Sponsored By

I Was an RSAC Innovation Sandbox Judge — Here's What I Learned

Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.

Barmak Meftah

May 17, 2023

5 Min Read
concept art of a person holding a lightbulb dissolving into geometrical constellations.
Source: Natali Mis via Adobe Stock

It was a great honor to serve as one of five judges for this year's RSAC Innovation Sandbox competition — the premier place to pitch your early-stage cybersecurity startup. Congratulations to the top two contenders, with Hidden Layer winning the award and Pangea Cyber taking the No. 2 spot. Keep an eye on these companies — and all this year's top 10 finalists.

Over the 17 years it's been running, the RSAC contest's 170 top 10 finalists have been involved in 75 acquisitions and received nearly $12.5 billion in investments. Last year, Talon Cyber Security and its Secure Enterprise Browser won the top honor, propelling the startup into new markets and catching the attention of many CISOs in the Fortune Global 2000. In earlier years, Phantom Cyber won the contest when its founder and CEO, Oliver Friedrichs, gave an unforgettable pitch — and just two years later, the company was acquired by Splunk. (Friedrichs is now founder and CEO of Pangea.)

As a venture capitalist, serving as a judge has reminded me of the incredible people in our industry and the remarkable innovations that will not only create new categories but also put a real dent in the cybersecurity challenges that enterprises face today.

As a new judge, I didn't exactly know what to expect, but it was a rewarding experience. I was impressed with the other judges and the varied and interesting perspectives they each brought to the table. My co-judges were Christopher Young, executive VP of business development, strategy, and ventures at Microsoft; Niloofar Razi Howe, senior operating partner at Energy Impact Partners; Shlomo Kramer, co-founder and CEO of Cato Networks; and Paul Kocher, an independent security researcher and founder of Cryptography Research.

Together we spent untold hours watching the pitch videos that contestants sent in. (I'd love to say how many, but I'm not at liberty to do so. I can tell you it was a lot of them.) This was time consuming, but truly inspiring to see what people are working on and building toward in this industry.

I'm a true believer in the mission of the RSAC Innovation Sandbox, which is a stage to highlight the brightest startups every year. With 45,000 peers now attending the annual RSA Conference, the contest provides an important forum for early-stage companies to talk about how they're shaping our industry. For companies that typically have very little visibility, this type of opportunity — at such a critical time — can also really accelerate their fundraising and future.

One thing that struck me from listening to all those pitches is how important it is to be able to articulate your key messages in just three minutes. As a VC, I'm used to listening to pitches that run anywhere from 30 minutes to two hours. The RSAC Innovation Sandbox contestants must give their spiel and convince the judges why they should win in the time it would take to compose a short email. The pitches we saw ran the gamut from fast-talking and fact-filled to entertaining and fun. But my three pieces of advice to future contestants that are serious about winning would be:

  • Cover the basics — and land them. State the problem you're solving; explain what makes your solution unique; discuss the size of the addressable market; and talk about your early market traction. These are the key things judges want to hear to show you have a shot at success.

  • Have your founder be your leader — always. Judges want to know how the company got started and the founder or founders' vision for their company. A few of the pitches were delivered by salespeople, engineers, or just someone other than the founder. But founders are the soul of the company, and the best people to tell the story.

  • Don't use a canned demo. This is possibly your one opportunity to tell your story in front of a panel of carefully selected experts, and you want to make it worth their while. I would say one out of every five of the pitches were canned demos. This isn't a webinar. Don't treat it like one.

Now, back to the topic of innovation. Two big trends stood out to me this year.

  • AppSec is back and better than ever. We're seeing a big shift right now in how software engineers view application security. Developers are becoming more security-aware and are organically adopting tools that help them shift-left and address security at the beginning of the development process. There were a number of Sandbox finalists providing developer solutions for identifying security vulnerabilities faster and more accurately. The industry has been talking about building security into the fabric of software forever and now it's finally happening.

  • The future is now. Web3 is emerging as a new technology architecture for decentralized blockchain technologies and token-based systems such as crypto. One finalist offers a security operations center that protects Web3 digital assets. And, of course, we had plenty of representation from companies focused on artificial intelligence and machine learning in response to increasingly sophisticated cyberattacks.

After serving as a judge in this year's RSAC Innovation Sandbox, one thing is clear: The future is bright — and secure.

For more information on the Top 10 RSA Innovation Sandbox finalists, Dark Reading published a comprehensive overview.

About the Author(s)

Barmak Meftah

Co-Founder & General Partner, Ballistic Ventures

Barmak Meftah is Co-Founder and General Partner of Ballistic Ventures, the venture capital firm dedicated exclusively to funding and incubating entrepreneurs and innovations in cybersecurity. Recognized globally as one of the most successful business leaders in enterprise software and cybersecurity, Meftah has more than 25 years of experience building market-leading companies. Prior to Ballistic, he served as the President for AT&T Cybersecurity, a role assumed after the successful acquisition of AlienVault, where he had served for six years as CEO. Under Meftah’s leadership, AT&T established itself as a cybersecurity leader and one of the world’s top-five largest managed security services providers (MSSPs). At Ballistic, he mentors and guides startup CEOs through the complexities and challenges of building great teams and companies.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights