Ten Eleven Ventures

Ten Eleven Ventures stands apart in the venture capital landscape as one of the few firms exclusively dedicated to cybersecurity investments. Founded by industry veterans who understand the攻防 dynamics of enterprise security, the firm has built a portfolio that includes category-defining companies like Darktrace, Cylance, and KnowBe4. Understanding EBITDA multiples in growth-stage valuation is valuable for any founder.

This specialized focus gives Ten Eleven an unusual depth of expertise that generalist VCs cannot match. When a founder pitches a new approach to endpoint protection or AI-powered threat detection, they're presenting to investors who have already seen what works—and what fails—at scale.

The firm's multi-stage approach spans Pre-Seed through Series B, with check sizes ranging from $3M to $15M. This flexibility allows Ten Eleven to back promising teams early and continue supporting them through critical growth phases. Their portfolio includes both venture-stage companies still proving product-market fit and growth-stage companies operating at scale.

Ten Eleven's founding team—including Alex Doll, who scaled ArcSight through its IPO and $2.2B acquisition—brings operator experience that translates into hands-on portfolio support. This isn't passive investing; it's mentorship from people who've navigated the same challenges founders face.

For cybersecurity founders seeking capital, understanding how Ten Eleven evaluates opportunities can mean the difference between a funded raise and months of frustration. The firm's investment criteria reflect deep knowledge of what enterprise buyers actually purchase and how security startups can reach them effectively.

Ten Eleven Ventures operates from a single conviction: cybersecurity deserves dedicated capital because the threat landscape evolves faster than generalist investors can track. The firm was purpose-built to fill the gap left by VCs who treat security as one of many vertical interests. Understanding scaling ARR benchmarks with unit economics discipline is valuable for any founder.

The investment thesis centers on three pillars. First, the firm seeks companies addressing fundamental, persistent problems—data breaches, ransomware, identity theft—rather than point solutions that become obsolete as attackers shift tactics. Second, Ten Eleven prioritizes technical differentiation: novel approaches to detection, prevention, or response that leverage architectural advantages. Third, the firm looks for businesses with clear paths to enterprise adoption, whether through channel partnerships, direct sales, or platform integration.

Within cybersecurity, Ten Eleven maintains interest across the full stack: endpoint security, network protection, identity and access management, cloud security, threat intelligence, security operations, and emerging areas like AI-powered defense and privacy-enhancing technologies. The common thread is technical depth—companies building genuine innovation rather than marketing Layer.

What distinguishes Ten Eleven's thesis is the expectation that portfolio companies operate globally from inception. The firm actively facilitates introductions across North America, Europe, and other security markets, recognizing that sophisticated cyber threats are borderless and enterprise customers multinational.

Ten Eleven has maintained consistent deal flow throughout 2024 and 2025, deploying capital across the cybersecurity spectrum. The firm's 2025 investments include Furl (security automation), Geordie (threat intelligence), and Guardare (endpoint protection), demonstrating continued conviction in early-stage opportunities even as some VCs pulled back from the sector. Understanding understanding burn rate and runway is valuable for any founder.

Notable 2024 and early 2026 investments show Ten Eleven's willingness to back newer categories within security. Fleet (2025) addresses device security for modern enterprise fleets, a problem that grows as organizations manage increasing numbers of endpoints and operating environments. HiddenLayer (2022) focuses on protecting machine learning models from adversarial attacks, a timely focus as AI adoption accelerates.

The firm's growth-stage portfolio remains active, with companies like Anchorage Digital (institutional digital asset custody) and Feedzai (financial fraud prevention) scaling internationally. Ten Eleven has demonstrated ability to write initial checks at the venture stage and participate meaningfully in growth rounds as companies mature.

Market conditions have led Ten Eleven to be more selective at growth stages, where valuations contracted significantly from 2021 peaks. However, at Pre-Seed and Seed, where the firm originated, deal flow remains robust. The firm sees opportunity in the current environment: talented security founders who might have previously joined large companies are now starting businesses, attracted by favorable unit economics and less competition for talent.

Ten Eleven's track record demonstrates the power of concentrated expertise in cybersecurity. Darktrace, which went public on the London Stock Exchange in 2021, represented a landmark exit that validated the firm's thesis around AI-powered threat detection. The company's autonomous response technology addressed a genuine gap in how enterprises handled fast-moving attacks.

Cylance, acquired by BlackBerry in 2019 for $1.4B, exemplified Ten Eleven's ability to identify technical founders with fresh approaches to old problems. Cylance's ML-based endpoint protection predated the category becoming mainstream, and the firm's early bet on algorithmic prevention rather than signature-based detection proved prescient.

