MVL Partner Keith Rosema recently had a chance to sit down with Nancy Wang, Venture Partner at Felicis Ventures, and Technical Advisor to MVL. The conversation revolved around entrepreneurship and data security in the new genAI-everywhere world.
Keith: Hi Nancy. You have an incredible background, spanning scaled computing, data security, and healthcare. You've led product and engineering at Amazon, Google, and unicorn startups like Rubrik in Silicon Valley. Now advising growth companies and investing. How did you get here? What inspired you? Any surprise turns?
Nancy: When you put it that way, it paints a more intentional picture than I had in mind. For me, it was happenstance, which is when you say ‘yes’ to unknown but exciting opportunities. Uncomfortable experiences shape who you are. As a growth-oriented person, I focus on growing myself, skills, empathy, and leadership.
I chose a different path from my peers at Penn and Wharton, opting to join the U.S. government right after graduation. I knew from an early age that I wanted to make an impact with technology. Joining the team behind healthdata.gov fulfilled that vision. Todd Park's idea of "data is power. Knowledge is power." resonated. Empowering Americans to analyze healthcare data became a mission.
Later, a mission-driven role at Google Fiber aimed to bring connectivity to lower-income neighborhoods. Launching in cities like Kansas City, Nashville, Atlanta, Raleigh Durham, and Provo, I felt the impact on communities.
This led to a focus on managing and securing data from networks, machines, and healthcare. For almost a decade, I've been in data protection and security. Starting with Rubrik, a leading data protection solution for hybrid and pure cloud, I moved to AWS with a similar focus on securing critical data.
Today, as an angel investor, startup advisor, and venture partner at Felicis Ventures, I evaluate opportunities based on data, mission, and impact. Our bets include Canva, Cruise, and Flexport, and we continue to invest in infrastructure and security, areas I'm deeply connected to.
Keith: You've emphasized data security as a key thread in your journey. Could you delve deeper into why you became so interested in data security and what has kept you engaged?
Nancy: It's all about personal fit. I recently had lunch with Clint Sharp, the co-founder and CEO of Cribl, who wrote a compelling blog on founder-market-fit. The reason why that’s so important is that if you go into a space you know well as an entrepreneur, you have an advantage: sector expertise, customer rolodex, and hiring top talent because you’re already well-known in that industry. While we often discuss product-market fit, personal fit with a market is equally crucial. Some succeed in jumping into new spaces, but I believe in building on experiences and domains I have affinities for.
Obviously, for me that includes data storage, part of networking, data protection, compliance, audit, and data security. I stick to those areas because it’s great to be able to have a special sauce or an edge to things. The edge comes from you having contacts in the space and because you've worked in it before. It comes from having knowledge that someone can't simply gain from reading product documentation or talking to a handful of people. It really comes from knowing the trends, knowing how the market is shifting. The more time you spend in an area the more insights that you'll have and the more special sauce that you'll have.
Keith: I've noticed a recurring theme in your career—time at Amazon and Google, yet a continuous gravitation towards startups. From Rubrik to government work, and now back to startups. What is it about startups that excites you?
Nancy: It's all about the focus on innovation. As I approached my five-year milestone at AWS, reflecting on the early days was crucial. The startup environment offers a unique experience, starting with the classic two-pizza team and the uncertainty of service viability. Even in AWS, despite having funding, everything is on the table—from finding product-market fit to attracting customers. In the early days, there's no automatic sales, BD, PMM, or marketing team. My team navigated all these functions without dedicated staff. It was challenging, but it was incredibly rewarding, serving some of the largest Fortune 500 customers. As things reach critical mass, different skill sets come into play. Operating a tier-one global service across 30 regions worldwide, ensuring it's always on, especially for data protection, is a different challenge.
Transitioning from large institutions to small ones, my focus remains on being entrepreneurial and driving innovation, albeit in a different context. That journey—from big to small institutions—is rooted in the joy of building and innovating.
Keith: Shifting back to cybersecurity, what do you perceive as the new frontiers in cybersecurity? And where do you see startups currently adding value?
Nancy: I approach it from two angles. Firstly, the use of generative AI is disrupting traditional security processes. Imagine a team of security analysts in a command center interpreting signals to identify potential compromises or unpatched resources—similar to a doctor diagnosing a patient based on medical images.
Generative AI is fascinating because it can quickly build pattern matching by analyzing vast amounts of signals and data, leveraging transformer models. This disruption is evident in security automation, incident response, and response management. The possibilities are extensive, with opportunities to explore different aspects.
The second perspective involves marrying generative AI with security. For instance, models writing code can provide a managed end-to-end experience, but it needs to be error-proof. Coordination across multiple large language models (LLMs) introduces risks, reminiscent of the traditional concept of application security.
In the realm of application security, understanding API access, authentication, and authorization is crucial. Similarly, with generative AI, it's vital to know what agents have access to. Writing on frameworks like LlamaIndex or LangChain may inadvertently create security issues if these frameworks have unintended permissions to different systems or data resources.
