security

Meet Wiz, The Aggressive $10 Billion Startup Shaking Up Cloud … – Forbes


This story appears in the August/September 2023 issue of Forbes Magazine. Subscribe

$200 million in sales. A $10 billion valuation. New billionaire Assaf Rappaport has built Wiz into one of software’s fastest-growing startups ever. But the CEO’s ultra-competitive approach is leaving singed eyebrows.

By Alex Konrad, Forbes Staff


Weaving his way through Tel Aviv’s Pride parade in June, Wiz CEO Assaf Rappaport looks uneasy. Slim and dressed unassumingly in a gray T-shirt and slacks, he’s with close friends—cofounder Yinon Costica and chief marketing officer Raaz Herzberg—but also a security detail. An hour before, an intruder tried to confront Rappaport in his office, then waited for him in ambush in the courtyard below, motive unknown. Now, an armed plainclothes guard follows just behind as Rappaport navigates the throng.

Out of nowhere, a stranger calls his name. Rappaport ten­ses, but this person just wants a selfie; in Hebrew, he says his mother is a big fan. Relieved, the CEO obliges and is then back on the move. He doesn’t fully exhale until he and Costica, Wiz’s head of product, reach a quiet nearby alley and stop for some jachnun, a Yemenite Jewish pastry. “I’d prefer it wasn’t just the moms who are fans,” Rappaport, 39, jokes.


In Israel, where Wiz was founded, such quasi-celebrity is no shock. Nearly a decade ago, Rappaport, Costica and two friends sold their security startup, Adallom, for $320 million to Microsoft, where Rappaport helped the company dethrone Google as Dun & Bradstreet’s “best place to work” in Israel. But in just three years since leaving that job to get the band back together for another startup, he has emerged as a globally relevant tech player, too: the CEO of one of software’s buzziest unicorns, invited to rub shoulders with OpenAI’s Sam Altman at Sun Valley’s exclusive confab of moguls, attending Formula 1 races as a VIP guest of Amazon and skipping famed VC firm Sequoia’s CEO summit to hang backstage with the Chainsmokers in Las Vegas.

That part is all new for Rappaport, an introvert with the eating habits of a 5-year-old (no coffee, no vegetables, no spices) and few hobbies aside from walks with his red border collie, Mika, Wiz’s “chief dog officer” (who has 2,000 Linked­In followers), who keeps him company during late nights at the Tel Aviv office. But Rappaport’s the man of the hour because he’s catching two waves—the cloud and AI—with his security tools, and doing so faster than anyone.

With corporations moving more of their apps and data to the cloud—a $500 billion market for services and tools that’s growing at a healthy 20%-plus clip, per Gartner—the need to properly secure them has always been a priority and a challenge. The mainstreaming of AI has only made it more so. As companies race to embrace AI tools like Open­AI’s ChatGPT, they’re uploading to the cloud the vast data sets required to train them. But in this new world, malicious hackers have AI tools of their own.

Enter Wiz, which connects to storage providers like Amazon Web Services or Microsoft Azure and scans everything it stores in the cloud, flagging and prioritizing security risks. Wiz isn’t the only player capitalizing on the cloud security boom—it fa­ces a revitalized publicly traded giant in Palo Alto Networks ($75 billion market cap) and well-funded startup rivals—nor was it even among the first. But it is indisputably the player of the moment.

Rappaport and his cofounders’ “suicide plan,” as they call it—to speed-run company building by hiring fast, raising vast sums of capital and targeting top-of-market corporations first—sent seismic tremors across the industry. Wiz customers already include Fox, Morgan Stanley and LVMH, whose CEO, the world’s sometimes-richest man, Bernard Arnault, was so impressed by Rappaport’s ambition that he wrote Wiz a personal check. Annual recurring revenue passed $100 million in 18 months, the fastest any software company has reached that milestone. It hit $200 million nine months later, helping it land at No. 15 on Forbes’ annual Cloud 100 list.

When Wiz reached a $10 billion valuation in a $300 million Series D funding round led by Lightspeed Venture Partners and Greenoaks Capital Partners in February, the fact that it made new billionaires of Wiz’s core four—Rappaport, Costica, Ami Luttwak and Roy Reznik, all of whom hold 10% equity—wasn’t even the biggest news of the day. Rappaport seized the moment to take a political stand: He announced that Wiz would keep all that money not in Israel but in the U.S. as a protest against Prime Minister Benjamin Netanyahu’s recently passed judicial overhaul. He was the highest-profile local tech leader to publicly align with protestors and some of the country’s labor unions, and his stand plastered his face across Israeli news this spring—visi­bility with consequen­ces to which he’s still acclimating, be they surprise selfie seekers or office stalkers.

“He wears his heart on his sleeve, and he loves his country,” says former Starbucks CEO and billionaire Wiz investor Howard Schultz. “His superpower is that despite how confident and successful he’s been at a young age, he’s steeped in humility.”

Not everyone is so enamored of Rappaport’s rapid ascent. Wiz’s rapacious hiring (750 employees and adding a lot more) and fundraising ($900 million–plus so far) harks back to the profligate spending of the previous decade in tech. Wiz’s rivals relish any parallel to that era’s greatest flameout, led by its own visionary Israeli cofounder. But it’s a superficial dig: Unlike Rappaport, Adam Neumann wasn’t an engineer with a major exit to his name when he started WeWork.

Still, a big bet like Wiz’s brings pressure. Some industry peers believe the company goes too far with its aggressive growth tactics. One competitor, Orca Secu­rity, filed a lawsuit in July accusing it of doing everything from infringing its patents to copying marketing metaphors. Wiz spokesperson Tamar Harel called the suit’s accusations “baseless.”

Microsoft CEO Satya Nadella met Rappaport to give him some unexpected marching orders: “I’m here to set the rules, and you’re here to break them.”


Rappaport knows he’s bucking current corporate wisdom. But the startup graveyard is filled with promi­sing technology that never got to market fast enough, he says—and, he adds, the winner of the cloud security race will be a $100 billion company. So while others conserve and retreat, Wiz doubles down. “The possibilities are bigger for us in this position,” Rappaport says. “Is it safe? Definitely not.”


Rappaport and his three cofounders met during Israel’s mandatory military service, where their technical aptitude as teens led them all to Unit 8200, an elite intelligence division. A math and physics standout, Rappaport had first served in Talpiot, an exclusive leadership program in which a small number of cadets train across every area of Israel’s military and attend university while living in an on-campus barracks. There, he met Costica when the fellow cadet rescued him from failing a dorm inspection.

In 8200, they served alongside Luttwak and Reznik before Rappaport departed for a smaller, even more secretive elite cybergroup called Unit 81, then spent two unfulfilling years as a consultant at McKinsey. Sticking to what they knew best—security—Rappaport, Luttwak and Reznik joined forces in 2012 to launch Adallom, which initially focused on protecting Microsoft SharePoint files. Raising a few million from Sequoia—despite what former partner Gili Raanan, now the founder of early-stage firm Cyberstarts, remembers as a “mediocre idea with a pitch that wasn’t great”—Rappaport moved to San Francisco in 2013 as the startup widened its mission to include Box, Dropbox, Salesforce and other file sharing sites. (Costica joined as vice president of product in early 2014.) Then, in 2015, Microsoft surprised Rappaport with what seemed like a huge cash offer—and a chance to move back home to his friends. With investors’ reluctant blessing, Adallom sold, with each cofounder pocketing $25 million in the $320 million windfall.


Elite Company

Unit 8200, Israel’s storied cyber division, has deep roots in the security software community. At least one veteran counts among the cofounders at each of these standouts, and many others like Orca Networks.


When the deal closed, Microsoft CEO Satya Nadella met Rappaport face to face to give him some unexpected marching orders: “I’m here to set the rules, and you’re here to break them.” Tapped to lead Microsoft’s fledgling cloud security unit in the Israeli city of Herzliya, Rappaport took Nadella’s words to heart. He instituted a commuter shuttle program from nearby downtown Tel Aviv, where he and other young employees preferred to live, and hid the office’s corporate art in a bomb shelter closet. When Netanyahu’s government refused to support surrogacy for gay people, Rappaport announced, via a Facebook post, that Microsoft would sponsor local employees to travel overseas for such procedures—a unilateral move that caught his bosses unawares.

It wasn’t until February 2020, as the spread of Covid-19 began to cause global shutdowns, that Rappaport, since promo­ted to general manager of Microsoft’s Israel R&D center, concluded his five-year tour of duty. “My first flight back from Redmond [Washington], I wrote on a napkin a list of what I wanted to do at Microsoft, what was important for me to accomplish,” he explains. “When I finished the napkin, I left the job.”

Rappaport and his old Adallom crew decided they wanted to build something bigger; they just didn’t know what. Armed with seed funding from Sequoia and Cyberstarts, they played with several ideas, from online payments (briefly) to next-gen network security. Talking to dozens of prospective buyers, mostly chief information security officers (CISOs), to find out what they needed, they gravitated back to cloud security.

