Updated:
Iota Security
Iota Security was co-founded in 2023 by John P. Carlin, who served as the US Department of Justice's highest-ranking national security lawyer and as Chief...
Iota Security
Iota Security was co-founded in 2023 by John P. Carlin, who served as the US Department of Justice's highest-ranking national security lawyer and as Chief of Staff to FBI Director Robert Mueller, alongside Michelle Peluso, former CMO of IBM and CEO of CVS Pharmacy's consumer business. The firm emerged from the observation that venture-scale returns in cybersecurity increasingly require deep government-adjacent expertise in threat landscapes — a departure from traditional software growth-equity models. The founding team's combined background straddles the White House Situation Room and the Fortune 500 boardroom, a pairing rarely seen in investment management. The firm targets growth-stage businesses at the intersection of cybersecurity and applied AI, with a thesis centered on zero-trust network access, cloud workload protection, and identity governance. Iota deploys capital as a concentrated lead investor, typically anchoring rounds between $20 million and $100 million, and takes active board roles. The mandate spans enterprise security infrastructure, operational technology protection for energy grids and water systems, and AI-driven threat orchestration platforms. Portfolio companies are not publicly catalogued, but the firm's stated investment criteria focus on businesses with annual recurring revenue above $15 million and existing federal procurement pathways. Iota operates from a single office in New York with a lean partnership group drawn from the intelligence community, Big Law, and hyperscale cloud operators. The team maintains a dedicated advisory network of former NSA, CIA, and US Cyber Command officials to diligence target companies and source deals through classified threat briefings — a sourcing channel inaccessible to generalist funds. Since launch, the firm has been linked to investments in software supply-chain security and operational technology defense, though specific transaction sizes remain undisclosed. The firm does not operate a philanthropic foundation or offer retail-accessible vehicles. The structural differentiator is Iota's security clearance depth embedded directly into its investment committee, allowing the firm to pressure-test portfolio companies against actual nation-state threat models before committing capital. This government-grade diligence infrastructure, combined with the operational experience of its co-founders in running regulated businesses at scale, creates an underwriting capability that generalist software investors cannot replicate. The firm is privately held and has not disclosed succession planning or carry structure.
General information
Firm type
Asset Manager
Year founded
2023
AUM
Undisclosed
Location
Region
North America
Country
United States
City
New York
Corporate office
New York, NY, United States
Principals
John P. Carlin
Co-Founder & CEO
Michelle Peluso
Co-Founder
Sector focus
Frequently asked questions
Who co-founded Iota Security and what unique background do they bring?
John P. Carlin and Michelle Peluso co-founded the firm in 2023. Carlin previously led the DOJ's National Security Division and served as FBI Director Mueller's chief of staff, giving him visibility into the highest-level state-sponsored threat actors. Peluso held senior executive roles at IBM and CVS Health, bringing operational experience in scaling regulated technology platforms. Their combined public-private sector background directly shapes the firm's investment thesis around defense-grade cybersecurity.
What is Iota Security's investment strategy?
Iota targets growth-stage companies that fuse cybersecurity with artificial intelligence for enterprise and critical infrastructure defense. The firm writes concentrated lead checks between $20 million and $100 million and takes active board roles rather than passive minority positions. The strategy emphasizes zero-trust architecture, cloud workload security, identity governance, and operational technology protection with a prerequisite that portfolio companies have existing federal government procurement pathways.
Does Iota Security invest in early-stage startups or only growth-stage companies?
The firm focuses exclusively on later-stage, growth-equity rounds for companies that have already achieved meaningful scale — specifically those with annual recurring revenue above $15 million. Iota does not participate in seed or Series A financing. This concentration allows the partnership to deploy significant capital into a small number of businesses where they can exercise board-level influence and inject operational security expertise.
How does Iota Security source deals differently from other cybersecurity venture funds?
The firm leverages an advisory network of former NSA, CIA, and US Cyber Command officials whose ongoing access to classified threat intelligence surfaces vulnerabilities in the market before they become widely known. This network identifies companies building solutions to threats that are not yet publicly disclosed, creating a proprietary sourcing channel. The investment committee includes partners with active security clearances who can diligence target companies' technology against real nation-state attack models.
Does Iota Security take direct investments only, or also commit to external funds?
Iota operates as a direct investment vehicle and does not make fund-of-fund commitments to external GPs. Each position is taken directly on the cap table with negotiated governance rights. The firm has not publicly indicated any plans to launch parallel fund structures, pledge lines, or co-investment vehicles for limited partners.
Which institutional backers supported Iota Security's formation?
General Catalyst and Dell Technologies Capital participated in the firm's launch as anchor limited partners, according to public record at the time of founding in 2023. The broader LP base remains undisclosed, and the firm has not publicly released fundraising totals or management company ownership details beyond the co-founders.
Is Iota Security structured as a family office or a traditional venture firm?
Iota is structured as an independent asset manager with external institutional capital, not a single-family office. The founding team raised third-party LP commitments to form the vehicle rather than deploying personal or familial wealth. The firm's concentrated, operationally intensive approach to a small portfolio resembles a permanent capital vehicle in posture, but structurally it operates as a growth-equity manager.
Profile maintained by Altss using OSINT (open-source intelligence), regulatory filings, licensed data partners, and verified direct submissions. Read the methodology. Last updated: . Continuous refresh with full update cycles at least every 30 days.
Need institutional-grade insight on family offices?
Altss delivers:
Prefer a guided tour?
We’ll walk you through: