Former Kleiner Perkins VC Ted Schlein Explains Cybersecurity Trends, His New Firm Ballistic Ventures | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

  • One of Kleiner Perkins longest-serving investors quietly launched a firm to specialize in security startups.
  • Ted Schlein now runs Ballistic Ventures, “a firm that was completely different” than others, he says.
  • Schlein sees three big new security markets, including an area he’s “most scared about.”

After helping storied venture capital firm Kleiner Perkins land on the other side of a couple of years of messy restructuring, Ted Schlein quietly left to launch his own firm, Ballistic Ventures in December, 2021, armed with $300 million for a first fund.

Schlein had been a star investor at Kleiner for 27 years after a career at Symantec, and is one of the best-known names in cybersecurity investing. His successes include acquired companies like ArcSight, Carbon Black, CoreOS, EdgeSpring, LifeLock, Mandiant, Shape Security, many others.

At Ballistic, he says, “I wanted to create a firm that was completely different than all of the firms.”

He’s done that in a few ways, he says. First, Ballistic only does early rounds in cybersecurity startups, mostly Series A but also some seed. That might be riskier for someone with less of a track record because security is an area of tech where the startups are much more likely to exit through acquisition than IPO.

That’s partly because strong security startups tend to command higher-than-typical prices when acquired, Schlein says. “It’s not viewed as the lesser of two evils, if you will. It’s actually, wow, somebody’s willing to pay me 10, 20 times future revenues?” he says.

But he also points out that this characteristic is changing as more security companies make it into the public markets like Crowdstrike, Okta, and SentinalOne.

Another way he wanted Ballistic to be different is that his partners and co-founders in the fund are all former executives at security companies — or in VC speak, they are “operators.”

And Ballistic is also incubating startups itself, meaning hiring the folks to build and run an idea of their own with Ballistic holding on to majority ownership.

Schlein is the first to admit that winning a term sheet from Ballistic could be considered “expensive capital” but, he says, “we’re worth it.” His fund typically wants a 20% stake, and in exchange founders get the “craftsmanship model of venture. It’s very hands-on, lots of touch and company building,” he says. “So you only come to us because you want to build a pretty awesome cybersecurity company.”

Security startup trends

Schlein says he currently sees three big trends for next-gen cybersecurity startups.

One is what he calls “workload-to-workload identity.” With cloud computing, apps are constantly asking other apps to share data or perform tasks together through their application programming interfaces (APIs). Companies must ensure these apps are who they say they are, and not a pretender API run by a hacker. Startup Aembit, backed by Ballistic, is working on this. There are a host of others addressing API security too such as 42Crunch, Akto, Cequence Security and Data Theorem.

Another area Schlein says is hot is called “shift left” security, or “security from the inside out,” which means security is baked into code development, not just thought about later by the IT department. Schlein has actually been an advocate of this for decades, since he backed one of the OGs in this space, Fortify Software, acquired by Hewlett-Packard back in 2010.

But the idea is now going mainstream, granting more opportunity for startups that offer such tools to developers. While at Kleiner, Schlein backed startup Apurio, and wrote a check at Ballistic for ArmorCode. Other examples in this field include Snyk and Veracode.

But perhaps the biggest and most terrifying new security trend he sees is the “weaponization of an open democracy,” meaning new forms of disinformation. “This is what I am quite passionate about and most scared about.”

He says disinformation should be treated like any other malware where tech can solve the problem, even though the intent is “hacking your mind, not hacking a network.”

To that end, he’s backed a startup called Alethea, which monitors for disinformation for corporations and says he’s incubating a new startup in this area, too, still in stealth.

He’s not the only one that sees this as an an area ripe for a technology solution. Other startups working on various ways to combat disinformation include Truepic (which helps authenticate photos); VineSight for disinformation monitoring, ActiveFence for content detection and moderation.


Click Here For The Original Source.

National Cyber Security