6 cybersecurity leaders share their top lessons for founders

This year, Insight was named the most active cybersecurity investor by PitchBook — a distinction that reflects our deep belief in the category and the leaders driving it forward.

From nation-state threats to AI-powered attacks, the cybersecurity landscape is evolving faster than ever. As we meet with leaders across the industry at RSA 2025 this week, one question continues to guide our thinking: What does it take to build a market-leading cybersecurity company today?

Were you at the RSAC this week? Let us know below ⬇️

Armis , Abnormal AI , Mimecast , Veeam Software , Recorded Future , and Prelude offer powerful lessons in how to scale in a category that demands relentless innovation, speed, and resilience.

How cofounders Yevgeny Dibrov and Nadir Izrael built Armis, a cyber exposure management and security giant

Key takeaways for founders

• Solve an urgent, overlooked problem: Armis was built to secure unmanaged and unprotected connected devices — a massive blind spot in cybersecurity. Great startups often emerge by identifying and owning a neglected risk or opportunity.
• Think category creation, not just product: The founders didn’t just build a tool — they shaped the new category of “cyber exposure management,” helping define the future of their industry.
• Build for scale early: Armis' rapid global growth was enabled by building scalable infrastructure and go-to-market systems from the outset, a reminder that early investments in scale pay off in the long run.

Cofounders Yevgeny Dibrov and Nadir Izrael began brainstorming ideas for a cybersecurity startup in 2015. “We started working from the couch in Nadir’s apartment, cold calling CISOs and IT managers to ask them what tools they were missing,” Dibrov says. 

“Most people would come up with a cool technology, then figure out how to sell it. Instead, we looked for the biggest pain points and started there.” 

This customer-centric approach helped the founders realize that the IoT revolution of the mid-2010s and the subsequent explosion in connected devices were likely going to create a lot of risk. They founded Armis with one mission: to enable enterprises to use IoT and unmanaged devices safely and securely by protecting the entire attack surface. 

“We were successful because we were doing something difficult, something that was not easy for others to replicate.” 

Growing their offering to also secure healthcare organizations and medical devices in early 2019, Armis continued to go from strength to strength. “We started out solving one problem, but we expanded quickly, solving more of our customers’ challenges,” says Izrael.

It was during the Series C fundraise that the Armis founders were first approached by Insight Partners. “It was 2019, and we had just closed an amazing year,” recalls Dibrov. “Revenues were up by 7.5x, and we were closing seven-figure deals, protecting major infrastructure and hospitals.”

Armis moved its headquarters from Tel Aviv to Palo Alto in 2017, and many of the U.S.’ biggest Silicon Valley venture capital firms were based around the corner from the new office. “We got a lot of interest,” says Dibrov. “We met 11 firms in one day and had eight offers on the table by the evening.”

Keep reading

How Anand Eswaran is safeguarding the digital world at the helm of Veeam

Key takeaways for founders

•  Mission-driven leadership builds enduring value: Eswaran’s focus on Veeam’s mission — ensuring data security and availability in a digital-first world — demonstrates how a clear, compelling purpose can rally teams, align priorities, and differentiate a company in a competitive market. 
• Customer obsession is a growth accelerator: Veeam’s deep commitment to solving real customer pain points, especially around ransomware and cloud complexity, reinforces the importance of staying close to your users and building products that address their evolving challenges.
• Adaptability matters more than ever: Veeam’s pivot to hybrid-cloud offerings and ransomware protection showcases the need for strategic agility. Founders should be ready to evolve products and business models as market dynamics shift.

Veeam Software , founded in 2006, protects and secures that which is most valuable from SMBs to the world’s largest enterprises: their data. Whether that data is stored on-premise, in the cloud, or as a hybrid of the two, Veeam’s platform promotes data resilience through secure backups, instant recovery, and a top-notch user experience.

Veeam’s founders, Ratmir Timashev and Andrei Baronov, have a longstanding and successful history with Insight Partners, dating back to 2002 when Managing Director Michael Triplett was part of the team that invested in their first venture, Aelita Software Corporation. This early collaboration laid the foundations for a strong partnership, including Insight’s minority investment in Veeam in 2013. Timashev and Baronov had the vision back in 2006 to build a world-class data protection platform, which ultimately has gone on to support more than 67% of the Global 2000 and over 550,000 organizations.

“Ratmir and Andrei built an extraordinary company with a vision that reshaped the data protection industry, and Insight Partners has been proud to support that journey from the early days of Aelita Software to Veeam’s rise as the global leader in data resilience,” said Triplett.

