Derek Smith

MIMIC RAISES $50M SERIES A LED BY GV + MENLO VENTURES /// DEREK SMITH: SERIAL ENTREPRENEUR, 4 STARTUPS, 2 EXITS OVER $1B /// SHAPE SECURITY ACQUIRED BY F5 FOR $1 BILLION - JAN 2020 /// RANSOMWARE ATTACK WINDOW: 90 SECONDS OR LESS /// KEVIN MANDIA (MANDIANT FOUNDER) JOINS MIMIC BOARD /// OAKLEY NETWORKS - FIRST EVER DATA LEAKAGE PREVENTION COMPANY - ACQUIRED BY RAYTHEON 2007 /// MIMIC: DETECT. DEFLECT. RECOVER. - CYBERSECURITY'S LAST LINE OF DEFENSE /// MIMIC RAISES $50M SERIES A LED BY GV + MENLO VENTURES /// DEREK SMITH: SERIAL ENTREPRENEUR, 4 STARTUPS, 2 EXITS OVER $1B /// SHAPE SECURITY ACQUIRED BY F5 FOR $1 BILLION - JAN 2020 /// RANSOMWARE ATTACK WINDOW: 90 SECONDS OR LESS /// KEVIN MANDIA (MANDIANT FOUNDER) JOINS MIMIC BOARD /// OAKLEY NETWORKS - FIRST EVER DATA LEAKAGE PREVENTION COMPANY - ACQUIRED BY RAYTHEON 2007 /// MIMIC: DETECT. DEFLECT. RECOVER. - CYBERSECURITY'S LAST LINE OF DEFENSE ///

Profile

The Founder Who Keeps Rewriting the Rules

Before anyone called it a "DLP market," Derek Smith was already selling the product. Before "bot defense" was a category, he had built the company that defined it. This is not someone who enters markets. He tends to create them - then hand them off to a strategic acquirer for a billion dollars and start again.

His current venture, Mimic, is a Palo Alto-based cybersecurity company built around a single uncomfortable truth: ransomware attacks complete in 90 seconds or less. No human security team can respond that fast. Traditional endpoint detection and response tools weren't designed to. Mimic's platform operates at the kernel level, detecting the behavioral fingerprint of ransomware in fractions of a second - and deflecting the attack before encryption or data theft can occur. The attacker, crucially, is left believing the operation succeeded.

It's a move borrowed from military deception doctrine. And it's backed by the people who would know: GV (Google Ventures) and Menlo Ventures led a $50M Series A in February 2025. Kevin Mandia - the founder of Mandiant, the firm Google acquired for $5.4 billion - joined Mimic's board. Ballistic Ventures, Team8, Wing Venture Capital, and Shield Capital are in the cap table. That roster doesn't convene for incremental ideas.

"The more companies that pay the ransom, the more threat actors flood into the space, and it's becoming the number one problem that most CISOs deal with."

- Derek Smith, CEO, Mimic

Smith's case is personal as well as strategic. Mimic's stated mission - to "eradicate this pernicious form of cyber extortion" - is not press-release boilerplate. He specifically names the organizations least equipped to cope: hospitals and schools. In a ransomware economy where threat actors have learned that healthcare systems will pay whatever it takes to restore patient records, Smith's framing is pointed. His platform positions enterprises as targets that shoot back, invisibly.

The founding story is not typical for a Palo Alto Series A. Smith was 29 years old, living in Salt Lake City, running a 35-person company called Cambric Corporation that made $6 million a year doing CAD conversion for industrial clients. His management philosophy at the time was compact: "Don't sleep." His first job, by his own account, was washing cars at 13.

From that early-90s Deseret News profile to Pentagon corridors to back-to-back nine-figure cybersecurity exits, the career is improbably linear if you squint at it the right way. Every chapter runs at the frontier of a threat that most people hadn't yet thought to name.

At a Glance

Current Role	Co-Founder & CEO, Mimic
Location	San Francisco / Palo Alto, CA
From	Salt Lake City, Utah
Industry	Computer & Network Security
Education	University of Utah
LinkedIn	linkedin.com/in/derek-w-smith

Personality Profile

Laser-Focused Talent Magnet Top-Class Executor Mission-Driven Technically Sophisticated Relentless Serial Founder

Career Milestones

Two Categories. Two Exits. One Playbook.

Smith built two companies that became category-defining acquisitions. Oakley Networks invented the concept of data leakage prevention before Gartner had a quadrant for it. Shape Security cornered bot defense before most enterprises knew bots were a problem. Both ended in nine-figure deals with major defense and enterprise platforms.

