Cloud Captains: How Assaf Rappaport and His Extraordinary Co-Founders Built the World’s Fastest-Growing Company
Don’t mistake Assaf Rappaport’s gentleness for someone willing to play by the rules.
A self-described introvert with a quiet, unassuming nature, behind that image is one of the most ambitious entrepreneurs of his generation. His company, Wiz, valued at $10 billion during its Series D round a year ago, has taken cloud security by storm, led by Rappaport’s not-so-modest vision of rapid fundraising, hiring elite talent, and targeting A-list customers.
“His superpower is that despite how confident and successful he’s been at a young age, he’s steeped in humility,” said former Starbucks CEO Howard Schultz in a Forbes cover story after Wiz was named to the magazine’s Cloud 100 list in 2023.
“I think part of the magic of the relationship is how different we all are. Each co-founder has a distinct personality. It allows us to bring out the best in each other.”
— Assaf Rappaport, Wiz
The 39-year-old’s journey started in 2001, on his first day of military service. It was there he met his co-founders Roy Reznik, Ami Luttwak, and Yinon Costica. Not only did the experience put them on a path to becoming leaders in cybersecurity, it marked the start of a lifelong partnership that saw them start their first company, Adallom, in 2012, and has since taken them to heights they couldn’t have dreamed of as teenagers in the army.
“I think part of the magic of the relationship is how different we all are,” Rappaport says. “Each co-founder has a distinct personality. It allows us to bring out the best in each other.”
Luttwak agrees, noting the dynamics of the group and their individual strengths: “Whether you need a great motivator, a great project manager, a great engineer—or if you need someone who can tell a story, who’s good with investors, who understands customers—we’re very efficient and can accomplish a lot without really needing to talk.”
In terms of accomplishments, “a lot” is putting it lightly. Wiz is already one of the biggest tech success stories in history. Founded in 2020, it became the fastest software company ever to reach $100 million in ARR, doing so in only 18 months. Nine months later, it had doubled that figure, and today it counts more than 40% of the Fortune 100 among its customers. Earlier this year, the company hired former Zscaler executive Dali Rajic as President & COO, on the heels of achieving $350 million ARR in 2023, as the company pushes forward to its next milestone: $1 billion and an eventual IPO.
“If you really are going to win, you have to assume you’re going to win. You have to build with the expectation that you’re going to win.”
— Ami Luttwak, Wiz
Rappaport, however, knows the race is just beginning. In a world of rapid digital transformation, he sees opportunity all around him. As organizations move to the cloud and embrace AI at an unprecedented rate (Wiz sees AI services present in more than 70% of cloud environments), they need solutions like Wiz to keep them secure. But the opportunity isn’t Wiz’s alone—despite the company’s unprecedented start, they’re still chasing and being chased by competitors.
These are exciting times for a group of friends who have staked their lives together as entrepreneurs: innovating at scale and building the next great cybersecurity company. Winning the day isn’t enough; Wiz’s co-founders want—and expect—to win five, 10, 20 years down the line.
“If you really are going to win,” Luttwak says, “you have to assume you’re going to win. You have to build with the expectation that you’re going to win.”
Bootcamp to Boardroom
As soldiers, Wiz’s co-founders were recruited to join an elite cyber intelligence division known as Unit 8200. Describing it as the “Israeli NSA,” Rappaport credits the experience with giving them the education and tools they needed to become successful entrepreneurs. Today, many of the world’s leading security companies were co-founded by veterans of Unit 8200, including Palo Alto Networks, Check Point, Fireblocks, Orca Security—and, of course, Wiz.
“That experience showed me the impact you can make when you combine great talent with amazing technology,” Rappaport says.
In 2012, after completing his military service and spending two years as a McKinsey consultant, Rappaport reunited with his friends to launch Adallom, a cloud security company. They moved to San Francisco, where they rapidly built Adallom (which takes its name from Ad Halom, a key site in Israel whose name means “last line of defense”) into a pioneering SaaS security provider. In 2015, Microsoft acquired Adallom for $320 million, and its founders moved back to Israel, where Rappaport took over Microsoft’s growing cloud security division.
