Presenting at a big data technology meet-up in New York City, Oren Falkowitz displays a photo of a crack commando on his laptop screen. “You probably think a hacker looks like this,” he says, grinning.
“Actually, they look more like this.” He pulls up a picture of himself—sideburns, stubbly beard—donning a button-down shirt and gorging on a tub of cheeseballs. He smirks.
Falkowitz is the co-founder and CEO of the secretive cybersecurity startup Area 1. He spent years at the National Security Agency before leaving in the summer of 2012 to co-found the big data and computer security firm Sqrrl, based in Cambridge, Mass.. A year later, he set to work on Area 1.
Falkowitz’s latest venture, based in Redwood City, Calif., announced on Wednesday morning that it had raised $15 million in funding, led by Icon Ventures and existing investor Kleiner, Perkins, Caufield & Byers. Previous investors also participated in the Series B round, including Allegis Capital, Cowboy Ventures, Data Collective, First Round Capital, RedSeal Networks CEO Ray Rothrock and Shape Security CEO Derek Smith (who sits on the company’s board).
The startup’s mission is to stop the worst cyberattacks before they start. Namely, to nip spear-phishing emails—malware-bearing messages that spies and criminals tailor and use to compromise the devices of persons of interest—in the bud. By some measures, including a 2012 report by the computer security firm Trend Micro, this method accounts for 91% of targeted cyberattacks.
Many security professionals tend to think that recent data breaches at the U.S. Office of Personnel Management and Sony Pictures Entertainment (SNE) were the result of these kinds of attacks.
“Most of security focuses on stopping payloads, meaning let’s go find the malware and prevent it from doing something bad,” says Ted Schlein, a general partner at Kleiner Perkins. “If you actually disrupt the delivery method of the payloads, you don’t have to worry about he payload itself.”
This is the key to Falkowitz’s tech, although he doesn’t reveal too many details. He likens it to focusing on the characteristics of a missile launch rather than on the warhead. It’s easier, he says, to take out the rocket rather than the warhead mid-flight.
“The holy grail is to address attacks in real time rather than discovering something nine months later when the damage already might be done,” says Joe Horowitz, a managing general partner at Icon, who has joined Schlein on Area 1’s board. “What’s so compelling about Area 1 Security is its ability to identify attacks in the wild while they’re happening.”
This is not the first time Horowitz and Schlein have co-invested. Their mutual bets include investments in the data protection firm Ionic Security and the bug bounty firm Synack. Horowitz also was an investor in the network security company FireEye (FEYE) and Schlein in the forensics firm Mandiant, before the former bought the latter at the end of 2013 in a landmark cybersecurity acquisition.
Area 1’s funding to date totals $25.5 million. The firm has grown to 31 employees, including people who formerly worked at the NSA, like Falkowitz, and alumni of MIT and Disney (DIS).
After the presentation, a woman approaches Falkowitz. She asks for a recommendation. Where should her relative, a computer security student who will soon enter the workforce, look for her first job? “Work at the National Security Agency,” Falkowitz says, betraying no hesitation. “It’s the best place to learn, hands down.”
It is, after all, where he met his co-founders.
Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.
To watch a clip from Oren Falkowitz’s “Unicorn Idol” pitch at Fortune’s 2015 Brainstorm Tech conference, check out the video below.
