The revenue chief who became a cyber unicorn's chief executive nineteen months after showing up.
Michael Dube, photographed for Aqua Security. Suit, half-smile, the look of someone who has closed a lot of enterprise deals and is now expected to run the company that closes them.
Michael Dube joined Aqua Security in April 2024 as Chief Revenue Officer. In November 2025, the company's board announced that its two co-founders, Dror Davidoff and Amir Jerbi, were stepping aside, and that Dube - not a founder, not a technologist, not a boomerang product executive - would run the company. This is unusual. It is also, if you read Dube's public statements carefully, exactly what he was hired to do.
Aqua Security sells cloud native application protection. It is one of a handful of companies that started with container security around 2015, watched Kubernetes eat the world, and then had to decide whether to be a product or a platform. Aqua chose platform. It now sits inside more than forty percent of the Fortune 100, protects Docker images and serverless workloads and CI/CD pipelines, and files a lot of blog posts about runtime protection. The company has raised roughly $325 million, most recently a $60 million Series E in early 2024.
Into this walked Dube, who is not a Kubernetes person. He is a sales person. Specifically, he is the sort of enterprise cybersecurity sales person whose career reads like a decade-by-decade tour of what large companies were buying to protect themselves: Check Point (perimeter firewalls), Splunk (log data), Cybereason (endpoint detection), CrowdStrike (extended detection and response). At each stop, the pitch was that the previous generation of security tools was necessary but insufficient, and that this new one - the one Dube happened to be selling - was the future.
They don't need more visibility. They don't need overlapping platforms. They need focused partnerships. Michael Dube, on Aqua Security's blog
Dube's public argument, both before and after his promotion, is that cloud native security is in the middle of a shift that email security and endpoint security already went through: from monitoring to protection. In his framing, the industry spent the last decade producing dashboards and alerts, and CISOs are drowning in them. Monitoring is a losing proposition once signal grows faster than the humans reading it. The winner, he argues, is whoever can actually stop the bad thing from happening in production.
This is a convenient argument for a runtime protection company to make. It is also a convenient argument for a sales leader to make when he wants to convince a board he should be CEO. Both things can be true.
When signal grows faster than human capacity, monitoring alone doesn't scale. Protection wins.Dube on cloud native security's next phase
Dror Davidoff, who co-founded Aqua in 2015 and ran it as CEO for a decade, framed the transition as a natural next phase for the company. Amir Jerbi, the CTO co-founder, stepped back at the same time. The public statements were the ones you'd expect - continuity, foundation, next chapter. Dube's own quote, characteristically, ends with a phrase from an operator's vocabulary: 'strengthening our execution as one global team.'
The two-headquarters problem is real. Aqua runs out of Burlington, Massachusetts and Ramat Gan, Israel. Dube, based near Boston, now has to keep both offices synced, keep enterprise customers happy through a leadership transition, and keep whatever remaining momentum a Series E company has moving toward whatever comes next, which in cybersecurity typically means either an IPO or an acquisition by a strategic buyer.
Before Aqua, Dube ran North America strategic sales at CrowdStrike, where he was recognized with an America Senior Leadership Award. Before that, Splunk. Before that, Cybereason. Before that, Check Point. He is often described in company statements as having 'nearly three decades of industry experience' and 'deep relationships with enterprise decision-makers.' In practice, this means that at any given moment, some meaningful fraction of the CISOs at the largest companies in the country will pick up when he calls. That is not a small thing when your business is selling a security platform to those exact companies.
He attended The Wharton School at the University of Pennsylvania. Aqua's press materials describe him as 'values-driven,' which is a modifier that appears in a lot of leadership announcements and is worth roughly what it costs to say. His own writing is more telling: he uses the word 'focused' more often than 'expanded,' 'protection' more often than 'visibility,' 'outcomes' more often than 'features.' If you had to summarize the operating philosophy of a security CEO in one line, that would be a defensible one.
The only sustainable model is one that protects in real time and prioritizes risk with business context.Dube, in an Aqua blog post
The immediate question for Aqua under Dube is a market-positioning one. The cloud native security category has been fragmented, crowded and, in the eyes of many buyers, exhausting. Every vendor claims a platform. Every platform claims runtime protection, posture management, CI/CD security, container scanning and cloud workload defense. The category is called CNAPP - Cloud Native Application Protection Platform - which is a phrase only a Gartner analyst could love. Aqua's job under Dube is to convince the market that its version of the platform is the one worth consolidating on. His pitch, that customers want 'focused partnerships' and not another dashboard, is aimed squarely at fatigue.
Whether that pitch works will depend on things that have nothing to do with product roadmaps: how CISO budgets shake out, how the AI security wave interacts with existing cloud security spend, whether the private cyber-unicorn cohort holds its valuations, whether Aqua files for an IPO or gets bought. Dube's background suggests he has a decent read on the first two and a very strong read on the last two. That is probably why he got the job.
He inherits a company that was purpose-built for containers before containers were universal, that grew up alongside Kubernetes, that now sits in the guts of a lot of very large enterprises. His job is to keep it there, expand its footprint, and translate a founder-built product story into a sales-led operating story. The Fortune 100 is already a customer. The next question is how much of the Fortune 500 he can turn into one too.
We were purpose built to address the cloud native security needs of the future, and the future is now.Michael Dube
Was hired as CRO and promoted to CEO 19 months later - one of the shorter runways in a recent cyber unicorn transition.
His resume tracks the last thirty years of enterprise security: firewalls, SIEM, EDR, XDR, cloud native.
Aqua Security is dual-headquartered in Burlington, Massachusetts and Ramat Gan, Israel. Dube runs both.
The company he now leads protects a plurality of the Fortune 100.
He attended The Wharton School at the University of Pennsylvania.
At CrowdStrike he was recognized with an internal America Senior Leadership Award for building the strategic sales team.
Chief Executive Officer of Aqua Security, a cloud native application protection company headquartered in Burlington, Massachusetts and Ramat Gan, Israel.
November 2025. He succeeded co-founder Dror Davidoff as part of a broader leadership transition.
Vice President, North America Strategic Sales at CrowdStrike, with earlier sales leadership roles at Splunk, Cybereason and Check Point Software.
The Wharton School at the University of Pennsylvania.
That cloud native security is shifting from visibility and monitoring to real-time protection and business-context-aware risk reduction - and that customers want fewer, more focused security partners, not more platforms.
A tick-tock of one of the shortest CRO-to-CEO promotions in recent cyber history.
Inside the board's decision to promote Dube over conventional CEO candidates.
An examination of the operating thesis Dube inherited and reshaped.
A look at Aqua's enterprise customer base under new leadership.
Dube's career as a map of enterprise security's last thirty years.
A profile centered on Dube's public argument that dashboards are not defenses.
How the new CEO manages a company split across the US and Israel.
Dube joins a growing list of ex-CrowdStrike leaders in the corner office.
Where a $325-million-funded company goes from here.
What a revenue leader-turned-CEO tends to prioritize in the first 100 days.