“At Wiz.... engineers don’t always do what product tells them to do. We try to give customers what they want, but we won’t build it if we don’t have a way to scale it.”
— Ami Luttwak, Wiz
Already leaders in cybersecurity, Rappaport and his fellow entrepreneurs built the Azure security stack, and benefited from an inside look at one of the world’s largest and most successful companies—and also got a front-row seat to the cloud journey of some of the world’s biggest brands, who were Microsoft customers. Whereas at Adallom their habit had been to say yes to every customer request, leading to rapid building and immense technical debt, at Microsoft they learned the importance of scalability—even when it meant removing 75 percent of the features they had created at Adallom.
“Our years at Microsoft gave us the discipline and skill to build products that scale,” Luttwak says. “At Wiz, that means engineers don’t always do what product tells them to do. We try to give customers what they want, but we won’t build it if we don’t have a way to scale it.”
Rappaport calls their time at Microsoft “wonderful” and says it “wasn’t easy" to say goodbye. But after five years of building exclusively for Azure, they were inspired by the idea of providing a solution that supported true multi-cloud environments (the “Switzerland of cloud security,” as Rappaport describes it). Taking what they had learned about scalability, and combining it with the agility and startup mentality they developed at Adallom, Rappaport says they wanted to build their own generational company on a similar size and scale as Microsoft.
At first, they weren’t sure what that should be. Calling their new company Beyond Networks, they started by focusing on network security in the cloud but decided it was too narrow. Through conversations with CISOs and other security leaders, they were surprised to learn that problems they thought had already been solved were, in fact, still major pain points for organizations trying to operationalize cloud security. Namely, companies relied on a growing number of tools that were difficult for non-security experts to use and understand.
Seeing that the real problem was both simpler than the one they originally envisioned, while also much larger and more complicated, they agreed: this was the opportunity—a chance to take the lead in one of the world’s fastest-growing industries—they had been waiting for.
Stars in Their Eyes
You might not think early 2020, with a pandemic on the horizon and the global economy on the verge of shutting down, was the best time to start a company. Indeed, Rappaport spent those first months questioning his decision to leave Microsoft—and he wasn’t alone.
“Early Wiz team members told me their loved ones were asking them to seriously reconsider whether it was a good time to join an early-stage startup,” Rappaport says.
But the timing had its advantages, too. For one, being fully remote from day one helped enable Wiz’s rapid growth, global presence, and scale in the early days of the pandemic. For another, the company was able to capitalize on an unforeseen moment in history where CISOs around the world suddenly paused their on-prem projects and pivoted to seeking cloud-based solutions.
“Looking back, if you asked me to choose the best time in history to start a cybersecurity company in the cloud, I would have to say March 2020,” Rappaport says.
In a pre-cloud environment, organizations relied on a set of tools developed to protect servers housed on premises. With the shift to cloud-based servers, software providers had to adapt those tools for the cloud, but the results were clunky and ineffective. Reznik, Wiz’s VP of Research and Development, describes Wiz as having a “competitive edge” thanks to its suite of products that were “built for the cloud from the ground up.”
Perhaps even more importantly, the shift to the cloud forced organizations to overhaul their security processes. Whereas architecture and infrastructure once were centrally owned and managed by a single security organization, in a decentralized cloud environment every team chooses its own tools and infrastructure. This creates new vulnerabilities, new risks, and a new set of challenges that must be monitored and addressed by security teams.
“The cloud completely changes the development process inside organizations, and forces security teams to adapt accordingly,” says Raaz Herzberg, Wiz’s CMO & VP of Product Strategy.
