Booz Allen Buys Defy Security to Boost Commercial Cyber Arm

SAN FRANCISCO, CA – February 17, 2026 – In a significant move to bolster its commercial cybersecurity capabilities, consulting giant Booz Allen Hamilton has entered into a definitive agreement to acquire Defy Security, a rapidly growing provider of end-to-end cybersecurity solutions. The deal marks a successful exit for private equity firm Sverica Capital Management, which has nurtured Defy Security since its 2020 investment.

The acquisition, expected to close in the second quarter of Booz Allen's fiscal year 2026 pending regulatory approvals, signals a strategic acceleration of Booz Allen's push into the enterprise cybersecurity market. It also underscores a powerful trend of consolidation across the fragmented and high-stakes cybersecurity industry, as major players race to offer comprehensive, integrated security platforms.

A Strategic Play for Commercial Dominance

For Booz Allen Hamilton, a firm long associated with large-scale government and defense contracts, the acquisition of Defy Security is a calculated maneuver to deepen its footprint in the global commercial sector. The company has been vocal about its strategy to expand beyond its federal roots and become a dominant force in enterprise cybersecurity, a market driven by an unrelenting and ever-evolving threat landscape.

Defy Security brings approximately 100 highly skilled cyber engineers, solution architects, and sales professionals into Booz Allen's fold. More importantly, it brings a robust portfolio of hundreds of enterprise clients across high-risk industries like financial services, healthcare, and manufacturing. This client base, combined with Defy's established partnerships with over 400 cybersecurity vendors, provides Booz Allen with an immediate and significant expansion of its market access and service delivery infrastructure.

The acquisition is not merely about scale; it's about capability. Booz Allen aims to integrate its own advanced "tradecraft," including its AI-powered malware analysis product, Vellox Reverser™, with Defy's client-facing sales and engineering prowess. The goal is to create a powerhouse that can deliver end-to-end, tech-enabled security solutions—from strategic advisory and architecture design to managed detection and response—to a broader international customer base, including a growing presence in the UK and EU.

The 'Business Builder' Playbook in Action

The sale represents the culmination of a five-year partnership between Defy Security and Sverica Capital Management, highlighting the private equity firm's "business builder" investment philosophy. Sverica, which first invested in Defy from its Fund V in November 2020, has overseen a period of explosive growth for the cybersecurity provider.

Under Sverica’s ownership, Defy Security tripled in size while maintaining strong profitability. This growth was not accidental but the result of a deliberate strategy. Sverica guided Defy's expansion from its East Coast stronghold into the West and Central regions of the U.S., developed a scalable talent acquisition engine to attract top-tier cyber professionals, and matured its technical advisory services. Significant investments were also made in the executive team and in standardizing the company's go-to-market motion.

Frank Young, Managing Partner at Sverica, commented on the journey: “As Defy moves on to a new chapter, we reflect with immense pride on the remarkable growth journey over our five-plus year partnership with the Defy team. Justin’s vision and dedication have propelled Defy from a promising regional player to a leading national platform. We're excited to see Defy continue to thrive, bolstered with the resources and scale of Booz Allen.”

This successful exit follows a similar pattern for Sverica's Fund V, which recently saw another portfolio company, Salesforce specialist Coastal Cloud, acquired by Tata Consultancy Services, reinforcing the efficacy of its hands-on, growth-oriented approach.

What Made Defy a Prime Acquisition Target

Founded in 2017 by Justin Domachowski, Defy Security carved out a distinct niche in the crowded cybersecurity market by focusing on a simple yet powerful premise: changing the often-frustrating cybersecurity buying experience. The company built its reputation on delivering "high-touch value and service," positioning itself as a strategic partner rather than a mere reseller.

A key differentiator for the company has been its "Defy LABS" platform, an environment for validating solutions, testing new products, and running integration tests. This provided a tangible "technical value add" that allowed clients to see how solutions would perform in their own environments before making a purchase, building trust and ensuring better outcomes. This client-first focus is reflected in the company's stated goal of a "100% renewal rate."

Justin Domachowski, Founder and CEO of Defy, reflected on the partnership with Sverica, stating, “Over the past five-plus years, our partnership with Sverica has been instrumental in scaling our operations, attracting top talent, and delivering innovative solutions to some of the world's largest enterprises.” Looking forward, he added, “As we join forces with Booz Allen, I'm thrilled about the opportunities ahead to further empower our customers and teams in this ever-evolving threat landscape.”

This unique blend of technical expertise, deep vendor relationships, and a relentless focus on customer success made Defy an ideal target for a larger entity like Booz Allen seeking to rapidly acquire both market share and proven operational capabilities.

The Great Cybersecurity Consolidation

The Booz Allen-Defy deal is a microcosm of a much larger trend reshaping the cybersecurity landscape. For years, the market has been characterized by a Cambrian explosion of startups, each offering a point solution for a specific vulnerability. This has left many Chief Information Security Officers (CISOs) grappling with a dizzying and often inefficient array of dozens, or even hundreds, of security tools.

Today, the pendulum is swinging toward consolidation. Enterprises are demanding unified platforms that offer better integration, simplified management, and clearer visibility across their entire security posture. This pressure, combined with a tougher venture capital market for smaller firms, is fueling a wave of M&A activity. Larger vendors are acquiring specialized companies to fill gaps in their portfolios and offer the comprehensive solutions customers now demand.

Michael Dougherty, Principal at Sverica, noted Defy’s consistent mission: “Defy has been relentlessly focused on being a customer-first organization since inception. It’s been amazing to see the growth in the business over the last 5 years with this mission intact, and we’re excited to watch that growth continue under Booz Allen’s ownership.”

Integration: The Next Frontier

While the strategic logic of the acquisition is clear, the success of the merger will ultimately hinge on effective integration. Combining two distinct organizations, particularly in the sensitive and complex field of cybersecurity, is fraught with challenges.

The most immediate task will be to harmonize the corporate cultures of Booz Allen, a century-old government contracting behemoth, and Defy Security, a younger, more nimble commercial player. Retaining Defy’s key talent—the engineers and architects who built its reputation—will be paramount.

On a technical level, merging disparate IT systems, security protocols, and data repositories requires meticulous planning and execution to avoid creating new vulnerabilities. The very act of a merger can make a company a more attractive target for cybercriminals looking to exploit the confusion of the transition period. However, the potential synergies are vast. If Booz Allen can successfully integrate Defy's client-centric sales engine and technical agility with its own deep-seated threat intelligence and scalable resources, the combined entity will be a formidable competitor in the commercial cybersecurity arena.