A professor who modeled viruses like epidemics, now funding the people who hunt them.
Walk into a Rain Capital portfolio review and you will hear questions a Forrester analyst would ask, a Carnegie Mellon researcher would ask, and a Twistlock operator would ask, in that order. It is the same person asking all three. That is the trick of Chenxi Wang's career - the layers do not erase each other, they stack.
Rain Capital is a cyber-only venture firm with an office in Los Altos and a portfolio that reads like a roll call: Claroty for industrial control systems, JupiterOne for cyber asset management, Capsule8 for runtime defense (acquired by Sophos), Lakera for AI guardrails, Oasis Labs for confidential computing, Straiker AI and Lema AI for the new generation of agent security. Wang founded the firm in 2018, after two decades inside the industry as a researcher, analyst, operator, and strategist. The thesis has always been narrow on purpose. Cyber. Early stage. Founders other people miss.
What sets Wang apart is not a single career chapter, it is the cross-section. Most VCs in security are either operators who learned to invest or analysts who learned to back operators. Wang is both, with a Ph.D. on top. She helped found the Cybersecurity Lab at Carnegie Mellon as a faculty member. She ran research at Forrester, the place that still sets the framing for half of enterprise IT buying. She did VP strategy at Intel Security, then Chief Strategy Officer at Twistlock during its container-security run. Each role taught her something about the buyer, the budget cycle, the threat model, and the politics of selling to a CISO. All of that goes back into Rain.
Chenxification: when your name becomes a verb.
At the University of Virginia, Wang's doctoral dissertation introduced a code obfuscation technique that the security literature now calls chenxification. The mechanic is simple to describe and surprisingly hard to defeat. Take a function's control flow and flatten it. Each basic block becomes a case inside a switch statement. The switch sits inside an infinite loop. Add decoy keys, indistinguishable from the real one, each wired to trigger an alarm if probed. The result frustrates malware reverse-engineering and key extraction in ways static analysis cannot easily peel apart.
The U.S. Department of Defense adopted the technique to harden mobile applications, and it is still in use. Not many academics get an algorithm named after them. Fewer get one named after their first name. Wang earned both before she ever joined a venture firm.
Before chenxification, there was the virus work. The National Science Foundation gave Wang a $5 million grant to model how computer viruses propagate across networks - lifting the math from epidemiology, of all places, and applying it to malware. She produced a propagation index: a model of the detection and response rates an operator needs to push an outbreak below the line where it can sustain itself. Read the work today and it sounds spookily like a public-health dashboard, only the patients are routers.
Forrester. Intel. Twistlock.
VP of Research at Forrester. VP of Strategy at Intel Security. Chief Strategy Officer at Twistlock during its rise. Three different vantage points on the same industry, in roughly a decade.
The CMU Lab
Faculty member at Carnegie Mellon University, co-founder of CMU's Cybersecurity Lab. Today she remains an advisor to Project Olympus at the Swartz Center for Entrepreneurship.
MDU + OWASP
Independent director at MDU Resources Group (NYSE: MDU). Former Vice-Chair of the global OWASP Foundation board. Director-level decisions, twice over.
Rain Capital, by the numbers and the dispositions.
Rain Capital launched in 2018 - founded by women, run mostly by women, focused entirely on cyber. The timing was deliberate. Wang has said the post-Cambridge Analytica moment looked, from inside the industry, like the start of a long reckoning over data, trust, and the actual cost of insecure platforms. Buyers were going to start paying for the right things. The firm's current website tagline reads "Cyber Venture Reimagined." Underneath is a more specific message: infrastructure for AI-native enterprises.
Wang likes to call Rain a "company builder" rather than a pure check-writer, which usually means more time per portfolio company than a generalist fund would tolerate. A surprising statistic she cites: roughly 44% of Rain-backed companies were founded by women or minorities. Underrepresented founder counts in cyber-VC normally sit far lower. That is not an accident; it is the sourcing network, built from twenty years inside the security community, doing what it was always going to do.
Share of portfolio companies founded by women or underrepresented minorities. Rain figure per founder; cyber-VC average is illustrative industry benchmark.
Who secures the agents?
If there is a current Wang preoccupation, it is the gap between how fast enterprises are deploying AI agents and how slowly anyone is asking what happens when those agents misbehave at scale. In her public commentary - at RSA, on her Substack, on the Rain Capital Insights podcast - she has been pointing to one fact in particular: there are already hundreds of thousands of agent "skills" in the wild, including malicious ones, with effectively no supply-chain review. Companies that wouldn't install an unsigned NPM package are happily wiring autonomous agents into customer-facing workflows.
Rain's recent investments line up with that read. Lakera, Straiker AI, Lema AI, Manifold - the common thread is security primitives for AI systems, not security marketing copy bolted onto them. At the 2026 RSA Conference, Wang spoke under the title "Security and Survival in the Age of Enterprise Agents," which is about as direct a thesis statement as a VC ever puts on a slide.
From Beijing to the Blue Ridge.
Wang arrived in the United States from China at 19. She has said the early years were a long exercise in convincing herself the obstacle she kept hitting was not the language, or the country, or the field - it was her own caution. The career path that followed is what people who have never tried to switch lanes underestimate: the move from research, where credibility comes from rigor, to operator roles, where credibility comes from shipping, to venture, where credibility comes from picking. Each transition cost her something. Each one paid off later.
The recognition has piled up - Fortune's Top Cyber Investor list, Women Investor of the Year from Cyber Risk Alliance and Women Tech Founders, SC Magazine's Women of Influence in both 2016 and 2024, co-chair of Security & Privacy at the Grace Hopper Conference. She is a regular on the Black Hat and RSA keynote circuits and a contributor at Dark Reading, where the column line under her byline is the same year after year: founder, Rain Capital.