investors to raise capital on a subscription-like basis. That was in 2020. Fast-forward to 2022 and a lot has changed.
One of those changes? The number of pitches from founders looking to raise. “Since March, it’s gone down about 90%,” Lavingia told TechCrunch. “I was probably seeing more than most — about 20 to 40 well-vetted decks a week – and that number is down to about two to four a week now.” He’s also seen the quality of talent rise for people wanting to work for Gumroad — which he partially attributes to the steady stampede of layoffs — and a decline of founders starting companies.
A downturn in the number of founders raising capital suggests that early-stage startups aren’t as immune to macroeconomic shifts as some investors claim; in contrast, a boom of fresh startups would support the idea that recessions — and the accompanying spate of layoffs — are the time when startups are born.
Lavingia breaks down the state of founders into three buckets: “tourist founders, immigrant founders and ‘born and raised’ founders.” Tourist founders, he said, are the ones who only start companies in bull markets, a cohort he said has dropped by about 100%.
“They’re rarely fundable in bear markets,” Lavingia said. “They need to hire others to build stuff.” Immigrant founders, meanwhile, care less about the reputation and status of starting a company but do weigh its risk and return. This founder cohort has been cut in half, per Lavingia. Finally, “born and raised” founders are founders regardless of the market: “They all existed and therefore raised money in 2020-2021, so they too are not starting companies and raising money at the same rate.
There are two sides forming in early-stage venture capital: the investors who admit that talent has shifted and those who stand by deal flow that is as loud as ever.
If you want to read my full take, check out my TechCrunch+ column, “Investors prepare for a founder downturn. Or influx. Wait, what?”
In the rest of this newsletter, we’ll get into Y Combinator on its shrinking class size and debut fund managers on their collective mood. As always, you can support me by forwarding this newsletter to a friend or following me on Twitter.
Y Combinator cuts its class size
Y Combinator says it has intentionally shrunk the number of startups within its accelerator for the Summer 2022 batch. As first reported by The Information and independently verified by TechCrunch, Y Combinator’s Summer 2022 cohort — currently in action — boasts nearly 250 companies, down 40% from the previous cohort, which landed at 414 companies.
Here’s why it’s important: Over the years, Y Combinator’s ever-growing batch size has become a common — if not cliche — conversation among techies. I know this because we contribute to this conversation lots (especially on Equity). The biggest issue that folks have had with YC’s growing class size is that it threatens one of the accelerator’s biggest value propositions: network. The bigger the class, the harder it is to stand out.
While YC says it did not scale back due to critiques or the cost of its growing check size, the move will certainly help those within the current cohort stand out, simply due to lack of competition.
First-time fund managers have thoughts
TechCrunch+’s Rebecca Szkutak has spearheaded the latest investor survey, which gets a temperature check from seven first-time fund managers finding themselves in the beginning of a downturn. What advantages do first-time VCs have over more experienced competition in a challenging market? What steps are they taking to prepare for the fourth quarter? What is keeping them up at night given the market conditions today? These are all questions they answer and more in the piece now live on the site.
Here’s what’s important: There’s always a silver lining, but especially if you have a smaller portfolio. Szkutak gives us a teaser excerpt below:
“We don’t carry any of the baggage that may come with having previous funds or having a lot of capital tied up in what seems to be highly overpriced vintages,” Stuto said. “Just like a founder, who looks at the world differently than subject matter experts, we (first-time managers) bring a fresh outlook of how certain problems and industries are developing.”
Read Szkutak’s survey, and her extra analysis of it, on the site.
If you missed last week’s newsletter
Read it here: “The bootstrapped are coming, the bootstrapped are coming.” I also recorded a companion podcast with my favorite co-worker, Alex, which you can listen to here: “Is it the bootstrapper’s time to jump on the venture treadmill?”
Any requests for topics for me to dig into, either on Startups Weekly or on the show? Tweet me a big question and I’ll take a swing at it, either in an upcoming Startups Weekly or on Equity.
Seen on TechCrunch
Club Feast quietly pivoted to catering and left its consumer customers in a lurch
Uber turns the corner, generates massive pile of free cash flow in Q2
The 5 biggest takeaways from Tesla’s Cyber Roundup
Fish and CHIPs
Lyft assured no layoffs were coming — now employees are scrambling for their next gig
Clubhouse begins beta testing private communities called ‘Houses’ to foster curated interactions
Seen on TechCrunch+
Pitch Deck Teardown: Glambook’s $2.5 million seed deck
The road map for building the Uber of climate tech
From NDA to LOI: What really happens when your startup is being acquired?
Startups have to pay back all that equity compensation someday
Dear Sophie: How long am I required to stay at my current job after I get my green card?
And that’s a wrap. I’m off to the lake to enjoy these last few Summer weekends. Take care of yourself!
