Cloud Security , Governance & Risk Management , IT Risk Management

Orca Promotes CPO Gil Geron to CEO to Drive Efficient Growth

Avi Shua Moves to Chief Innovation Officer Role After Serving as CEO Since Founding
Orca Promotes CPO Gil Geron to CEO to Drive Efficient Growth
Gil Geron, co-founder and CEO, Orca Security (Image: Orca Security)

Orca Security has promoted Chief Product Officer Gil Geron to CEO to help the agentless cloud security vendor maintain its market leadership and rapid growth.

See Also: 5 Considerations for Effective Multi-Coud Threat Detection

The leadership swap at Portland, Oregon-based Orca will result in Avi Shua moving to the newly created position of chief innovation officer, where he intends to push the boundary on how cloud security operates. Geron and Shua co-founded Orca Security in 2019 after working together at Check Point Software for the previous 11 years, with Shua serving as CEO and Geron serving as CPO since inception (see: Orca Security's Avi Shua on Making Cloud Safe for Government).

"Avi has been my best friend for more than 20 years, and that's not changing," Geron told Information Security Media Group on Wednesday. "Avi is staying in the company and will continue to be extremely involved."

Efficiency Takes Center Stage for Geron

Geron plans to introduce new capabilities as CEO that will make it easier for security teams to operate effectively and improve their efficiency and remediation capabilities. Customers don't want to receive more alerts or install more agents, prompting Orca to look for innovative ways to propel clients toward faster resolutions by streamlining the remediation process and removing friction inside the company.

"Teams will be able to be dramatically more efficient when using security products like Orca, and we want to innovate and lead the way around that," Geron said.

Geron wants Orca to get to at least $1 billion in annual revenue over the next half-decade and continue along the path to becoming profitable and cash flow positive. He said Orca has analyzed its usage of the cloud and how it conducts business to improve the efficiency of its operations and offer customers packages that allow for more customizing around their spend to achieve the optimal unit economics.

"The situation in the market mandates efficiency in all teams and all segments," Geron said. "It mandates operational efficiency, efficiency of the employees, and also efficiency in security."

From a metrics standpoint, Geron plans to closely track how effectively Orca works with resellers and partners such as Amazon Web Services to drive high-velocity growth and how effective Orca's platform is at fixing security or configuration issues customers are experiencing.

"We want to create a security platform that is not only effective but also developed," Geron said. "That's our focus. They should expect a lot of attention from us to allow them to succeed in their role and to overcome challenges they have, whatever they are."

Orca Change Is Latest Tectonic Shift in Cloud Security Market

Orca's CEO change comes among sweeping shifts in the pure-play cloud security vendor landscape. Less than a month ago, Orca's top rival, Wiz, raised $300 million on a $10 billion valuation, making it the most valuable venture-backed security company in the world just three years after its founding. Orca notched a more modest $1.8 billion valuation in October 2021 after raising $340 million of Series C funding.

Unlike Wiz, which nearly quadrupled its headcount from 168 in October 2021 to 650 last month, fellow cloud security startups Aqua Security and Lacework have both laid employees off over the past year. Lacework axed 20% of its employees in May, and co-CEO David Hatfield and President Andy Byron departed the company in the fall, while Aqua reduced its workforce by 10% - or 65 staffers - in December.

"Avi has been my best friend for more than 20 years, and that's not changing."
– Gil Geron, co-founder and CEO, Orca Security

Although Orca hasn't increased headcount at the stratospheric pace of Wiz, the company hasn't publicly disclosed any layoffs either. Orca has increased its headcount over the past year to 470 workers, and the most aggressive growth took place in the company's IT and engineering divisions, LinkedIn found.

"Many companies now understand the technology we built with agentless cloud security is the way to go," Shua told ISMG in September. "And now we see companies also building agentless cloud security tools and trying to mimic our technology. Our value to our customers is to be leading the innovation. We are the first and continue to be the first to provide the most advanced capabilities."

Orca's founding team has reportedly been open to acquisition offers in the past. The firm entered into advanced negotiations in late 2021 with SentinelOne around a $2.5 billion deal, Calcalist reported at the time. The deal fell apart due to a massive drop in SentinelOne's stock price. Then, in July 2022, Shua poured cold water on CrowdStrike acquisition rumors, writing on LinkedIn, "I can confirm it's not Orca."

Instead of getting acquired, Orca actually made its first-ever acquisition in January 2022 when it purchased RapidSec, an Israeli cybersecurity startup that protects web applications from client-side attacks. Then, in October 2022, Orca became FedRAMP Ready, which means the company can now serve the U.S. federal government, its agencies and its contractors.

Companies such as Orca often serve businesses that contract or subcontract with the U.S. government - even if they don't support federal agencies themselves - and are therefore bound by federal security rules and regulations, Shua told ISMG last year. Three months later, Orca Security implemented a ChatGPT extension, which processes security alerts and provides users with step-by-step remediation instructions.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.