We're in the early stages, and these technologies might lack some enterprise features expected in a modern orchestrating platform. However, there's immense opportunity in applying traditional application security principles to AI applications as these technologies evolve.
Keith: Your point about the maturity of tools is crucial. Breaking into the cybersecurity space as a startup can be challenging due to the high performance bar, especially when dealing with sensitive customer data. Do you have insights or advice for entrepreneurs looking to enter the cybersecurity field and grow their companies?
Nancy: Absolutely. Consider a company like Codified from MVL's portfolio, founded by Yatharth, addressing an adjacent problem. It focuses on granting permissions to different data stores, a critical aspect of security as many breaches originate from identity issues—incorrect access or over-access.
The key is finding the initial wedge. Take Dig and Wiz as examples in the data security realm. Despite now being behemoths, a few years ago, they were just starting. Both offer DSPM (Data Security Posture Management) solutions, addressing questions like: "What is happening to sensitive data in my environment? Who has access to it? How am I managing it?"
For an independent data security vendor, the decision point is crucial. Do you align with a big vendor or explore innovative data supply chain companies? Identifying the initial insertion point is essential. If a customer already uses Wiz, is their data security offering sufficient? It may be, but requirements and specific needs vary. Making the decision easy for customers involves offering something unique, excelling in an aspect better than anyone else in the market.
Keith: Cybersecurity spans across various industries, touching healthcare, finance, infrastructure, supply chain, retail, and beyond. Are there specific verticals or fields that you believe are underserved by data security products, offering potential for new market entry?
Nancy: It's a challenging question. The first generation of data security was designed for a cloud-native world predating LLMs and generative AI. Now, I see emerging companies addressing specific problems within generative AI security. For example, solutions that sit in line to an API server, blocking unauthorized access or requests fetching data from sensitive stores.
The question for the future is whether this becomes a standalone market or requires platform integration. I lean towards the latter. While it's fine to start as a focused company, owning the initial customer experience in securing models, the next step is crucial.
Building a platform is the trajectory that made Rubrik successful. The initial product focused on VMware backup and recovery, not the most glamorous, but it served as a necessary wedge into Fortune 500 environments. From there, they expanded into V2, V3, and eventually the cloud SaaS version, owning the entire customer data protection experience.
I encourage founders to think beyond their current success. If this is your expertise, what's your next act? Cribl is a great example, expanding from streaming products to launching a new search product. As they grow, it will be fascinating to see how they evolve into a platform.
Keith: I recently saw your post on LinkedIn about AI on the edge, a fascinating space. With the move of large models to the edge and the development of edge computation, do you foresee new forms of data security emerging?
Nancy: Absolutely. This aligns with Felicis' investment thesis in edge databases and edge caches. As more data is generated in locations without a data center or direct connection to hyperscalers like AWS or Azure, challenges arise. Connectivity might be expensive or cost-prohibitive, especially for data like constant streaming oil well images. Processing and sending such data to a core data center incurs high egress costs, making it inefficient.
These scenarios create opportunities for startups to offer cost-effective solutions, leveraging their agility to execute faster than larger players. The evolving landscape of hyperscalers and their current focus opens a window for startups to address specific challenges in AI on the edge.
Keith: It's evident that you're not only deeply involved in startups and data security but also committed to giving back. You serve on the advisory board at U-Penn for engineering education, advise entrepreneurs at Felicis, and founded the nonprofit Advancing Women in Tech. What do you believe individuals in the tech community, like those at MVL, can do more to enhance diversity and the success of diverse founders?
Nancy: Diversity is something I reflect on often, especially in my portfolio, where I focus on deep tech, including non-diverse fields like space tech, defense tech, infrastructure, and security. Recognizing the challenge, I make a conscious effort to allocate a significant portion of my portfolio and time to coaching and mentoring women founders—acknowledging the imposter syndrome and biases they face.
The key is personal commitment. Whether it's dedicating 10%, 20%, or any amount of time, making a pledge to give back to underrepresented groups is crucial. I must highlight the incredible team at Advancing Women in Tech, not just myself. With an exceptional board, we partnered with the U.S. State Department to provide real-world product management specialization to 75 women entrepreneurs, leading to impactful outcomes.
By continuing such efforts, sowing seeds, and supporting underrepresented founders, we can gradually see meaningful change. The technological wave, especially with generative AI, creates opportunities for a more diverse range of founders. It breaks down traditional barriers, allowing individuals with industry empathy, even without an ML PhD, to initiate their ventures more easily. This shift is promising and has enabled more underrepresented founders to start companies using GenAI. Let's hope this trend persists and grows.
Advisor Spotlight is a blog series by Madrona Venture Labs showcasing the diverse and impactful contributions of our limited partners (LPs), technical advisors, and network leaders in the investment landscape.To learn more about MVL, read our manifesto and let’s build a company together.
We are with our founders from day one, for the long run.