Cymulate snaps up $70M to help cybersecurity teams stress test their networks with attack simulations – TechCrunch
The cost of cybercrime has been growing at an alarming rate of 15% per year, projected to reach $10.5 trillion by 2025. To cope with the challenges that this poses, organizations are turning to a growing range of AI-powered tools to supplement their existing security software and the work of their security teams. Today, a startup called Cymulate — which has built a platform to help those teams automatically and continuously stress test their networks against potential attacks with simulations, and provide guidance on how to improve their systems to ward off real attacks — is announcing a significant round of growth funding after seeing strong demand for its tools.
The startup — founded in Tel Aviv, with a second base in New York — has raised $70 million, a Series D that it will be using to continue expanding globally and investing in expanding its technology (both organically and potentially through acquisitions).
Today, Cymulate’s platform covers both on-premise and cloud networks, providing breach and attack simulations for endpoints, email and web gateways and more; automated “red teaming”; and a “purple teaming” facility to create and launch different security breach scenarios for organizations that lack the resources to dedicate people to a live red team — in all, a “holistic” solution for companies looking to make sure they are getting the most out of the network security architecture that they already have in place, in the worlds of Eyal Wachsman, Cymulate’s CEO.
“We are providing our customers with a different approach for how to do cybersecurity and get insights [on] all the products already implemented in a network,” he said in an interview. The resulting platform has found particular traction in the current market climate. Although companies continue to invest in their security architecture, security teams are also feeling the market squeeze, which is impacting IT budgets, and sometimes headcount in an industry that was already facing a shortage of expertise. (Cymulate cites figures from the U.S. National Institute of Standards and Technology that estimate a shortfall of 2.72 million security professionals in the workforce globally.)
The idea with Cymulate is that it’s built something that helps organizations get the most out of what they already have. “And at the end, we provide our customers the ability to prioritize where they need to invest, in terms of closing gaps in their environment,” Wachsman said.
The round is being led by One Peak, with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and strategic backer Dell Technologies Capital also participating. (All five also backed Cymulate in its $45 million Series C last year.) Relatively speaking, this is a big round for Cymulate, doubling its total raised to $141 million, and while the startup is not disclosing its valuation, I understand from sources that it is around the $500 million mark.
Wachsman noted that the funding is coming on the heels of a big year for the startup (the irony being that the constantly escalating issue of cybersecurity and growing threat landscape spells good news for companies built to combat that). Revenues have doubled, although it’s not disclosing any numbers today, and the company is now at over 200 employees and works with some 500 paying customers across the enterprise and mid-market, including NTT, Telit, and Euronext, up from 300 customers a year ago.
Wachsman, who co-founded the company with Avihai Ben-Yossef and Eyal Gruner, said he first thought of the idea of building a platform to continuously test an organization’s threat posture in 2016, after years of working in cybersecurity consulting for other companies. He found that no matter how much effort his customers and outside consultants put into architecting security solutions annually or semi-annually, those gains were potentially lost each time a malicious hacker made an unexpected move.
“If the bad guys decided to penetrate the organization, they could, so we needed to find a different approach,” he said. He looked to AI and machine learning for the solution, a complement to everything already in the organization, to build “a machine that allows you to test your security controls and security posture, continuously and on demand, and to get the results immediately… one step before the hackers.”
Last year, Wachsman described Cymulate’s approach to me as “the largest cybersecurity consulting firm without consultants,” but in reality the company does have its own large in-house team of cybersecurity researchers, white-hat hackers who are trying to find new holes — new bugs, zero days and other vulnerabilities — to develop the intelligence that powers Cymulate’s platform.
These insights are then combined with other assets, for example the MITRE ATT&CK framework, a knowledge base of threats, tactics and techniques used by a number of other cybersecurity services, including others building continuous validation services that compete with Cymulate. (Competitors include the likes of FireEye, Palo Alto Networks, Randori, AttackIQ and many more.)
Cymulate’s work comes in the form of network maps that detail a company’s threat profile, with technical recommendations for remediation and mitigations, as well as an executive summary that can be presented to financial teams and management who might be auditing security spend. It also has built tools for running security checks when integrating any services or IT with third parties, for instance in the event of an M&A process or when working in a supply chain.
Today the company focuses on network security, which is big enough in itself but also leaves the door open for Cymulate to acquire companies in other areas like application security — or to build that for itself. “This is something on our roadmap,” said Wachsman.
If potential M&A leads to more fundraising for Cymulate, it helps that the startup is in one of the handful of categories that are going to continue to see a lot of attention from investors.
“Cybersecurity is clearly an area that we think will benefit from the current macroeconomic environment, versus maybe some of the more capital-intensive businesses like consumer internet or food delivery,” said David Klein, a managing partner at One Peak. Within that, he added, “The best companies [are those] that are mission critical for their customers… Those will continue to attract very good multiples.”
