Ballistic Ventures

Ballistic Ventures is not a generalist VC trying to dabble in security. It is a venture capital firm singularly dedicated to early-stage cybersecurity and cyber-related companies — and it was built by people who have spent decades doing exactly what founders are trying to do: defending digital infrastructure at scale.

The firm closed its oversubscribed $360 million Fund II in March 2024, just two years after launching Fund I, demonstrating that LPs have strong conviction in a team that has already seen multiple portfolio companies get acquired. Veza was acquired by ServiceNow. Talon Cyber Security was acquired by Palo Alto Networks. Pangea was acquired by CrowdStrike.

With partners like Ted Schlein — who spent 30 years at Kleiner Perkins and over 40 years in cybersecurity — and backing from Mandiant founder Kevin Mandia, Ballistic Ventures brings something rare to the table: operators who have built, funded, and scaled security companies before writing checks themselves.

The firm manages a portfolio of over twenty active cybersecurity companies, deploying capital across seed, Series A, and Series B rounds with check sizes ranging from $500,000 to $10 million. Their stated mission is simple and narrow: fund and incubate innovations in cybersecurity and nothing else.

This comprehensive guide covers everything you need to know about positioning your startup for Ballistic Ventures, including their real investment thesis, actual portfolio companies, typical check sizes, and practical advice for getting a meeting.

Ballistic Ventures invests exclusively in early-stage cybersecurity companies. There is no split focus, no adjacent verticals, no fintech or consumer plays. The firm is singularly devoted to founders building the next generation of tools that protect digital infrastructure.

The partners have collectively spent over 86 years operating in cybersecurity roles — not just investing in the space. They have founded companies, led security teams, and navigated incident response at scale. This means when a founder describes a product architecture or a competitive situation, the partners already understand the nuance.

The firm's stated thesis centers on finding founders who understand the "nuances facing new security startups" — not just founders with a novel technical approach, but those who understand how security products get sold, how enterprise procurement works, and how to build a sustainable business in a market dominated by incumbents.

Ballistic Ventures prefers to lead or co-lead rounds, providing not just capital but operational expertise. The firm runs BallisticX, an incubation program designed to help earliest-stage cybersecurity concepts get to product-market fit before a formal seed round.

The investment committee evaluates companies across several dimensions: market size and trajectory, technical differentiation, go-to-market strategy, and — critically — the founding team's depth of domain experience. Ballistic explicitly seeks founders who have lived the problem they are solving, not just observed it from the outside.

Since launching two years ago, Ballistic Ventures has deployed capital across 18 companies tackling challenges spanning AI security, cloud infrastructure protection, identity and access management, ransomware defense, and more.

The March 2024 close of the $360 million Fund II was significantly oversubscribed, reflecting strong LP confidence in the firm's operator-led approach. The firm began raising with a target of $300 million and stopped at $360 million — a signal that demand for the fund exceeded supply.

Notable recent investments include Noma, an enterprise AI security platform where Ballistic led the $32 million Series A. The firm also led rounds in companies like Concentric AI (data security governance), SpecterOps (identity attack path management), and Oligo Security (runtime attack detection).

The portfolio also includes earlier-stage bets through BallisticX: companies like Aembit (secretless access for AI workloads), BreachRx (incident response automation), and OverAI (SOC automation in plain language) represent the firm's thesis that AI will reshape every category of security tooling.

In addition to new investments, Ballistic has been active in follow-on rounds, ensuring that portfolio companies have sufficient runway and support to reach inflection points without excessive dilution from new investors.

Ballistic Ventures portfolio companies span the full breadth of the modern cybersecurity landscape — from AI-native security operations to cloud infrastructure protection to enterprise browser security.

Veza, acquired by ServiceNow, built identity entitlements management tools that help enterprises understand who has access to what across their systems. The acquisition validated Ballistic's early bet on identity security as a critical enterprise need.

Talon Cyber Security, acquired by Palo Alto Networks, pioneered enterprise browser technology — essentially treating the browser as a security control point rather than just a productivity tool. The acquisition reinforced the thesis that security can be embedded directly into the tools workers already use.

Pangea, acquired by CrowdStrike, provided comprehensive security guardrails for AI application development — a category that became increasingly important as enterprises rushed to integrate LLM capabilities into production systems.

Among current portfolio companies, Concentric AI addresses data security governance, helping enterprises understand and control where sensitive data lives and who can access it. Noma secures AI innovation at enterprise scale, from build through runtime. SpecterOps focuses on identifying and remediating identity attack paths before adversaries can exploit them.

Other notable names include Oligo Security (runtime detection of modern attacks), Hypernative (proactive security for Web3 and digital assets), Mimic (ransomware detection and recovery), and Zip Security (all-in-one cybersecurity for mid-market companies).

