BREAKING Ballistic Ventures closes oversubscribed $360M Fund II PROFILE Barmak Meftah - operator turned GP TRACK RECORD CEO of AlienVault through AT&T acquisition PORTFOLIO Aembit, Oligo, Concentric, Nudge, Veza, SpecterOps THESIS Cybersecurity only. No tourists. BREAKING Ballistic Ventures closes oversubscribed $360M Fund II PROFILE Barmak Meftah - operator turned GP TRACK RECORD CEO of AlienVault through AT&T acquisition PORTFOLIO Aembit, Oligo, Concentric, Nudge, Veza, SpecterOps THESIS Cybersecurity only. No tourists.
Edition No. 0420 - The Operator File
YESPRESS // PROFILE // CYBERSECURITY

Barmak Meftah

He ran AlienVault into an AT&T acquisition, ran AT&T's cybersecurity arm into the top five MSSPs on Earth, then walked away to write checks. Today he runs Ballistic Ventures - a $360M cyber-only fund - from a chair he built himself.

CO-FOUNDER · GENERAL PARTNER · BALLISTIC VENTURES · SAN FRANCISCO
Barmak Meftah
FILE PHOTO / BALLISTIC VENTURES
25+Years in security
$360MFund II - oversubscribed
6 yrsCEO of AlienVault
Top 5Global MSSP under his watch

Most cybersecurity VCs read pitch decks. Barmak Meftah has lived them. He has been the first employee, the acquired founder, the divisional president inside a Fortune 10, and now the person writing the first check. He has been every chair at the table - which is exactly the problem most founders need solved.

The Brief

A career that keeps rhyming

Today Barmak Meftah is co-founder and general partner of Ballistic Ventures, a San Francisco-based venture firm that invests exclusively in cybersecurity. Ballistic launched in 2022 with a $300 million debut fund and, in March 2024, closed an oversubscribed second fund at $360 million - a number that landed sideways into a market where most generalists were quietly down-sizing. Cyber-only funds are a small club. Cyber-only funds that hit Fund II in this market are smaller still.

The headline portfolio reads like a who's-who of the post-2022 security boom: Aembit and Oligo Security on runtime and non-human identity. Concentric AI and Nudge Security on data protection and SaaS sprawl. SpecterOps for offensive security. Veza for authorization. Talon for enterprise browsers - sold to Palo Alto Networks. The thesis is narrow on purpose. Meftah and his partners think security needs investors who can tell the difference between a feature and a category before the term sheet, not after the down round.

He arrived at this seat the hard way. Before Ballistic, he was president of AT&T Cybersecurity, the standalone division AT&T built around its 2018 acquisition of AlienVault. Before that, he spent six years as AlienVault's CEO, the company that built OSSIM into the de-facto open-source SIEM, then layered a commercial unified-security-management platform on top until AT&T noticed. Before AlienVault, he was vice president of HP's enterprise security products unit - a role he inherited when HP bought Fortify Software in 2010, where Meftah had been chief products officer and one of the first hires. Before Fortify, there was Oracle, where he ran products for the Oracle RDBMS on the Windows platform inside Server Technologies. Before Oracle there was Sychron and, earlier still, PricewaterhouseCoopers. There is a pattern: he tends to walk into rooms that later become important.

Read the resume sideways and you'll see a private map of the security industry's last three decades. Application security at Fortify, before AppSec was a budget line. SIEM and threat intelligence at AlienVault, before "managed detection" was a marketing slide. Managed services at AT&T, before the Big Telcos all decided MSSP was their second act. AI-era security at Ballistic, before the LLM panic became a category. The dates are not coincidences.

At Ballistic Ventures, we don't just build companies, we build relationships that open doors and facilitate the next generation of cyber tech, faster and with a stronger foundation than other VCs. - Barmak Meftah, Ballistic Ventures
The Operator Years

From RDBMS to OSSIM

If you want to understand how Meftah thinks, start with Fortify Software in the mid-2000s. Static analysis was a research curiosity. Application security was something companies did after the breach, not before. Meftah came in as chief products officer and helped translate a hard technical idea - find vulnerabilities by reading source code, not by attacking the running binary - into a category that customers would write checks for. When HP acquired Fortify in 2010, he moved up into HP's enterprise security products unit, eventually overseeing the Fortify and SPI Dynamics business units. He learned, quickly, what it feels like to be the acquired founder inside a much larger machine.

In January 2012 he took over as CEO of AlienVault. The company sat on top of OSSIM, an open-source SIEM with a global community and a commercial product that needed sharpening. Six years later, AT&T bought it. The path was not linear and was not painless. It included a brand reposition around unified security management, a doubling-down on the Open Threat Exchange, and a long, patient bet that mid-market companies would eventually need the same threat intel that defended the Fortune 100.

Then came AT&T itself. After the acquisition closed in 2018, Meftah became president of the new AT&T Cybersecurity division - reporting to the CEO of AT&T Business, running a global team, and folding AlienVault's products into a managed services portfolio that became, by industry rankings, one of the world's five largest MSSPs. It was the kind of role most operators would settle into for a decade. He stayed long enough to land the integration, then started planning his exit.

The Pivot

Why he became a VC

By 2021, Meftah was deep in conversations with people whose names you know: Kevin Mandia, founder of Mandiant. Ted Schlein, the longtime Kleiner Perkins partner who has backed more security companies than anyone alive. Jake Seid, the growth investor. Roger Thornton, the technologist who has been inside the engine of half the public security companies you can name. The group had collectively founded, funded, or operated more than 100 cybersecurity firms. They had spent decades reading each other's term sheets from across the table. They decided to be on the same side.

