Fortune | February 15, 2023 By Lucy Brewster
Entrepreneur Jon Miller’s first foray into what would become his career in cybersecurity was attending hacker conventions at age 16. In high school, he was hired to do consulting work as a “penetration tester”—a role that involves testing a company’s security and then helping to fix the breach. Later, working as a hacker for Internet Security Systems, he met Ryan Smith, who was a vulnerability researcher at the firm: basically, prodding at systems like Windows to find out how the software could be exploited. Two years ago, the pair launched Halcyon, a ransomware defense software that helps companies prevent cyberattacks and equips them with defensive software, which is a novel development in cybersecurity tech.
That “offense to defense” strategy is exactly what Bob Ackerman looks for when he incubates and invests in early-stage cybersecurity startups with his firm, Allegis Cyber. Ackerman explained that he looks for founders that have spent their entire careers in cyber, and particularly have come out of the NSA or the Israeli equivalent, Unit 8200. “All of the innovation in cyber is actually paced by the offense,” he explained. “When you get to seed, there’s no revenue, there’s no product, and there’s no customers, so you’re really relying on [the founding team’s] domain expertise.”
Cybersecurity stands out from other sectors as especially technical and specialized—and right now it’s booming. As Fortune previously reported, the global cybersecurity market is expected to reach $403 billion by 2027—making the compound annual growth rate 12.5% from 2020 to 2027. VCs are searching for brilliant founders, and they’re often recruited to build tech with little to no business experience. (Many of the startups VCs have their eye on, or have invested in themselves, are incubated in cybersecurity foundries that recruit alums of national intelligence agencies to build cyberdefense tech.) VCs are looking to spot ideas that are differentiated and have a clear market application. “What you have to try to decipher is whether the problem that this business is solving is a feature, or is it truly a business?” says Maverick investor Matt Kinsella.
For this list, we asked the top VCs in cybersecurity to nominate startups. We asked them for names outside their portfolios, but read all the way to the bottom for some picks inside their portfolios.
R2C
Famed venture investor Ted Schlein likes R2C, a San Francisco–based software security startup. The company works with Semgrep technology, which functions as “spell-check for code” and is used by companies like Slack, Dropbox, and GitLab. Semgrep software is unique because it can search through huge volumes of code to find specific lines, which helps companies prevent data breaches and protect against attacks. R2C built a software around Semgrep that makes the technology more accessible and easier for companies to use and build the most up-to-date version of Semgrep.
R2C was founded in 2017 by Drew Dennison, Isaac Evans, and Luke O’Malley. In July 2021, the startup raised $27 million in a series B round led by Felicis, with participation from Sequoia and Redpoint, bringing their total funding to $40 million.
Halcyon
Ten Eleven Ventures investor Mark Hatfield pointed to ransomware defense startup Halcyon as a company to watch. Halcyon is an A.I. ransomware prevention software that both detects attacks before they happen and has designed a mechanism to defend against attacks while they are happening. Miller explained that what makes Halcyon unique is the technology’s ability to help software recover from an ongoing attack in real time. “You still have to deliver protection, but resiliency essentially has gone unfocused” in the cybersecurity industry, explained CEO and founder Jon Miller. “These are the best-funded attackers in history. You have to be adaptable and realize that you’re going to get pushed over at some point,” he said. “The question is how do you recover from [the attack] quickly, and reduce the impact from two months or two weeks down to five minutes.”
Founded in 2021 by Miller and CTO Ryan Smith, the company raised $20 million in seed funding from backers such as Syn Ventures. The company is currently in the midst of a another fundraising round.
HiddenLayer
A.I. is exploding in popularity as chatbots and machine learning-powered products roll out across industries. Yet with A.I. innovation comes the next generation of A.I.-powered cyberattacks. HiddenLayer, the startup nominated by Syn Ventures’ Jay Leek, aims to address the rise in machine-learning cyberattacks with its software.
The Austin-based A.I. cybersecurity startup operates a security platform that detects and prevents cyberattacks using machine learning. HiddenLayer’s product suite includes monitoring technology to survey software for attacks and security and reporting measures. In July 2022, the startup raised $6 million from backers including Ten Eleven Ventures and Secure Octane. The company was founded by Christopher Sestito, Tanner Burns, and James Ballard.
Graphiant
Investor Chenxi Wang, founder of cybersecurity fund Rain Capital, likes startup Graphiant. Graphiant was launched this year by CEO Khalid Raza and CTO Stefan Olofsson, who previously founded networking technology startup Viptela, which was acquired by Cisco in 2017 for $610 million. Graphiant uses a platform that helps businesses securely manage corporate networks. “Users must cross a digital wilderness the enterprise doesn’t control or have visibility into to access resources—paths across this digital wilderness change by the minute,” Raza wrote when launching the company. “Our goal is to solve enterprises’ challenges, connecting resources, clouds, and applications across this digital wilderness,” he added.
