Cloud Security, Security Strategy, Plan, Budget

NightDragon’s Dave DeWalt: ‘This is the highest threat environment we’ve ever had, bar none’

On March 2 NightDragon, a special purpose acquisition company (SPAC) focused on the cybersecurity, safety and privacy markets, opened on the NASDAQ stock exchange. Named after a Chinese hacking operation and headed by veteran cybersecurity industry executive Dave DeWalt, the company is comprised of a group of investors that raise capital through an initial public offering specifically for the purpose of acquiring an existing, unknown company.

SC Media sat down (virtually) with DeWalt to learn more about NightDragon, the type of companies they're looking to invest in over the next 24 months and the current state of the cybersecurity and privacy markets. You can read NightDragon’s SEC Form S-1, which lays out more details about its structure and goals, here.

For the uninitiated, could you start by telling us what a SPAC is, how you came to form Nightdragon and what you are looking to do?

DeWalt: So I had a lot of years of experience [as] CEO of companies; FireEye was my most recent one, McAfee before that. I hate to say I retired, because that’s clearly not what happened, but I retired as a CEO operator and really wanted to build a platform. I was joined by a couple of wonderful partners, [managing director] Ken Gonzalez, [partner] Morgan Kyauk, who I’d worked with the last 14 years in corporate development, [mergers and acquisitions]. Ken helped me sell McAfee to Intel and Morgan with Mandiant and FireEye.

So we formed this platform called NightDragon, and we were focused in on the whole lifecycle of investments and advisory for the cybersecurity, safety and privacy market; we like anything related to national security around the world. That’s our kind of segment.

We invested in two incubators: Team8 out of Israel and DataTribe out of Maryland. We’ve launched almost 20 companies through those vehicles now. We became part of two venture funds as well that really helped us put investments in place. NightDragon Ventures put 14 assets to work with capital.

And this is the most recent fund, which is…essentially a financial vehicle that allows companies to reverse merge their company into our NightDragon SPAC in a way that allows the hottest security companies to create a much more efficient model for public offering. I did FireEye’s IPO and talk about a lot of lessons learned there... with just venture capital money versus new public money, hedging short positions and float management. Our other main partner is Mark Garrett, who came from Documentum and Adobe…he now sits as Chairman of Audit for Cisco, Snowflake and Kodak.

So we’ve assembled a great group of people, we have a lot of deal sourcing because we know the sector well and now we have a really good product to help companies go public and do it effectively with strong management teams. That really creates a lot less risk. The SPAC constant with NightDragon can target very large companies, or smaller ones, depending on how hot they are, and really help them with their path to an IPO.

What is your outlook right now on the CSSP market? What sectors or technologies are you targeting and are you looking for tried and true businesses or something smaller on the more innovative side?

DeWalt: We’ve identified 11 sectors in the CSSP that we are very focused on, ranging from cloud security, endpoint identity management all the way to drones and satellites. We’ve identified top prospects in each one of those – multibillion dollar marketplaces – and we’re looking at refining those as our top targets for what we want to do with this capability.

What are the characteristics behind those 11 sectors, besides being in a big market? They’ve got a high dislocation of threat management. So, it’s typically where the offense is really good and the defense is kind of poor. That’s kind of what we executed on FireEye. Chinese ATPs were everywhere, nobody could find them. We found the cure to cancer a little bit with FireEye and it took the company from $10 million in revenue to $1 billion in a three-year period.

So anything that can solve a problem like that, that’s what we really like in a company. We know there’s big issues in space, we know there’s big issues with drones. We know there’s big issues with industrial networks, cryptocurrencies, cloud security, insider threats and identity management. Let’s just say there’s a lot of interesting companies here that we think we can impact in a very big way with shareholder value.

Do you have a timeline for when you expect to make an acquisition?

DeWalt: You essentially have 24 months to execute a merger, per the requirements of the SPAC. You can extend it to 27 months if you’re in negotiations, that kind of thing, but we’re hoping to do one much sooner than that. The capital markets are very ripe for assets right now, so we’re hoping for something much sooner than that, but 24 months is the limit.

