|Home - CEO Spotlight - Nov 02 Issue
CEO Spotlight: Bob Walters, CEO, Stratum8 Networks
By Angel Mehta, Sterling-Hoffman Management Consultants
Bob Walters flew a fighter jet for 10 years before jumping into the enterprise software business. After stints at the likes of Informix, Red Brick, and Securant, he assumed leadership of Stratum8, a security software startup that managed to secure financing from the likes of New Enterprise Associates and BA Venture Partners in February of this year. In a candid conversation with Sterling-Hoffman’s Managing Director Angel Mehta, the former U.S. Marine Corps Officer shares insight on leadership, raising capital, and being a first time CEO in what continues to be a tough market for Silicon Valley startups.
Sterling-Hoffman: Where does the name Stratum8 come from?
Bob Walters: The company was founded in Q1 of 2000 during the days ‘when all things were possible.’ The founding team was this exceptional group of senior technicians and senior software people; their vision was to change the way the Internet worked and they developed the software foundation for a family of appliances that operated at what they called ‘Layer 8.’ Let me explain further. The Internet is defined on the OSI as a 7-layer model that starts with the physical layer, the actual wires and then builds up to the application level. This Layer 8, also known as semantic processing, looks at the meaning of application data and code, in much the same way a compiler would. So the original notion of the company was to change the Internet by offering a family of routers, switches, load balancers and security devices that operated at Layer 8. Later, we identified web security as the key market where our team and technology could have the most impact and we now focus solely on that space.
Sterling-Hoffman: What is unique about the technology relative to other security start-ups?
Bob Walters: Roughly 80% of the work that’s done in security today is classified as ‘Network Security.’ Network security deals with the individual packets that run on the Internet, and so today’s firewalls and the IDS’s are looking mainly at single packets at a time and at IP addresses. These devicess ask questions like: Where is this from? Where is it addressed to? What kind of packet is it? And then making decisions on whether the answer is ‘good’ or ‘bad.’ We, at Stratum8, turn individual packets on the Internet into 30 or 40-packet streams to reconstruct the bidirectional conversation between the Web server and browser. We parse that entire stream; we’re looking at every byte in the stream just like a compiler would. So it’s a very different level of processing. Gartner estimates that 75% of today’s web vulnerabilities occur at the application level and firewalls leave the application level wide open.
Sterling-Hoffman: Are there any problems in terms of network security that are unaddressed right now by the offerings that exist? In other words, is there room for another security software vendor?
Bob Walters: Nope - we’ve got internet security all figured out (laughing)! Of course, there’s plenty of them out there. There are two large areas that have not been solved adequately today. The first area is ‘web services.’ Web services are one of the plays that could be the ‘next big wave’ of the Internet. This newest version of distributed applications is changing the Internet, and IBM, Microsoft, Sun and other big players are 1,000% behind it. The Microsoft ‘.net’ initiative is part of the web services play and web services security has not been figured out adequately. In fact, Gartner group and others say that security is the Number 1 impediment to the successful implementation of web services. Stratum8 is creating an offering for that space to follow-up on our current offering.
The other big area that is still vulnerable is ‘wireless,’ especially wireless LANs that are springing up all over the place.
Sterling-Hoffman: Have you found the adoption of wireless LANs has ramped up?
Bob Walters: Big time. Wireless LANs are kind of like Tribbles, for you Star Trek fans. I can set one up in this office in 5 minutes and it’s so easy for a rogue computer to come and clone on to that node that it’s a very big problem. Again, there are some start-ups that are seeking to address the issue.
Sterling-Hoffman: We know that security is supposed to be a priority for CIO’s but are you finding the budgets loosening at all?
Bob Walters: I don’t know if the budgets are loosening, it’s kind of a paradox. Security definitely is a priority item for CIO’s but I would also say that budgets are tight everywhere and security vendors compete for that same budget. So what that translates into for us, is that it’s very easy for us to get meetings, do pilots and proof of concepts in companies because security is hot. Regardless, it’s still a tough process even for a security company to get the check, to get the customer’s order.
Sterling-Hoffman: Talking about getting the check, you closed the last round of financing when?
Bob Walters: February 5th.
Sterling-Hoffman: In an obviously difficult market for financing.
Bob Walters: Right.
Sterling-Hoffman: Tell me about the effort in that regard and how you managed to do it.
Bob Walters: It was one of the bigger efforts that the company or I have ever undertaken. Just as the Fortune 1000 and Internet 100 are interested in security, VC’s are interested in security. There wasn’t a great deal of difficulty in getting meetings with VC’s. Our strategy was to find the best fit between the company and the investor. So we knocked on over 40 doors over a 4-month period. Happily, we had a great outcome. We had multiple investors writing term sheets and did a “Tier 1 round” of $10˝ million.
Sterling-Hoffman: So what lessons can you share with other CEO’s and entrepreneurs that are trying to raise money?
Bob Walters: First of all, try and pare your business model down to its core elements. I think large capitalization projects and ‘we’re going to go out and spend a lot of money and take over the world’ just doesn’t fly anymore. Have a model for reaching profitability that requires the minimum amount of capital that you think you’ll need.
The one thing that I would do differently, if I were doing it again, is rather then linearly knocking on 40 doors, I would pick groups of 10 VC’s and I would do them in phases. I would go out and have a dialogue. A typical dialogue takes maybe 6 weeks. Have the first couple of meetings and then see what is learned with that 10. I mean, maybe you get funded based on that 10 but if not then re-do your messaging, learn your lessons and then engage with the second group of 10. Do it in phases instead of one large process.
Sterling-Hoffman: Did you find that the venture partners you met with early on were willing to offer detailed feedback as to why they turned you away?
Bob Walters: That’s one of the biggest challenges, trying to distill those lessons, because VC’s, like most customers, have short-handed messages so entrepreneurs should make a dedicated effort to try and get a deeper more valid debrief from investors. A good way to do that is to talk to the actual venture partner in the group. Instead of getting the top-level feedback from the general partner or managing director that you’ve been dealing with, take the venture partner out to lunch and ask him or her “What did you really think? How can I improve my presentation? What’s the real feel here?”
Sterling-Hoffman: You talked about looking for the best fit between the Portfolio Company and investor. What did you mean?
Bob Walters: Sure. Getting funding is a classic sales process and a lot of entrepreneurs think it’s something else. They think it’s something more strategic, like ‘partnering’ or ‘bonding.’ In truth, after the deal is done, you will be partners with your VC. But until then, you’re selling.
The first thing that one has to realize is, ‘people buy things from people’ so if there’s not an affinity between the entrepreneur and the VC, that’s a huge signal to go on to the next VC. This brings me to another point. You can’t be afraid to go on to the next VC nor can you have your feelings hurt by going to the next VC. For example, if I’m selling my product and customers don’t buy it, that’s okay, because it’s my product and customers don’t buy products all the time. However, if I’m selling a piece of my company and by extension, a piece of myself, and the VC doesn’t buy it, that’s horrible and I feel that I have to somehow remedy that, I have to somehow fix it. The fact of the matter is, just like in a product sales cycle it’s quite probable that there is no remediation, there simply wasn’t an affinity between the investment objectives of that VC and what you’re peddling. Either that or you peddled it poorly. So you have to have this courage and mindset to go ‘next’ and not let that get you all bent out of shape.