Ballistic Ventures is explicit: they want cybersecurity founders who have deep domain expertise and understand the nuances of building and selling security products. A novel technical approach is necessary but not sufficient — the firm wants to see that founders understand how enterprises buy security, how products get integrated into existing infrastructure, and how to compete against well-funded incumbents.

The team evaluates potential investments based on market opportunity (is the addressable market large and growing?), product differentiation (does the company have proprietary technology or a novel approach that creates durable competitive advantage?), and go-to-market strategy (can the team sell effectively, either directly or through channel partners?).

Because the partners have operating experience in cybersecurity, they can push founders on technical architecture, competitive positioning, and product roadmap in ways that typical VCs cannot. Founders should come prepared to defend every assumption.

Ballistic prefers companies with business models that demonstrate clear unit economics and a plausible path to profitability or the next round. For early-stage companies, the firm looks for evidence of product-market fit — customer traction, retention metrics, and expansion revenue if applicable.

The founding team's depth matters. Ballistic has seen hundreds of cybersecurity pitches and can quickly assess whether a team has the credibility and experience to execute. Prior exits, relevant operational experience at security companies, and demonstrated domain expertise are all factors that improve a founder's odds with Ballistic.

The most effective path to Ballistic Ventures is a warm introduction from a portfolio founder, another tier-one VC who has worked with the firm, or a respected member of the cybersecurity community. Ballistic's partners actively source deals through their network — they are not primarily a cold-email firm.

Founders who do not have an existing warm connection should focus on building a relationship before pitching. Engaging with Ballistic's content, attending industry events where the partners appear, and getting introduced through a shared connection are all strategies that improve the odds of getting a meeting.

Cold outreach through the firm's website is a lower-probability path but can work if the company is squarely in Ballistic's focus area (cybersecurity only) and has metrics that demonstrate strong product-market fit. The pitch should be concise, specific about the problem and solution, and clear about why this team is uniquely positioned to execute.

When preparing for a meeting with Ballistic, founders should be ready for a technical and commercial deep dive. The partners will push on product architecture, competitive positioning, pricing strategy, and customer acquisition costs. Practicing the pitch and anticipating tough questions is essential.

Follow-up after an initial meeting is important. Ballistic typically takes several weeks to make investment decisions. Maintaining communication without being pushy — sending updates on milestones and key metrics — keeps the relationship active without creating friction.

Building a long-term relationship with Ballistic can pay off even if the current round does not result in an investment. The firm may be interested in future rounds, can provide introductions to other investors, or may be able to connect founders with potential customers or partners.

When Ballistic Ventures evaluates an investment, the partners dig into the financials — not just the top-line trajectory, but the underlying mechanics of how the business works. Understanding burn rate, runway, unit economics, and the path to profitability or the next round is non-negotiable for any founder pitching the firm.

Cybersecurity companies, particularly those selling to enterprises, often have complex financial profiles. Long sales cycles, contract structures, and usage-based pricing all create complexity that founders need to be able to explain fluently. Ballistic will challenge assumptions about market size and growth projections.

Working with a fractional CFO who understands venture-backed SaaS metrics can significantly strengthen a pitch. Professional financial guidance helps founders build accurate projections, prepare investor-ready financials, and confidently navigate due diligence questions.

For companies at the seed or Series A stage, Ballistic looks for evidence of efficient growth — strong net revenue retention, reasonable customer acquisition costs relative to lifetime value, and a business model that can scale without proportional cost increases.

Key metrics for security companies often include ARR benchmarks growth, net revenue retention, average contract value, and time to close. Founders should know their numbers cold and be prepared to explain not just what the metrics are, but why they reflect a business that can reach scale.

Financial projections should be grounded in evidence and realistic about execution risk. Ballistic will scrutinize assumptions and challenge rosy projections. Founders who can articulate a credible path to profitability or the next milestone round will stand out.

Whether you are preparing to pitch Ballistic Ventures or other top cybersecurity VCs, professional financials and a clear understanding of your unit economics can set you apart from founders who have not done the work. Investors want to see that you understand your business deeply — not just the product, but the financial model underneath.

Exploring other venture capital firms? Our comprehensive collection of VC firm reviews covers hundreds of investors across all stages and sectors.

Each review provides detailed information about investment criteria, portfolio companies, and tips for securing funding. Whether you are looking for seed-stage investors focused on your specific vertical or growth equity firms that write larger checks, you will find valuable insights in our VC firm guides.

Finding the right investor for your startup is crucial to your success. Take the time to research potential investors and understand their investment thesis before reaching out.

Our guides cover major venture capital firms as well as emerging managers that may be a better fit for your company's specific needs and stage.