Rick Gordon

Mach37 Managing Partner

Advice to early-stage cyber startups

August 8, 2013—The CyberWire interviewed Rick Gordon, Managing Partner of the Mach37 cyber security business accelerator in Herndon, Virginia, USA, in New York City during SINET's 2013 Innovation Summit. He shared his views on the role a business accelerator can play in helping an entrepreneur build a cyber security start-up.

The CyberWire: So, how would you describe a business accelerator?

Gordon: We focus on very early-stage cyber companies. Through the CIT GAP Fund, we offer an initial investment of $25k to help cover an entrepreneur's expenses during our three-month program. During those three months, we work with the company to answer three critical questions tech start-ups can tend to overlook: 1) What business problem are they solving and is there an attractive market? 2) Is the problem being solved uniquely by them? and 3) Who would buy the product, and at what price? Once they get through the program, if certain milestones are met, the CIT GAP Fund will offer an additional $100k in additional investment.

The CyberWire: What do you try to get from a start-up's prospective customers?

Gordon: We look for unambiguous market validation--willingness to alpha test, beta test--and we also look for an interest in buying the product at a realistic price point. Taking market risk off the table for investors will be reflected in significantly increased valuations of our companies by the end of the program.

The CyberWire: Some incubators merely offer low rents or even free occupancy for surplus office space, and that kind of hoteling's clearly not what you're doing.

Gordon: Right. While we do provide them with operating space, our process is consultative, bespoke and intensively focused on creating value for the entrepreneur.

The CyberWire: Will you take an equity stake in the companies in your portfolio?

Gordon: We will—a 7% stake is our model.

The CyberWire: What would you like prospective cyber entrepreneurs to know?

Gordon: Since we're meeting on a university campus, and have just heard from panelists who know something about the challenges of transitioning technology from universities to markets, I'd like to expand on some themes they've already sounded. Developing an enterprise security product takes more investment capital than most of them think. In particular, we often have discussions with academic researchers who can be a little naïve about what it takes to deliver to market a product that is reliable, easy to use, and easy to deploy and upgrade. In general, they assume that R&D-oriented funding (SBIR grants for example) is adequate. The best they can expect from those sources is a working prototype, but that's not the same as an enterprise-ready product.

We see a variation of this with small consulting shops as well, where they see a need they think they can address with a product, but then elect to invest cash flow from services instead of raising adequate capital. This greatly lengthens their development process, and inevitably, they find they're not quick enough to market--someone's beaten them to it. Service-oriented businesses often fail to realize they are usually competing against time.

The CyberWire: Is cyber different from other technology sectors?

Gordon: In some ways it is. The cyber entrepreneurs usually aren't twenty-somethings writing mobile apps. There are some twenty-somethings, but they're not typical. Typical cyber technologists are older with significant domain expertise. However, with that age and experience come added responsibilities--family, financial commitments, and so on--that stereotypical twenty-somethings do not have. We have found these responsibilities often make it difficult for cyber technologists to take the leap into entrepreneurship and we are focused on making that leap easier.

The CyberWire: As you work with entrepreneurs and the venture capital community, how would you like to see their opinions and ways of doing business evolve?

Gordon: I'd hope to see VCs realize that it's not necessary to get cyber security start-ups in our area to relocate elsewhere. We see this too often as a condition of investment where VC's, on the West Coast for example, expect a company to pull up stakes and head for Silicon Valley. It's unnecessary, and counterproductive given the rich density of cyber security expertise that exists in the Virginia-Maryland-DC region. And, it's particularly difficult for entrepreneurs who are more mature and are already integrated into their communities.

We also hope to collaborate more with our colleagues in Maryland and DC in this regard. While we are a part of the Virginia Center for Innovative Technology, I don't view similar efforts in Maryland and DC as competitive. Sometimes I see a misguided parochialism between Maryland and Virginia, but it's my belief that developing the cyber economy in either state is mutually beneficial.

I'm hoping, by the way, that the SINET 16 event helps foster some of these changes.

The CyberWire: Thank you, Mr. Gordon.