Events , Next-Generation Technologies & Secure Development , RSA Conference
John Chambers: Navigating Through Cybersecurity Volatility
Architecture Will Trump Products, Predicts Cisco CEO Turned Venture Capitalist Mathew J. Schwartz (euroinfosec) • May 9, 2023The cybersecurity industry is undergoing profound and rapid change, said John Chambers, the visionary former CEO of Cisco Systems who in 2018 turned to the high-risk, high-reward world of venture capitalism.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
While the cybersecurity market has historically featured "similar players, a little bit of evolution," the furious pace of recent changes and surging importance of cybersecurity to business leaders is upending the established order, said Chambers, who's an expert at "navigating through volatility" - to borrow from the title of a book that chronicles his rise from salesman to CEO of Cisco Systems.
"What is different today is you're at a major inflection point where it's not going to the next generation of cybersecurity players," he said. "It's going to go to an architectural play - probably a consolidation within the industry, whether that's one or two of the startups really growing and expanding dramatically or the traditional players expanding their reach."
In this video interview with Information Security Media Group at RSA Conference 2023, Chambers discusses:
- His focus on "logical investments" that address discrete deficiencies he has identified in the market and the trends and technologies he's watching closely;
- The impact of the economic downturn on the industry - and the magic of unicorns.
- The economic, security and defense imperatives for the United States to "take control of our destiny" by leading on the cybersecurity and AI fronts.
Via his firm JC2 Ventures, Chambers focuses on helping disruptive startups build and scale. He also invests in companies across sectors and geographies that are leading market transitions. Previously, he served as CEO, chairman and executive chairman at Cisco Systems during his 25-year-long stint at the company.
Read Transcript
Mathew Schwartz: Hi, I'm Mathew Schwartz with Information Security Media Group, and I'm talking innovation in cybersecurity, and it's my pleasure to welcome to the ISMG studio, John Chambers. John, you're founder and CEO JC2 Ventures. Thank you so much for being in our studio today.
John Chambers: Matt, it's a pleasure! Having been with Cisco for almost 30 years and now we're startup for the last seven. It's kind of an interesting world we live in and I can't think of any topic more exciting than cybersecurity, especially if you combine it with AI today.
Schwartz: Well, you have been addressing or engaging with that. Cybersecurity, in general, the potential, the promise, perhaps the peril with JC2 Ventures. Tell me a little bit about what you've accomplished since its founding.
Chambers: JC2 Ventures, it's my role to do this for the next chapter of my life. I love doing acquisitions at Cisco. We did 180 acquisitions. We were very active in cybersecurity, as you know, acquired eight security companies when I was there. And so with JC2 Ventures, I'm trying to not only create a successful venture fund, I'm really a coach, a strategic partner, a confidant of the CEO's and help them grow and scale a company, especially when they get knocked down. The key areas of focus within JC2 Ventures is the area of cybersecurity, non-cybersecurity companies and eight AI companies. And those were actually blend together over time. And then it's always that, which I do I believe in giving back to society, so heavily involved in French high-tech, West Virginia is a startup state, India is the most strategic partnership to the U.S. So we can go wherever you want from here.
Schwartz: Well, let's look back, if you will - just a little bit - before we look forward. As you said, you joined Cisco, it was back in 1991. Security was arguably a bit of a, not niche, but a technology subtopic? So what is different in the market since then, for you?
Chambers: Oh, it's a great question. I've never had it asked exactly that way. For your audience, I'm clearly buying a little bit of time while I get my answer, just to share some of my secrets. To me, at Cisco, we sold outcomes, not products. And people said, your router company moves zeros and I said, no, we're going to change the world the way it works, lives learns and place. And as you did that with a network, you had to have cybersecurity or security at that time, as part of the structure. Because if you're moving information around, it wasn't secure, your customers couldn't trust you, the consumer, the nation-states cannot. So originally, it was a logical parallel to the network, which integrated nicely with the network itself in terms of differentiation. I would argue fast forward to today. Cybersecurity is different than it was just even two or three years ago. Two or three years ago at this conference, I get asked the question, what's new in cybersecurity or security as a whole. And we're just kind of evolving, it's kind of the same story, similar players, and a little bit evolution. Today, it's changing in a tremendous fast pace. Number one, six or seven years ago, at the World Economic Forum, when I said the only two types of companies in this room, those that have been hacked, and those that don't know they've been hacked. I remember that. And I get it, that they didn't move. And even talking about the importance of security, cybersecurity, two to three years ago, the CEO would say yes, but where the board would say that's kind of interesting. Give us a report once a year. Today, it's going to be mainline, the CEOs in the future are going to get paid on their cybersecurity positioning, the board will be signing off, their cybersecurity is being done well because it is so fundamental to the success of the companies. So what is different today is you're at a major inflection point where it's not going to the next generation of cybersecurity players. It's going to go into an architectural play, probably a consolidation within the industry, whether that's one or two of the startups really growing and expanding dramatically, or the traditional players expanding their reach. But today, most of the cybersecurity companies are still getting 70-80- 90% of their profits and growth from one primary product category. That doesn't work. There has to be an architectural player for cybersecurity to really work in the future. And I think it's up for opportunity for some new players perhaps to disrupt.
