Why they invested: Wiz

This is our third essay in the “Why they invested” series, deconstructing the investment decisions behind today’s fastest-growing startups. If you missed previous editions, read more about Zip and Perplexity.

Today’s all about Wiz. Wiz is the fastest-growing software company ever. Founded in 2020, they scaled from $1M ARR to $100M ARR in ~18 months and serve 40% of the Fortune 100 as customers. In only three years the company grew to a $10B valuation. Wild.

Wiz has all the conventional markings of a breakout enterprise company. A disruptive product, acute market need, explosive growth driven by adoption among large-scale enterprises, and an experienced founding team with a track record of building successful security companies. Right team, right timing, right product.

But, Wiz broke the conventional startup playbook. The company entered an existing market with large incumbents like Palo Alto Networks (~$90B market cap). From day one, they built an opinionated platform to serve large-scale, multi-cloud enterprises.

In today’s post, you’ll hear why investors invested in Wiz across their funding rounds.

First, here’s a snapshot of Wiz:

• Founded: Jan 2020
• Tagline: Secure everything you build and run in the cloud
• Capital raised: ~$900M
• Valuation: ~$10B
• Founders: Assaf Rappaport, Ami Luttwak, Yinon Costica and Roy Reznik
• Traction: Avery Dennison, Blackstone, BMW, Colgate-Palmolive, Costco, Chipotle, EA, LVMH, Mars, Salesforce, Slack, and hundreds more are customers
• Investors: Advent Venture Partners, Aglaé Ventures, Cyberstarts, Greenoaks, Howard Schultz, Index Ventures, Insight Partners, Lightspeed Venture Partners, Salesforce Ventures and Sequoia Capital

If you only have a few minutes, here’s the TL;DR on why investors invested in Wiz:

• The team’s pedigree, track record, customer obsession, and ability to attract talent. Wiz is founded by cybersecurity veterans from Israel's elite Unit 8200 who sold their previous company Adallom to Microsoft and went on to lead Azure Security Group to a >$1B revenue business within Microsoft. Their “earned insights” into the challenges of existing approaches to securing the cloud and extensive engagement with CISOs enabled them to rapidly launch a product that effectively addressed the needs of CISOs and their security teams.
• Disruptive product combining technological innovation with an intuitive UI. Investors were attracted to Wiz’s "cloud-native" approach to application protection, which offers customers near-instant visibility into cloud environments without requiring agents or sidecars. At the core of Wiz's platform is their Security Graph product, which utilizes a graph-based methodology to identify, correlate, and prioritize risks across various layers, and is powered by the product's agentless, API-centric approach. This gives customers more actionable alerts, better coverage, fewer tools, and a lower false positive rate than competitors.
• Greater pain with migration to the cloud. Several investors highlighted how Wiz's market timing was right as they addressed an acute market need arising from the emergent complexity of securing cloud environments. With applications now hosted on multi-cloud and multi-architecture landscapes, security teams faced diminishing visibility and increased vulnerability. This dissatisfaction with existing solutions not designed for cloud environments created a prime opportunity for Wiz to offer a unified platform addressing these challenges effectively.
• Explosive traction with large-scale enterprise customers. Several investors stressed Wiz’s explosive adoption, solidifying its position as a market leader in the cloud-native application protection (CNAPP) space, with over 40% of Fortune 100 companies as customers. Wiz counts major enterprises such as BMW, Morgan Stanley, Salesforce, Colgate, and Blackstone as customers, often replacing competitive solutions like Palo Alto Networks’ Prisma Cloud.
• Building a unified cloud platform from the outset. Investors shared that Wiz took a divergent approach by building a unified cloud security platform from the outset, contrasting with the conventional wisdom of starting narrow with point solutions. Enterprises gravitate towards Wiz's platform over legacy products, which are perceived as "Frankenstein mashups” of acquired technologies.

Shoutout to Bogomil Balkansky (Sequoia Capital), Gili Raanan (Cyberstarts), Nowi Kallen (Salesforce Ventures), and Shardul Shah (Index Ventures) for contributing to this post. Thanks to Teddie Wardi (Insight Partners) for publishing Wiz Hits $100M ARR in Just 18 Months, Arsham Memarzadeh (Lightspeed Venture Partners) for publishing Investing in Wiz and Index Ventures for publishing Cloud Captains, insights from which we used in this post.

The team’s pedigree, track record, customer obsession, and ability to attract talent

Wiz was founded by a team of cybersecurity veterans from the Israel Defense Forces' elite Unit 8200 and former Microsoft executives who have deep expertise in cloud security, having previously led Azure Cloud Security at Microsoft. Multiple investors knew Wiz’s founding team from their previous company, Adallom, which Microsoft later acquired. Gili from Cyberstarts was the first investor in Adallom, Shardul from Index Ventures served on Adallom’s board, and Sequoia (Israel) was the lead investor in Adallom. Their familiarity with the team’s track record instilled confidence in the team’s ability to execute on their vision for Wiz.

