An Origin Story
I am an investor in Symmetry Systems and a co-founder of Prefix Capital. At Prefix, we invest in early-stage deep tech and infrastructure startups that utilize transformative technologies to solve big problems facing our world. I’m an unapologetic generalist and have led investments in industries such as AI, biomanufacturing, energy, semiconductor, and cybersecurity.
Developing Thesis. Planting Seeds.
Back in 2016, fresh off my second exit as a deep tech founder, I joined Owen Van Natta’s family office. I was networking fervently to learn the venture business and lay the plumbing to generate the coveted “proprietary deal flow” I had heard so much about. I was also crafting my early investment theses. One concept I was iterating on was, “automate the data, eliminate the service”. The thesis was: if you could properly automate the data layer of a business, you could reduce bloating software stacks and kill unnecessary services businesses masquerading as enterprise products. To put this thesis into action, I primarily deployed capital into early AI automation companies spun out of university research.
At SXSW that year, Brett Paulson, a co-founder of my first startup, and Dr. Sriram Vishwanath, a UT Austin research professor and angel investor I knew, introduced me to Casen Hunger, a young prodigy PhD student at UT. Casen was working on a data-centric security startup called Privasera (‘s’ not ‘c’). He was friendly, brilliant, and from what I gathered, a monster coder.
I soon met his co-founder and professor, Dr. Mohit Tiwari. Mohit was incredibly articulate, had profound thoughts about the future of data and data security, and his research in the area was brilliant. We spoke for hours about trends in data, ranging from highly theoretical constructs to pragmatic cyber risks facing the industry, including: rampant and blind use of third party APIs, fast product iteration with lean decentralized teams leading to security vulnerabilities, the struggles of small teams (some with large customer bases and revenues) managing cybersecurity and compliance without a focused team or CISO, and the increasing use of third parties, often in the form of contractors, that were accessing more of a company’s sensitive data.
The Seed Investment
Privasera evolved into Symmetry Systems and Mohit and Casen made the leap from academia to the private sector, as so many of our founders do. In parallel, Owen and I evolved our deep tech work at his family office into Prefix Capital and continued investing across early-stage deep tech companies. When Mohit and Casen began raising their Seed round, they naturally reached out.
In Symmetry’s oversubscribed Seed round, I had the fortune of meeting and investing alongside Will Lin, a co-founder and partner at ForgePoint Capital. If you’re in the cybersecurity industry and haven’t met Will yet, you really need to meet him. He has a massive network of CISOs and security experts who respect him, knows the cybersecurity industry inside and out, and is incredibly thoughtful- and he’s a foodie to boot. After the seed round, we brought on Jon Gelsey as an independent board director. Jon was CEO of Auth0 (a product all my startups used adamantly) and Xnor (bonus: I have someone to swap Apple war stories with). He is a veteran operator, highly technical, and one of the best 0-to-100 minds I’ve ever met.
When we started the Symmetry journey, there was no Symmetry-sized hole in the Gartner market landscape. There wasn’t even a Gartner Hype Cycle declaring that Data Security Posture Management (DSPM) was a thing. Instead, an early community formed around the company which enabled us to recruit amazing technical talent, build a strong culture focused on customers and solving hard data-centric problems, and capture insightful partner feedback. This resulted in a powerful inaugural product, Symmetry DataGuard.
Symmetry would later be recognized as a Gartner Cool Vendor for the new DSPM category. That was great, but would bring in a flood of copycat companies. It’s worth mentioning here: Symmetry has been doing much more than DSPM for years; DSPM is table stakes in data security.
At the start of its product-market fit journey, Symmetry quickly learned from its customers that there were no easy answers to doing data security right. A successful product requires a long tail of challenging features including, but not limited to:
- Be able to run in-cloud across all the top cloud environments, including AWS, Azure, GCP, and on-prem
- Get installed in less than an hour and show immediate results
- Be intuitive to use for more than just CISOs and security experts, including compliance, DevOps, and cloud teams
- Deliver exhaustive data visibility, useful insights, and answers to varying data-centric business problems
- Enable CISO’s to take the appropriate actions at the right time – automatically and without sacrificing precision or generating overwhelming noise
That meant DataGuard had to accurately analyze billions of data objects that vary across industries and across systems, and then tie them back to dynamic identities through complex permissions and billions of operations. From just the data object level, DataGuard needed to find and protect unique, crown-jewel intellectual property (such as sensitive genomic data at a leading biotech company) and monitor who is accessing data and when they are accessing it. (Note to Symmetry’s competition: that’s way harder at scale than identifying social security numbers and phone numbers.) The Symmetry engineering team has had to continuously figure out the perfect mix of AI, algorithms, and heuristics to ensure DataGuard works at scale in the real world.
Symmetry continues to learn from its customers every day and continuously rolls out new capabilities that solve their toughest data security challenges.
Scaling In the Real World
Did a product this complex actually work at launch? In the beginning it wasn’t pretty, but yes. We definitely broke a lot of MVP rules and there were a lot of stressed-out executives and exhausted engineers who made it happen.
In fact, sometimes DataGuard worked too well! In our early POCs, we’d have to carefully show customers they had concerning levels of dormant data, sensitive PII sitting in unknown places, contractors who no longer worked for the company who still had dangerous access privileges, development environments exposed to the world, compliance breaches, and much more. During readouts, we’d generate reactions from security executives like, “What the hell is that?!” We once had a CISO from a large company adamantly claim we must have a bug in our readout because it didn’t match their system data. We had to show the executive that their current stack had been misrepresenting their data – probably for years. Another time, we discovered an attack happening in real-time during an assessment!
Symmetry has been fortunate to have great early partners like Trace3 and Accenture to help scale the company. These large, influential firms took Symmetry under their wings and spent real resources to deploy DataGuard. Accenture liked Symmetry so much, they even invested in the company.
As with all things enterprise software these days, Symmetry has seen *so many* competitors come rushing into the space. The website has been cloned and language “borrowed”. Some companies have tried to copy DataGuard point blank. Some competitors have now raised huge sums of capital to chase the DSPM dragon and “be the next Wiz”. Symmetry continues to stay heads-down and march its way to becoming the go-to company for data security, alongside delighted customers and partners.
Prefix is proud to continue to support Symmetry Systems as both a Seed and follow-on investor. Like many of our portfolio companies, Symmetry is a product-first company that has customers at the core of its being. The technology is best-in-class and the roadmap will continue to push the limits of data security and automation. The end result will be safer, more agile organizations and equitable access to advanced data security across industries – no matter if in the private or public sector, no matter if big or small.
Shameless plug to all the CISOs and organizations out there looking to bolster their data security: If you haven’t yet looked at DataGuard or spent time with the Symmetry team, please do so. At a minimum, you’ll get to meet data security experts who deeply care about your problems and see a powerful battle-hardened data security platform in action with DataGuard.