Schwartz: You got investments in a number of firms, as you mentioned. How do your investments reflect where you see this market, the biggest opportunities, the biggest potential?
Chambers: So I've been very lucky on the cybersecurity companies because as you know, Matt, startups have a problem every week and every month. At the present time, out of the nine cybersecurity companies, the slowest growing is at 40% year-over-year growth, the fastest to 300%. Your audience knows in cybersecurity depending on how you measure it, it's probably slowing a little bit, probably somewhere in the 10 to 12% year-over-year growth. And the way I do it isn't cybersecurity, it's categories. So I tend to think of it as an architectural play. What is the category that says, where are you in cybersecurity today? Because that's what I want to know, as a CEO. How good is my company in cybersecurity? Are there areas that I'm exposed in? If I spend money in an area would cover that? How much do I need to spend? And I want to be able to both share with my board, but also with myself, that I'm doing logical investments for this market, that doesn't exist before. But a safe security or barbacks do this remarkably, well. Two of the early indicators on where are you, you spend money, how it changed the paradigm. The next thing is how do you prevent the companies from getting broken into and this is where a Purveyor, which is always safe, secure phone in the world, you'll see it adopted by our defense department. You take an Apple phone, a Samsung phone, you put it in the case. And you all of a sudden can allow the warfighter and take that with them on their mission, or to take it into secure environments. And nobody wants to be working in an environment where you leave your phone at the door. Or when you're traveling overseas, protecting our country, to not be able to communicate with your family is really hard. That would be another area, a company like VerseX watch for anomalies in software that are an issue that there's a bug going on there and some shouldn't be done. And they set it down in milliseconds. A company like Pindrop, which does voice recognition to avoid the deepfakes. And this might be, I think, one of the surprises in terms of cybersecurity over the next five years. Your voice and my voice, it sounds reasonably easy to imitate with deepfakes, right? It isn't. Your voice, Matt, has 8,000 samples in it per second, per second that I can do analysis on. Five seconds, 40,000 samples. Five minutes, you can do the math. So you'll see companies like Pindrop, maybe make security, not just cybersecurity, the single sign-on being voice, but also the primary interface to the internet of things. And so all of a sudden, I can say, yes, that was Matt or no, it was not, it was another human. Or wait a minute, that was a deepfake done by machine. And then I can even get the signature of that machine with Pindrop to say this was the engine that did it. So with many of the changes occurring, AI both accelerates the challenges, but it can also accelerate how you deal with them overall. And then you have companies like Rubrik, which do a remarkably good job of recovering from an issue. So you think about ransomware; they're a unicorn many, many times over. They could be one of these companies that maybe help consolidate the industry, we'll see if they want to do that or not. Growing in an extremely good rate. But they basically are able to - when you have a problem to recreate your data and get you back up and running very effectively on it. And then you have companies like SparkCognition, which do literally, cybersecurity defense industry or space, AI for industries as a whole. And so you begin to see AI and cybersecurity actually come together. So we'll see how the companies do. It's a portfolio play for me, but I'm trying to ride that next wave, which I think will absolutely happen with cybersecurity, not to a new generation, but a whole new approach to the market and a consolidation in some ways, and new acceleration of next-generation leaders.
Schwartz: So speaking of the market, speaking of unicorns, I've seen a little bit of economic, you could say hiccups ...
Chambers: Yeah, some pretty good hiccups!
Schwartz: Some pretty good hiccups.
Chambers: And proper burps, at dinner you were satisfied which was very good.
Schwartz: I was trying to keep it you know, okay, a little polite. So, everyone loves to talk about unicorns. What do you think the shake out is going to be both for startups but also for unicorns? And is it going to be a bad shake out? In terms of what the market impact is?
Chambers: So you asked three or four questions, why do people want to focus on unicorns, it's nice to have financial success. But startups really don't generate a lot of jobs and economic longer-term growth until they either do an IPO or become a unicorn. And so measuring the number of those that are in a country, in a state in the world, are very important about technology, leadership and growth. Secondly, within that group there, let's say 1,667 unicorns in the U.S. Let's say China has about a fourth of that. The growth last year in the U.S. unicorns was 12%. China only grew five. India grew more in unicorns last year than China did. And absolute numbers. Four times the growth rate in France, which is a well-kept secret, became the best startup country in Europe for innovation and direction. So on the first phase, you want to make sure that and regardless of how many make it or not you watched the trends. Second part of your question, there's absolutely going to be a breakout here downward, probably a third to half the unicorns will not be a unicorn 12 to 24 months from now. And you will see within that category, that that's actually healthy for the industry long-term. In terms of there's too much free money, people getting evaluations without a clear path to profitability and growth. So I think actually it is even though it's very painful for us VCs and for those companies, it's a logical step. 12 years of uninterrupted economic growth, zero cost of capital - isn't how you should be running your companies, you got to say, how do you position for the future?