The Wiz team had “earned insights” into the problem they were solving with Wiz. They previously led the Microsoft Cloud Security Group, where they saw firsthand how security teams struggled with the complexity of existing approaches to securing the cloud. Nowi @ Salesforce Ventures notes that this led to them bringing a “full-fledged product within 1 year and selling 7-figure contracts to Fortune 500 companies within 15 months from company incorporation.”

Several investors also mentioned the team’s ability to attract talent. The team’s ability to bring experienced industry executives to their executive team was a significant strength. Early leadership team hires included experienced industry executives like CMO Ryan Carlson (previously Okta’s CMO), CISO Ryan Kazanciyan (previously at Meta), and CRO Colin Jones (previously at Duo Security).

‍Shardul @ Index Ventures on the Wiz teams’ chemistry

"Rich history: 10 years ago, I served on the board of a company called Adallom, a cloud access security broker, which Microsoft acquired. After building a significant franchise within Microsoft, the same set of founders started Wiz. Their chemistry and existing trust inspired these four founders to go after a much bigger opportunity, defying existing conventions. “

— Shardul Shah (Index Ventures)

Gili @ Cyberstarts on the Wiz teams’ customer obsession

"The decision to invest in Wiz was quite straightforward, as it wasn’t the first time I’d worked with the team. As the first investor in Adallom, Assaf, Ami, Yinon, and Roy were already familiar faces. However, what truly convinced me this time around was their openness and customer obsession, which was evident from day one. In the early days of Wiz, the team met with dozens of CISOs as part of Cyberstarts' Sunrise process, eager to identify the real pain points of the industry. Even when they had differing ideas, they made every effort to cut through the noise and understand what truly matters to their potential customers.”

— Gili Raanan (Cyberstarts)

Nowi @ Salesforce Ventures on the Wiz team’s cloud security experience as a vendor and cloud provider

“Exceptional Founding Team - Wiz’s founding team is comprised of exceptional product and business builders. They are highly respected in the cyber security community and have decades of experience building cloud security. They created and sold Adallom to Microsoft for several hundreds of millions within 3 years of launch. Assaf and team went on to build Azure Cloud Security to a >$1B revenue biz within Microsoft. They’ve experienced cloud security from outside as a vendor and inside as a cloud provider - this gave them a unique insight into the problem.”

— Nowi Kallen (Salesforce Ventures)

Bogomil @ Sequoia Capital on the Wiz teams’ execution ability

“The story of Wiz is a story of stars aligning: the right team building the right product and hitting the market at the right time. We knew the founding team very well because Sequoia (Israel) was the lead investor in their previous company Adallom, which Microsoft acquired. During the Adallom years, Wiz CEO Assaf Rappaport worked from the Sequoia Menlo Park office. We had worked with the Wiz founding team for years, and we had deep conviction in them and their unmatched ability to execute.”

— Bogomil Balkansky (Sequoia Capital)

Teddie @ Insight Partners on the Wiz teams’ deep industry expertise and operational rigor

“Wiz's accomplishments can be traced back to the founders Assaf, Yinon, Roy, and Ami, who married a strong vision with deep industry expertise and operational rigor to hyper-scale the organization. After identifying a gap in the cloud security market, the team leveraged their experience and history of success at their previous startup, Adallom, to build an amazing product in a short amount of time. In parallel, they brought on experienced industry execs like CMO Ryan Carlson, CISO Ryan Kazanciyan, and CRO Colin Jones to build a world-class leadership team.”

— Teddie Wardi (Insight Partners), Wiz Hits $100M ARR in Just 18 Months

Shardul @ Index Ventures on the Wiz teams’ imagination, conviction, and ability to attract talent

“It's all about the people: I look for founders who are high-quality decision-makers, imaginative, and magnets for talent. Uniquely, all four of Wiz’s co-founders embody these characteristics. Assaf-, masters the ability to listen and the ability to change one’s mind. Ami & Yinon, have the imagination and conviction to shape an industry. And, if you had dinner with Roy, you’d immediately understand why he’s a magnet for the best technical talent.”

— Shardul Shah (Index Ventures)

Nowi @ Salesforce Ventures on the teams’ speed of execution

“Wiz has been able to build products (ie new modules) and drive adoption at an unprecedented pace. They had a full-fledged product within 1 year and were selling 7-figure contracts to Fortune 500 companies within 15 months from company incorporation. They continue to operate with that speed and expand their product across application security and most of the cloud security market, while also expanding GTM across market segments and geographies - all within 4 years of incorporation.”

