Introducing Rain Capital

Image for post
Image for post

by Chenxi Wang, Ph.D. General Partner

Today we are excited to announce the launch of Rain Capital, a new Cybersecurity venture fund based in the San Francisco bay area. We have been working on this initiative since the beginning of the year, and it’s extremely gratifying to see that our efforts have come to an initial fruition — we executed the first closing of the fund — $10M out of the $20M fund, and made our first three investments.

So it is now time to tell the world — no, shout to the world — what we are doing: Rain Capital is a cybersecurity-focused venture fund, aiming to fund early-stage, transformative technology innovations in the security market. What’s more, it is a women-led and women-managed fund.

As it is in the beginning of any new venture, there are a few questions that we have been asked and we’d like to address in this inauguration blog post.

Why do a Cybersecurity fund now?

In the next a few years, many of the traditional security technologies will have to be re-engineered as corporate networks and on-premises data centers decidedly becoming a thing of the past. This represents a massive opportunity for innovation, and in turn, should lead to a significant and unique potential for generating return-on-investments in the security space.

More specifically, modern security faces these challenges:

  • Ephemeral workloads: Cloud-native workloads are ephemeral. Application instances can be spun up and down in a moment of notice. Anything that requires manual work, such as configuration, policy tuning, or analysis, will quickly fall short in a cloud-native environment.
  • A progressively blind network: The proliferation of end-to-end encryption and certificate pinning means that the ability to intercept and inspect traffic is quickly going away. Traditional network security functions will be increasingly pushed onto the endpoints and up the stack into the application layer.
  • The increasing decoupling of infrastructure and application. The rise of cloud and serverless technology drives the increasing abstraction separation between the application/data layer and the underlying infrastructure. The implications are extensive; from the way you develop and deliver applications, to the degree of which you can utilize infrastructure instrumentation, to where security enforcement can be placed effectively.

To deal with these challenges, established markets like identity management, network security, application security and management, will all be disrupted. On top of that, the awareness for security is heightened, the demand is high, and the urgency is palpable. Yes, there has never been a better time to be investing in security technologies.

Are there specific technology focus areas for the fund?

Yes, we are particularly interested in a few areas of Cybersecurity.

  • Cloud-native security: Security technology designed specifically to support cloud-native workloads is highly interesting to us. We think the whole cloud-native movement thus far is only the tip of the iceberg — there is much more still to explore, innovate, and build.
  • The intersection of application security and modern learning techniques: Application security is an area for which machine learning and potentially deep learning have not yet made a significant dent. We think the marriage of meaningful modern learning technologies with application security methodologies can have a transformative impact on a field hungry for innovation.
  • Trust and identity disruptions: Trust is a tricky word in Cybersecurity. Yet, nearly all things in security are predicated upon trust (or the lack of). New ways to assess identities and trust, perhaps through a distributed means involving blockchain or other technologies, yet rooted firmly in a concrete application, can redefine the way we approach digital trust.

Which companies have you funded so far?

We made three investments so far, three very different yet equally exciting companies.

- Altitude Networks: Still in stealth, Altitude is founded by Michael Coates, former CISO of Twitter, and Amir Kavousian, former lead data scientist at Capital One.

- Capsule8: Led by security industry veteran John Viega (former SVP BEA systems, McAfee). Capsule8 provides a unique real-time, zero-day attack detection platform capable of scaling to massive production deployments. Capsule8 delivers continuous security across your entire production environment — containerized, virtualized and bare metal — to detect and disrupt attacks as they happen.

- Claroty: A Team8 company, founded by ICS industry veterans. Claroty’s mission is to protect industrial control networks from cyber-attacks; ensuring the safe and reliable operation of the world’s most critical infrastructures. Claroty enables customers to enjoy the substantial benefits of increasingly networked-control systems without compromising operational resiliency, personnel safety, or the security of core assets.

How will Rain be different from other VC firms?

Rain’s partner team has deep connections to technical talent in the industry. Our typical conversation is two people writing code and us. In many cases, we are the first one that technical founders call because of our background.

We have assembled an impressive advisory board. Jim Routh (Aetna), Renee Guttmann (Campbell industries), Scott Howitt (MGM International), Richard Seiersen (Lending Club), Jay leek (ClearSky security) are all members of the board. We glean intimate market insight from our board and other practitioners that we work with, which is invaluable in helping us make investment decisions.

Lastly, Rain has a specific goal of supporting women and minority entrepreneurs. A cause close to our hearts, Rain is committed to making venture funding more accessible to those that may be considered unconventional choices for entrepreneurs.

How do you think you will be supporting women and minority entrepreneurs?

At RSA earlier this year, we took 40 meetings in 4 days. A feverish pace, yes. But what was astounding to us was that NOT a single pitch meeting involved a woman founder/entrepreneur. It was clear that if we just sit and wait for pitches coming to us, we would not see many women or minority-led companies. We decided that we will have to reach out. Today, we are having proactive conversations, almost weekly, with woman technologists that we know. I think we may discover an entrepreneur or two before they even know they are entrepreneurs! By making venture funding more accessible through proactive outreach, we hope that we’d see more women and minority entrepreneurs taking that leap of faith.

How was the fundraising experience?

The fundraising experience was, shall we say, an interesting one. For a six-month period, we pitched the idea of the fund to many individuals, institutional investors, and fund of funds. We struck out completely with institutional money — the most common criticism we heard was “We like your sector expertise, but as a general partner, you don’t have any investment experience”. While this didn’t exactly come as a surprise, it was surprising to see such a unanimous response. To us, it was interesting to see which side of the line people fall on — do you rather trust your money with someone who may know the investment game but do not have deep experiences with the industry, or would you rather partner with someone with deep sector expertise but maybe light on investment experiences?

The institutional investors seem to have made their pick.

We think differently.

Rain Capital was founded based on those beliefs — deep technical and industry experiences are critical to making sound investment decisions. We have the next a few years to prove this thesis, and we’ll be updating you on our progress with this blog.

Originally published at on June 26, 2018.

Rain Capital is a cybersecurity venture fund based in the San Francisco bay area. A women-led and -managed fund, Rain invests in disruptive security companies.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store