Schwartz: I want to shift now to focusing on not just how the market is doing but economic growth and giving back to society? What are you doing on that front?
Chambers: Our industry, if I were to take a step back, during the 1990s, near to years of 2000, most Americans over 90% fail, technology was good for our country. And good for them personally. Today, majority of Americans don't agree with that. And I think some of the large tech companies have misused their position in the marketplace, to focus on economic return at times at the expense of society, and ignoring fair request by government and society, to balance between the economic return, and giving back to society socially. I've always felt, when I was at Cisco, that we owed obligation to do both. And we won every economic award there was to win, Most Valuable Company, Top CEOs, most consistent stock performance you invested as dollar, we got back $15,000 on the stock. We made 10,000 millionaires among our employees in the first 10 years. But we also won every corporate social responsibility award in the world. We went from democratic president and secretary of state to republican president and secretary of state. We won it in Middle East, we won it in China and India. And so I felt that was so important. I think we've got away from that at the present time. And I think part of the blowback you're seeing both politically and then trust is because the industry has not been as predictable and doing what's right for society with equal importance and economic and I'm not asking if the expense of the shareholders, I think doing both together is the right for the future. That's what I'm doing as well. I'm giving back to my home state of West Virginia, becoming a startup state. And for many of you that might think of West Virginia as number 45-46-47-48, most categories. What is the number three startup state in the U.S. today? West Virginia grew 90% last year versus industry average of 27. What has the lowest unemployment in his tracking history? West Virginia. We are number six in GDP growth behind Oregon, we've attracted $6 billion projects into the state and we have another five to six in the pipeline. You normally get a billion dollar project opportunity once a decade, we've done six in three years from the Berkshire Hathaway Energy to the LG Electronics, the energy Bill Gates projects, Hyperloop, and others. And so its ability to create a startup state and the jobs and do this inclusive, and give it back to society. Same thing I'm trying to do with President Macron in France, which is ad tech ambassador, but really want France to be the example which it is become of a innovative country that is good to do business in startups. And they by the way, are growing faster than any other nation in Europe. And the unicorns at the present time is an example. And then India, which is at the success rate of the world. I mean, Prime Minister Modi built a digital agenda for his country digital manufacturing, focus on the environment startups all 28 states, driving it through very successfully for it, and they will be the fastest growing economy for the next decade. And probably beyond that, and the most important strategic ally for the U.S. are both economically militarily joint success between our countries.
Schwartz: I think your enthusiasm speaks to my final question for you in advance. But just in case, with a stellar career that you've had, with all of the accomplishments that you've achieved, both in terms of how you've driven your organizations, how you've given back. What most keeps you in the game today?
Chambers: You know, it's a great question. And what keeps me in the game today most is I love what I do. I have a desire to do this one more time, change the world one more time. We did with the internet. I mean, it changed the way you work, learn, play and learn. We did it in a way that was good economically but also good for society. And we gave back on a very large terms in terms of the global economy to do that, again with startups. And I think startups will be where the job creations occur in the U.S. or Europe or Asia. Very little, total incremental jobs are coming for the large companies. It will almost all be the startups and companies getting bigger. So to have economic growth around the world, you've got to have a startup economy around the world. And in the U.S., it can't be just in Silicon Valley and Austin and Boston, Atlanta, it's got to be in all 50 states. So to do that, again, will be fun. But also, I love problems. To coach young CEOs and watch them develop and build culture and the success and share it with employees and give back to society and become unicorns. And beyond that, that is a rush. And I've seen every movie there is to see. I've messed up everything at least once. So I'm able to say, you might want to think about doing this a different way. But to do that, at this stage in my career is an honor. And hopefully I do a good job for these companies. The last part is I'm a dreamer. But I know how to make dreams come true. I think we're not dreaming big enough as a nation. I think we've got to have the courage to take control of our destiny because there is no entitlement. And we've got to lead both in cybersecurity and AI for our country to achieve this economic future and our security future from a defense perspective as well.
Schwartz: John, thank you so much for your insights, your energy, your enthusiasm and your impact. And thanks so much for being here today.
Chambers: Matt, thank you very much.
Schwartz: I'm Mathew Schwartz with Information Security Media Group. Thank you for joining us.