How XM Cyber, cybersecurity startup, raised USD 22 Million

When XM Cyber raised USD 22 million as part of a Series A round featuring several parties including Macquarie Capital, Nasdaq Ventures, Our Innovation Fund, and UST Global, they were able to expand their footprint through finding new ways to fight cybercrime.

Their unique method of automating red team activities to continuously expose areas of weakness in an organisation means their clients are always one step ahead of cyber-attacks.

Sitting across from two cybersecurity experts from Israel now based at Stone & Chalk, Adi Ashkenazy, VP Product of XM Cyber, and Shahar Zini, Chief Architect at XM Cyber, they share how they raised capital.

Meeting 8 years ago, Adi and Shahar worked together in Israel before immigrating to Australia and beginning their journey with XM Cyber.

Adi says, “Two and a half years ago, we were sitting in a room with a whiteboard and were trying to figure out what the hell we’re trying to do in cybersecurity. Seeing the startup develop was like seeing a child grow. It’s pretty awesome.”

Shahar explains the core purpose behind XM Cyber, “We’re trying to answer the question, am I secure? Is my network protected? We built an automated red team machine, which basically means that you can define risk scenarios in which virtual attackers are trying to infiltrate your network and compromise your critical assets.”

“If we can concentrate on the things that hackers will likely target in your environment, we can better utilise the money and effort that the organisation has dedicated towards security into a more focused approach.”

Adi explains that many cybersecurity efforts today are manual, which means organisations attempt to identify its main vulnerabilities across a number of systems and networks without using automation. This manual process is error prone, especially when dealing with large networks.

XM Cyber is approaching this challenge differently. Instead, XM Cyber provides a fully automated platform to continuously expose vulnerable areas to ensure organisations can have the upper hand.

Adi says, “This doesn’t mean that there’s no use for human beings. You need humans for the creative aspect of cybersecurity assessment. But, when you combine that with a machine that takes care of the scale, and the continuous nature of testing, that’s where innovation comes in.”

XM Cyber’s state of the art technology thinks like a hacker, Adi explains, “If I were a hacker, I only have to be successful once to compromise a network. A company on the other hand has to be successful 100 per cent of the time.”

So, how did XM Cyber raise USD 22 million?

Adi explains that opportunities came from a variety of places, “I received an email one day from Stone & Chalk asking if I could be on a panel at a conference about a year ago. After the panel, I was approached by someone at Macquarie and he said that what XM Cyber is doing sounds fascinating.”

“We later met, and a few months later I got a phone call and Macquarie explained they were excited not just as a customer, but were letting the Macquarie capital fund know about this opportunity.”

Adi explains that as with all business deals, it starts with a conversation involving multiple stakeholders. There was an opportunity for us to show who we are and prove that we can add value.

What are investors looking for?

After raising funds, Adi and Shahar have picked up a few lessons from what investors are looking for. They explain that the first thing investors evaluate is your team.

Adi highlights, “Being part of a startup, you also have to be an expert in your domain. You have to have good coverage of both technology and business in the core team,”

“You have to show your bootstrapping ability, the ability to run by your own skills.”

Something both cybersecurity experts learned in the overall investor process was that it’s all about people.

“Eventually a company invests in people. They don’t invest in an entity. It’s about people investing in other people. It’s a process and it takes time, you have to be patient and make sure you’re able to show traction,” says Adi.

Adi reflects, “I think that investors are looking for those quick selling points. When you pitch to them, I always think about how they’re going to talk about you when you’re out of the room. What are they going to say when they want to convince their friend to come along.”

Where to now? Adi and Shahar say they’re now in scale-up phase with paying customers, having shown that the product gives value, and are now focusing on building a whole network of paying customers.

Adi states, “One of the key aspects of growth for the future is how we partner with existing large organisations who can take our technology to additional markets.”

With headquarters in Israel, they currently have a presence in the U.S., Australia and the UK with plans to expand to other regions.

Adi says that most of their R&D is done in Israel, and product design and system architecture is done in Australia.

“We’re enjoying both worlds,” Adi reflects.

Adi concludes, “Never say no to an opportunity, you don’t know what’s going to come out of it.”

XM Cyber also participated in the launch of the NSW Government’s Cyber Strategy in December 2018, collaborating with Stone & Chalk and With You With Me (WYWM) to host a Cyber Battle, allowing novices and professionals compete alongside Aussie Veterans.

As of late March 2019, Adi Ashkenazy was appointed CEO of Skylight, still based at Stone & Chalk. Likewise, Shahar Zini was appointed CTO of Skylight. Skylight will work alongside XM Cyber as a business partner. If you'd like to get in touch, please contact info@skylightcyber.com

26 March 2019