Ballistic Ventures launched publicly in early 2022 with a $300 million debut fund and a thesis that was almost provocatively narrow: cybersecurity only, early stage, operator-led, with the firm acting closer to a co-founder than a board observer. Two years later, in March 2024, they closed Fund II at $360 million - oversubscribed, in a quarter where the broader venture market was, charitably, brutal. The LP base voted with its wallet. So did the founders.

What Ballistic offers - and what Meftah specifically offers - is something hard to put on a website: the muscle memory of every chair you'll sit in as a founder. He has built the first product. He has shipped through the channel. He has answered to a strategic acquirer. He has integrated a portfolio into a Fortune 10's roadmap. He has hired the third VP of sales after the first two didn't work. When his founders call at 11pm with the kind of question that doesn't have a clean Google answer, they're not calling a banker.

The Thesis

What he's betting on now

Read Ballistic's portfolio and the through-lines are clear. Identity is exploding sideways, especially for non-human and machine identities - the workloads, the agents, the AI services. Aembit is one bet there. Data protection is being rewritten for SaaS and AI workloads - Concentric AI and Nudge Security live there. Runtime security and software composition analysis are getting a hard rethink in the era of LLM-generated code - Oligo Security sits in that lane. Offensive security tooling is graduating from red-team boutique to enterprise function - SpecterOps. Authorization - the under-loved sibling of authentication - is finally getting its category at Veza. Browsers became the security perimeter, which is why Talon mattered enough for Palo Alto Networks to acquire it.

None of these bets are accidents. They are the same map Meftah has been drawing since Fortify - find the function inside the security stack that everyone needs but nobody owns yet, fund the team that can own it, and don't get distracted by the adjacent shiny thing. Meftah talks about his team mentoring CEOs through "the complexities and challenges of building great teams and companies." It sounds like boilerplate until you remember he is the one who has been those CEOs.

The AI security wave is the loudest current theme - prompt injection, model supply chain, autonomous-agent guardrails, deepfake detection, the whole carnival. Ballistic's keyword cloud reads like the table of contents for the next three RSA conferences: AI lifecycle security, malicious deepfake detection, security for AI development, identity security, non-human identity management, cloud security automation, runtime security. Meftah is positioning the firm for a multi-year window where every enterprise rebuilds its security stack around models and agents instead of just users and endpoints.

The Human

Off the org chart

The career sketch is the easy part. The person is harder. Meftah holds a master's in computer science from the University of San Francisco - a city he never really left. He is, by his own description on the Ballistic site, a city boy who plays rockstar guitar. It's the kind of throwaway line that should not survive three corporate bios but somehow has. Take it as a signal that he is comfortable saying things on a venture firm's official website that most general partners would scrub.

He shows up at RSA. He sits on industry panels. He writes occasionally for Dark Reading. He is not, by any measure, a Twitter-famous VC; the cyber-Twitter-industrial complex moves on without him and he seems content with that. The visible communication tends to flow through LinkedIn, through portfolio company milestones, and through long-form podcast conversations where he can actually answer a question instead of headline it.

Watch how Ballistic's partners talk about each other and you'll notice the language is closer to a band than a fund. Five co-founders, four of them with operator backgrounds, one straight-line VC. They've worked together, sold to each other, and competed against each other for so long that the firm reads as a continuation of a relationship rather than a new entity. That's the wager Meftah is making with the back half of his career - that the best returns in cybersecurity over the next decade will come from people who have been doing this since the term "cybersecurity" was hyphenated.

The Timeline

A pattern that keeps repeating

Early career
Consulting at PricewaterhouseCoopers; senior product roles at Oracle (heading Oracle RDBMS for Windows in Server Technologies); operating role at Sychron.
Pre-2010
Chief Products Officer and early employee at Fortify Software - helping define commercial application security.
2010
HP acquires Fortify. Meftah becomes VP of HP's Enterprise Security Products division, running Fortify and SPI Dynamics.
January 2012
Appointed CEO of AlienVault - the team behind OSSIM, the de-facto open-source SIEM.
2018
AT&T completes its acquisition of AlienVault. Meftah becomes President of AT&T Cybersecurity, reporting to the CEO of AT&T Business.
2021
Begins co-founding Ballistic Ventures with Mandia, Schlein, Seid, and Thornton.
2022
Ballistic Ventures launches publicly with a $300M debut fund - cybersecurity only.
March 2024
Ballistic Ventures closes oversubscribed Fund II at $360M, against a brutal broader market.
The Portfolio (Selected)

Companies he's backing

Identity

Aembit

Workload identity and access management for the non-human side of the stack.

Runtime

Oligo Security

Runtime application security and library-level observability.

Data

Concentric AI

Data security posture management for unstructured data and SaaS sprawl.

SaaS

Nudge Security

SaaS supply-chain discovery and shadow-IT visibility.

Offensive

SpecterOps

Adversary-focused offensive security tooling, built around BloodHound.

AuthZ

Veza

Authorization platform for the modern identity-permissions sprawl.

Exit

Talon

Enterprise secure browser. Acquired by Palo Alto Networks.

AppSec

ArmorCode

Application security posture management across the SDLC.

Comms

Pangea

Security functions as composable cloud APIs for developers.

The Receipts

Find him in his own words

Ballistic Ventures bioPrimary LinkedInSocial CrunchbaseProfile RSA ConferenceSpeaker BloombergExecutive profile MSSP Alert interviewLong-form AT&T acquires AlienVault2018 announcement Fund II announcementMarch 2024