How much capital are you looking to raise and how do you attract other investors when they don’t know what they’re going to be investing in right away?

DeWalt: We’ve raised $300 million and it was really oversubscribed, so we [did] an additional $45 million. And then the [private investment in public equity], which is the second component, can flex up to a billion dollars and beyond. We have shareholders that can flex up the PIPE very, very high. So we’re all set now, we’re capital, now we’ve just got to go to work on finding the proper target for NightDragon.

What do you view as the most pressing problem or problems in cybersecurity today?

DeWalt: This is the highest threat environment we’ve ever had, bar none. I like to call it a shitshow…and it basically is, right? We have crime, ransomware attacks, espionage attacks, we have nation states arming up, geopolitical tensions fiercer than we’ve ever had, everybody’s working from home. It’s easy pickings, it’s amazing. The amount of breach responses that the organizations I’m involved with are doing are significantly higher than any other year in history, in fact for many years combined.

The clean up from SolarWinds just exacerbates the situation. So that’s interesting and when you start to look at the areas that just have to get shored up, the network transformations that are happening right now are startling. Which is good, it’s capitalism kicking in. But your traditional [multiprotocol label switching] network, that you used to have seven layers of defense on…it’s disintegrating before our eyes.

Suddenly everybody’s just connecting from home, straight to the cloud, and they’re not backhauling into a network, they’re not even going through a SD WAN, and that’s a whole new architecture and new normal that’s all happened and accelerated within a year. So how do we begin to think about security in that area, securing that, managing that?

Clearly we’re seeing identity management and zero trust as being very big right now. Industrial network stuff is coming on very fast as well, almost everybody’s [looking for] how to secure that. I mean, the recent [Oldsmar water plant] attack woke everybody up and yet again they’re going “wow, we probably need to secure this more.”

The pandemic spurred a lot of digital transformation over the past year. What are the long-term cybersecurity implications?

DeWalt: Every company I knew ratcheted up its cloud modernization game, and really tried to create efficiencies. So the next time you have an up market or down market, you can flex your capacity much more elegantly. So if you really look at the outcome of 2020, in my opinion its cloud interia.

Clouds in almost every form or factor has really accelerated. [Software-as-a-service] has really accelerated, obviously infrastructure-as-a-service has really accelerated and you can see that in almost every element because digitization has just forced everybody to do that and all that brick and mortar moving on.

What’s happening from a security point of view? Global fraud. Some of the most important areas now is how do you detect bots? Not just the bots we saw on social media, but the really fraudulent bots. We invested in a company called White Ops that Goldman Sachs and NightDragon partnered on. We get to see the global fraud problem emerging.

There are a lot of trends that are here to stay in my opinion. The endpoint providers are really growing because now the endpoint is the edge. A lot of winners and losers. Those who were stuck with on premise appliances and didn’t really cloud modernize their security, it’s going to be a tough go.

You were previously CEO of FireEye and McAfee. You’ve advised intelligence agencies and sat on the National Security Telecommunications Advisory Committee, which advises the White House on a range of telecom and cybersecurity matters. How do those experiences inform your outlook as someone who is investing in a company?

DeWalt: You just outlined the exact strategy. Everything we’ve done here at NightDragon was to create visibility into the trends or the threats in this industry sector. I’m not on Delta Airlines [board] because it’s a really fun board to be on (though it is); but what do you learn about the industry by being on a board like that? Why are you on NSTAC? To learn. Why do I chair [the board] at Optiv Security? Because you learn trends.

Everything we’re trying to do is to triangulate intelligence from our platform to make wise investment decisions. So the team here has really worked hard to build…the companies and entities that inform us better than anybody else could do from what the major trends are happening and which are the best targets in those areas.  We have a sister organization called Momentum Cyber that does [mergers and acquisitions] investing in this space, so each one kind of gives us an angle and that creates an informed decision on what to look for and hence, why we have the SPAC now.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.
Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds