By Laura Rosbrow-Telem, GeekTime
Two Israelis meet in high school, go to the army, and eventually launch
a startup. While many sentences on our site have begun this way, few stories
end with that pair of teenagers eventually leading a public cybersecurity
company worth $1.42 billion.
But that is what has happened to CyberArk, which went public last year,
raised $80 million for its IPO, and has since skyrocketed from
opening at $13 a share to a height of $76.35.
Their road to success is atypical of most Israeli startups. Launched in
1999, Co-Founders Udi
CyberArk,
based in Boston and Israel, is one of the
first cybersecurity companies ever. Originally created to protect
access to sensitive information against users already within the network (also
known as privileged account management), with early customers such as banks and
insurance companies, CyberArk eventually expanded its offerings to shield a
wider range of companies from outside attacks. Today, they provide automated
detection of threats in real-time and ensure that once a hacker has entered a
system, their damage won’t spread nor will they be able to gain control.
We had the privilege to speak with CyberArk’s Co-Founder and CEO Udi
Mokady about what it’s been like to launch and run a public company, if there
were ever moments that he considered selling CyberArk, how CyberArk plans to
keep innovating its cybersecurity technology — including its recent
acquisitions of CYBERTINEL and Viewfinity — and
how he reads CyberArk’s dip in the stock market since their Q3 earnings report
on Thursday, which was partially influenced by
competitor FireEye’s poor Q3 results.
Were you ever close to exiting?
Udi Mokady: You considered it when you thought the exit was the only
way to release investor pressure. There were moments when we were considering,
that that was the only way. Some of it is legitimate because funds have their
timelines and they need to see their returns. Some of the smaller investors
weren’t aligned with us on this long term building.
I say that to CEOs: The ability to bring in mature secondary
investments I didn’t know existed. This was the absolute best solution. You
bring in investors to buy other investors, even at a phase where the company
didn’t need it.
The turning point came in December 2011 when we were able to attract
Goldman Sachs as a strategic investor to co-invest with JVP (in which they
raised $40 million). JVP was in it for the long run. Any investor that wanted
out, they could sell completely or partially. Everyone that stayed signed a
pledge to support this management team to build a large company, it was really
powerful. It was a recharge event. If anyone had financial reasons to sell they
could, and whoever was staying was on the bus for the long run.
That really set the stage in investing in growth, in markets where the
payoff would only be a couple of years ahead, in Asia, Europe, Eastern Europe,
and our initial presence in Latin America.
Our global approach also helped us going through hard times. You had
the meltdown of 2008, and in some crises, we were very balanced globally and
between regions, and one region could cover for each other. Now we have staff
in 23 countries.
What was it like personally raising the IPO?
It’s a little like a whirlwind tornado. You can’t remember where you
were on a certain day. Everything is on steroids.
You don’t see your family or anyone else for two weeks on the road. I
was just with my CFO, who’s a great guy, Josh Siegel.
The other effect was we were really greeted with excitement. There was
no similar young technology company that was also profitable and showing
growth. We achieved profitability more than 4 years ago and we were always
striving for profitability in the early times.
We were also very unique in this new security layer, focusing on the
inside. Investors loved our story, they loved that it’s profitable, the new
approach to security, backed up by many years of building, and meeting after
meeting, it dawned on us that it’s going well.
They brought us to 11 cities, from dawn to dusk in terms of the amount
of meetings. You don’t look at the scoreboard. I didn’t ask mathematically how
things are going until we got to the last night: We were massively
oversubscribed with demand. That was very exciting to have that kind of
reception.
The launch date was super exciting, one of the most exciting days of my
life. It was also exciting seeing the team, my family, everyone else.
Now we’re five quarters as a public company. It’s really important
to set off on the right foot. We feel really good about it.
It’s also important to tell employees that this is just the beginning,
so if you weren’t around last IPO, don’t worry, it’s just the beginning. We
have 2,000 customers, and now we’re aiming for 10,000 and beyond. There’s the
feeling that this is a platform to really keep going.
What are the challenges of building a big company in Israel? How did
you overcome them?