KnowBe4, which reached public markets in 2021, addressed the human element of enterprise security through security awareness training. The company's growth reflected a simple insight: technical controls alone couldn't prevent phishing and social engineering; organizations needed to prepare their workforces as well.

Other significant holdings include Anchorage Digital (the first federally chartered crypto bank, serving institutional clients), Aura (consumer identity protection), Barracuda (cloud-connected security appliances), and Cyware (automated threat intelligence sharing). Each represents a distinct approach to security challenges that Ten Eleven evaluated through the lens of technical differentiation and enterprise adoptability.

Ten Eleven evaluates security startups through criteria refined across hundreds of evaluations and dozens of investments. The founding team matters first: the firm looks for operators who have personally navigated security challenges at scale, whether as practitioners protecting enterprise environments or builders who created security products at previous companies.

Technical differentiation is non-negotiable. Ten Eleven's due diligence includes review of product architecture, assessment of competitive moats (patents, proprietary datasets, exclusive partnerships), and evaluation of whether the technology solves problems that alternative approaches cannot. Marketing-led positioning without technical substance rarely progresses beyond initial calls.

Market timing separates successful investments from premature ones. Ten Eleven tracks adoption curves for security categories and prefers to enter when enterprise buyers are actively seeking solutions rather than when VCs first notice the trend. This requires pattern recognition that comes from decades of security market observation.

Business model quality receives scrutiny. The firm generally avoids companies with complex, relationship-dependent sales motions that require large teams to close deals. SaaS delivery, consumption-based pricing, and product-led growth all indicate business model characteristics that Ten Eleven views favorably. The goal is capital-efficient scaling that doesn't require endless venture rounds to reach profitability.

International potential matters because security threats cross borders. Ten Eleven actively supports portfolio companies pursuing global expansion from early stages, recognizing that European and Asian enterprise customers often provide faster adoption than US buyers for certain security categories.

The optimal path to Ten Eleven runs through warm introductions from the cybersecurity community. The firm responds more quickly to referrals from portfolio founders, other investors who know the security ecosystem, or industry executives who understand the technical landscape. Building relationships within the security community before fundraising accelerates access.

Cold outreach through the firm's website works when the technical differentiation is genuine and the company fits clearly within cybersecurity. The submission should lead with the specific problem being solved, the technical approach, and evidence of product-market validation. Generic enterprise software pitches that happen to include security features don't fit.

When preparing for an initial meeting, founders should expect deep technical questioning. Ten Eleven's partners will probe product architecture, examine how the solution handles edge cases, and explore whether the company can maintain differentiation as competitors respond. Preparing for technical due diligence separates confident founders from those relying primarily on slides.

The investment process typically moves from initial call to partnership meeting to due diligence to term sheet within 4-6 weeks for companies that advance. Ten Eleven can move faster when necessary—board-approved criteria allow partners to proceed without lengthy partnership consensus for the strongest opportunities.

Following successful investment, Ten Eleven provides active support including board participation, operational guidance, and introductions to customers and follow-on investors. The firm's network within enterprise security buying centers provides meaningful value beyond capital.

Even cybersecurity-focused VCs expect founders to demonstrate solid financial management. For early-stage security companies, this means clear visibility into customer acquisition costs, lifetime value, and the ratio between ARR benchmarks growth and net dollar retention. Ten Eleven tracks these metrics across its portfolio to identify companies likely to succeed in growth phases.

Burn rate and runway matter because security companies often require longer paths to profitability than consumer software. Founders should have realistic models showing how venture capital extends runway to key milestones—not arbitrary targets but genuine inflection points that justify higher valuations.

Security companies sometimes benefit from government contract opportunities that consumer startups cannot access. Understanding the landscape of SBIR grants, DARPA funding, and federal security initiatives can provide non-dilutive capital that extends runway while preserving equity.

Working with a fractional CFO familiar with security sector benchmarks helps founders present metrics that resonate with Ten Eleven's partners. The firm has seen hundreds of pitch decks; financials that reflect genuine understanding of unit economics and scaling efficiency stand out.

Whether preparing for Ten Eleven or other cybersecurity-specialist VCs, financial rigor signals operational maturity that enterprise buyers require. Security customers—particularly in financial services, healthcare, and government—demand vendors with professional financial management as a prerequisite to engagement.

Exploring other venture capital firms focused on cybersecurity and enterprise technology? Our comprehensive collection of VC firm reviews covers investors across all stages and sectors.

Each review provides detailed information about investment criteria, portfolio companies, and strategies for approaching fund managers. Whether seeking Pre-Seed capital or growth equity, you'll find guides tailored to the security founder's needs.

Finding the right investor alignment matters more in cybersecurity than in other sectors—technical specialization translates into genuine value beyond capital. Research potential investors' portfolios to ensure your category and stage match their demonstrated interests.