In December 2020, the startup raised $33.5 million in funding led by Sequoia and Two Bear. “Network security is built into the infrastructure in that Graphiant allows encryption all the way to the edge, reducing threat surface and delivering data security and privacy along with fast and dynamic connectivity,” explained Wang.
Noname
Cyberattacks are a company’s worst nightmare—so you better believe they’re willing to pay up for technology that prevents them. That’s why Iren Reznikov, investor at S Ventures, likes startup Noname. API security technology, which helps different software and hardware features to communicate, addresses data breaches such as those faced by Peloton, Facebook, and LinkedIn. In December 2021, Noname raised $135 million in Series C funding at an over $1 billion valuation after emerging from stealth in December 2020. Noname’s investors include Georgian, Lightspeed, Cyerstarts, and Forgepoint. “With API attacks on the rise, Noname delivers a complete end-to-end platform for discovery and monitoring of APIs, runtime protection, and API testing,” Reznikov said. Startup Wiz, recommended for the list by NightDragon managing director Morgan Kyauk, has made headlines recently for good reason: the cloud security startup, which launched in 2020, scaled from $1 million to $100 million in annual recurring revenue in just 18 months. In October 2021, the company raised $250 million in Series C funding a $6 billion valuation. Wiz’s cloud security platform identifies potential security holes across a company’s network.
The company was founded in January 2020 by Assaf Rappaport, Yinon Costica, Ami Luttwak, and Roy Reznik, who previously built the company Adallom, which sold to Microsoft for $320 million. Kyauk explained that he is particularly impressed by Wiz because they are dominating an established cloud security market, which includes competitors like Palo Alto Networks and Check Point. “Wiz was able to come in and out-execute the legacy incumbent vendors from a go-to-market and distribution perspective,” he said. “Now, they’re the market leader within this space and some of these incumbents are now trying to play catch up,” he added.
The cybersecurity startups VCs are betting on in their own portfolios
Finally, putting your money where your mouth is does actually speak volumes. So we also asked our VCs to highlight one portfolio company they are particularly excited about. Here’s what they said:
Dragos
Bob Ackerman of Allegis Cyber pointed to Dragos as a startup that is a prime example of founders using the “offense to defense” strategy in the development of cybertechnology. In 2021, Dragos raised $200 million in Series D funding at a valuation of $1.7 billion. Dragos secures industrial control systems like electrical grids, petrochemical facilities, and other critical infrastructure. The company was founded by CEO Robert Lee, chief data scientist Justin Caving, and CTO Jon Lavender in 2016 and was incubated in Maryland-based cybersecurity foundry DataTribes.
Noetic Cyber
Iren Reznikov of S Ventures highlighted Noetic Cyber. The company launched in 2021 with $20 million in total funding, including a new Series A round lead by Energy Impact Partners and including existing investor Ten Eleven Ventures. The company was founded by CEO Paul Ayers, CPO Allen Rogers, and Chief Architect Allen Hadden The platform “provides an easy way to identify and close coverage gaps in the cyber posture of an enterprise,” explained Reznikov. “As investors, we were impressed with Noetic’s strong platform capabilities and coverage for the modern tech stack,” she added.
Interpres
Mark Hatfield of Ten Eleven Ventures nominated startup Interpres, a security defense surface platform. In December 2022, the company launched with $8.5 million in seed funding from Hatfield’s Ten Eleven Ventures. Interpres was founded by CEO Nick Lantuh, Mike Jenks, Ian Roth, and Michael Maurer. The company “helps companies turn the chaos of their defense surface into something elegantly engineered and tailored to the company’s particular threat profile,” wrote Hatfield. “With intelligence from the platform, security teams can take a threat-informed perspective to understand exactly what their current tools can detect and defend against, and then consistently and iteratively improve their security posture.”
Alethea
Ted Schlein of Ballistic Ventures nominated misinformation mitigation startup Alethea from his portfolio. The startup’s machine learning platform analyzes and detects misinformation and social media manipulation across the internet. In November 2022, the company raised $10 million in Series A funding from Ballistic Ventures. The company was founded in 2019 by Lisa Kaplan.
BioCatch
Matt Kinsella, investor at Maverick Ventures, recommended behavioral biometrics startup BioCatch, which he described as a unique approach to identity security. The technology developed by BioCatch monitors users’ individual behavioral patterns on their device to detect when there is fraud. The company last raised $145 million in 2020 in a Series D round. The company was founded by Avi Rugemen, Benny Rosenbaum, and Uri Rivner. BioCatch was founded in 2011 and launched in 2020, yet Kinsella emphasized that he thinks the startup will be “one to watch” in 2023 as it gains traction.