Oakley Networks

Founded in 2001. Built the first data leakage prevention (DLP) and insider threat network security platform. Deployed across U.S. Department of Defense and Fortune 500 companies before "DLP" was a recognized category. Integrated into what became Forcepoint.

Acquired by Raytheon | 2007 | Post-acquisition: VP Cybersecurity, Raytheon

Shape Security

Co-founded in 2011. Built the first bot-defense platform protecting websites, mobile APIs, and IoT devices from automated attacks. Clients included airlines, banks, major retailers, and U.S. government agencies. Nine years from founding to exit.

Acquired by F5 Networks | Jan 2020 | $1 billion

Career Timeline

Three Decades Building at the Frontier

1989

Founded Cambric Corporation while at the University of Utah - 3D computer-aided engineering services for industrial and government clients. Grew to 35 employees, $6M in projected annual revenue.

~2000s

Cambric acquired by Tata Technologies. Smith turns full attention to cybersecurity.

2001

Co-founded Oakley Networks - pioneering the first data leakage prevention and insider threat network security technology, deployed across DoD and Fortune 500.

2007

Sold Oakley Networks to Raytheon. Stayed on as VP of Cybersecurity, overseeing information assurance products and R&D.

~2009

Appointed Senior Advisor for Cyber-Policy in the Office of the Secretary of Defense, Pentagon. Bridging private-sector security expertise and national security policy.

2011

Co-founded Shape Security - the first bot-defense platform. Served as CEO for nine years, growing the company into a leading security vendor for enterprises and government agencies.

2020

F5 Networks acquired Shape Security for $1 billion (January). Smith joined F5 as SVP of Security.

2023

Co-founded Mimic in Palo Alto, California. Raised $27M seed round from Ballistic Ventures, Menlo Ventures, Team8, Wing Venture Capital, and Shield Capital.

2024

Mimic emerged from stealth (May 2024), publicly launching its kernel-level ransomware detection, deflection, and recovery SaaS platform.

2025

Raised $50M Series A led by GV and Menlo Ventures. Kevin Mandia (Mandiant founder) joins the board. Greg Davison joins as Head of Revenue. Mimic hits 120 employees.

The Technology

What Mimic Actually Does

The premise begins with a timing problem. Ransomware - the kind that encrypts your files or exfiltrates your data to a criminal server - completes its destructive work in 90 seconds or less from first execution. Human security operations center teams work in minutes, at best. The math doesn't work.

Traditional endpoint detection and response (EDR) and extended detection and response (XDR) tools were built for a different threat model - one where analysts had time to investigate alerts. Against ransomware, they're fundamentally the wrong tool.

Mimic operates at the kernel level, running on individual systems and detecting the behavioral patterns indicative of ransomware - not signatures or known hashes, but behavioral fingerprints - in fractions of a second. When an attack is detected, Mimic deflects it before encryption or data theft occurs. But here's the key design choice: it does so in a way that lets the attacker believe the operation succeeded.

"Our technology detects ransomware much earlier and with greater accuracy than other defenses, allowing us time to deflect the attack before damage is done or data is stolen."

- Derek Smith, CEO, Mimic

The deception layer is intentional. If attackers know they've been detected, they evolve their techniques. If they believe the attack worked, they don't. It's a principle familiar to anyone who has studied military counterintelligence - create the illusion of success to neutralize the threat. In enterprise cybersecurity, it's genuinely novel application.

The platform also includes a Signal Generator - a feature that allows customers to safely simulate ransomware impact within their own networks. It's a training and verification tool that lets security teams stress-test their defenses without needing to invite actual threat actors in. The category: ransomware attack simulation. The use case: validating that Mimic works exactly as promised before a real attack tests it.

Mimic positions itself as a complementary layer to existing security stacks, not a replacement. "The last line of defense, working in concert with our customers' other controls" - Smith's phrasing is deliberate. The pitch to CISOs already managing complex security architectures isn't "rip and replace." It's "close the gap that everything else leaves open."

Detect

Kernel-level behavioral analysis identifies ransomware patterns in fractions of a second - before encryption begins. No signature database. No human latency.

Deflect

Block threat actor expansion and data exfiltration. The attacker's experience: apparent success. The reality: no damage done, core systems intact.

Recover

Restore data to pre-attack state without allowing threat actor reestablishment. IR teams get investigation time. Business continuity preserved.