— Nowi Kallen (Salesforce Ventures)

Disruptive product combining technological innovation with an intuitive UI

Wiz took a "cloud native" approach to the application protection space to provide instant visibility into the cloud environment without the need for agents or sidecars. This approach is differentiated compared to traditional "cloud foreigner” competitors that struggled to adapt to the problem of securing cloud environments (more on this in the section below).

Several investors highlighted that Wiz's graph-based solution stood out in the market. At the core of Wiz’s platform is their Security Graph, which identifies, correlates, and prioritizes risk across all layers, network, identity, secrets, and workloads, and visualizes it on an intuitive graph. Most other solutions in the market provided customers with long lists of deprioritized, context-less alerts. The value proposition for customers was clear: more actionable alerts, better coverage, fewer tools, and a lower false positive rate.

Several investors also stressed the “time to value” using Wiz’s platform. The product scans customers’ cloud footprint in less than a day, a process that would take 12+ months to complete for systems that rely on agents to track activity. Bogomil from Sequoia Capital noted, “Wiz’s agentless product starts delivering value in 15 minutes”.

Under the hood, the Security Graph UI is powered by an agentless, API-based approach, that integrates with AWS and other vendors. Arsham at Lightspeed notes that “At the product’s core is a data graph that correlates all relevant data around a vulnerability, be it permissions, exposure levels, configurations, sensitive data, or linkage between environments.“

Shardul @ Index Ventures on Wiz’s graph-based approach to product

“They won the market with a graph-based, opinionated product that required empathy and integrity to be used daily by dev-, sec-, and ops- teams alike.”

— Shardul Shah (Index Ventures)

Teddie @ Insight Partners on Wiz's agentless, API-centric approach

“From day one, Wiz's product roadmap has been relentlessly focused on delivering value to customers and doing it quickly. That mindset starts at deployment, where Wiz's agentless, API-centric approach enables implementation in minutes rather than weeks or months.”

— Teddie Wardi (Insight Partners), Wiz Hits $100M ARR in Just 18 Months

Teddie @ Insight Partners on Wiz combines technological innovations with an intuitive UI

“Another example is the Wiz Security Graph. Rather than sending more contextless noise to already-overwhelmed security teams, the Security Graph leverages data from across enterprises' IT environments to prioritize risk and identify the most impactful areas of vulnerability. By coupling these technological innovations with an intuitive UI, Wiz has become a mission-critical, daily-use platform for security and cloud teams.”

— Teddie Wardi (Insight Partners), Wiz Hits $100M ARR in Just 18 Months

Bogomil @ Sequoia Capital on how Wiz’s product delivers value immediately

“Transition to the cloud has been the seminal shift since 2006. Wiz managed to out-execute other vendors with 1/ technology innovation, building an agentless product that starts delivering value in 15 min and 2/ with intense GTM execution.”

— Bogomil Balkansky (Sequoia Capital)

Arsham @ Lightspeed on how Wiz’s product prioritizes vulnerabilities by risk level

“Wiz has emerged as the leader in cloud-native application protection (CNAPP). They contextualize  the entire cloud risk plane rather than only focusing on discrete vectors like configurations, identity controls, or data vulnerabilities. Wiz can be installed in minutes and prioritizes vulnerabilities by risk level since the last thing security teams need is another laundry list of vulnerabilities."

— Arsham Memarzadeh (Lightspeed Venture Partners), Investing in Wiz

Greater pain with migration to the cloud

Several investors highlighted the market opportunity as one of the primary reasons they invested in Wiz. Arsham from Lightspeed notes that “Today’s applications are built on highly complex environments, which not only include multiple clouds, but multiple architectures, such as virtual machines, containers, server-less and more, each with their own set of security requirements.” As workloads migrated to the cloud, security teams lost visibility, leading to dissatisfaction with existing solutions. This emergent complexity left developers and security teams attempting to secure their cloud overwhelmed. The pain becomes even greater as the cloud is at risk from a growing set of vulnerabilities and threats.

Chief Information Security Officers (CISOs) in particular, were left with a significant blind spot regarding the health of their infrastructure. This market need for enhanced visibility and security in cloud environments created a prime opportunity for Wiz to enter the market and provide a solution that solved these problems effectively.

Wiz is also capitalizing on the following tailwinds that made their timing right:

• The rise of CI/CD pipelines
• DevOps ownership over their own infrastructure
• The rise of GenAI is leading to a step-function jump in cloud resources (Wiz recently launched their AI security posture management module)
• The “shift left” strategy which is the practice of performing code and software security assurance processes as early as possible in the software development lifecycle (SDLC)
• The increased adoption and fragmentation across security tooling make it impossible to build efficient, predictable workflows

Shardul @ Index Ventures on the growing complexity in cloud environments

“Cloud environments always start small, and frequently ‘bottoms-up.’ Many cloud environments have become large-scale, which are very complex, dynamic, heterogeneous and are serviced by a variety of dev-, sec- and ops- teams.”

