The doors nobody remembers leaving open
Your company approved an app three years ago. Someone in marketing wanted a calendar tool. It asked for permission to read your files. Somebody clicked "allow." Then everyone forgot. The tool still has the keys. Yoni Shohet built a company around that exact moment - the small, boring yes that turns into a security hole nobody is watching.
Shohet is the co-founder and CEO of Valence Security, based in New York. Valence works in a corner of cybersecurity called SaaS security posture management. Stripped of the jargon, the job is this: look at all the cloud apps a company uses, all the ways those apps connect to each other, all the tokens and logins and shared files, and find the pieces that have quietly become dangerous. Then help fix them.
Most security tools stop at the finding. They hand you a red dashboard and wish you luck. Shohet's bet is that the fixing is the hard part, and the part worth building for. Valence tries to remediate risk in cooperation with the people who created it, rather than slamming a door in their face. In an industry that loves to say no, that is close to heresy.
We launched Valence to harden organizations against SaaS supply chain attacks in a way that takes into account business context and doesn't impede the velocity of SaaS adoption.
A math degree, then an intelligence unit
Before the funding rounds and the conference stages, there was a teenager who was very good at math. Shohet earned a BSc in Mathematics at 19, an age when most people are still shopping for a major. He studied at Bar-Ilan University in Israel.
His turn toward security came during his service in the Israel Defense Forces. He led a cybersecurity team and worked as a project manager inside one of the country's most respected military intelligence units - the kind of place that produces a disproportionate share of the world's security founders. That is where the abstract math met the practical problem of defending real systems from real adversaries. It stuck.
The first company: securing the physical world
In 2014, Shohet co-founded SCADAfence with fellow IDF veteran Ofer Shaked. SCADAfence was an early mover in industrial IoT and operational technology security - protecting the computers that run factories, utilities, and the machines that keep the physical world humming. It is unglamorous, high-stakes work. A breach there is not a leaked spreadsheet; it is a production line that stops or a valve that opens when it should not.
Shohet and Shaked stepped away in early 2021 to start new ventures. The company they built kept going. In July 2023, Honeywell announced it would acquire SCADAfence, folding the technology into its cybersecurity portfolio. For a founder, watching a company you started end up inside an industrial giant is its own kind of validation - the quiet kind, without confetti.
With the surge in SaaS breaches - attacks on inherently secure services like Okta, Google and GitHub - our commitment to building the first collaborative, automated remediation platform has paid off.
The second act: from factories to the cloud
Having spent a decade securing the physical world, Shohet looked at the cloud and saw the same problem, only bigger and messier. Companies were adopting SaaS apps faster than any security team could track. Each new app was a new connection, a new permission, a new place for something to go wrong. And the attacks were already coming - Okta, GitHub, Google, one after another.
So in 2021 he co-founded Valence Security with Shlomi Matichin, who serves as CTO. The company emerged from stealth in October 2021 with $7 million in seed funding led by YL Ventures. A year later, in October 2022, came the round that put Valence on the map: a $25 million Series A led by M12, Microsoft's venture fund. That brought total funding to $32 million.
The investors who don't usually agree on anything
The Series A roster is worth pausing on, because it is unusual. A software giant led it. A luxury carmaker joined through Porsche Ventures. An internet-infrastructure company, Akamai, put money in. So did Alumni Ventures and Michael Fey, the CEO of Island and former president of Symantec. Getting a software company, a car company, and an infrastructure company to back the same bet takes a founder who can explain a problem clearly enough that very different people all see it.
That, more than anything, is the through-line of Shohet's career. He is not a founder who chases whatever is loud. He finds the problem before it has a name - the industrial machine nobody was watching, the OAuth token nobody remembered - and builds the thing that watches it. Twice now, the market has agreed the problem was real.
He is also a member of the Forbes Technology Council and writes about where SaaS security is heading. His predictions have a habit of arriving. When he wrote that SaaS security would "enter the spotlight," it was less a forecast than a status report from someone already standing in it.
The story is not finished. Valence keeps expanding what it watches - external data sharing, identities living outside a company's control, the growing tangle of non-human identities and AI agents connecting to everything. The apps keep multiplying. The doors keep getting left open. And Yoni Shohet keeps looking for them.