Over the past 20 to 30 years, the intelligence community has generated a stream of cyber security leaders – private cyber security companies are littered with former operatives of the American and British intelligence services.
But in Israel’s case, the intelligence-to-cyber pipeline has produced arguably the highest density of cyber security startups and organisations in the world. The likes of Check Point, CyberArk, Imperva, Palo Alto Networks and Radware can all claim links back to the Israel Defence Force’s (IDF’s) technology units.
Among these units, which likely date back to before Israel’s founding in 1948, are the highly secretive cyber weapons and tech development shop Unit 81, and the more widely known signals intelligence Unit 8200.
Israel’s astonishing concentration of cyber security talent is largely attributable to both Unit 81 and Unit 8200, whose existence has only been fairly recently acknowledged. Mossad may get international attention, but it is Unit 8200 that gets the data to support it and Unit 81 that builds the tech.
Acting as incubators for cyber security and hacking talent, these units benefit from Israel’s compulsory military service laws and intensive screening processes, which divert individuals with potential from frontline armed service, although they also scout after-school computer clubs for likely-looking candidates.
That the IDF is the wellspring of Israel’s cyber talent is these days no secret, but Armis CEO, Yevgeny Dibrov – who is allowed to say little more about the time he served in Unit 81 beyond the fact that he was there – says there’s more to the growth of Israel’s cyber community than just the hothouse conditions at the IDF.
He compares the environment to that of a startup. “When you’re a startup, when you’re building something, you don’t have much budget, but with what you have you still need to do outstanding things that differentiate a lot, that achieve a lot, and that puts you in a great place.
“We don’t have the same budget as the CIA or the NSA, maybe point one of a percent, but we have no choice. There is no other way,” he explains. “We have a lot of enemies and we want to win.”
Make the impossible possible
At first. Dibrov’s pipeline into the IT industry does not seem all that different from most other people’s – stemming from an initial schoolboy interest in computers, maths and physics – but he became hooked when he was tapped for Unit 81 as a fresh-faced teen.
“In the years I spent there I became fascinated by different capabilities, fascinated by this world, fascinated also by working hard for my country,” he says. “Twice during my service I was part of the team that won the Israel Defence Prize, which is for outstanding achievements in the technology space.
“The slogan of our unit was ‘Make the Impossible Possible’,” says Dibrov. “It’s written over the door when you enter. You see it every day, and so you kind of live towards it. It’s not just a cliché.”
Twice during my service [at Unit 81] I was part of the team that won the Israel Defence Prize, which is for outstanding achievements in the technology space Yevgeny Dibrov, Armis
But the intelligence forces serve not only as a hub for creative talent, but a hub for team-building. Indeed, of Armis’s first cohort of employees, about 50% served alongside Dibrov himself at Unit 81, and the others worked alongside his co-founder – and chief technology officer (CTO) – Nadir Izrael at Unit 8200.
“People get to know each other, and during my time at Unit 81, we were always talking to alumni that actually started companies and did great things,” says Dibrov. “I remember my team leader in the army was [Wiz CEO] Assaf Rappaport, so we were always meeting some of the alumni from our unit and learning what they had done.
“It makes you excited,” he says, “it makes you think, ‘okay, when, when I’m out, here is what I want to do’. I already knew that I wanted to start a company.”
Alongside heading off to study at Technion, the Israel Institute of Technology between 2010 and 2013, at the end of his service, Dibrov helped set up Adallom, with which Rappaport was also involved. Adallom was a cloud access security brokerage (CASB) specialising in visibility, governance and protection across business applications such as Box, Google Apps, Microsoft Office 365 and Salesforce.
The firm’s Office 365 work clearly stood out, because in September 2015, Microsoft bought the company for over $300m. Just a couple of months later, Dibrov and Izrael started Armis, with the first employees coming on board in February 2016.
Google Maps, but for vulnerable assets
Asked to “explain like I’m five”, Dibrov describes Armis as a cyber exposure management platform that essentially provides its customers with a Google Map of their IT environment, with every single asset accounted for, whether it’s something run-of-the-mill like a laptop or smartphone, to operational technology (OT) like industrial controllers, even medical equipment.
