The startup world fascinated Jay Leek when he worked as Chief Information Security Officer at some of the world’s biggest companies. The former Blackstone CISO and senior security executive at Nokia and Equifax has parlayed that fascination into a thriving new career as a cybersecurity investor.
“I based my career on embracing emerging early stage startups in my security program because that’s the only way you can really innovate,” said Leek, now the managing partner and co-founder of SYN Ventures and the ClearSky Security Fund. “I’m not knocking the big guys, and there’s a place for them as well, but innovation’s happening in the startup world.”
The inflection point came at Blackstone, where he cultivated a hybrid role as full-time CISO, with key responsibilities for early stage cybersecurity investing, and working with private equity on leveraged buyouts in cybersecurity.
“In my last 18 to 24 months there, I was probably spending the majority of my time more on the investment side,” he said. “After 18 years of running security, the job shifted to value creation, having the opportunity to provide entrepreneurs with capital, sit on their boards and work with them.
“I could watch companies grow, instead of protecting something from getting torn down or watching something get torn down. I could see economic wealth be created, help solve unique problems that hadn’t been solved before. And honestly, that was really what was getting me out of bed in the morning and really, really excited to go to work. So in 2016 I decided that I was going to leave.”
Leek started ClearSky Security the following year, and SYN Ventures in 2021. His funds have raised just under a billion dollars and invested in 56 companies, and he has completed 25 exits. Over the past five years, his combined firms have been the most active cybersecurity investors in the world by deal count, and have had the second-most cybersecurity exits during that same period of time.
“The three pillars of our investment thesis have been efficiencies, automation and prevention first,” he said.
A couple of his big wins include selling Cylance for $1.5 billion to Blackberry and selling Optiv Security to KKR for almost $2 billion. Leek also measures success by seeing investments accelerate businesses and create wealth for founders and employees.
He and his partner, Patrick Heim, are the only two former fortune 500 CISOs to have started a venture partnership. Their inside track on CISOs’ pain points is part of what has made them so successful, he said.
“We’ve made sure that we are still hyperconnected to the CISO community,” he said. “We have a CISO board of advisers, and a broader group of CISOs we work with,” he said. “We think very much about our investment strategy as if we were still running security for a Fortune 500 company.”
“Get active in companies, help the company, help create value. That’ll give you good visibility and prep work to go sit on a board of a company and help add a lot of value. You’ve got to serve on boards and understand what it’s like to do that before you can really understand what it’s like to be an investor.”
The ongoing connection with the CISO community has created a “fantastic” symbiosis, he said.
“We help them by helping CISOs think through problems they have, and they help us keep our finger on the pulse of the real world problems that people are facing today, and not the problems we faced five years ago,” he said. “That’s how we stay fresh and current, and that obviously helps to inform our investment thesis and helps it stay current.“
Given the talent shortage in the industry, Leek expects Fortune 500 or Global 200 companies will eventually use a next-generation piece of technology to address an issue or risk.
Shifting attack modes are also playing a major role in his funds’ investments. With adversaries using technology to attack, companies need software speed and response, he said.
“Take ransomware. A human is not going to go blocking and tackling to prevent that. You need real prevention in place actively with software to get ahead of that,” he said.
Many former CISOs aspire to invest, but “unless you have the opportunity to really get exposed to it beforehand, it can be very dangerous,” Leek said.
“Also, making individual investments in individual companies versus at a fund level is very different,” he added. “It’s hard to have the resources as an individual to really make a difference and influence those investments the way you need to, versus having fund resources behind you, as we do.”
CISOs interested in getting into investing should get active in advisory board work so they can get on boards, he advised.
“Don’t be an advisory board member who’s just leasing out your name for marketing purposes,” Leek said. “Get active in companies, help the company, help create value. That’ll give you good visibility and prep work to go sit on a board of a company and help add a lot of value. You’ve got to serve on boards and understand what it’s like to do that before you can really understand what it’s like to be an investor.”
While leaving the operational side of cybersecurity has given Leek more control of his time, it hasn’t given him more free time.
“I’m not as worried about a certain nation-state creating problems for me, but I do have 35+ CEOs running around with money that investors have graciously trusted me to invest on their behalf, and that comes with its challenges too,” he said.
“I know a lot of folks who want to leave the CISO profession and want to work three or four days a week, and disappear for a week if they want to. I don’t have that luxury with the decision I made.”
When he does have free time, wine plays a major role in his off-work life.
“My wife and I collect wine, so pretty much all of our vacations revolve around wine, visiting wine spots around the world and doing wine tours and tastings and things of that nature,” Leek said. “We just love Barolo and Bordeaux, and we usually like an Old World style versus the New World.”
Leek breaks down CISOs into two categories: Those who are good at running things, and those who are builders.
“There are those who are great at running the firm, and that is great and much needed. They are more operationally driven,” he said.
“I’m a builder. That’s probably why I invest in startups, too. If you’re on the builder side, you’ve got to be very entrepreneurial. You’ve got to figure out how to push limits, but not push too hard. And you’ve got to take risks.”