Some investments start with a market map. Others start with a product demo. This one started under a tree at the RSA Conference.
When I first met Gal Shafir, we ducked out of the chaos of the conference to talk about Security Operations, what breaks, why it breaks, and why no one seems to notice until it’s too late. Mid-conversation, a bird made its presence known…on both of us.
We laughed, took it as a good omen (in both Israel and the UK, it’s considered lucky), and kept talking. Looking back, it feels oddly fitting: an unplanned failure, silently happening overhead, and a conversation about building resilience.
From that first meeting on, it was clear that Fig was special.
What made me so enthusiastic about Fig, even before there was a product on the market, was the team’s fit with the problem. This is a team that knows this problem intimately, because they’ve lived it.
The founders, Gal Shafir (CEO), Nir Loya Dahan (CPO), and Roy Haimof (CTO) bring rare, genuine expertise in large-scale security operations. From building and operating some of the world’s most complex SOC environments at companies like Siemplify, Cymulate, and Google SecOps, they’ve seen how security fails in practice.
What stood out most was their empathy for security teams. They understand the pressure, the complexity, and the uncomfortable truth that many SecOps leaders face: you can invest heavily in tools and still not know whether your defenses are actually working.
That combination of deep technical credibility, operational experience, and real empathy for users is rare. It’s also exactly what this problem demands.
Enterprises pour enormous resources into building SecOps infrastructures with logs, pipelines, SIEMs, SOAR platforms, data lakes, automations, AI agents, etc., and these are all carefully wired together over many years. The problem is that no one has full visibility across the entire system.
Detections can stop firing because of a schema change upstream. Logs can quietly drop. Automations can fail after a “minor” update. And when teams need to make changes, which they do constantly, they often have no reliable way to understand how those changes will affect detection and response.
The result is a dangerous illusion of security, and Fig breaks that illusion safely.
The platform continuously discovers and maps detection and response flows end-to-end, tracing data lineage from source to SOC action. It alerts teams when changes begin to undermine reliability, explains where and why things are breaking, and allows teams to simulate fixes before pushing them to production.
In simple terms: it helps security teams ensure that what they’ve built actually works, and keeps working, through constant change.
Across technology, geopolitics, and regulation, we’re seeing a shift: resilience is becoming more prized than pure prevention. It’s no longer enough to say, “we have controls.” Organizations increasingly need confidence that those controls are effective, reliable, and resilient over time.
Security Operations Resilience is the right framing for this category, and Fig is the first team I’ve seen truly define it. Fig is setting both the pace and the language as resilience becomes a core expectation of modern security programs.
I’ve known Gal and the team since the very beginning, first as an angel investor and then, this became the first investment I wanted to lead as a partner here at Ten Eleven Ventures.
There was already trust in the vision, execution, and that this team could build something category-defining. I also believe they felt that trust in return: not to explain the market to them (they know it better than most), but to help them reach it faster, especially as they scale in North America.
Like many Israeli teams, they are relentlessly focused on customers and growth. Our role is to support that ambition with practical help, sector knowledge, and long-term partnership.
Why Now and Why We’re All In
Fig Security is already deployed with large enterprises, including Fortune 100 companies, despite being founded only in 2025. That early traction reinforces what we believe: security teams know something is broken, even if they haven’t had the words or tools to describe it. We’re looking forward to building on this progress and supporting the team as they participate as a Top 10 Finalist in the RSAC 2026 Innovation Sandbox Contest.
We’re also excited to be partnering with Team8, in our first formal collaboration together, and alongside an exceptional group of angels and operators who’ve built and scaled some of the most important security platforms in the industry.
We invested because we believe:
- The most dangerous failures in security are the silent ones
- Resilience will define the next era of security operations
- And this team is uniquely equipped to lead that shift
From a conversation under a tree to a company defining a new category, we feel lucky to be part of the journey. And yes, we’re still taking the bird incident as a very good sign.