Carlos Alberto Silva has spent over 20 years at the intersection of technology, corporate development, and investment. He’s done M&A across Europe, the US, and Israel. He built and sold one of the largest independent managed security service providers in Europe. And several years ago, he and his partner arrived at a conclusion that would define the next chapter: Europe’s cybersecurity investment gap wasn’t just a problem. It was an opportunity.
33N Ventures — the firm he co-founded — is today one of the only VC funds in Europe dedicated exclusively to cybersecurity. With a first fund of $115 million now being deployed and a $200 million growth fund currently in the market, 33N sits at the crossroads of two converging forces: a continent finally waking up to its strategic vulnerability, and a threat landscape that isn’t waiting for anyone to catch up.
Carlos joined our 0100 Impact Talks to talk about what European cybersecurity is missing, why AI changes everything, and what kinds of founders are actually building the next generation of cyber infrastructure.
Europe represents 30% of global cybersecurity spending — but attracts only 12% of VC investment. How does that gap persist?
The short answer, according to Silva, is that Europe has the ingredients but not the structures. The talent is there. The market is enormous and growing. A solid seed ecosystem has developed over the past decade. What’s missing is the capital and conviction to take companies from the $1–10 million ARR stage to genuine global platforms.
“Europe today doesn’t have a single global cybersecurity platform — not listed, not even a large private one,” Silva said. “And that’s not an accident. It’s a structural gap.”
Part of that gap is rooted in how capital allocation works on this side of the Atlantic. European pension funds — despite managing trillions in assets — have historically allocated far less to domestic VC than their American counterparts. When they do invest in venture, they tend to follow track records, which means money flows to established US managers rather than building the next generation of European specialists.
The result is a well-documented cycle: strong European companies get noticed, often by US investors who then redirect those companies toward American markets and hiring — effectively draining the talent and knowledge base that built them.
“If I’m an American investor, I invest in a European company, I’ll push it into the US with my network,” Silva explained. “And very soon, a company that was born in Europe ends up being an American company. That’s the knowledge and value shift we need to stop.”
Why 33N invested globally from day one
33N was built with a deliberate paradox at its core: a European cybersecurity fund with a mandate to invest globally. At least 50% of the portfolio is European, but the fund actively targets companies from the US and Israel as well — and the current portfolio is, if anything, more European-weighted than expected.
The logic isn’t diversification for its own sake. It’s about avoiding a blind spot. In cybersecurity specifically, where the US and Israel represent the most mature and competitive markets at the growth and later stages, staying exclusively European would mean missing both the benchmark and the ecosystem that the best European companies eventually need to plug into.
“We are not in the game of creating European champions. We are in the game of creating global champions coming out of Europe,” Silva said. “At some point, they need American investors who can help them expand into the US. That’s part of the value chain — not a failure.”
This global lens also shapes the firm’s value proposition to founders. 33N’s competitive edge isn’t just capital. It comes directly from the firm’s operational history: building and selling an MSSP through four acquisitions gave the partners a dense European distribution network — channel partners, large enterprise customers, design partners — that US-based competitors simply don’t have.
“Our value proposition to a US company wanting to enter Europe is very different from a US investor pushing that company back home,” Silva said. “We can actually accelerate their European market expansion, which is genuinely hard because the market is so fragmented.”
The LP story: who actually backs a first-time cybersecurity-specialist fund in Europe?
When 33N began fundraising in 2023, it faced the standard first-time fund challenge: institutional investors that require track record before writing checks were largely off the table. The fund had invested in roughly 20 companies at that point and had strong returns — but technically, by institutional definitions, it was a first fund.
What worked instead was a different LP profile: large banks, insurance companies, operators of critical infrastructure, and family offices. These are organizations that already understand cybersecurity as a strategic priority — not an asset class they need to be convinced about — and who saw the logic of getting specialist exposure through a dedicated fund rather than navigating the sector alone.
“When they realized the ecosystem is overwhelming, it made sense to partner with someone specialized,” Silva said. “Fundraising is never easy. But it was fairly clear once people understood the thesis.”
The growth fund now in the market is targeting $150 million, with several Fund One investors already committed and new LPs showing strong early interest. Silva noted that the EIF is also preparing a significant fund-of-funds initiative specifically focused on cybersecurity and defense VCs in Europe — a development that, once public, he expects will act as a catalyst for further private capital into the sector.
AI and the compounding threat surface
One of the more striking threads in Silva’s worldview is how he thinks about AI — not as an opportunity for portfolio companies per se, but as a structural accelerator of the threat landscape itself.
The pattern, he argued, is consistent: every new technology wave creates new attack vectors. Cloud computing expanded the digital footprint and brought a new generation of cloud-native threats. AI will do the same, but faster, and with compounding effects.
“The attackers use the same technology to attack you,” Silva said. “So you adopt AI, you increase your attack surface, and the adversaries are ahead of you in how they exploit it.”
What’s new with AI, specifically, is the nature of what can now be stolen or compromised. Traditional data theft — customer records, financial information — is well understood. The emerging category is different: AI agents handling knowledge-intensive tasks, autonomous systems making operational decisions, models trained on years of institutional knowledge. If those are compromised, the exposure isn’t a dataset. It’s an entire organization’s accumulated intelligence.
“Imagine a company running entirely on AI agents. What’s the attack surface? It’s data, information, knowledge, wisdom — the entire intellectual capital of that company. If that’s stolen, there’s nothing left.”
This is driving portfolio activity directly. 33N’s latest investment — not yet public at the time of recording — is a company building AI-driven systems to predict attacks that are physical, digital, or hybrid, by correlating hard-to-find signals into threat likelihood scores for governments, law enforcement, and critical infrastructure operators.
The founders who build in this space
Finding those companies isn’t straightforward. The global cybersecurity startup universe encompasses roughly 4,000–5,000 active companies at any given time, with significant churn as companies are acquired, pivoted, or absorbed by large platform players. The spaces themselves evolve: the most pressing threat categories today may not be the same two years from now.
33N’s approach is continuous — maintaining a live map of emerging threat areas, identifying the companies attacking those problems early, and building relationships long before a term sheet is on the table. “When the time comes to invest, we’re typically already there,” Silva said.
The founder profile in the portfolio reflects the nature of the domain. Second-time founders predominate — people who’ve already navigated a company through the hard parts and know what not to do. Deep technical backgrounds are standard. And in a sector where the problems are genuinely hard and the stakes are genuinely high, a certain kind of conviction and resilience separates the people building category-defining companies from those building features.
“We have, in our portfolio, unique characters,” Silva said. “People with extreme conviction, resilience, ambition. Those are the ones changing the ecosystem.”
Carlos Alberto Silva is the Founding Partner of 33N Ventures. This conversation was recorded for 0100 Impact Talks, a podcast series exploring investment perspectives from LPs and GPs in private equity and venture capital. Visit 0100conferences.com for upcoming events.