Time to value was another priority for the Wiz team. As an agentless solution, Wiz enables customers to share their Azure or AWS permissions and within minutes see a full image of their entire cloud architecture with a graph-based view that visually depicts complex cloud relationships in a simple, straightforward manner. Previously, if an organization had a hundred servers on premises, it would need to deploy scanning software on each one individually. Such a process requires getting permission from multiple teams and also reduces server performance.
“That’s a non-starter for most large companies,” says Scott Piper, Wiz’s principal cloud security researcher. “They don’t even know what servers they have a lot of times.”
“Typically, security products are for security teams. But Wiz is a product that developers love, too. This is where the magic happens.”
— Yinon Costica, Wiz
As the world’s largest organizations migrate to the cloud, Wiz is solving the main challenges faced by security leaders, helping them make that move smoothly and securely. It offers a Cloud Native Application Protection Platform (CNAPP) that is continually ranked #1 by customers. According to Gartner’s 2023 Market Guide for CNAPP, these solutions can “consolidate security tooling for the life cycle protection of cloud-native applications to three or fewer vendors, down from an average of 10.”
With Wiz’s simple interface, developers can identify critical issues and know where to spend time shoring up vulnerabilities. It has democratized security and made it, in effect, self-service, empowering developers and helping organizations to be more secure.
“Typically, security products are for security teams,” says Costica, Wiz’s VP of Product. “But Wiz is a product that developers love, too. This is where the magic happens.”
That magic has propelled Wiz’s rise as one of the fastest-growing startups of all time, earning it top-of-market customers like Morgan Stanley, Salesforce, Colgate-Palmolive, and others. At FOX, another happy customer, Wiz is used by more than 150 employees—10 times more than the security team’s entire headcount. CISO Melody Hildebrandt credits its “vocabulary, interface, and the way it aggregates concepts into human-readable formats” with empowering so many different teams and types of users across the organization.
Reznik says that customer love is one of the things that makes him proudest as a founder. “My perspective is biased,” he says, “but when we present to customers, I see that they have real excitement about the product. They have stars in their eyes.”
More Than Magic
Wiz’s appeal stems from many different factors, all of them sharing a common thread: customer focus. The company has been strategic about making itself accessible to a broad customer base, while at the same time establishing Wiz as a leader in the security community that isn’t afraid of disruption.
Consider its branding, for example. If you look at most security companies’ branding, you’ll see a heavy reliance on black and red, often paired with forbidding-looking locks and hackers in hoodies. By contrast, Wiz’s branding—with playful illustrations of wizards and clouds in a soft blue and pink color scheme—feels friendly and approachable.
“I don’t believe in motivating people by fear in general,” Herzberg says. “So I have no reason to motivate prospective buyers that way.”
Herzberg doesn’t worry that a lack of severe iconography will turn off security leaders. After all, these are the same people who buy iPhones, Teslas, and other fun tech products. What’s more, she says, cloud security is a field that demands a new kind of thinking and creativity. Even the name Wiz suggests both the smarts of its leaders and the magic of wizards.
Roy Katz, Wiz’s Head of Brand, says the company faced three challenges in coming up with its branding. First, while the security industry is largely fear-based, with constant talk of threats and vulnerabilities, Wiz wants its branding to carry a message of optimism and positivity. Second, because Wiz addresses complicated problems that may be unfamiliar to some customers, Katz stresses the importance of communicating clearly. Third, given that Wiz competes with many legacy players, its branding needs to help it stand out.
In the end, none of these concerns has impeded Wiz’s rise. Even the illustrations Wiz uses, with magic elements that Katz jokingly worried might conjure “scams and tricks,” are consistent with the awe in customers’ faces when they see the product for the first time.
Wiz’s playful branding extends beyond the company’s website. At AWS re:Invent in 2023, Wiz’s booth featured an “American diner” theme complete with donuts and an Elvis impersonator. For the RSA conference, it staged a “Wizard of Wiz”-themed booth with actors dressed as Dorothy, Tin Man, and Scarecrow. The company’s research team even developed a card game called “Exploited in the Wild,” which helps explain concepts in cloud security.