Insight went on to acquire Veeam in 2020 and, within six months, helped facilitate the purchase of Kasten, the market leader for Kubernetes backup and disaster recovery, marking an important step in Veeam’s evolution to lead the market in modern workload protection.

In 2021, Insight reached out to Anand Eswaran to shepherd this new phase for the company. “I was COO at RingCentral at the time, and I wasn’t looking for a change, but after a few conversations, I saw the scale of the opportunity,” he says. “Veeam’s product was the best in the market, and I knew I could help bring a renewed focus on go-to-market, engineering, and execution.”

“This category is constantly reinventing itself, and this was a chance to reshape a whole industry — I loved the cultural significance of that.”

Keep reading

Peter Bauer’s big bet on email: Mimecast’s journey from bootstrapped startup to email pioneer

Key takeaways for founders

• Timing matters, but commitment matters more: Mimecast launched before the cloud was mainstream, but succeeded by staying committed to its vision and iterating alongside the market’s evolution.
• Build trust, not just tools: Mimecast grew by becoming a trusted partner in email security, showing founders the importance of earning trust — not just delivering features.
• Go global deliberately: Mimecast’s international expansion was gradual and strategic, reminding founders to scale geographically only when the foundation is strong.

In 2008, Mimecast secured its first round of venture funding to support its expansion into North America. A few years later, the company raised a $21M Series B to further fuel its growth. By 2012, cofounder Peter Bauer and his family had relocated to Boston to scale the U.S. business, marking a pivotal moment in the company’s expansion.

Due to Mimecast’s metrics, they secured meetings with 28 different investors. In the end, it was a choice between five firms, with representatives from each invited to London for an immersion day.

“I remember Jeffrey Lieberman and Hilary Gosher from Insight Partners sitting in our pokey meeting room and spending the day with us,” Bauer explains. “It just felt natural from day one. I knew that this would be a long journey, with setbacks as well as successes.”

“You need an investment team that really backs you…If that chemistry isn’t there, it’s like driving a car with a flat tire.” 

In 2012, Insight led Mimecast’s $62M Series C round, securing a 16% stake in the company.

Two things stood out about Insight, Bauer says: “Their calmness, and their breadth of experience around how to tackle the North American market.”

Leveraging Insight’s dedicated growth engine, Onsite, for help on everything from hiring to their 

U.S. go-to-market strategy to their eventual IPO preparation moved the needle for Mimecast. “Preparation starts years before the bell rings. We believe the companies that succeed post-IPO are the ones that build financial discipline early — eight quarters of consistent performance, the right KPIs, and a leadership team that understands how to operate in a public market,” says Gosher.

Keep reading

How Evan Reiser is better understanding and securing human behavior with Abnormal AI

Key takeaways for founders

• Solve problems with first-principles thinking: Reiser didn’t just improve email security — he reimagined it from the ground up using behavioral AI, showing the power of approaching old problems in fundamentally new ways.
• Product-market fit starts with the end user: Abnormal focused on creating a seamless user experience for security teams, emphasizing that usability drives adoption, even in complex enterprise tools.
• Enterprise security is about trust: Abnormal built credibility by focusing on transparency, reliability, and measurable outcomes — a reminder that trust is a key differentiator in sensitive markets.

Evan Reiser , along with his cofounder and former coworker Sanjay Jeyakumar , left X in 2018 to pursue the founding principle behind Abnormal AI : using AI to understand human behavior. By understanding humans perhaps even better than they understand themselves, the duo realized that there was an opportunity to use that insight for hundreds of different business-relevant applications.

“We have similar values and both really enjoy the process of doing the work and truth-seeking,” Reiser says of their partnership. “And we’re both incredibly optimistic.”

“Sanjay is very perceptive and thoughtful. His cognitive skills are off the charts. If he is in the conversation, he makes everyone else smarter, like a force multiplier in people’s brains.”

They needed revenue to develop their tech, so they spoke with 100 CSOs and CIOs: “We shared our vision and asked which applications they would be willing to pay for.” The response was conclusive: 90% of the immediate use cases were in cybersecurity.

The focus on email security was a natural evolution, as most of the successful social engineering and phishing attacks at the time were exploiting email as a channel. In 2018, business email compromise was just starting to become widespread, with CEO impersonations rising. 