Companies moving their operations to the cloud were endlessly annoyed at how much time existing tools required to deploy and how complicated they were to run, the founders heard. A vulnerability in just one open-source code snippet, reused in dozens of places, could mean an endless game of exploit Whac-A-Mole. In the cloud, any connection, even a seemingly inconsequential one, could provide an opening for a devastating hack. “Security teams today have a really hard job, because they need to take responsibility for something they don’t really own,” Luttwak says.

Wiz’s solution: a tool that could run without a lengthy download process (what’s known as “agentless” software), with a handy interface any developer could understand. Within minutes of a customer turning over its AWS or Azure credentials, Wiz could check every connection and pathway connecting them to the outside world. A dashboard called the “risk graph” would prioritize the most criti­cal issues, helping developers know where to spend time. Think of an office building with thousands of windows and hundreds of doors, Luttwak says. Wiz would scan them all and prioritize the unlocked ones closest to the ground or a fire escape.

“They’re ultra-aggressive, and not everybody likes that. Do they have to be? Yes, it’s part of the game.” 


To compete with a crowded market including Palo Alto Networks’ Prisma Cloud and startup unicorns like Orca and Lacework, Rappaport & co. pursued the market’s highest-value customers first. “It was really interesting right off the bat,” says Costco CISO Jon Raper, who tried Wiz in the summer of 2020 and had it up and running across all of Costco’s internal apps and databases within a day. Adds Bridgewater CTO Igor Tsyganskiy, who signed what was then Wiz’s largest multiyear contract in the fall of 2021: “A bunch of people had the tools, but to deliver ROI almost instantaneously, no one else was there.” He says the investment paid for itself in just one week when it helped Bridgewater identify multiple exposures to a zero-day vulnerability called Log4j, a “potential digital Covid” that threatened to expose its $100 billion–plus in assets to cybercriminals.

To Rappaport and his investors, such enthusiastic respon­ses were lightning in a bottle to be harnessed at all costs. After Raanan and his former colleagues at Sequoia led Wiz’s $20 million seed round before it had any customers, Index Ventures and Insight, former Adallom backers, led a near-immediate $80 million Series A that valued Wiz at $400 million that fall. In March 2021, Wiz raised another $130 million led by Advent International and Greenoaks; just two months later, Salesforce, Blackstone and others, including Arnault and Schultz, poured in another $120 million, valuing year-old Wiz at about $2 billion. Within six months, that number ballooned to $6 billion as Insight, Greenoaks and other insiders invested another $250 million in October 2021.

“We’re fighting giants,” Rappaport says with a shrug, noting that Palo Alto Networks has similar resources at its disposal. “I need to have the ability to invest in order to compete, because the opportunity is huge.”


After the pandemic’s start, as tech IPOs ground to a halt and startups found access to fresh funds mostly dried up, Douglas Leone, the billionaire former global leader of Sequoia, wrote a memo to the firm’s portfolio CEOs, urging them to focus on profits over unchecked growth. Afterward, he called Rappaport with a short addendum: “Whatever I said wasn’t for you.”

At Wiz’s growing U.S. headquarters, in Manhattan’s Hudson Yards development, you’d think it’s still 2019, at least on the days that employees come in. Most Wizards, as the company calls them, joined the company in the past year. Compared to the Tel Aviv office, where a core group of 200, mostly engineers who have known each other for years, go in daily, there’s culture shock. Insight investor Teddie Wardi dubs it “controlled chaos.”

Outside of Wiz’s founders and inner circle, execu­tives haven’t lasted long. In September, Rappaport asked Herzberg to move from product to chief marketing officer, its third in three years, despite no marketing experience; the previous CMO, an industry vet from Okta, lasted just nine months. A chief customer officer quit after two weeks. Wiz lacks other key leaders expected of a company of its size, such as a chief financial officer; several anonymous employees on jobs site Glassdoor have posted that workers simply hope to last one year, a requirement at most startups for any equity to vest.

Companies hiring so fast won’t always get it right, Rappaport concedes. “There’s something confu­sing about Wiz, because it’s already a big company, but it’s also a very young one,” Herzberg shrugs. But Wiz’s board isn’t complaining: The company continues to blow past every sales target. “I’m uncomfortable, but I want to be uncomfortable,” Rappaport remembers Index’s Shardul Shah declaring one year in, after the CEO announced that Wiz’s forecast $8 million in first-year revenue had come in at $42 million instead. Even the no-nonsense Leone, who has generally encouraged the company to wait one or two quarters to see early results before each big gamble, says he can’t argue with the results: “I might have been right 99 times out of 100, and been wrong on this one.”

