Startup Lessons: Lexumo CEO on Why the Cybersecurity Firm Shut Down
Building a successful startup is hard. Pulling the plug when you think the company won’t make it can be hard, too.
Xconomy recently reported that Lexumo, a Boston-area cybersecurity startup that spun out of Draper Laboratory, called it quits in September. The two-year-old company had raised at least $4.9 million in venture funding from Accomplice, .406 Ventures, and Draper, the not-for-profit R&D center next to MIT. The startup was trying to commercialize software it said could help find and fix vulnerabilities in open-source software written for connected devices and embedded systems.
Most startups fail, but not many talk about what happened. In an e-mail to Xconomy, former Lexumo CEO Dan McCall (pictured above) shared some candid takeaways from the experience that might be useful for others working on early-stage companies—lessons about building teams, negotiating deals, fending off competitors, and more.
Here are the highlights of our exchange:
Xconomy: Why did you decide to shut Lexumo down?
Dan McCall: Lexumo was a seed-funded company and, as such, it’s not uncommon for this type of company to run into issues. Seeds are designed to prove out technology or evaluate the pull of a market, and a variety of factors played into the board’s decision to shut down the company. I would break it down into three factors, with something akin to the domino effect:
1. Technology: The spun-out technology was essentially a clever algorithm that allowed us to get better results for finding open-source software vulnerabilities in C/C++ programs on Linux-based operating systems. This lent itself well to embedded systems and the proverbial “Internet of Things.” It was not, however, a functional product, and, as such, required a large effort to productize as a service. While it worked well for C/C++ on Linux, the technology did not extend easily, as was hoped, to other languages and frameworks. This resulted in a large hole in our product offering.
2. Market/competitive landscape: The IoT/embedded market, while massive in reach, is fairly limited if one is selling to the manufacturers of these types of systems. With just hundreds of potential targets for the technology, it is a niche market measured in tens of millions of dollars.
On top of that, at least five competitive companies emerged in our first year of operation with a significant lead in both technology and customer traction, and [they] also had much higher levels of funding. The biggest of these is/was the market leader, Black Duck, which was recently acquired for over half-a-billion dollars by Synopsys.
3. IP/Licensing: While the specific terms of the agreement are under [a non-disclosure agreement], we had, in my opinion, onerous terms on the [intellectual property]/licensing from the spinout, based on the value the IP delivered. Things like royalty payments or market restrictions are not uncommon, however, they become onerous when a young company needs to count every dollar and wants unrestricted access to markets and potential acquirers.
The short version of the events leading up to our [shutdown] is that I recommended to our investors that we should expand beyond the IoT market and the original IP. This was well-received, and we had a term sheet to move forward, with one completely reasonable stipulation: As the IP that came with the spinout was not core to the company moving forward, we needed to renegotiate the terms of our IP/licensing agreement to conserve capital and make the company more attractive to future investors and potential acquirers. This entailed a significant effort that I’m sad to say did not succeed. [McCall wouldn’t confirm whom he was referring to, but Xconomy contacted Draper for a response, and a spokesman declined to comment.—Eds.]
Without that success, I recommended to the board that we should transition our efforts to an orderly shutdown with a goal of taking care of our employees and customers to whatever degree possible. (We were close to out of money at that time). [McCall said nearly all of Lexumo’s 15 former employees have found new jobs.—Eds.]
X: What sort of traction had the company gotten?
DM: At the time we shut down, we had half a dozen customers, dozens of prospects, and a couple hundred thousand [dollars] in bookings. All were using the product for finding open-source vulnerabilities in embedded-type systems (both consumer products and industrial products). In an effort to keep our customers whole [after the shutdown], we reached out to Black Duck, who graciously agreed to honor various contracts and move our customers over to their platform. As far as I know, this was successful.
X: Any lessons from what happened?
DM: At the time I joined, I was enjoying some time off between startups with little opportunity cost and my eyes wide open. There was definitely a lot of upside to the business if the technology reached its described potential. However, I knew we had technology risk and potential problems with the size of the market. A key part of my job was to help our investors make a realistic assessment of the value of the business, and I think I did that. Certainly, I could have made changes to the team and done things differently that would have improved certain aspects of the business (particularly around identifying technology issues sooner). However, I think the market factors and IP/licensing issues would have remained huge stumbling blocks for us.
A couple of lessons, moving forward. If I choose to join another startup (rather than start my own), I will spend a lot more time up front figuring out if the team has the requisite skills to build the system/product. You only get one shot at this in your initial financing round. If you don’t do it exceedingly well, you are in trouble. There’s no learning on the job in a technology startup, and that sets a high bar for people building pretty much anything other than a mobile/web app.
I would also spend more time discussing market sizing with the board, regardless of the long-term potential. In Lexumo’s case, it was easy to get blinded by IoT (“It’s going to be huge!”) because I could never make the math work on how we were going to be huge focusing on it. Ultimately, for any good idea, it is still all about timing. We were early in a small market and late to a big market.
X: What’s next for you?
DM: I’m currently very excited about a potential startup in the [application programming interface] management and compliance space. It’s like the “Wild West” again for IT managers, trying to figure out what’s going in and out of their organizations through APIs. And the use of APIs in business is growing at a phenomenal rate. I’m working with an old colleague from my days at Shiva Corporation, who has built some fantastic technology in this space. Just need to go out and raise some money and get back in the game.