When we saw the post ICQ mentality, build it to sell it, that was the
default. We were never infected by it. I think some of it was that we looked up
to Check Point at the time. We saw that it can be done, just like other
companies talk to us today. We weren’t asking for advice, but we looked at this
as a possibility.
The second is the focus on customers. When the customers say to you,
“Hey, we want you there for the long run,” that influences you.
Where you disappointed by the dip in your shares because of the
FireEye announcement?
I talk to the team and myself: Don’t look at the share price on a
certain day. It was odd this time and everyone was talking about the FireEye
phenomenon, and we’re so very different and that will come out in the coming
months and years. The big difference is that we’re a proactive security layer,
we don’t need to respond to specific security or seasonality. There is some
concern about seasonality and security.
FireEye was explaining that there was a decrease in attacks. We don’t
need attacks to happen. We’re a system to put into place proactively beforehand
so that when it does happen, it doesn’t
cause a lot of damage. We know we’ll have ample opportunities to show
how we stand out.
How has your IPO been so successful in a year in which most IPOs
have not performed well?
We stood out as high growth and profitable. That was very contrary and
unique. Investors always comment that they love that combination.
In security, the amount of awareness has sky rocketed. CyberArk stands
out as a new approach to security but with the execution capabilities of a
mature company.
Tell me more about your acquisitions: What influenced your decision
to start buying other companies?
CYBERTINEL, one of CyberArk’s acquisitions in the last two months.
We told investors to take pride in our organic innovation, where we
have launched growth innovation every 18-24 months. But then I told our team to
step out of your regular, organic routines and see around if there are assets
and technologies that make sense and create value for the customer bases. I
advise that to CEOs, as a private company start doing “what if” drills, start
looking at startups in adjacent security spaces.
I was pleasantly surprised that R&D was very embracing. They were
curious, happy to meet other companies, even answered, “if we had that, we
could do this.”
CYBERTINEL is
entirely engineers, highly innovative and very familiar with how advanced
attacks work. We wanted to infuse ourselves with that talent. They did early
detection credential theft. That was our first. They were a younger company,
with mostly engineering talent and advanced technology.
With Viewfinity,
it was a more serious acquisition. They add a net of about 300 customers and
not just engineering talent, but also operational, and sales and marketing.
Geographically they were a no-brainer: They are also Boston-Israel based. We
want to get it right, to make the first acquisitions really smooth, reducing
integration risk and unite employees in both places.
From tech, they help us expand layer protection, from data centers and
servers, to desktops, to laptops, to regular business users.
What key trends in cybersecurity are you seeing?
One of the things, looking at Israel, there’s a little bit of an over
creation of early startups that aren’t going to make it on their own. Some are
very innovative, but a customer can’t handle so many vendors. This creates an
opportunity for someone like CyberArk to pick up more technologies over the
years as well as developing our own organic innovation. We think we’re poised
to benefit.
The other trend is understanding that protection against attacks is no
longer to keep them out, which has been the top strategy for last 20 years.
Actually, it’s proactive protection, and fine tuning detection capabilities and
stopping an attack quickly.
The last big trend is continued adoption of cloud by
enterprises. A lot of mid sized companies have adopted cloud, and enterprises
have begun to expand into cloud. I think that’s going to continue. Some
companies won’t move completely — banks won’t have their information on
Amazon Web Services — but more of their assets will be moving there.
Businesses will expect cloud providers and security vendors like us.
Are you of the opinion that you can’t prevent cyber attacks, just
detect and ameliorate them quickly?
We are in the preventative space, but not in the sense that you’ll keep
yourself from being attacked. Still hide those doors — why make it easy? If it
keeps non-sophisticated intruders out of your system, why not?
But we are proactive protection from a post-infection. Assume someone
will click on an infected email, and that someone will put in an infected USB.
For example, when you fly on airplanes, others will sneeze, but it doesn’t have
to knock you down. You can contain it and detect it so that you can [address
it].
We are about advanced detection and amelioration. If you look at
trends, there is a lot more to do there. You can help companies pin point the
attack. We need to do all of that while their assets are changing, mobile is
growing, they are expanding into cloud — that’s what makes this space very
exciting. We are helping customers carry on their business while they change
their ways.