Meet the Dubliner who is the CIA's go-to smart guy for cyber security tech start-ups
Alex O'Cinneide's cyber security VC fund has €320m to invest in start-ups, but Ireland's tech sector needs to up its game
If your tech start-up specialises in some aspect of cyber security and wants to work with, or investment from, the CIA or the US Air Force, Dubliner Alex O'Cinneide is the man you need to talk to. He is head of one of the world's leading cyber security venture capital funds, Paladin Europe which has €320m to invest - a few million of which is money he's made from merging his green energy investment firm Gore Street Capital with Paladin Capital's broader €1bn group of VC funds.
Working alongside the 45-year-old Trinity graduate, who is a native of Dun Laoghaire, are Irishwoman and cyber analytics professor Dr Mary Aiken and several former senior US government and US and UK intelligence agency staff.
The roll-call of heavyweights includes former deputy director of the US National Security Agency Chris Inglis; Richard A Clarke - a former special adviser to the President on cyber security; former GCHQ director and UK security and intelligence co-ordinator Sir David Ormand; and former CIA director James Woolsey.
To give an idea of the doors it can open, last August one of its investee firms, threat intelligence start-up Anomali was backed by In-Q-Tel, a strategic investment firm for US intelligence agencies and also signed a technology development agreement with it.
Another investee, Endgame an "endpoint security platform" signed an €18m-contract with the US Air Force "to safeguard networks for their elite cyber protection teams," who will use its platform to "better prevent, detect and hunt for advanced threats to critical infrastructure".
Being in this network of contacts must make for some interesting conversations given current events in the US.
"We're lucky to have such high-level thinkers. They're constantly looking at what the future cyber security threats could be, and where the gaps might be in thinking and ability in this sector, and that gives us a big advantage," said O'Cinneide.
''The interface with governments is crucial. They're a big customer for these products. Bridging that gap is an important part of what we do. We want to help bring European start-ups to the US, which is the largest market, so that they can grow. We understand the technology and the related R&D, the buyers, the governments and the financial side," he affirms.
The sector is big business. Investors poured over €6bn into it last year. The market is predicted to grow by at least 5pc a year according to research firm Gartner, which forecast that information and cyber security spending will exceed €250bn by 2020. The US government spent over €100bn on it over the past decade, with €13bn budgeted for last year alone.
Microsoft said this week that it will spend over €1bn every year on R&D in the years ahead and according to its data, 600,000 to 700,000 cyberattacks are conducted every week across the globe.
It recently emerged that Lloyds Bank in the UK saw its customers locked out of their online accounts by a cyber attack, and that the ECB is considering stress tests of banks' defences against them. News of them, featuring organisations from the likes of Sony to the US Democratic Party, is becoming increasingly regular.
However, the investment numbers suggest it has become a frothy sector as well. Bigger Silicon Valley VC funds have been chasing investments in it over the past four years in order to diversify. Most large firms have been active, with Accel Partners having backed 17 firms by last summer and Andreessen Horowitz and Intel Capital among the top-five investors.
How does Paladin compare? Last year, O'Cinneide revealed to this newspaper that the firm was running the rule over 20 Irish tech start-ups specialising in this area, but it didn't back any of them.
"That's not unusual, though. It's normal that we would evaluate hundreds of start-ups before investing," he says over coffee in Dublin's Merrion Hotel before he leaves for his London office, from where he manages the firm's investments.
What is he looking for in start-ups, and what are the most common reasons he doesn't back them? "They don't need to have the cleverest technology, but they need to be a clever fit either into the existing market, or else disrupting it completely. What they tend to get wrong is that a product or service might be fulfilling a gap in the market, but they overestimate the size of the market. Investors will see that. The other common pitfall is relying on just one customer as the validation of the business."
Paladin is focused on several aspects of cyber security, he says. "If you think about it, we've benefited enormously from the internet in a very short space of time, and as cyber security threats grow, we're only perhaps now realising the true cost of that. The Internet of Things brings a whole new set of security concerns, so that's one obvious area we're looking at. Blockchain - a system for permanently storing transaction records on networks of unrelated computers permanently and verifiably - is another area of interest, particularly for 'know your client' functions and how it may provide greater security for customers.
"Enterprise IT and its operation of secure transactions is another one. A key one is threat analysis - the use of data to understand what's going on that might threaten a company's IP and operations. It's about how data is analysed, used and protected; how do transactions take place, is it seamless and who is storing data. The final one is how secure information interfaces with genomic or gene sequencing in the diagnostics and therapeutics functions related to health.
"What we know for certain is that there's a constantly evolving set of threats against our personal data and that of corporates and governments. The reaction to that is a set of innovations, we want to invest in that innovation and the market is large and growing. The threat faced by businesses is often existential. This isn't just an IT problem, it's one of which a CEO is now constantly aware."
O'Cinneide and his colleagues look at 20 to 30 potential investments a month and have backed five cyber security start-ups to date, two of which are in Europe. They mainly scout for new investments in Germany, France and the UK, "but Luxembourg and Ireland are also very interesting too, with their large concentration of the finance sector and back office functions, together with a diverse range of tech giants and start-ups".
''Ireland should be marketing itself as a hub for cyber security start-ups,'' he says, but the idea needs to be championed a lot more. UCD's centre for cybersecurity and cybercrime investigation calls itself the leading one of its kind in Europe, but Belfast and London all make similar claims, with Queen's University in Belfast having achieved a high degree of recognition and Berlin rivalling all three,'' he adds.
"We need a joined-up strategy, with a focus on developing talent and skills, then money from investors should follow. You've got common stakeholders: tech giants, the universities, legal, finance and accountancy, with other input needed from the data protection commission. Insurer Zurich has a unit specialising in this in Dublin too. Right now every country in Europe wants to be a hub for it. I recently spoke about it at a conference in Krakow in Poland, and they were keen on the idea too.
"The universities here could do more research, and then it's all about an ongoing pool of maths, computer science and software engineering graduates."
This country has done it before, as we know from the success of the tech sectors in Dublin, Cork and Galway. Dublin's IFSC and more recently the emerging Green IFSC - where he has some experience - are other examples of where it's been done, he adds.
The son of a father who was a writer and publisher and a mother who also worked in publishing, perhaps fittingly enough O'Cinneide began working in start-ups after graduating with a history degree from Trinity College.
"The first was in educational software, at a firm called WBT Systems, I was a junior sales guy and did some tech support. At Kick, a web design firm, I was the boss, but I got to a stage where I decided I needed a bit more stability in my life and on my CV, so I took a job at KPMG," he recalls. "That took me to London and New York; it was an interesting time and I learned a lot working in the areas of strategy, technology and private equity advisory work."
A stint at a private equity firm and a Masters in Finance and another in Philosophy, which he took in London followed before a seven-year stint in Abu Dhabi, to where he moved with his wife and two young children. ''He had an amazing time," heading up Masdar Capital, the green investment arm of its sovereign wealth fund, growing the fund from $250m to $700m, which was invested in wind, solar and waste to energy.
Managing Paladin's renewable energy investments under the Gore Street moniker as well as wearing his cyber security hat, solar, wind and energy storage are its areas of focus. It's about to close an investment in a UK battery installation for peak power for the grid and is looking to invest in an Italian solar farm.
President Trump pulling out of climate change agreements is a huge threat to the sector globally, but it should be safe in the US because of all the jobs it's created, he notes.
Whatever else he and his intriguing colleagues may be saying about Trump we can but guess.
Sunday Indo Business