Ah, spring. Nothing like leaving an East Coast spring snowstorm to arrive in the full bloom of Silicon Valley -- magnolias everywhere, the air redolent with eucalyptus.

I wrote last week about my trip west for a panel presentation on cutting-edge biotech, and this week share that same voyage's visit to another corner of Valley innovation: a security software startup. It's not yet public, but it offers aggressive investors a glimpse of a company we may be able to consider if and when the IPO market revives.

The safe network and website
What's safe? Is Coke (NYSE:KO) or Merck (NYSE:MRK) or a Treasury bond a safe investment, Latvia or Vanuatu or Baghdad a safe place to live? Even a safe investment can have off days or years, and a safe place contains dangerous neighborhoods. It's relative, and we balance cost and benefit. We might spend a little for PC antivirus software, for example -- perhaps Norton from Symantec (NASDAQ:SYMC) or PC-Cillin from Trend Micro (NASDAQ:TMIC).

But you can bet that an eBay (NASDAQ:EBAY) or huge bank is going to pull out the stops to make websites and networks as safe as humanly possible -- and then some. When billions of dollars in worldwide commerce depend on secure networks and websites, can they ever be safe enough? While business investment may be down, a CIO is expected to spend to maintain and enhance network and Web security.

So, with a market still vital and increasing, security software is not only a fertile and evolving space for innovation, but also for venture capital investment. Symantec itself has invested in another security firm, the Campbell, Calif., startup Cenzic, maker of Hailstorm software quality-assurance products.

Offering efficiency
A friend of mine works at Cenzic and arranged for me to tour the offices with CEO Alan Henricks, a Silicon Valley veteran who took software companies Borland (NASDAQ:BORL) and Documentum (NASDAQ:DCTM) public, among others.

Current and potential venture investors, take note: This company will spend your money well. It's got a budget address and spartan surroundings -- no money wasted on Louis-the-whatever furniture or expensive art. Everything about the place says this company takes its business and future seriously, though not without requisite techie whimsy -- down one hall, I gingerly navigated foam cushions, labelled to tease one software developer and provide an obstacle course to his office.

Meeting Henricks, I quickly found it hard to maintain journalistic neutrality, for three reasons. First, because Henricks has a finance and CFO background, he's comfortable with the language of financial analysis -- the Foolish writer and investor's second tongue. Second, his experience and reputation for integrity come not only from stints at 10 companies, including several successful Valley startups that went public, but also from blowing the whistle on the shenanigans at Informix -- and not giving interviews about it. Solid. And finally, I pressed him for background of a family getaway, only to learn it's in upstate New York, the playground of my younger years.

So, you have my full disclosure.

Why Hailstorm?
Henricks explained that both networks and Web applications are more and more vulnerable to attack because company and customer software is now more incestuous than Oedipus and his mother. Think Wal-Mart's (NYSE:WMT) supply chain or eBay's website, and the billions of interactions that take place, often with little or no human supervision. Imagine the opportunities for mischief and potential business exposure to loss.

And yet, Henricks also asserted that the typical large enterprise model for security testing of networks and applications software is in deep trouble. Take huge financial services firms that produce hundreds and thousands of customized applications annually. Their IT engineers develop software, and then outsource the testing to consultants for maybe $250,000 and a month's work. It's no surprise that those IT departments have become major bottlenecks because of the volume of work and the cost in a time of corporate belt-tightening.

Both Hailstorm offerings -- Hailstorm Web and Hailstorm Protocol Modeler -- let IT professionals build security into their applications and network software development processes, rather than leaving it for highly paid outside consultants. Cenzic's tools enable developers to test their work effectively in the process, saving time and money and reducing or eliminating the bottleneck. Hailstorm Web for Web applications software is brand new, while Protocol Modeler, aimed at networks, has been on the market and selling for around a year. These two products offer compelling value for companies looking not only for security, but also for efficiency and cost savings.

Though the company has the first-mover advantage, there is competition from privately held and better-funded Sanctum, and potentially from larger companies that may see enough market potential to go after it. For now, with two rounds of financing and smart backing from Symantec and top Valley venture capital firms, and with products on the market, Cenzic is well-positioned for the next round of cash that Henricks says it needs this year.

Hangin' with the homies
There's another advantage at Cenzic. When I stretched out in the software engineer bullpen among the computers, tables, chairs, and every kind of those crunchy Asian snacks known to man, I found an electric environment of Extreme Programming -- and I don't mean what's been occasionally lampooned in Dilbert.

In the land of traditional, not extreme, programming, you rarely see developers work side by side, as I did that evening. Heaven forfend that software artists should do anything but craft their intricate designs alone, and leave them to other mere mortals to test, try to understand, and go crazy. As you might expect from a company whose product aims to improve the software development process, Cenzic developers collaborate, side by side. Whatever time this may add on one end (and many are not convinced it adds any) saves time and money on the other through higher quality and early fixes.

Not to mention that these guys were working late on a Friday night, too, and not so they could jaw with me, by the way.

Shaking the money tree
The company has a lot going for it -- innovative products on the market, experienced leadership, great staff, and smart backing. What's next?

The company says it will need more financing, Given that the market for initial public offerings of shares for venture-backed companies isn't exactly screaming right now, that financing will likely be more venture capital.

     Number of Venture Capital Gross
Year IPOs Backed* Proceeds
2003 (Q1) 5 ?? $1 bil. 2002 75 19 $25 bil.2001 91 21 $41 bil.2000 446 200 $108 bil.
*As opposed to spinoffs or long-profitable
private companies.

If it can find more cash, Cenzic will soldier on hoping for an eventual IPO. We won't be able to evaluate the company as a potential investment until it sells shares to the public, and we can then test it with at least a few quarterly reports. In the meantime, I'm rooting for it.

While keeping a large percentage of my portfolio in less risky investments, paying attention to valuation, and combing financial statements, I keep my eyes open for riskier investments with potentially higher return. Many new ideas and businesses will be born and die, and a few will prosper. When opportunities appear, in one way or another, I want a share.

They may not be partying like it's 1999 in Silicon Valley, but innovation lives on (and, of course, elsewhere, too). And if they ever bring those sky-high housing prices down to earth, I might just have to head out there and start Fool West.

If you see promise in industries and companies today, tell us on our Rule Breaker discussion board. (Did you know our boards are the best on the Web? Our always-on Best-of List gives you many reasons why, and you can enjoy them all with a painless 30-day trial!

Have a most Foolish week!

Tom Jacobs (TMF Tom9) wants to know if security software will address his insecurities. While you ponder, you may find his columns in his archive and his stocks on his profile . Enjoy stock ideas you won't find anywhere else each month in The Motley Fool Select! Motley Fool writers are investors writing for investors .