The past year has dramatically changed our working habits and environment, how has the shift to a remote workforce reflected in security challenges?
It’s incredible to think that it’s nearly been a year since “business as usual” was turned on its head. Many of our customers have experienced what seems like 5 years of business transformation in 5 months. With millions of workers shifting to remote work – and many planning to remain remote for the foreseeable future – IT teams have been working hard to give employees everything they need to keep their businesses running. Unfortunately, cyber attackers have been working just as hard to exploit any weaknesses they can find across people, process, and technology. We have seen a massive rise in ransomware attacks that have now become more sophisticated, no longer only encrypting information but first stealing information to ensure the victim is “incentivized” to pay. While CyberArk has always been a proactive security layer, in this environment we are being called on more and more to help companies recover from attacks in which their entire environment has been compromised – and regain control over their IT infrastructure.
And of course, the recent SolarWinds Breach is one of those industry-shaping events that further shows the need to deeply embed multiple layers of cybersecurity across this changing IT infrastructure.
It has been said that businesses that will truly transform their security approach will not only survive, but will also thrive. What is your take?
I think we’ve all heard the expression, “never let a good crisis go to waste.” That is especially true now. Many organizations have had to dramatically accelerate their cloud and digital transformation – but they have had to do it securely and without introducing more risk. Cyber attackers don’t discriminate based on industry or company size and they are constantly innovating their approach – so it’s critical that businesses stay one step ahead of them. We say at CyberArk that you need to “think like an attacker” and I truly believe in this. Those that have been able to transform their business with security at the forefront will absolutely be better positioned competitively in the eyes of their customers, in the months and years to come.
What was the Inflection Point in CyberArk’s history?
I am always proud to tell the CyberArk story as not just a product of “Start Up Nation” but also as an example that a company born in Israel can be part of “Scale Up Nation”. Relatively early in our journey, we heard customers asking us to stay around for the long-game and not follow others to a quick exit – because we are “mission critical” to them. These were Fortune 500 and Global 2000 Companies – and customers all around the world. Similar feedback came from our Team, who noted that they have never been part of such a unique culture and want to see it persist. It framed our mindset that we wanted to create a long-standing company that puts the customer in the center. While in our early years insider threat and compliance were the main business drivers for companies to invest in our Privileged Access Management solution – a key business inflection point was after the highly-publicized breaches in 2012-2014 that proved that sophisticated attackers are easily going through additional perimeter security layers. After that, our solution was needed by every type of enterprise. After many years of building a real global company, our Initial Public Offering in September of 2014 set the stage for us to execute on that long-term vision.
We’ve had a lot of amazing milestones, but I think we are also actually at an important inflection point for the company right now. We’ve been the leader in privileged access management since the beginning, but evolving your approach isn’t just advice we give our customers. We’ve always prided ourselves on being agile and innovative as market dynamics adjusted – and that has been a strong competitive differentiator for us. With our most recent acquisition of IDaaS leader Idaptive, we are now establishing a new market for CyberArk focused on Identity Security. We are also taking a bold step to initiate CyberArk’s transition to a subscription business to align with our customers’ buying preferences and are continually expanding our SaaS portfolio and developing new security solutions to help customers get the most value out of their cloud investments. While everything we do is still centered in privileged access management, I think you’ll see a much different CyberArk over the next couple of years.
What do you miss most in an early-stage company?
For me, the CyberArk culture is something that’s invaluable and I’m incredibly proud of the growth we’ve achieved while keeping our culture intact. That being said, I do get sentimental sometimes about the early days where I knew everybody personally in all of our offices around the world. But I still put a lot of time and energy to getting to know our team – and I am always pleasantly surprised when I visit our many global offices and can immediately feel the CyberArk culture in the air.
Toughest choice you had to make as a CEO?
Navigating through the economic downturn of 2008 definitely presented some tough decisions. Many companies were laying off employees and some of our own investors had suggested that we do the same. Instead of following herd mentality, we huddled as a management team and made the decision to keep every one of our employees and find another path – which included making some strategic moves that would help us have more long-term control over the future of our business.
Where do you invest most of your time?
In the early years, as we focused on building a real business, a lot of good habits were formed that are still a part of our DNA today and drive our operations with a focus on profitable growth. For me, investing in your people is paramount. We have numerous examples from the CyberArk journey where we navigated totally new market dynamics, created whole new market categories and innovations and it was all down to the people going beyond “just a job” and applying a true sense of mission to secure our customers. As we continue to grow, that feeling of family and personal investment in the success of CyberArk employees is one thing I will make sure we never lose – I feel very passionate about that.
I also spend a lot of my time on strategy as we build on our market leadership to continuously expand our Total Addressable Market and our global footprint, our internal innovation and the select strategic acquisitions.
What characterizes your executive team?
Smart, bold and humble. These are some of the core values we have at CyberArk and our executive team embodies these every day. Obviously, I always think it’s a good decision to surround yourself with the smartest people you know and I think I’ve successfully done that with our team. They aren’t afraid to take calculated risks that will benefit the business, always thinking long-term. And most importantly, they do all of this knowing that both successes and failures are team efforts that are to be celebrated and learned from. Our executive team has always had a special chemistry – it can’t be created or recreated. It’s something that happened organically, and I really enjoy it!
How do you see your personal growth alongside the company’s?
My personal growth has absolutely evolved along with the company, all the way from a small start up to recently celebrating 6 years as a public company. Whether it was learning to manage a growing global team or working to internalize global and cultural events to be able to have a sense of empathy for what our employees are experiencing outside of work, I really believe that we should be constantly learning, constantly curious.
Best tip you got?
When you are interviewing for a key role and there is something that bothers you about the candidates persona, multiply it by 6x and see if you can still live with it. Traits that come up in an interview will only resurface stronger down the road.
One thing people don’t know about you
I am the son of a Diplomat, so I literally grew up as a global citizen moving across various countries throughout my childhood. This really shaped my approach to the world and to the business world – and my passion to build a truly global and diverse long-lasting company.
CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets.