Follow the people: @stake, NetScreen, IBM, Israel Defense Forces and the US Armed Forces mafia networks in cybersecurity
@stake, NetScreen, IBM, and military networks have been a powerful source of future founders and executives, and the degree to which they have shaped the present of the industry is hard to overstate
Welcome to Venture in Security! Before we begin, do me a favor and make sure you hit the “Subscribe” button. Subscriptions let me know that you care and keep me motivated to write more. Thanks folks!
Join 10,000+ leaders shaping the future of the cybersecurity industry
Several months ago, I discussed the power of Check Point mafia, the impact of Foundstone, Juniper Networks & Cisco on the industry, and the origins of cyber ecosystems. The article below assumes that you have read the original post (if you haven’t - I highly recommend it as a prerequisite for this discussion).
Although innovative ideas can and do come from anywhere, many of the leaders of today’s cybersecurity industry are connected into invisible networks. @stake, NetScreen, IBM, and military networks have been a powerful source of future founders and executives, and the degree to which they have shaped the present of the industry is hard to overstate.
Mafias in cybersecurity: a quick recap
A disproportionately large percentage of what is known today as the Silicon Valley tech ecosystem can be traced back to one startup - PayPal.
“PayPal, a company founded by Peter Thiel, Elon Musk, and Max Levchin has given rise to a large number of ecosystem-defining companies, and turned many people into millionaires, and billionaires. This article by Charlie Parrish published in The Telegraph back in 2014 provides a great overview of where different members of the PayPal mafia ended up, and Fleximize connected all the dots in a format that’s easy to explore and track by gathering data from the New York Times, Fortune magazine, Business Insider, and Crunchbase.” - Source: The power of Check Point mafia, the impact of Foundstone, Juniper Networks & Cisco on the industry, and the origins of cyber ecosystems
This isn’t about conspiracy theories or stories about world domination: in business, as in all other areas of life, everything is about people, and when large numbers of smart people work together, they gain immense power. Cybersecurity is a textbook example of how this plays out in real life, and the origins of security as an industry are the perfect place to illustrate this reality. It was Check Point, an Israeli cybersecurity company, that established the foundation of what is known today as a global cybersecurity market. Check Point alumni went on to start tens of industry-defining players, including Palo Alto, SentinelOne, and Orca Security.
Founders of CrowdStrike, Mandiant, and Cylance were all previously a part of Foundstone. Yet, that is just a small piece of the puzzle. Mark Curphey (Foundstone) founded SourceClear (acquired by Veracode), then he started OpenRaven with Dave Cole (also Foundstone). After this, Mark started Crash Override with John Viega (McAfee). Anthony Bettini worked at Foundstone and started Appthority (acquired by Symantec); he then started FlawCheck which was acquired by Tenable; following that, Anthony started VulnCheck. Corey White (Foundstone) founded Cyvatar.ai. Michael Price (Foundstone) started Vulnr, which was acquired by ZeroFOX. James Foster (Foundstone) started ZeroFOX, which IPO'd. Aaron Higbee (Foundstone) & Rohyt Belani (Foundstone) founded Intrepidus Group (acquired by NCC Group). Aaron Higbee & Rohyt Belani then founded PhishMe (which was acquired by Private Equity and renamed Cofense).
Generally many of the Foundstone alumni mentioned above, also worked at McAfee, so it can also be given a lot of credit. Dmitri Alperovitch who started CrowdStrike with George Kurtz was also from McAfee. John Viega who started Crash Override with Mark Curphey was from McAfee. Oded Horovitz from McAfee started PrivateCore, which was acquired by Facebook. Fengmin Gong from McAfee was a co-founder of FireEye, Palo Alto Networks, and Cyphort.
Cisco and Juniper Networks, to name some, also gave rise to a large number of cybersecurity companies, including Netskope & Illumio.
Source: Venture in Security
@stake, NetScreen, IBM, and military mafia networks in cybersecurity
Check Point, Foundstone, Juniper Networks & Cisco aren’t the only institutions with oversized influence on the cybersecurity space. Others worth talking about include @stake, NetScreen, IBM, and military networks.
As Wikipedia explains, @stake was a cybersecurity consulting company founded in 1999. The firm, working to protect the biggest companies, attracted the top hackers and security practitioners, many of whom have gone on to shape the state of the security industry. The list includes:
Peiter Zatko, better known as Mudge, joined @stake during the acquisition of L0pht Heavy Industries. He later went on to work at DARPA, Google, and from November 2020 to January 2022 served as a Head of Security at Twitter. Peiter became a whistleblower who testified before the Senate Judiciary Committee alleging fraud and negligence at Twitter
Chris Darby, CEO at @stake, became a CEO at In-Q-Tel, a publicly-funded venture capital firm that invests in technology to support the CIA. Dan Geer, also ex-@stake, a renowned computer security analyst and risk management expert, joined him as a CISO at In-Q-Tel
Lucas Nelson, VC investor and Partner at Lytical Ventures
Christien Rioux, also known by his handle DilDog, is the co-founder and chief scientist at Veracode
Window Snyder is a security expert who later served as a top security officer at Square, Apple, Fastly, Intel and Mozilla
David Litchfield is a security expert and a Director of Information Security Assurance at Apple
Katie Moussouris is a cybersecurity expert known for her work advocating responsible security research and her role in creating bug bounty programs at Microsoft and the US Department of Defense. She is also a former Chief Policy Officer at HackerOne
Dave Aitel is a co-founder and CTO at Immunity which sold offensive tool kits used by governments and corporations for testing and spying
Chris Wysopal is a computer security expert and co-founder and CTO of Veracode
Mark Kriegsman is one of the founders of Veracode
Alex Stamos is a co-founder of Krebs Stamos Group and former Chief Security Officer (CSO) at Facebook and Yahoo!
Michael Schiffman, is a Network Security Engineering Lead at Google, and an advisor to a variety of security companies
Ted Julian, Co-Founder of @stake, Co-Founder of Arbor Networks, and Co-Founder of Resilient
Computer security experts Cris Thomas and Joe Grand
The company was acquired by Symantec in 2004. A good number of @stake alumni went on to start their own cybersecurity services companies, of which four were later acquired by NCC Group: iSec Partners, Matasano, and VSR, based in the US, and NGS Software based in the UK. Until today, some of the executives and senior leaders at NCC Group are ex-@stake, the company that played a critical role in getting security to where it is today.
For those interested in learning more about @stake, its origins, and the larger historical context around the emergence of security as a discipline, I highly recommend the Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World by Joseph Menn. An excerpt from the book that offers a great preview of what it is about is available on Wired.
NetScreen mafia: from Tsinghua to shaping cybersecurity
NetScreen Technologies was founded in 1997 by Tsinghua alumni Yan Ke, Ken Xie, and Feng Deng and went on to become one of the most impactful cybersecurity firms. Several years after its founding, NetScreen was recognized as one of the leading vendors in network security and access products for enterprises and carriers; in 2004, the company employed over 900 people and generated $223 million in revenue. The company was acquired in 2004 by Juniper Networks for $4 billion in stock.
NetScreen mafia is among the strongest in the cybersecurity space:
After leaving NetScreen in 2000, Ken Xie together with his brother Michael Xie started Fortinet
Nir Zuk, who served as a CTO after the company he co-founded, OneSecure, got acquired by NetScreen in 2002, later co-founded Palo Alto Networks
Michael Shieh, former manager of NetScreen, founded vArmour and is now a Founder and CEO at Mammoth Cybersecurity (his CTO & co-founder, Yonghui Cheng is also ex-NetScreen)
Changming Liu, former Sr. Manager and key architect in networking and security at NetScreen founded Aerohive Networks and later co-founded Stellar Cyber. Adam Conway, former product manager at NetScreen, has later served as a VP of Product Management and Co-Founder at Aerohive Networks
A.J. Hunyady, a former manager at NetScreen, is now Founder and CEO at InfinyOn
Tim Liu, DongPing Luo, and Zhong Wang, all ex-NetScreen, co-founded Hillstone Networks
Lee Klarich, Product Line Manager at NetScreen, has been serving as a product management leader at Palo Alto Networks for the past 18 years
IBM Security: a CEO factory
IBM deserves a special mention as it was and remains one of the world's largest enterprise cybersecurity vendors with a dedicated security services team. A security-focused part of IBM, IBM Security, has forged tens of security leaders who have later gone on to start companies or take executive leadership in existing cybersecurity enterprises. The below chart features a small subset of the IBM Security alumni who are now CEOs of security product and service companies.
US & Israeli Military Mafia: bringing the learnings from the battlefield to civilians
The United States military is rarely discussed as an incubator of cybersecurity entrepreneurial talent. Despite the coverage gap, its role isn’t insignificant as many people in the industry got their professional beginnings and learned the ropes of security by serving their country. The following are some of the cybersecurity entrepreneurs who have previously served in the US Army:
Bryson Bort, CEO and founder at SCYTHE (4 years in the US Army)
Ryan McKamie, CEO & co-founder at Certus Cybersecurity (4.5 years in the US Army)
George Zoulias, founder and CEO at Perfecta (9 years in the US Army)
Ricky Tan, co-founder at Cyberspatial (9 years in the US Army)
Michael Hawkins, founder and CEO at Netizen Corporation (6 years in the US Army)
David Maskeroni, co-founder and CEO at Aquia (over 4.5 years in the US Army)
The US Air Force in particular stands out as a solid incubator for cybersecurity talent as illustrated by the quality entrepreneurs that served in this branch of the United States Armed Forces:
Anthony Pillitiere, CTO & co-founder at Horizon3.ai (over 20 years in the United States Air Force)
Rob Bathurst, co-founder & CTO at Reveald (over 9 years in the United States Air Force)
Matt Hartley, co-founder & Chief Product Officer at BreachRx (4 years in the United States Air Force)
J.J. Guy, co-founder & CEO at Sevco Security (5 years in the United States Air Force)
Kevin Mandia, founder & CEO at Mandiant (6 years in the United States Air Force)
Robert Lee, founder and CEO at Dragos (5 years in the United States Air Force)
Eric Capuano, founder of Recon InfoSec (6 years in the United States Air Force)
Paul Ihme, co-founder and Managing Principal at Soteria (over 9 years in the United States Air Force)
These are just some examples that make it evident that the United States Armed Forces is a good place to develop cybersecurity expertise; the issue is that there is no well-established tradition of starting companies after leaving the service. Moreover, in most cases when former US military servants do start a cybersecurity company, they are establishing (typically bootstrapping) a service provider, not building a product vendor.