On top of this basic map, Armis provides additional layers covering security risk discovery, monitoring and management, and ultimately, remediation.
“We want to not just allow you to see your risk, but reduce it, whether through patching devices or mitigating threats with different rules in your technology environment,” he says.
Armis was earlier than many to the OT/internet of things (IoT) side of security, mapping it as a factor early on in its history, before the topic really started to hit mainstream security conversations about six or seven years ago. What was the spark that led Dibrov to make this bet?
“We really started from talking to a lot of customers, talking to a lot of CIOs, and we were hearing about the explosion of connected devices,” he explains. “We looked at the variety of different environments and we saw there was a gap.
“On the one hand, you have laptops and servers that are covered by your antivirus or next-gen antivirus, and then you have everything else. And then everything else changes in different industries. If you look at an airport, they have a big gap around a lot of operational technology stuff. They have different distribution centres, logistics centres and more. They have datacentres. They have buildings with building management systems.”
At about the same time, incidents such as NotPetya and WannaCry were exposing the precarious security of such environments – particularly in healthcare settings – and this helped push people towards a more holistic view of cyber security.
Security teams have no idea what cameras they have, and they’re 90% Chinese, potentially exploited with backdoors, and often in the most critical environments Yevgeny Dibrov, Armis
“It was a huge push across the board,” says Dibrov. “Everyone suddenly understood that they needed to have visibility into what they have in these environments – because imagine if I’m an attacker, why would I attack a laptop if the laptop has 50 agents on it? I attack the most vulnerable thing, and that’s usually devices that don’t run any agents or antivirus, devices that are mostly not updated or cannot be patched, and a bunch of old XP machines in those areas.
“These devices are often the most important in the organisation. Look at a hospital. How can you compare the importance of a laptop versus an MRI scanner?”
Customers took to this like ducks to water, and today Armis works with over 35% of the Fortune 100.
From day-to-day there is no such thing as a typical customer, says Dibrov, but they tend to be larger, distributed organisations with highly complex environments and a lot of devices. Armis claims currently to have approximately 5.3 billion connected devices in harness.
What’s the weirdest ‘thing’ he ever found? “We have things like cars that connect to the company network, to wireless air fryers – we see those a lot. And the amount of types of cameras you would never believe,” says Dibrov. “Security teams have no idea what cameras they have, and they’re 90% Chinese, potentially exploited with backdoors, and often in the most critical environments.”
Like many of its peers, Armis has also been branching out into threat research and frequently publishes its own thought leadership on diverse topics – recent ones include breaking down CISA’s most exploited vulnerabilities and the emergence of DeepSeek.
“We have so much data now, and our customers can benefit from that,” says Dibrov. “We also acquired a company in the space, some super-talented guys who merge a lot of their own data with data we generated to provide early warning, which has been very significant.”
What’s next?
Keeping in touch with Armis’s buyers is a source of pride for Dibrov, who makes a point of frequently checking in with his user advisory board and speaking to six or seven individual customers every day, whether those are long-term existing ones, new ones, or those moving through their procurement or onboarding processes.
“What do they need? What do they think like? What do we need to do different?” says Dibrov. “This is something that is ongoing for us – always listening, always developing, always running fast, and always providing real solutions to real problems.”
Dibrov declares himself particularly paranoid when it comes to the competition, and likes to try to think about 18 months ahead in terms of innovation. “This is something that is always on my mind because that’s the biggest differentiator,” he says. “You need to have first of all the best product, and then to execute from there. That’s what keeps me up at night.”
Armis recently closed a large Series D funding round, raising $200m to take it to a total valuation of over $4bn. And having made two acquisitions in the past 12 months – Silk Security in April 2024 and CTCI in February 2025 – Dibrov is open to more, as well as exploring the possibility of an initial public offering (IPO).
Beyond these goals, Dibrov is, of course, keeping a close eye on the developing threat landscape. His views on where things are going tally with those of many other observers.
“We keep seeing a lot of state actors, from Russia, China, North Korea, Iran. We keep seeing them, and we keep seeing a lot of targeting of EMEA and US critical infrastructure and manufacturing,” he says. “We see them sometimes also leveraging AI [artificial intelligence]. My guess is we’ll see that more and more, and defenders really need to be prepared.”