Top Israeli VC talks cybersecurity, diversity and ‘no go’ investments

It’s no secret that Israel is second only to the U.S. for its leading cybersecurity acumen, talent, startups and successful exits.

Israel is a powerhouse in both offensive and defensive cyber operations, with cybersecurity giants CyberArk, Check Point, and Illusive Networks all founded in the country in recent years. For more than two decades behind the scenes and powering some of the country’s largest cybersecurity startups was Jerusalem Venture Partners (JVP), a major venture capital firm in the region with more than $1.4 billion raised to date.

Now, the firm is pushing further into the early stage cybersecurity space. With a $220 million fund dedicated to early stage and pre-seed companies, the venture capital firm has expanded to New York.

Erel Margalit, JVP’s founder and executive chairman, spoke to Extra Crunch about why New York is a prime location for early-stage cybersecurity startups and how Israel became an incubator for some of the world’s biggest cybersecurity companies.

We also discussed why diversity is critical to his firm, how he separates fact from fiction in the security world, ethical investing, and which kinds of companies he would never invest in.

This interview has been edited for clarity and length.

TechCrunch: Tell me a little about your firm and your current work on early-stage investments.

Erel Margalit: I established JVP 25 years ago. A lot of what we were doing in the beginning was taking defense-related technologies, like wireless and fiber optics and large data systems, and transforming them through the communications world into the commercial world. Now we have 14 companies — some of which have been very successful. We’re now at a different stage where we’ve partnered with New York City to create the biggest hub in the city for the next generation of companies — the sorts that are scaling up with solutions that are not necessarily the big solution today,

Israel as a cybersecurity powerhouse

You’ve seen three or four really successful exits in the last few years from former startups you’ve helped to build out. What does the formula look like that results in these successful exits?

One of the things that we’re trying to do with second-generation entrepreneurs is we’re saying, instead of building a company to be sold for $250 million, why don’t we build a sales organization that would reach $250 million in a few years and instead build a very significant robust sales and marketing organization?

Israel has big ideas, but we’re small country. That’s why North America — especially the U.S. — is a key first go-to market. But it’s not always easy to get it right when you’re trying to get into the U.S. and scale in a big way. However, if you are successful, a lot of Israeli companies are also able to sell into European countries and Asian countries. And so what you get is what I call a “mini-multinational,” which is a small organization that’s able to get its first customers in a bunch of places around the world. So — go forward, and then build a sales and marketing organization that is just as strong as your research and your development organization.

Israel has a conscripted military — one that invests heavily in both cybersecurity and offensive cyber capabilities. That’s one way Israel got a considerable amount of cyber talent in one place. But what else contributes to Israel’s ability to create so many strong cybersecurity startups?

Israel needs to be as strong as the seven countries around it. And the only way to do it was through technology. Cybersecurity today is one of the main means of technologically understanding what’s going on. There are state-backed cyberattacks happening all the time — they’re attacking utilities, they’re attacking the banks, but what’s going on now is they’re also attacking democracy and the individual’s rights for something that’s becoming a national issue. The British didn’t have a fair election on Brexit. The same thing happened in the United States.

I think that a lot of us understand that from just protecting large organizations and countries. Now we’re moving to protecting individual democracies and our free way of living. Everything is online. Everything now is penetrable. And if you don’t have the next-generation of strategies, you’re not going to not going to be able to continue to operate.

On the New York hub

The cybersecurity hub in New York clearly means a lot to you. Why did you choose to build a hub in New York and not somewhere else in North America?

I love New York. I got my PhD at Columbia University, and I saw the city attacked on September 11. New York is the business center of the world. The business city of the world can bring the biggest solutions in technology — especially cyber — to defend itself. When it partners with a startup nation like Israel, it can give the west coast of run for its money because New York has scale.

It already has Google, Facebook and Microsoft. But they need a very strong, young, dynamic startup environment in order to take advantage of everything that’s going on. It needs Columbia University — a partner of ours. It needs Cornell, it needs the City University of New York (CUNY), and it needs New York University. It needs to have the students in the universities not be introverts, but extroverts, with technology who go out of the campus, interact with each other, interact with the large players in the city, like the big media and the big banks. We have more than 600 Israeli startups in New York — the city is one of these international centers where, because so much of the technology is coming from Israel and Europe and as well as the United States, it could really thrive.

Erel Margalit, JVP founder, at the New York Stock Exchange on July 16, 2010 in New York City.

How have the numbers grown over the past year since the hub’s been active in that and how are you measuring it success?

We have 15 companies move into the hub, and each of them have at least $10 million of annual recurring revenue — and a lot of them have more. They’re growing like crazy, and they’re hiring people like crazy. They’re building a sales and marketing organization across the U,S. and not just in New York. But New York is sort of a place where they have an identity. New York can’t work on its own. New York needs to be humble and hungry. It needs to give the younger people a chance to come into the city to make a difference. Most of the innovation will come from people who don’t have money have an idea, right? They have an idea they and they need to be incentivized to create their next big thing.

Making defensive, not offensive cyber investments

Is there a line in the sand for you in terms of companies or industries that you would not invest in?

I think that now the line is to be drawn where people — and democratic countries — are using cybersecurity and technology in order to protect individuals, and not to track them. Cybersecurity on a larger scale has to involve trust and sharing information in real-time. People who violate the code of ethics and tamper with elections by a state-backed threat that targets groups of civilians? These are not countries that we can cooperate with. And so I think that’s where we draw the line. It’s important to draw the line because there are a lot of capabilities in cybersecurity. You want to make sure that they used to protect people, and not to spy on people.

Israel has at least one big big surveillance company — the NSO Group — which, as you know, makes mobile spying software used by governments to snoop on people. What’s your position on these kinds of offensive security companies?

We would only invest in defensive companies. JVP an ethical code. And we don’t give offensive tools to government or large organizations.

Are these companies — ostensibly cybersecurity companies but more akin to government contractors — a necessary evil, or are they causing more harm than good?

The U.S. and U.K. governments are, by and large, trusted. They need to use all kinds of strategies to defend the country. That’s something that countries need to do for their survival. Governments that we trust — the same governments that we hope have the right ethical conduct — will use some of these mechanisms. But I don’t think this is something we should invest in as a private company. We should invest in defense strategies.

Prioritizing diversity

I noticed on the leadership page on your website that you’ve got 13 men and nine women, most of which are in senior leadership positions. That’s a very close ratio in terms of gender balance. Just last week, I criticized a pretty sizable cybersecurity startup for having only men on their leadership pages. Is this kind of this diversity push something you’re keen to stress them on companies that you invest in?

Absolutely. I have three daughters. They all served in special forces in the Israeli Defense Forces during their mandatory service. I see how hard it is for women in the technology realm in general, but specifically in cybersecurity. I’m seeing just as incredible brilliance from women as I do from men. JVP has the same number of women partners and men partners. I think that’s the way of the future. I think it’s I think it’s the best way to grow an organization.