The Israeli Defense Forces (IDF) is an entirely different story. The IDF, especially its Military Intelligence Directorate that includes Unit 8200 and Unit 81, as well as Matzov under the C4I directorate, have acted as a bloodline for the country’s commercial cybersecurity space. As previously discussed, “while Israel is not the only country with advanced cybersecurity capabilities, what is unique about it is the entrepreneurial nature of the service members. In the US, it is common to see the NSA, CIA, and FBI alumni move into senior security leadership roles in the private sector (such as the appointment of the former FBI special agent Jason Manar as CISO at Kaseya) or start a consulting practice. Despite the fairly mature cybersecurity technology and VC ecosystem in Washington DC, still, relatively few ex-government security leaders start their own companies. In Israel, on the other hand, it is understood that military service is temporary, and starting a business is the natural next step after it ends”. Source: Why there are so many cybersecurity vendors, what it leads to and where do we go from here
The number of startups started by Unit 8200 and in a broader sense - IDF alumni is impossible to recount. A large subset of them are product companies, many of which have become household names in the US and all over the world.
I find it fascinating that the Israeli Defense Forces has become such a powerful force in the global cybersecurity market, especially when compared to the United States Armed Forces. There are plenty of theories and explanations as to why that might be the case. In his book The Battle for Your Computer: Israel and the Growth of the Global Cyber-Security Industry, Alon Arvatz offers a good perspective: the fact that the IDF is based on mandatory conscription means that it gets to pick the best and the brightest from all over the country. The US Army, on the other hand, must look for ways to entice talented individuals to come to work for it - something that it cannot do as well as, say, the NSA (and even then, those who join the NSA do so to build long careers, not to serve for a few years and build their own company). Alon states: “...the military’s technological units, which pump skilled and talented workers into the private sector, play a pivotal role in the Israeli cyberindustry. Their work is based on conscript soldiers performing time-limited service because only thus can the army select the best candidates and release them into the private sector in a few short years. Civilian spy agencies that have to compete with the rest of the market, without conscription, and then retain their staff are less useful for building an industry”. This, in my view, is the best explanation for why the US Armed Forces have not become a cybersecurity accelerator and haven’t led to the creation of large-scale product companies with global dominance the way the IDF did.
For anyone interested in a deeper dive into the role of Israel in the global cybersecurity ecosystem, check out Why Israel may become the winner in the global cybersecurity market, and what can make it fail. Those looking for comprehensive, in-depth research on this topic, should take a look at the newly released book by Alon Arvatz titled The Battle for Your Computer: Israel and the Growth of the Global Cyber-Security Industry.
History of any industry is complex. Although everyone who has been a part of the cybersecurity space to date and a countless number of external forces has gotten us where we are today, the truth is that some groups of people such as those described in this piece have had an outsized impact.
It is worth reminding that all the perspectives, charts, and graphs offered in this article are a great oversimplification of reality. There are several reasons for this. First and foremost, it’s not about logos but about people - and most active, restless people are involved in many networks at once, making it impossible to trace the origins of any one company to a single source. Palo Alto is a great illustration of this:
Nir Zuk was one of the Unit 8200 alumni
He was also one of the first ten employees at Check Point, a company founded in 1993 by a group of demobilized soldiers from Unit 8200
After leaving Check Point, Nir started OneSecure
In 2002, OneSecure was acquired by NetScreen, which happened to be Check Point's biggest challenger
In 2004, Juniper Networks acquired NetScreen
When in 2005, Nir Zuk founded Palo Alto Networks, his founding team had people from NetScreen and Juniper Networks
Nir Zuk, founder and CTO of Palo Alto Networks offers a recount of the events from that time in one of his interviews; his story shows that personal journeys are complicated and non-linear. Not only that, but Palo Alto itself has become an incubator for the next generation of security founders.
While the present of the industry has been shaped for us, the future of security is being written today by people driven by courage to challenge the way things have always been done before.