“These attacks are successful because they rely on exploiting human behavior, and since they didn’t have malicious attachments or links, they were able to easily bypass existing defenses,” says Reiser.

“We realized that protecting people from these attacks was key, and that use case really inspired us.”

Keep reading

How Christopher Ahlberg is making the world safer and more secure with Recorded Future

Key takeaways for founders

• Own your data advantage: Recorded Future is differentiated by combining open-source intelligence with proprietary data and machine learning. Founders should think early about how to build defensible data moats.

• Build a product that adapts to threats: In security, the threat landscape changes constantly. Ahlberg’s team focused on creating a flexible, evolving platform, showing the value of adaptability in product design.
• Long-term vision wins: Ahlberg scaled over more than a decade, proving that patience, consistency, and compounding improvements are key ingredients in building enduring category leaders.

As the volume of cyberattacks has accelerated, Recorded Future ’s customer base has swelled. If cybercrime were measured as a country, it would boast the third-largest economy after the U.S. and China. Cybersecurity Ventures expects the cost of global cybercrime to jump by 15% per year, reaching $10.5T by 2025. 

Recorded Future is riding the crest of this wave, achieving annual recurring revenues of more than $250M ARR in 2022.

“The world runs off the internet,” says founder Christopher Ahlberg . “Look at the war in Ukraine; the internet has become a centerpiece. There are battles happening on the ground, but cyberattacks and disinformation campaigns are also having a big impact.” 

Ahlberg maintains a strict code of ethics when growing Recorded Future’s customer base. “Our mission matters a lot to the 1,000 people who work here. They stick around because we give them interesting problems to solve, they get to work with other great people, and because we work to secure the world with intelligence.” 

Ahlberg believes that the world has now entered a 10-year cycle of conflict, following a decade of peace. “It will be a tricky world to operate in.” 

*Editor’s note: Since the initial publication of this article, Recorded Future was acquired by MasterCard.

Keep reading

Spencer Thompson’s mission-driven mantra is driving Prelude’s impact in cybersecurity

Key takeaways for founders

• Reimagine how industries train and adapt: Thompson saw that cybersecurity teams were often unprepared for real-world attacks and built Prelude to make security training continuous, proactive, and accessible — a lesson in identifying structural industry gaps.
• Build for usability from day one: Prelude’s tools are designed to be intuitive for both elite teams and entry-level practitioners. Founders should prioritize user experience even in technical, expert-driven domains.
• Democratize access to powerful tools: By lowering the barrier to effective cyber defense, Prelude is helping smaller organizations stay secure. Founders can create impact by making high-leverage capabilities more accessible.

“What happens when a board member sees a cyberattack on the news and asks their team, ‘Are we vulnerable to this attack?’,” cofounder and CEO Spencer Thompson asks. “This is the fundamental question in cyber, the one that keeps people up at night.”

The answer is usually “I don’t know,” prompting a flurry of activity. First, the Chief Security Officer (CSO) will ask the team that same question. Threat intelligence then examines the threat and produces a 40-page document analyzing the threat and any potential vulnerabilities. Finally, protections are put in place, validated, and tested.

“This process takes months,” Thompson says. “That’s unacceptable.”

“By the time these protections are in place, the situation has changed and there are new variations or new threats entirely.”

Prelude has a different approach, creating a simulated, synthetic version of the attack. “We mirror all the behaviors of the threat without doing any damage,” explains Thompson. “The secret to our success is in our name: Prelude. It means the thing before the real event happens.”

Prelude can analyze cybersecurity threats and generate protection in under five minutes. The technology uses AI to anticipate and neutralize not only the individual attack but also future variations.

The impact of a technology like this cannot be overstated. Cybercrime is predicted to cost the world $10.5T USD by 2025, according to research and market intelligence firm Cybersecurity Ventures. A recent report by the National Cyber Security Centre found that all types of cyber threats — state and non-state — are already using AI to some extent.

Keep reading

Managing Director Thomas Krane , Recorded Future 's Christopher Ahlberg , Prevalent AI 's Kevin Hickey , and Keyfactor 's Jordan Rackie on the Scale to Sale CEO panel at Insight's ScaleUp Suite.

Managing Director Mike Hayes and Microsoft Global CISO Igor Tsyganskiy

Stephen Ward , Abnormal AI 's Evan Reiser , and Wiz 's Alon Schindel

Thanks for reading Flight School. Be sure to subscribe and share it with friends and colleagues here. We're excited to have you in our community of innovators and leaders.