In His Own Words

What Derek Smith Says About the Threat

"The speed of ransomware attacks - often within 90 seconds - leave security teams with no time to respond."

BankInfoSecurity, 2025

"Our mission is to eradicate this pernicious form of cyber extortion, which impacts parts of our society that are least able to cope, such as hospitals and schools."

Seed Round Announcement, May 2024

"From the beginning of them starting - to the point at which your data is encrypted or exfiltrated or both - is 90 seconds or less."

Interview, ISMG, 2025

"It's a very technically complicated solution to the problem, and so we needed the horsepower to be able to attract the very best, most elite engineers and software developers to execute our vision."

Series A Announcement, February 2025

The Company

Mimic: $77M, 120 People, and a Mission

Mimic was incorporated in 2023 and emerged from stealth in May 2024. In less than two years it grew to 120 employees and raised $77 million across two rounds - a $27M seed and a $50M Series A. The founding team includes Bob Blakley as Chief Product Officer, and the company added Kevin Mandia to its board and Greg Davison - who spent nearly a decade at Mandiant - as Head of Revenue.

REI, the outdoor retail cooperative, is among its publicly referenced enterprise customers - an organization that, like hospitals and schools, relies on continuous operations and simply cannot afford ransomware-driven downtime.

Smith's expansion priority is explicit: localization. "The most important investment is localization" - meaning building regional capability, not just selling a U.S. product internationally. The Series A investment from GV and Menlo is earmarked partly for global scale, alongside kernel-level security development and automation for legacy application protection.

"The most important investment is localization."

- Derek Smith on Mimic's global expansion strategy

Investors

GV (Google Ventures) Menlo Ventures Ballistic Ventures Team8 Wing Venture Capital Shield Capital

Board & Advisors

Kevin Mandia (Mandiant Founder) Ted Schlein (Kleiner Perkins) Marie Mouchet

Focus Sectors

Healthcare Financial Services Retail / Enterprise Government

National Security Perspective

The Pentagon Chapter

Between selling Oakley Networks to Raytheon and co-founding Shape Security, Smith took a detour that most Silicon Valley founders don't bother with: he went to work at the Pentagon. As Senior Advisor for Cyber-Policy in the Office of the Secretary of Defense, he sat inside the building most software companies are trying to sell products into.

The experience shaped his operating model. Smith's framing of ransomware as a systemic societal threat - not just a commercial risk management problem - has the texture of someone who has briefed decision-makers about critical infrastructure resilience, not just sold security SaaS. It shows in who he recruits: Mandia, Shield Capital (a national security-focused VC), and a board that reads more like a Senate Armed Services Committee roster than a startup cap table.

He is also a board member of the Center for a New American Security (CNAS), a bipartisan national security think tank in Washington. When Smith says Mimic's mission is to protect hospitals and schools, he's not speaking in marketing metaphors. The through-line from Pentagon advisor to CNAS board member to enterprise cybersecurity CEO is consistent.

Key Organizations

U.S. Department of Defense

Senior Advisor, Cyber-Policy - Office of the Secretary of Defense, Pentagon

Center for a New American Security (CNAS)

Board of Advisors member. Bipartisan think tank focused on national security and defense policy.

Raytheon Company

VP Cybersecurity post-Oakley Networks acquisition. Managed information assurance products and R&D for a global defense contractor.

Details Worth Noting

The Specifics

01

Car Wash at 13

His first job was as a car wash attendant at age 13 in Salt Lake City. He remembers it. There's a through-line between that and a management philosophy of "Don't sleep."

02

Named Every Category

Oakley Networks = first DLP company. Shape Security = first bot-defense company. Mimic is gunning to own ransomware deflection the same way. Category creation, not category entry.

03

The $6M Company at 29

When the Deseret News profiled Derek Smith in 1994, he was running a 35-person CAD firm projecting $6M in annual revenue. He was 29. His father was his biggest influence. His leisure activity was skiing.

04

Deception as Defense

Mimic's core design principle - letting attackers believe they succeeded - is military-grade counter-intelligence applied to enterprise software. That's not a marketing tagline. It's an architecture decision.

05

Mandiant at the Table

Kevin Mandia's company was acquired by Google for $5.4B in 2022. Two years later, he joined Mimic's board. When Mandia shows up at your board table, the security community pays attention.

06

Two Strategic Acquirers, Both Giants

Raytheon bought Oakley Networks. F5 bought Shape Security for $1B. Every exit has gone to a major platform player that needed what Smith built. Mimic is attracting Google Ventures - a signal worth tracking.

DerekSmith