Category Archives: Insights

A Q&A with David Pakman

Before David Pakman joined Venrock’s New York office in 2008, he spent 12 years as an Internet entrepreneur heading up eMusic and Apple Music Group. Having been a founder himself, David became a venture capitalist to partner with entrepreneurs and help them achieve their dreams of world domination.

We asked David a couple of questions to get to know him better.

Q: Music has always been a big part of your life. When are you going on tour? Ok, seriously though. What role does music play in your life today?

Music has been the pulse of my life. It has been ever-present since I was a kid. I listen every day, think about song structure, and dream of being an actual songwriter. I bang on my drums to get rid of life’s tensions and I DJ from time to time to see if I can make people dance and feel the intensity I feel. Lately, I am starting to see some of this present in my kids, and it is fascinating to see music affecting them in somewhat similar ways. For me, music expresses the complexities of emotions in ways words cannot.

Q: What led you to venture capital?

From my earliest days of working in the Valley, many of my mentors followed the path of big company -> startups -> VC. That path became somewhat burned into my career trajectory, so I followed it. I am glad I did, because I love it. I love working with entrepreneurs more talented than I was, and helping them avoid the many pitfalls I saw up close. I also like helping them get as close as possible to their dreams of grand success.

Q: You see hundreds of business plans and pitches every year. What makes an entrepreneur or idea stand out?

Supreme ambition. One cannot be successful without it. Everything big starts with big ambition, and it’s exciting to find founders who are dreaming big.

Q: What industries are ripe for disruption?

Every industry is vulnerable at this point in the tech cycle, but in particular, industries who don’t have direct relationships with their customers and in for a doozy. They lack the data and customer knowledge to feed into machine learning systems which produce insights and product features not possible before.

Q: What keeps you up at night?

The fear of never finding another great deal.

Q: In other interviews, you’ve talked about using Twitter as a way to join in conversations with tech leaders. Aside from you, whom should we be following? 

Ahh there are so many great folks on Twitter! Let’s see… I think Maya Kosoff (@mekosoff) at VanityFair is brilliantly sarcastic and also in touch with millennial consumer activity. I follow Matt Blaze (@mattblaze) from Penn to learn the truth about InfoSec, Jean-Louis Gassée (@gassee) my old colleague from Apple to help me understand the big tech companies’ moves, @YouNow to learn who the best new livestreamers to are, and @savedyouaclick and @mikeisaac because they crack me up.


Running Through Walls: No Straight Shots in FinTech

Ryan Gilbert, co-founder of SmartBiz Loans, speaks with Brian Ascher of Venrock about building a fintech company and what went wrong along the way. The company mastered the art of pivoting and ultimately found its niche in small business loans. Gilbert advises new fintech entrepreneurs to partner with large banks rather than focusing on disruption, as banks have started to embrace new technology. A catch-phrase master, Gilbert wonders where truly novel technology can be found in the finance industry – where is the tech, in fintech? They also discuss the war for talent, giving non-obvious candidates a shot and promoting loyalty. Gilbert also talks about becoming a VC and what has surprised him most about his new role.

Running Through Walls: Genetic Truths, No Veneers

Anne Wojcicki, founder of 23andMe, speaks with Bob Kocher of Venrock about her path to entrepreneurship, the importance of authenticity and health as the ultimate equalizer of humanity. Wojcicki was dismayed by the lack of transparency in healthcare, which led the company to sell direct to consumers and empower them with information to get the care they want. In addition to understanding how their genetic information impacts their health, 23andMe has allowed people to engage with their genetic information to understand where they come from. Ancestry has been an addictive component of the product for consumers as people are often surprised to find that their roots and connections may not be exactly what they thought. Long lost cousin? Mostly, Wojcicki loves the honesty in healthcare.

Running Through Walls: The Serial Entrepreneur

Kevin Ryan, co-founder of DoubleClick, MongoDB, Business Insider, and Gilt Groupe (among others), speaks with Nick Beim at Venrock about building teams and what to look for in a VC. Ryan advocates taking risks as an entrepreneur, even if it leads to a failure or two. You can learn a lot from unsuccessful ventures and it prepares you for the next thing. They also discuss how entrepreneurial optimism is essential as there will always be rejection and bumps along the way, but it can also cloud judgement when it comes to an exit opportunity. Overconfidence may make you want to pass up a good deal when it comes along. Ultimately, you have to have fun. It’s what keeps you going.