In the same way Wiz’s approach to branding has made it accessible to newcomers, its deep commitment to research has made it a pillar of the security community. By analyzing the cloud from the standpoint of attackers, Wiz Research is not only making the platform stronger, they’re revealing vulnerabilities in the wild and publishing their findings to wide acclaim.
In one example, which they named #BingBang, Wiz researchers discovered that an attacker could hack into Microsoft Azure’s cloud service and modify Bing results. (To test it, they temporarily changed the “best soundtracks” search result from “Dune (2021)” to “Hackers (1995)”.) They found they could also access data in Outlook and Teams accounts, as well as many of Microsoft’s internal apps. As always, Wiz followed responsible disclosure processes, reporting the vulnerability to Microsoft, which quickly plugged the hole before Wiz published its findings in a blog post.
In another noteworthy discovery, Wiz found an accidental leak of 38 terabytes of Microsoft data. This meant an attacker could potentially read and modify employees’ passwords, messages, and backups, or even upload malicious code that other users might download.
In 2021, a widespread vulnerability called Log4Shell made headlines for allowing users to force some servers to run malicious code. Wiz developed a way to detect the vulnerability and found that it affected about 90% of all cloud environments—even the NSA’s.
Piper was working in security at another company when news of Log4Shell broke. He realized they needed a solution quickly. Normally, they would do a bake-off—an evaluation process used to review competing products and services—but Piper knew they didn’t have time. He decided to go with Wiz. A year later, he joined the company.
“It became clear to me they were going to dominate the industry,” he says. “When you see something like that out in the world, it’s a good idea to try and get on board.”
It became clear to me they were going to dominate the industry. When you see something like that out in the world, it’s a good idea to try and get on board.Scott Piper,
Principal Cloud Security Researcher at Wiz
In his free time, Piper, who calls himself a “cloud security historian,” maintains a database called cloudvulndb alongside other Wiz researchers. Now sponsored by Wiz, the site documents all known cloud vulnerabilities, with a goal of increasing transparency and making the cloud more secure.
Working with Wiz’s founders, Piper says he quickly recognized that they’re “in it for the right reasons.” At re:Invent in 2023, only a year after joining Wiz, Piper found himself in conversation with the team who works on AWS Security Hub—a Wiz competitor. Privately, he considered whether he should suggest ways they could improve their product. When he brought the question to a member of Wiz’s leadership team, they told him, “Yes, absolutely.”
“But what if that conflicts with our own product?” Piper asked.
“Then we don’t have to work on that problem anymore,” they said.
Piper says that’s the kind of security-focused culture that drew him to Wiz in the first place, and that has helped the company become a leader in research.
“They’re not just trying to ensure profit and build a moat around themselves,” he says. “They actually want to identify and fix the problem for customers in different ways.”
Wizardry at Work
The growth and scale Wiz has achieved in just a few short years wouldn’t be possible without exceptional team chemistry. With more than 20 years together under their belts, Wiz’s founders trust and intimately understand each other’s individual strengths and weaknesses. That trust and camaraderie ladders down to the rest of the organization. Costica proudly describes a “team-first mentality,” in which “wizards” (as they call themselves) have each other’s backs. There’s a “trophy room” in Slack where team members celebrate achievements, and managers start team meetings by expressing appreciation for their fellow wizards.
“Being the fastest-growing company, the pace is very fast. Everyone is always running together. When you have a great product, that helps align the whole company.”
— Raaz Herzberg, Wiz
Wiz’s relatively flat structure enables team members to be independent and agile and helps avoid a culture of micromanagement. According to Reznik, when you hire and empower “smart, driven people,” they will naturally work according to their individual skills and passions, and when they encounter a problem, they’ll be open to talking about it and getting help.
