Disrupting Cybersecurity: A CISO-Investor's Blueprint for Industry Innovation
Westcap's Christian Schnedler shares his journey from protecting NYC during Occupy Wall Street to identifying the next generation of cybersecurity innovators, revealing why identity management represents the industry's most critical frontier.
From Counterterrorism to Cybersecurity: The Unconventional Path of a Security Investor
Session Summary
In this conversation from RSA Conference with Bishop Fox's Alan Cecil and Tom Eston, Christian Schnedler provides a window into how his unconventional career path shapes his approach to cybersecurity investment at Westcap. Schnedler begins by recounting his early career pivot away from defense contracting after an epiphany while staring at a wall of executive portraits—deciding he didn't want to spend fifty years becoming "an old white dude on a calendar in a lunchroom." This led him to join an Israeli security startup bringing counterterrorism technology from the West Bank to North America, launching what he describes as the first of three distinct chapters in his professional life.
The conversation takes a particularly compelling turn when Schnedler details his work with the NYPD during Occupy Wall Street, where he discovered that Anonymous and LulzSec had infiltrated the protest movement. Tasked with assessing the city's vulnerability to hacktivism, Schnedler led a penetration testing team that delivered sobering news to NYPD leadership: their security posture was closer to "Whole Foods than Bank of America"—a prescient comparison given Whole Foods' subsequent breach. This experience crystallized his understanding that physical and digital security had become inseparable domains, a perspective that would inform his later work overseas and in the federal government.
Now leading Westcap's cybersecurity investment practice, Schnedler explains his approach to identifying promising growth-stage companies by listening carefully to CISOs, regulatory bodies, and increasingly, cyber insurers. Beyond market trends, he emphasizes the critical importance of management team composition and culture, particularly valuing curious founders willing to build strong executive teams around themselves. Looking toward emerging technologies, Schnedler identifies identity access management as his personal passion and cybersecurity's most fundamental frontier. He argues that strengthening identity verification will significantly increase attack costs by making it harder for adversaries to scale automated operations. The discussion concludes with Schnedler's perspective on AI creating a new "arms race" where defenders struggle with organizational constraints while attackers freely innovate, and an encouraging message for entrepreneurs to view challenging market conditions as an opportunity rather than an obstacle.
Key Takeaways
- Identity remains security's most fundamental challenge - Regardless of whether threats are physical, digital or hybrid, impersonation and identity manipulation continue to be attackers' most reliable vectors.
- Experience across security domains creates strategic insight - Schnedler's background spanning entrepreneurship, law enforcement, defense contracting and investing provides a multidimensional perspective on security challenges.
- Physical and digital security have become inseparable - The Occupy Wall Street experience demonstrated how physical protests and digital hacktivism can converge, requiring integrated security approaches.
- Management team quality trumps technology in growth-stage investments - Beyond innovative technology, Westcap prioritizes curious founders who build strong executive teams capable of scaling the business.
- AI creates an asymmetric advantage for attackers - While defenders struggle with organizational constraints around AI adoption, attackers freely leverage these technologies for increasingly sophisticated impersonation attacks.
- Cyber insurers increasingly influence security practices - Insurance companies are becoming significant drivers of cybersecurity trends and requirements alongside more traditional regulatory bodies.
- Economic downturns can accelerate cybersecurity innovation - Challenging market conditions create opportunities for entrepreneurs willing to offer competitive alternatives to established security providers.