Running Through Walls: Healthcare. It’s Complicated.

Blue Shield of California (BSCA) CEO Paul Markovich speaks with Bob Kocher at Venrock about bringing the healthcare system out of the stone age and the opportunities for entrepreneurs to bring much needed change to the industry. They talk about how Paul’s career path led him to healthcare, how he fosters an open environment that welcomes feedback and what BSCA is doing to create new efficiencies through a collaboration with Anthem Blue Cross, called Cal INDEX. They also discuss “what insurance companies actually do” and who is making money in healthcare. Paul is currently president and CEO of BSCA, a four million-member nonprofit health plan. Their mission is to ensure Californians’ access to high-quality healthcare at an affordable price. Paul was previously an entrepreneur, having cofounded MyWayHealth, a consumer-driven health plan.

Running Through Walls: Managing Diversity at Pinterest

Candice Morgan, Head of Diversity at Pinterest, speaks with Venrock’s Richard Kerby about her experience so far balancing recruitment and retention of diverse candidates at Pinterest, and challenges of recruiting in San Francisco in particular. They also discuss the less sexy side of diversity initiatives that are rarely covered in the media, and Morgan shares experiences from earlier in her career of executives not being supportive of diversity efforts. She also highlights the Rooney-rule like requirement at Pinterest that promotes hiring underrepresented minorities and women in leadership roles. Candice is currently Head of Diversity at Pinterest, leading strategy and programs to enhance a diverse and inclusive company. She is a frequent speaker at global conferences and events. Formerly, Candice was a Senior Director in Consulting Services at Catalyst, the leading nonprofit for research, advisory, and practices on women in business.

How to fight crime with Machine Learning

Cyber Criminal

Businesses have to defend their environments from attacks, and security professionals are asked to accomplish impossible feats in the modern era of cyber defense: they have to protect users and critical information from unauthorized access. This is asymmetric warfare where the bad guys have to get it right only once, but the good guys have to get it right every time. Criminals can monetize stolen data fairly easily, and the criminal success rate has steadily improved over the past decade. As we’ve seen with political and cyber military attacks, money is not the only incentive.

To combat these problems, companies have armed themselves with a plethora of new security tools. As a result, those responsible for an organization’s security posture can be inundated with thousands of alerts — prioritizing and acting on these is a daunting task. A skilled security professional can do a great job when focusing on a specific investigation, but when that process requires stitching together the relevant pieces of information, humans need help extracting insights from an ocean of alerts and raw data coalesced across multiple security systems.

No company is immune to cyber criminal activity. In 2013, Target was hacked despite receiving as many as 10,000 security alerts per day. While Target is a Fortune 100 retailer, even medium-sized companies have to sift through hundreds of thousands of alerts each year. Alerts are investigated before being categorized as false positives and ultimately ignored, but most alerts are idiosyncratic to a product or application with little context of the overall business impact. To prevent financial and reputational loss, security teams are driven to find the most critical needles in an ever-growing haystack of security information.

The techno-elite companies like Facebook, Amazon, Netflix, Google, Apple and Microsoft (a.k.a. FANGAM) have successfully leveraged machine learning algorithms across their businesses that include security systems to protect their users, applications and the overall infrastructure. There are many definitions of machine learning (ML) but some would describe it as a type of artificial intelligence (AI) that provides computers with the ability to learn without being explicitly programmed.

Machine learning focuses on the development of computer programs that can teach themselves and develop innovative solutions when exposed to large quantities of data. Today, we are seeing machine learning based software tools exceed human intelligence in specific tasks within narrow disciplines.

Machine learning algorithms often start out as supervised by engineers and taught with labeled training sets. An example of supervised ML could be a training set with 100 critical security alerts where 20 are labeled as malicious activity and 80 are labeled as non-malicious. Based on the training set provided, the algorithms would attempt to determine malicious activity on new alerts that have not been investigated. However, one of the most intriguing classes of machine learning is “deep learning” where the software is unsupervised and must function with a self-learning approach to develop its own answers.

One example of deep learning would be to provide 10,000 critical alerts with a finite set of outcomes and no training set. The deep learning algorithm would determine its own grouping of the data. The more data the deep learning algorithm processes, the more accurate the algorithm could become at determining malicious and non-malicious activity.