The math, says Lightspeed’s Arsham Memarzadeh, who paid that hefty $10 billion price earlier this year after previously missing out on Wiz, is simple: With cloud usage headed toward $1 trillion in glo­bal spending, there’s a growing opportunity for the companies promising to secure it—potentially a 5% cut. “They’re in a very prized neighborhood,” says one security-focused investment banker who requested anonymity to speak freely.

But more than 50 cybersecurity startups carry a $1 billion–plus valuation, including many in the cloud. Not everyone will win big. Lacework, which raised its own $1.3 billion megaround in 2021, valuing it at $8.3 billion, is starting to move upmarket into the enterprise, putting it on more of a collision course with Wiz under new CEO Jay Parikh, Facebook’s former head of engineering. Then there’s fellow Israeli-founded Orca, which raised $550 million that year at a $1.8 billion valuation (it debuts at No. 95 on this year’s Cloud 100 list).

Even for the cutthroat culture of security sales, several industry sources claim Wiz salespeople push the ethical envelope, such as telling prospects not to trust that rivals like Orca will remain in business long. In July, Orca escalated the conflict, suing Wiz in Delaware for a playbook it described as “copy Orca.” Some of the alleged tactics—such as Wiz bringing a coffee maker to a conference booth the day after Orca did—don’t seem to amount to much. Others, such as patent infringement, appear more serious. (Orca declined to comment.)

Wiz faces other questions, too, such as its ties through Cyberstarts and other investors to CISOs at some of its biggest customers, raising the potential for conflict of interest, and claims it “buys business” with discount pricing it later jacks up. Rappaport calls such mudslinging “FUD,” short for fear, uncertainty and doubt. “If someone’s felt aggression, that’s not part of our values,” he says. “I wish I had so many friends that I could get to $200 million in revenue from them.”

Even Wiz allies admit the company has sharp elbows, a consequence, they say, of its need to grow so fast. “They’re ultra-aggressive, and not everybody likes that. Do they have to be? Yes, it’s part of the game,” says Nadav Zafrir, cofounder of Israeli startup incubator Team8, which sometimes competes with Wiz, and its founders’ former commander in Unit 8200.

Rappaport is also racing security’s titans—like Crowdstrike (market cap: $35 billion), which could buy its way into the market, and the resurgence of Palo Alto Networks, which has poured resources into its competitive product, Prisma Cloud. Palo Alto is betting that customers want one platform provi­der for all their needs, not just in the cloud, says chief business officer Amit Singh; the pitch has helped win back at least one customer from Wiz so far. (In a tacit nod, Wiz recently rushed out its own “run-time sensor”—similar to the traditional, installation-required cybertools it previously disrupted—to beef up its capability to respond to live attacks.)

For the next battlefield, look no further than the tech topic du jour, AI, where the sprint to move data to the cloud to feed into models like ChatGPT means an even more competitive race to secure it. Wiz recently found 33 terabytes of training data exposed to the world by one customer, Rappaport says; the company is working on its own AI tools to answer questions about a customer’s cloud setup or guide them through responding to incidents. “There’s a lot of food for all these vendors” in the AI rush, says Wedbush analyst Dan Ives. “No one is going hungry.”

So don’t expect Wiz to slow down anytime soon, even as it looks to tighten up its operations ahead of an IPO that could come as soon as next year. It’s hunting for its first acquisitions, even as it looks to hire a CFO. “It feels weird—what everybody is being told by every newspaper, every VC that publi­shes something, I’m doing the opposite,” Rappaport admits. But with the right team, funding and product fit, he tells himself: “Go, go, go.”

MORE FROM FORBES

MORE FROM FORBESHow Alexandr Wang Turned An Army Of Clickworkers Into A $7.3 Billion AI UnicornMORE FROM FORBESInside ChatGPT’s Breakout Moment And The Race To Put AI To WorkMORE FROM FORBESLisa Su Saved AMD. Now She Wants Nvidia’s AI CrownMORE FROM FORBESClaude 2.0, Anthropic’s Latest ChatGPT Rival, Is Here – And This Time, You Can Try It



READ SOURCE

Readers Also Like:  China’s security agencies accuse Britain’s MI6 of using foreigner to spy on country

This website uses cookies. By continuing to use this site, you accept our use of cookies.