One of the most successful VCs in cybersecurity, Ted Schlien, names 3 new trends to watch

• One of Kleiner Perkins longest-serving investors quietly launched a firm to specialize in security startups.
• Ted Schlein now runs Ballistic Ventures, “a firm that was completely different” than others, he says.
• Schlein sees three big new security markets, including an area he’s “most scared about.”

Ted Schlein quietly left storied venture capital firm Kleiner Perkins after a couple of years of messy restructuring to launch his own firm, Ballistic Ventures, in December 2021, armed with $300 million for a first fund.

Schlein, a star investor at Kleiner Perkins after a career at Symantec, is one of the most well-known names in cybersecurity investing. His accomplishments include the acquisition of companies such as ArcSight, Carbon Black, CoreOS, EdgeSpring, LifeLock, Mandiant, Shape Security, and many others.

He says of Ballistic, “I wanted to create a firm that was completely different than all of the firms.”

He claims to have accomplished this in a variety of ways. First and foremost, Ballistic only invests in early-stage cybersecurity startups, primarily Series A but also some seed. That could be riskier for someone with less of a track record because security startups are much more likely to exit through acquisition rather than IPO.

This is due in part to the fact that strong security startups tend to command higher-than-average acquisition prices, according to Schlein. “It is not regarded as the lesser of two evils.” “Wow, someone’s willing to pay me 10, 20, times future revenues?” he says.

However, he notes that this characteristic is changing as more security companies, such as Crowdstrike, Okta, and SentinalOne, enter the public market.

Another way he wanted Ballistic to stand out is that his fund’s partners and co-founders are all former executives at security firms — or, in VC parlance, “operators.”

And Ballistic is also incubating startups, which means hiring people to build and run their own ideas while Ballistic retains majority ownership.

Schlein is the first to admit that obtaining a term sheet from Ballistic may be considered “expensive capital,” but “we’re worth it,” he says. His fund typically requires a 20% stake in exchange for the “craftsmanship model of venture.” “It’s very hands-on, with a lot of touch and business building,” he says. “So you’ve come to us only because you want to build a pretty awesome cybersecurity company.”

Trends in security startup

Schlein sees three major trends for next-generation cybersecurity startups right now.

One example is what he refers to as “workload-to-workload identity.” Through their application programming interfaces (APIs), apps in the cloud are constantly asking other apps to share data or perform tasks together. Companies must ensure that these apps are who they claim to be and not a forgery API run by a hacker. Aembit, a startup backed by Ballistic, is working on this. Others that address API security include 42Crunch, Akto, Cequence Security, and Data Theorem.

Another hot area, according to Schlein, is “shift left” security, or “security from the inside out,” which means security is baked into code development rather than being thought about later by the IT department. Schlein has been an advocate for this for decades, having backed one of the pioneers in the space, Fortify Software, which was acquired by Hewlett-Packard in 2010.

However, the concept is now becoming more popular, providing more opportunities for startups that provide such tools to developers. While at Kleiner Perkins, Schlein invested in startup Apurio and wrote a check to ArmorCode at Ballistic. Snyk and Veracode are two other examples in this field.

The “weaponization of an open democracy,” or new forms of disinformation, is perhaps the most significant and terrifying new security trend he sees. “This is something I am both passionate about and terrified of.”

He claims that disinformation should be treated as any other malware in which technology can solve the problem, despite the fact that the intent is “hacking your mind, not hacking a network.”

To that end, he’s backed a startup called Alethea, which monitors for disinformation for corporations, and he’s also incubating a new startup in this space, which is still in the works.

He is not the only one who sees this as an area ripe for technological intervention. Truepic (which helps authenticate photos); VineSight for disinformation monitoring; and ActiveFence for content detection and moderation are among the other startups working on various ways to combat disinformation.