Threat Hunting Starts with Your Data 
A business getting a cyber attack is a bit like a person getting sick. Everyone will eventually get sick, and when this happens, you want a quick and accurate diagnosis. You want access to the best medical care possible so that the sickness does not linger and lead to more serious problems. For a speedy recovery, you want to go to a doctor who is thorough and knowledgeable of the latest treatments, no matter how experimental. With some life threatening diseases, an experimental treatment may work better than the typical standard of care.

Machine learning for security is more like an experimental treatment because these algorithms aren’t deployed as standard practice in the industry yet. However, security teams need to care for their information systems in a manner similar to how we care for our health to limit and in the best case, prevent the damage that a criminal can do. Once a security breach is successfully executed, the challenge of discovery and incident response will occur along with the time-consuming and expensive task of cleanup and forensics analysis to understand what exactly had been compromised.

Threat discovery should always start with the data and being able to discern what pieces of information will lead you on the path to tracking down cyber criminal activity. Network and endpoint security tools like firewalls and antivirus programs generate scads of alerts and logs that describe when access to a protected system was blocked, allowed or flagged as a potential threat. Each event describes anomalous activity that does not conform to any normal or expected practice. If an alert is directly tied to a critical breach or an ex-filtration of sensitive data, then the security team becomes activated as Emergency 911 responders to that alert.

Very rarely will one alert illustrate a complete story around a major security attack. Generally, you need to assess dozens of alerts from several different systems across weeks or even months to triangulate a sophisticated attack. To add to the complexity of the process, security professionals need to review data from multiple systems that are stored in separate repositories.

Security professionals have to conduct what someone once described as “swivel chair analytics” and jump from console to dashboard to report to the command line before being able to determine that a cyber crime was committed. Reducing the need for “swivel chair analytics” is just one potential benefit of machine learning.

Keep Your Friends Close and Your Enemies Closer
While Sony Pictures had several defensive measures around their crown jewels of unreleased films and scripts, many other vectors were vulnerable for attack. The cyber criminals working with and for the North Korean government were undetected before whipping out Sony Picture’s IT infrastructure and releasing sensitive internal company emails that ended up ostracizing the top executives from their own industry.

This wasn’t a smash and grab, and these sophisticated criminals weren’t after money or the most valuable assets of the business — the screenplays and unreleased movies. North Korea’s primary objective was to embarrass and intimidate an enterprise. Mission accomplished. As a result, many information technology and business leaders reassessed their strategic security plans. This class of cyber crime warrants a new approach in detection and response that we’re starting to see with machine learning.

Information security can often be broken down into three broad categories: defense, detection and response. Companies can invest and deploy all the leading infosec tools available to create many layers of defense, but the kicker is that no matter how much money is invested in blocking attacks, the probability of never getting compromised is slim. This modern reality has forced chief information security officers (CISOs) to shift their investment balance toward improving their detection and incident response capabilities.

Today, companies need to defend themselves against advanced persistent threats (APTs) like what we saw with the Sony Pictures attack, which are often associated with a nation state actor that’s well funded by a military or government entity. An APT organization will often gain unauthorized access to their target through unexpected ways and remain undetected for long periods of time. It’s like a lurking alligator waiting to steal data rather than cause immediate damage to the network or organization.

APTs are carefully planned and rehearsed in advance to avoid detection. They’re able to stay in a system for months, if not years, by waiting in the shadows until they became a normal part of the environment. They slowly increase activity and then one day, the intent of the enemy is revealed. Yet, their stealthy movements appear hidden in the shadows of the data they leave behind. Machine learning has the ability to shine a light on the criminal footprints hidden from human sight.

Having The Right Staff Isn’t Enough
Hiring enough security professionals has become an industry-wide challenge for businesses of all sizes. In 2016, several reports have cited the number of unfilled security jobs in the U.S. at about 209,000 and globally, at about one million jobs. There is a real talent gap within security that continues to widen. For the lucky few companies that have ample staffing in their security ranks, finding cyber threats with previous-generation tools is like finding needles in an enormous haystack.

To compound the challenge, cyber threats that bypass the traditional layers of defense are not black or white signals, but rather low-grade grey signals that are difficult to make sense of. What machine learning can do is find the disparate needles in the haystack and thread them together. There can be dozens of different needles along a single attack thread created over a five-month period that tells you a bigger threat has taken hold within your environment. Machine learning is well suited to flag anomalous behaviors that span across users, partners, networks and infrastructure systems. This level of insight is worthy of a security professional’s time, knowledge, and skills.

