CyberArk at 25: Udi Mokady on Milestones, Identity Security and Humility

May 10, 2024 David Puner

CyberArk at 25

Let’s head back for a moment to when some of us were partying like it’s 1999, in 1999. Among that year’s notable milestones were the release of The Matrix, the introduction of the euro – and the impending clock turn to 2000 (aka Y2K), which propelled prophylactic tech upgrades far and wide. Simpler times – at least in retrospect.

Somewhere amid the Czech Republic, Hungary and Poland joining NATO and “Hotmail hacking,” the company that now underwrites this blog debuted in the spring of 1999. CyberArk launched in a small sublet office outside Tel Aviv with a digital vault solution and a handful of employees. Soon after that came U.S. expansion and a rising focus, born from customer need, on securing privileged access – initially for IT admins.

CyberArk would soon become instrumental in pioneering the privileged access management (PAM) market and continuously driving its evolution. With the advent of multi-cloud, hybrid working and the dissolving of the security perimeter that followed, what began with IT admins expanded to the wider workforce and all other human identities, as well as bots and applications – all with degrees of sensitive access that need to be managed, monitored and controlled. Privileged credentials are everywhere around us, and attackers, of course, still relentlessly attempt to compromise privileged credentials and use them to move laterally throughout networks to reach intended targets.

Then identity security entered the fold – centered on PAM – making it easier for organizations to protect themselves against advanced cyber threats by securing all human and non-human identities, accessing all resources from every location. CyberArk established the category, and identity security has quickly become essential to extensive digital initiatives that drive businesses forward.

Critical to the company’s rise, continuous innovation and business transformation is co-founder Udi Mokady. Propelled in large part by his vision, under Mokady’s leadership, CyberArk has grown to over 3,000 employees and offices in 16 countries. And it was just last year when he shifted to a new executive chairman role after serving as the company’s CEO for over 18 years, including the first eight-plus years since he took the company public in 2014.

To commemorate CyberArk’s 25th anniversary, Mokady recently sat down with me for an episode of our Trust Issues podcast. It’s a wide-ranging discussion that looks back, looks forward and dips into philosophies and lessons learned. In the episode, Mokady reflects on the significance of CyberArk’s quarter-century milestone, its ongoing growth and innovation’s pivotal and enduring role in that growth. He also talks about the ever-evolving threat landscape and how the company has, in turn, grown and scaled to meet it while maintaining its culture and values.

The following excerpts from the podcast have been edited and condensed for clarity.

Udi Mokady culture

On CyberArk’s early days: “There’s no way in the world that I envisioned getting to where we are today. This would have been a crazy dream at the time when we were in a sublet in Israel.”

On the 2014 IPO: “Going public created a platform we could ride on to build a long-lasting company … It was a way to show our customers and partners that we were going to be around for the long haul. It was a way to earn the right to say that we were built to last … Everything we did was about thinking long-term and doing what was best for the company in the long-term. Going public was good for business and it was good for our brand.”

On the transition from CEO to Executive Chairman: “It’s been a wild year. I’d been CEO of CyberArk for more than 18 years until we decided to do this transition. I turned it over to Matt Cohen, who is a superb CEO, so that I can focus on things that are strategic to CyberArk. It’s been a great transition, and I think we’re writing a case study of a founder/CEO transitioning to another CEO while the founder stays connected to the company, customers, partners, culture and employees.

On endurance:You can’t be built to last in cybersecurity without making innovation a major pillar and a major part of your strategy. It’s all about continuously extending our solutions to address modern-day attacks, both organically and inorganically, through partnering and acquisitions. We’re very unique in how much we partner in the C3 Alliance, which has thousands of integrations with third parties. That approach of security as a team sport is another thread of innovation … And part of our culture is to think like an attacker, so every team member at CyberArk approaches their role by bringing the attacker into the room in everything we do. That really drives our innovation – we not developing in silo – we’re thinking about defending against that attacker.”

On culture:Company culture is the most important aspect of a successful business. At CyberArk, we have a unique culture that’s built on the values of being smart, bold, but humble. These values are ingrained in our DNA and are reflected in everything we do. We hire and retain people who possess these traits, and it has been a key factor in our success. Our culture is global, and we have a reputation for having amazing people. I am most proud of our people and the culture we have built.”

On humility:You can’t train humble. It’s very much how people grew up. It’s people who influenced them in their life. It could be their parents, a mentor, their friends, or something that they were part of. When you’re humble, it means you’re not full of yourself. It means you’re going to listen.”

On perseverance amid geopolitical tensions:I am very proud of the resilience of the team in Israel … Something happened where people huddled and covered for each other. Like, if somebody was out in reserve duty, people covered for one another. And the output in R&D and delivery and support – everything – was greater than 100 percent.”

On aspirations: “My ultimate dream for CyberArk is for it to continue to grow and scale, while maintaining its culture and values. I want the company to be a trusted and reliable partner for its customers and to continue to innovate and address the evolving threat landscape. Personally, I hope to remain energetic, curious and always learning. Always be learning.

On identity security: “What I’ve learned is that the rise and importance of identity security is paramount in today’s digital age. With the proliferation of identities, both human and machine, the need to secure them has never been greater. The threat landscape has evolved rapidly, and attackers are becoming increasingly sophisticated in their methods. Identity security is no longer a luxury, but a necessity. It’s the key to protecting against privilege escalation, credential theft and other forms of cyberattacks. It’s a critical layer of defense that every organization must have in place to protect their most valuable assets.”

On 25 years of attacker innovation:Some things that have evolved in the attacker landscape are the makings of science fiction movies … Who would’ve imagined that there was going to be the ability for criminals to encrypt organizations and the extortion is not going to be in cash that they have to deliver in a suitcase? Instead, you can deliver a Bitcoin, and it’s going to be untraceable and they’re going to be sitting in their air-conditioned rooms getting a massage while the Bitcoin is coming in. No one would have imagined.”

On extracurricular pursuits: “Outside of work, I have a love for music and playing the guitar. I’ve been studying some riffs, like the ‘Comfortably Numb‘ solo from ‘The Wall‘ that David Gilmore plays so well – but I’m not ready for live-streaming yet. I’m also passionate about how we educate the younger generation to read real news sources and not get their news from TikTok – and reducing hate around the world. I want to stay closely in touch with innovation, and I’m able to contribute more to the ecosystem by mentoring startups – some in cybersecurity, but some not – because I think it’s beneficial to CyberArk and our customers that I get exposed to other things.”

You can listen to the entire Trust Issues podcast interview with CyberArk Founder and Executive Chairman Udi Mokady in the player below or on most major podcast platforms.

David Puner is a senior editorial manager at CyberArk. He hosts CyberArk’s Trust Issues podcast.

Previous Article
CIO POV: Navigating the Deepfake Pandemic with Proactive Measures
CIO POV: Navigating the Deepfake Pandemic with Proactive Measures

We’re in the throes of another pandemic, but this time, it’s not transmitted through the air – it spreads w...

Next Article
The Anatomy of Cloud Identity Security
The Anatomy of Cloud Identity Security

There’s currently a cybersecurity adage with varying verbiage and claimed origins – the point, however, is ...