CyberArk Chairman: “I Can’t Recall a Year in the Last Decade When We Didn’t Hire, Including in Israel”

CyberArk’s stock shows no signs of slowing down, reaching an all-time high of over $400 per share and a market cap of $20 billion after a 33% surge over the past year. The company has now overtaken Teva, which sits at a $18.8 billion valuation, making it the second-largest Israeli firm on Wall Street, trailing only Check Point at $24.4 billion. The company wrapped up 2024 with its first-ever billion-dollar revenue year, surpassing analysts' expectations of $987.7 million. Earnings per share hit $3.03, beating the consensus estimate of $2.95.

Two of the largest publicly traded Israeli companies in the world are cybersecurity firms, or three if you still count Palo Alto Networks, though many now consider it more of an American company. Israel has long been touted as a cybersecurity powerhouse, and that claim now seems more validated than ever. In recent years, cybersecurity professionals have been divided into two schools of thought: those advocating for consolidation—where multiple security services are bundled under a single provider—and those who believe in specialization, arguing that each company should focus on doing one thing exceptionally well.

CyberArk, led by Chairman and Founder Udi Mokady, positions itself somewhere in the middle. “We’re no longer just a PAM company—we’re an identity security company,” Mokady explains. Over the past year, CyberArk has expanded its focus on identity security, most notably with the $1.5 billion acquisition of Venafi, a leader in machine identity management. Alongside its latest earnings report, the company also announced the acquisition of Zilla, an Identity Governance and Administration (IGA) provider, for $175 million. Mokady believes that while no single player should dominate the entire cybersecurity space, a few major players should lead in specific areas.

CyberArk remains at the forefront of identity security but is not limiting itself to that sector alone. Recently, the company announced a partnership with SentinelOne, an Israeli firm specializing in endpoint security (EDR). In an interview, Mokady discussed how CyberArk and SentinelOne’s technologies complement each other, reflected on the past year, addressed whether the company is actively hiring in Israel, and shared his thoughts on potential market expansions.

Reflections on 2024

“I’m proud to see us surpassing $1 billion in revenue and ARR,” Mokady says. “We hit our target a full year ahead of schedule—we originally projected reaching this milestone by the end of 2025. We’re back to the Rule of 40, and what’s exciting is that we’re now a broad platform covering all types of users, both human and machine. This has allowed us to increase deal sizes with existing customers and expand further within organizations. Our strategy of focusing on identity security is proving successful.”

He also highlights the rising demand for identity security solutions, driven by a surge in cyberattacks. “In December, there was a major attack on the U.S. Department of Treasury, which stemmed from a weakness in machine identity security. A single weak link allowed access to the entire system. Organizations want a platform that can secure these vulnerabilities, and they see us as an innovative leader in the space.”

Hiring in Israel and Beyond

CyberArk continues to grow its workforce. “We’re consistently hiring—we now have nearly 4,000 employees. While we’re not putting up ‘We’re Hiring’ billboards on major highways, we’re always bringing in talent. Over the past decade, there hasn’t been a single year in which we didn’t hire,” Mokady says. “With Venafi, we added 400 employees, and with Zilla, another 40. We’re also hiring in Israel. While we have small R&D centers around the world due to acquisitions, Israel remains a major hub. We’re consistently hiring in triple-digit numbers, and Israeli teams are heavily involved in the new strategic areas we’re entering.”

Why Acquire Zilla?

“In the identity security world, analysts categorize solutions into several key areas,” Mokady explains. “There’s PAM, which CyberArk pioneered, and Access, which focuses on granting secure access to enterprise applications—Okta is a major player there, and CyberArk expanded into this space through a 2021 acquisition and organic development. Then there’s machine identity management, which we strengthened with Venafi.

עוד תכניות

“The fourth category is Identity Governance and Administration (IGA), which deals with access control and the lifecycle management of employee permissions. Initially, IGA was seen more as a compliance issue, so we didn’t enter that space right away. But as organizations modernized, it became clear that excessive permissions were a widespread problem, and access wasn’t managed from a single location—it was distributed across departments. That created a need for stronger oversight. We waited on the sidelines until we found the right, modern player—and that was Zilla. Expanding into this area was worth the wait.”

Future M&A Strategy

CyberArk still has $840 million in cash on hand, but Mokady emphasizes that while the company is always evaluating potential acquisitions, it is taking a pause from large-scale deals like Venafi. “We always have an acquisition pipeline—we believe in keeping that door open. While we’re taking a break from mega-deals, we’re actively exploring smaller, strategic acquisitions that bring interesting technologies into our ecosystem. We’ve already met the biggest market demands, so now we’re being selective.”

Why Partner with SentinelOne?

CyberArk recently announced a partnership with SentinelOne, and Mokady explains how the companies' technologies complement each other. “In identity security, there’s also the realm of endpoint security, which involves managing user permissions at the device level. We specialize in control and oversight, while SentinelOne focuses on detecting anomalies and breaches. Our solutions are highly complementary—we can exchange data to enhance both of our services.”

Why Not Partner with a Bigger Player Like CrowdStrike?

“SentinelOne is growing well. I’ve always seen them as the number two player in their field. Partnerships emerge from real-world needs and leadership alignment, as well as customer demand. It takes two to make a collaboration work, and with SentinelOne, there was clear mutual interest.”

The Biggest Challenge in Cybersecurity and Identity Security

“CyberArk is no longer just a PAM company—it’s a comprehensive identity security firm,” Mokady says. “One of the most fascinating challenges ahead is securing AI agents. These agents are a hybrid between machine identities and human users. CyberArk already secures both human and machine identities, but AI introduces a new layer of complexity. We’ll be discussing our expansion into this space in the coming weeks.”

As for the broader cybersecurity market, Mokady sees fragmentation as a persistent issue. “Organizations are still struggling with the fact that they rely on too many different security vendors. I don’t believe in a single, all-encompassing security platform, but rather in a few major platforms that work together. The Israeli cybersecurity ecosystem plays a crucial role in shaping these trends—it’s constantly evolving, and it helps us identify where we need to focus next.”