— Shardul Shah (Index Ventures), Wiz: Defining a New Kind of Company

Nowi @ Salesforce ventures on how GenAI is leading to a step-function jump in cloud usage

“The use of cloud technology keeps growing every year and we’re seeing a huge step-function jump in cloud resources given the rise of GenAI. This gives Wiz the ability to keep expanding across cloud and specifically AI with their recently launched AI security posture management module.”

— Nowi Kallen (Salesforce Ventures)

Nowi @ Salesforce Ventures on the increasing complexity and growing adoption of the cloud

“The cloud is complex and growing in adoption, requiring better security tools. The market is seeing a critical shift in cloud security given the multiplication of attack vectors across workloads, containers, microservices and Kubernetes, giving rise to next-gen solutions. Market interviews indicated a multi-billion dollar market opportunity that was largely untapped.”

— Nowi Kallen (Salesforce Ventures)

Arsham @ Lightspeed on how the migration to the cloud has created a security blind spot

“The mass migration to the cloud has created a security blindspot for modern businesses. Today’s applications are built on highly complex environments, which not only include multiple clouds, but multiple architectures, such as virtual machines, containers, serverless and more, each with their own set of security requirements. Yet CISOs run blind while their applications have broader attack surface areas than ever.”

— Arsham Memarzadeh (Lightspeed Venture Partners), Investing in Wiz

Bolomil @ Sequoia Capital on how security teams have lost visibility into the health of infrastructure

“The second reason was the market. The transition to cloud left CISOs with a huge blind spot: as workloads migrated to cloud, security teams lost visibility into the health of the infrastructure. Before Wiz came to market, other vendors had validated the market need. Yet CISOs felt dissatisfied with the pre-Wiz options.”

— Bogomil Balkansky (Sequoia Capital)

Explosive traction with large-scale enterprise customers

Wiz has seen explosive adoption of its cloud security platform, establishing itself as a market leader in the Cloud-native Application Protection (CNAPP) market and winning business from major enterprises across industries. Over 40% of Fortune 100 companies as customers, including major enterprises like BMW, Morgan Stanley, Salesforce, Slack, Colgate, and Blackstone. At these customers, Wiz is often replacing Palo Alto Networks Prisma Cloud products, taking market share away from the industry stalwart.

Gili @ Cyberstarts on how Wiz is on pace to reach $1 billion in revenues

“Wiz has shattered all growth metrics since its inception and has everything it takes to continue at an even faster pace. While they will undoubtedly encounter challenges along the way, they are well-equipped to overcome them, with a clear vision of reaching their next milestones: $1 billion in revenues."

— Gili Raanan (Cyberstarts)

Arsham @ Lightspeed on Wiz’s rapid customer adoption and ability to bring on enterprise logos

“The combination of acute market need, a best-in-class product, and the team’s rapid pace of development has resulted in extraordinary customer adoption. Feedback on the Wiz product is more akin to what you’d expect for the next best consumer app rather than a cyber company. They’ve won the hearts of demanding logos like Morgan Stanley, Salesforce, Experian, Snowflake, and hundreds more.”

— Arsham Memarzadeh (Lightspeed Venture Partners), Investing in Wiz

Building a unified cloud platform and trusted brand

While conventional startup wisdom prescribes building narrow, point solutions to break into a market, Wiz started gaining business from established security vendors like Palo Alto Networks by offering a more unified cloud security platform. Enterprises are choosing Wiz over legacy products like Palo Alto's Prisma Cloud, which are seen as a "Frankenstein mashup" of acquired technologies. Shardul at Index Ventures notes that Wiz entered the market with “a coherent platform to serve large-scale, multi-cloud enterprise environments from day one”.

Shardul @ Index Ventures on how Wiz set out to build a coherent platform for enterprises

“Knowing when to break convention: Conventional wisdom in the startup landscape is to start narrow in a new area and build the best-of-breed solution. Wiz entered an existing market with a coherent platform to serve large-scale, multi-cloud enterprise environments from day one.”

— Shardul Shah (Index Ventures)

Arsham @ Lightspeed on the problem with security teams’ adopting a stack of point solutions

“To solve that gap, most security teams have adopted a sprawling stack of point solutions that each pinpoint risk in a specific vector but miss important context from one another. These tools are designed primarily for security teams and often ignore the pace of product development in a modern organization, which creates a tradeoff between security and product agility.”

— Arsham Memarzadeh (Lightspeed Venture Partners), Investing in Wiz

Nowi @ Salesforce ventures on how Wiz is positioned as a trusted advisor

“Wiz’s research team is second to none. This builds huge trust in the market as organizations and their security practitioners turn to them as trusted partners to stay on top of acute threats as well as best practices in cloud security.

— Nowi Kallen (Salesforce Ventures)

---

Which startup should we cover next?

Until next time,
Ryan and Vedika from Weekend Fund