Luttwak characterizes Wiz as a “lean” company—everyone works with product, and everyone works with customers. With fewer management layers, there’s less meeting and more doing.
Reznik also highlights the diverse backgrounds of Wiz employees. Many of the company’s engineers worked as team leads before returning to more hands-on roles, giving them perspective on product design. Meanwhile, much of the product team comes from technical backgrounds, meaning engineering and product can speak the same language.
“Being the fastest-growing company, the pace is very fast,” Herzberg says. “Everyone is always running together. When you have a great product, that helps align the whole company.”
As Luttwak noted, customers ultimately drive the conversation at Wiz. Developers hop on calls with customers to listen to their feedback and understand their experience. Every new feature is based on a customer request in one form or another—though they’re careful to make sure that anything they build will be able to scale as the company and platform grow.
As Luttwak noted, customers ultimately drive the conversation at Wiz. Developers hop on calls with customers to listen to their feedback and understand their experience. Every new feature is based on a customer request in one form or another—though they’re careful to make sure that anything they build will be able to scale as the company and platform grow.
One way to scale is by using existing services. A good example of this is Wiz’s celebrated graphs feature, which relies on graph database technology provided by Amazon Neptune. Luttwak points out that the service has allowed Wiz to build the largest graph implementation in the world without requiring 50 engineers. The company’s discipline in limiting new features, combined with its strategic use of managed services, has allowed them to go after massive customers despite still being a relatively small company (fewer than 1,000 employees, although not for long).
In 2023, Wiz continued to evolve its platform in significant ways:
- The launch of Runtime Sensor extended the agentless visibility Wiz is known for and added real-time detection.
- Features like AI Security Posture Management (AI-SPM) help customers accelerate AI innovation.
- Secure Cloud Development capabilities extend Wiz CNAPP to the entire software pipeline, while the company’s acquisition of Raftt marked an acceleration in their journey to empower developers.
The expansion of secure development is key not only for providing guardrails against human error, but also for continuously educating developers about what makes clouds secure. As Costica says, “Engineering teams can see the problems that they created, understand them, and ask, ‘What do I need to do to prevent it from happening next time?’”
With every new customer that signs up, Wiz is educating teams that are new to the cloud, enhancing not just their knowledge of cybersecurity but their overall cloud literacy. And with another shift underway, as companies adopt more AI technologies, Wiz is committed to doing what it can to give customers the tools and knowledge they need to use AI in the cloud securely while investigating the implications of this powerful technology.
Beyond the Clouds
Looking ahead, Rappaport understands the challenge of sustaining Wiz’s growth while maintaining exceptionally high standards. He knows recruiting will be a big part of that—finding the right people so that as Wiz grows from a few hundred to a few thousand employees, it maintains its team-first culture and commitment to customers.
“It’s very hard—you have the funds, the pressure, the demand from the market,” he says. “We’re constantly asking ourselves, ‘How do we grow and still keep the highest bar?’”
For Rappaport, that standard was set during his days in Unit 8200, when he saw firsthand what happens when you pair incredible talent with cutting-edge technology. As entrepreneurs, he and his co-founders have added a third element to the mix—customers—and consistently found ways of giving security leaders tools that make their lives easier.
“You have to understand that it’s about people and processes first,” Rappaport says. “Of course we love technology, but it’s that human aspect—understanding the problems CISOs face, all their different processes and priorities—that I think has made Wiz so successful. Once you understand the people, only then can you create the products and technology.”
With the ever-growing demand for cloud and AI solutions, Wiz has fortunately been insulated from much of the economic uncertainty of the past 18 months. While its leaders have stayed measured about where to invest and how to think about growth, Rappaport’s overall ambition and vision for the company haven’t changed. He continues to see cloud security as a huge and open opportunity, with Wiz and competitors racing for dominance. He wants Wiz to be the indisputable market leader—a $100 billion generational company.
“That’s what’s at stake for all of us,” he says with a smile.
Published — March 1, 2024