These new machine learning algorithm techniques have already reduced the cost of security operations and threat-hunting investigations between $500,000 and $1 million each year for mid-size Global 2000 enterprises. Once these machine learning algorithms find the important needles in the haystack, the next evolution will be to employ AI assistants to take corrective action within a narrow set of tasks to help bridge the talent gap in security.

Raise Your Security IQ — Fight Smarter, Not Harder
Security teams are always on alert because a cyber criminal can take advantage of one minor mistake to gain an edge. Machine learning can be a powerful countermeasure provided there’s plenty of useful data to feed the algorithms. Machines never get tired, and these types of algorithms become more accurate as they process more data to refine their capabilities.

Self-learning machines that become smarter than humans in specific tasks represent the promise of reversing the decade-long negative trends in cyber defense. Business leaders and security teams need to start leveraging machine learning to stay one step ahead of adversaries that are constantly innovating on how to commit crimes.

This article first appeared on

The post How to fight crime with Machine Learning appeared first on Doug Dooley.


Running Through Walls: Technology Enables it and Culture Demands It

YouNow CEO and founder Adi Sideman talks with Venrock partner David Pakman about his dream of an interconnected and livecasted world, and how he made it a reality with the founding of YouNow. He shares his views on the one pure form of rich media creation, what it’s like to compete with Twitter and Facebook, and how his game development experience helps him to deliver a magical experience to customers. They also discuss how YouNow avoids common safety pitfalls of other social media sites and why New York is the perfect home for the company.

Adi Sideman is a pioneer in participatory media, with more than 20 years of experience creating apps and companies in the user-generated content space. Founded in 2011, YouNow’s mission is to create an interactive platform where anyone can participate and express themselves live.

Running Through Walls: Olympic Gold Medalist Turned CEO on Building a Business

Brent Lang, an Olympic Gold Medalist and CEO/President of Vocera, speaks with Venrock partner Brian Ascher about his journey from winning an Olympic gold in swimming during the 1988 Seoul Games to leading a public company. Brent shares lessons learned from competing in the Olympics and discusses his insights on becoming an effective leader and managing a board. He also reflects on maintaining Vocera’s strong company culture during times of transition, and what he’s learned about establishing a healthy work/life “harmony.”

Clara Lending: A Big Swing

Screen Shot 2016-08-17 at 7.12.02 AM

There are few markets larger or more important to the US economy than the consumer mortgage market, which consists of $1.5 trillion in annual originations. Or more emotionally important to consumers, for whom homes represent an opportunity to build stability, a family and a better life.

Or more structurally broken. As was made clear in 2008, the mortgage market is fragmented into tens of thousands of companies in many different layers — brokers, originators, servicers, securitizers, government sponsored enterprises — whose complex interactions add costs, skew incentives and obscure risks, sometimes with devastating results.  

If one were seeking to reimagine this industry from scratch, the core problem to solve is much simpler than all this complexity suggests. On one side of the market you have consumers seeking low-cost financing for their homes. On the other side, you have the U.S. government, which finances more than 70% of consumer mortgages through Fannie Mae, Freddie Mac and the Federal Housing Administration and sets clear variables for the qualified mortgages it will subsidize.  

Why can’t one build an online platform to sit between these two sides of the marketplace, bringing transparency, lower costs, integrated data and a delightful consumer experience? That is is the vision of Clara Lending, a recent investment we’ve made that represents a big swing by its founders in one of the most important consumer markets there is. Clara is not simply reimagining the front end of the consumer mortgage experience. It is reimagining the entire mortgage bank from the ground up with software and data.  

The founders know this market unusually well and are as motivated as much by the social good the company can do as they are by the economic opportunity it represents. Jeff Foster, Clara’s cofounder and CEO, served as a senior policy advisor at the US Treasury during the first term of the Obama Administration to help fix the mortgage market and understand where the core data and incentive problems were. Lukasz Strozek, Clara’s cofounder and Head of Product and Technology, was previously a senior technologist at Bridgewater Associates, the world’s largest hedge fund, where he focused on translating complex processes and risk analyses into software.

If Clara is successful, it will lower mortgage financing costs for consumers and bring transparency and trust to an industry that tends to lack both. It will also bring transparency and integrated data to the mortgage supply chain, reducing macroeconomic risk and providing regulators with a clearer view of the market. It is a company we believe can create enormous value and bring enormous social benefit, the kind of investment we are most eager to make.