Open-source password manager Bitwarden raises $100M – TechCrunch
Bitwarden, an open-source password manager for enterprises and consumers, has raised $100 million in a round of funding led by PSG, with participation form Battery Ventures.
Founded initially back in 2015, Santa Barbara, California-based Bitwarden operates in a space that includes well-known incumbents including 1Password, which recently hit a $6.8 billion valuation off the back of a $620 million fundraise, and Lastpass, which was recently spun out as an independent company again two years after landing in the hands of private equity firms.
In a nutshell, Bitwarden and its ilk make it easier for people to generate secure passwords automatically, and store all their unique passwords and sensitive information such as credit card data in a secure digital vault, saving them from reusing the same insecure password across all their online accounts.
Bitwarden’s big differentiator, of course, lies in the fact that it’s built atop an open-source codebase, which for super security-conscious individuals and businesses is a good thing — they can fully inspect the inner-workings of the platform. Moreover, people can contribute back to the codebase and expedite development of new features.
On top of a basic free service, Bitwarden ships a bunch of paid-for premium features and services, including advanced enterprise features like single sign-on (SSO) integrations and identity management.
It’s worth noting that today’s “minority growth investment” represents Bitwarden’s first substantial external funding in its seven year history, though we’re told that it did raise a small undisclosed series A round back in 2019. Its latest cash injection is indicative of how the world has changed in the intervening years. The rise of remote work, with people increasingly meshing personal and work accounts on the same devices, means the same password is used across different services. And such poor password and credential hygiene puts businesses at great risk.
Additionally, growing competition and investments in the management space means that Bitwarden can’t rest on its laurels — it needs to expand, and that is what its funds will be used for. Indeed, Bitwarden has confirmed plans to extend its offering into several aligned security and privacy verticals, including secrets management — something that 1Password expanded into last year via its SecretHub acquisition.
“The timing of the investment is ideal, as we expand into opportunities in developer secrets, passwordless technologies, and authentication,” Bitwarden CEO Michael Crandell noted in a press release. “Most importantly, we aim to continue to serve all Bitwarden users for the long haul.”
downgrade the ‘middle-men’ resellers – TechCrunch
As well as the traditional carbon offset resellers and exchanges such as Climate Partner or Climate Impact X the tech space has also produced a few, including Patch (US-based, raised $26.5M) and Lune (UK-based, raised $4M).
Now, Ceezer, a B2B marketplace for carbon credits, has closed a €4.2M round, led by Carbon Removal Partners with participation of impact-VC Norrsken VC and with existing investor Picus Capital.
Ceezer ’s pitch is that companies have to deal with a lot of complexity when considering how they address carbon removal and reduction associated with their businesses. Whie they can buy offsetting credits, the market remains pretty ‘wild-west’, and has multiple competing standards running in parallel. For instance, the price range of $5 to $500 per ton is clearly all over the place, and sometimes carbon offset resellers make buyers pay high prices for low-quality carbon credits, pulling in extra revenues from a very opaque market.
The startup’s offering is for corporates to integrate both carbon removal and avoidance credits in one package. It does this by mining the offsetting market for lots of data points, enabling carbon offset sellers to reach buyers without having to use these middle-men resellers.
The startup claims that sellers no longer waste time and money on bespoke contracts with corporates but instead use Ceezer’s legal framework for all transactions. Simultaneously, buyers can access credits at a primary market level, maximizing the effect of the dollars they spend on carbon offsets.
Ceezer says it now has over 50 corporate customers and has 200,000 tons of carbon credits to sell across a variety of categories. and will use the funds to expand its impact and sourcing team, the idea being to make carbon removal technologies more accessible to corporate buyers, plus widen the product offering for credit sellers and buyers.
Meta plans hiring freeze, NASA shoots an asteroid, and Elon’s texts about Twitter are made public • TechCrunch
Hi all! Welcome back to Week in Review, the newsletter where we quickly sum up some of the most read...
These Are 3 Of The Worst EVs Of All Time
If you walk into any Chevrolet dealership today, you are more than likely to see a few Chevy Sparks on the...
This Robot Chef Has An Electric Tongue To Taste Your Food
Cambridge scientists have determined a way to get a robot to taste salt when it cooks, which could translate to...
The Big Differences Between The Crypto Exchanges Explained
Perhaps the first thing that a trader will look for when evaluating investment platforms is the fee structure. Fees are...
Which Is The Better Electric Car?
If you prioritize acceleration, battery range, and self-driving technology, the Tesla Model 3 is the clear winner. However, the Polestar...
Social6 months ago
Web.com website builder review
Social3 years ago
CrashPlan for Small Business Review
Gadgets4 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars4 years ago
What’s the best cloud storage for you?
Mobile4 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social4 years ago
iPhone XS priciest yet in South Korea
Security4 years ago
Google latest cloud to be Australian government certified
Social4 years ago
Apple’s new iPad Pro aims to keep enterprise momentum