The man who made attackers tell their own story - and handed the script to every defender in the room.
There is a title floating around Cybereason's org chart that no other tech company has bothered to invent: Chief Visionary Officer. Most companies hand out C-suite titles like candy. Cybereason gave this one to Yossi Naar because none of the existing ones were accurate enough. He is not the CEO. He is not the CTO. He is the person who decided what the product should be able to see - and then built the engine to see it.
That engine is the Cybereason in-memory graph. Naar designed it from scratch. It is the foundational plumbing that lets Cybereason's platform correlate millions of events across thousands of endpoints in real time, constructing a living map of what an attacker is actually doing rather than screaming alerts at an overwhelmed security analyst. The metaphor Naar reaches for is not a smoke detector. It is a crime novel - every chapter connected, every character tracked.
The most elegant thing he built on top of that engine is called the Malop. Short for Malicious Operation. Most security tools in 2012 were doing the equivalent of photographing individual footprints and filing them separately. Naar looked at that and asked a different question: what if you could see the whole walk? The Malop does exactly that - it reconstructs the full arc of an attack, root cause to every affected machine and user, as a single connected narrative. It is how defenders stopped chasing phantoms and started reading the story.
Before any of this, Naar was a soldier. Not the ceremonial kind. He served in Unit 8200 - the IDF's signals intelligence and cyber warfare unit that operates somewhere in the space between Israel's NSA and a very intense hacker collective. All three of Cybereason's co-founders came out of 8200. Lior Div went on to be CEO. Yonatan Striem-Amit became CTO. Naar became the one who stared at the architecture until it told him what it should be.
After the IDF, he spent years building security platforms for the Israeli defense industry, then pivoted hard into AdTech, developing big data platforms for digital marketing at industrial scale. The combination sounds strange until you realize that graph-based threat correlation and large-scale event processing are, at a technical level, the same class of problem. Naar did not stumble into Cybereason. He assembled himself for it.
The company Naar, Div, and Striem-Amit built in Tel Aviv in 2012 eventually spread to Boston, London, and Tokyo, raised $189 million in equity including a landmark $100 million from SoftBank, and chased a $5 billion IPO valuation before the market cooled and consolidation came knocking. Cybereason was later acquired by LevelBlue. His co-founders departed to start 7AI. Naar's chapter is still being written.
At Cyber Week Tel Aviv in 2018, he keynoted with a talk called "A Hacker's Perspective." That title is not a brand exercise. It is Naar's actual operating system. The defenders who beat attackers are not the ones with the best firewalls. They are the ones who learned to think like the person on the other side. Naar learned that in uniform. He built a company around it.
Most EDR tools in 2012 were generating thousands of isolated alerts. Naar built something different: a framework that assembles alerts into a story. The Malop - short for Malicious Operation - treats a cyberattack as a narrative with characters, acts, and consequences. Here is what that means in practice.
Unit 8200 is the Israeli Defense Forces' signals intelligence and cyber warfare unit. Think NSA, but with mandatory military service, a culture of extreme ownership, and an alumni network that reads like a who's-who of Israeli tech entrepreneurship.
Naar, Lior Div, and Yonatan Striem-Amit all passed through 8200 before they passed through Cybereason's front door. That is not a coincidence. The unit trains its people to think about adversaries the way chess players think about opponents - not move by move, but game by game.
When Naar designed the Malop, he was essentially codifying that adversarial mindset into software. The defenders who use Cybereason are not reading alerts. They are reading the attacker's strategy.
The title "Chief Visionary Officer" is easy to dismiss as branding. The record underneath it is harder to dismiss.
There are so many cybersecurity startups in Israel - over 700 - very few will survive.
The biggest challenge is finding the best people - other companies are constantly trying to poach our employees.
A holistic, full-stack solution - and be the best, not necessarily the cheapest.
As a company, if you are looking to revamp your passwords, my advice is to make sure you don't trust them and use additional factors in all accounts and services.
It will take some time to end the reign of the password because there are many legacy devices, infrastructure and frameworks that specifically require passwords.
The larger the database you're using, the larger the probability of mistake.
Naar holds the title "Chief Visionary Officer" - one of the rarest C-suite designations in the tech industry. There is no playbook for what that job is. He wrote it.
All three Cybereason co-founders are Unit 8200 veterans. In Israel's tech ecosystem, this is less remarkable than it sounds - and more remarkable than people outside Israel realize.
The word "Malop" - Malicious Operation - reframes cybersecurity from a reactive discipline into a narrative one. Naar did not build a better alert system. He built a storytelling engine.
Before cybersecurity, Naar worked in AdTech building big data platforms. The jump looks lateral until you understand that graph correlation at scale is the same engineering problem, different domain.
SoftBank put $100M into Cybereason. One of the things they were betting on: Naar's in-memory graph engine, which processes threats at a speed that traditional SIEM tools cannot approach.
His 2018 Cyber Week keynote was titled "A Hacker's Perspective." Not "A Defender's Perspective." The distinction is not semantic - it is the entire philosophy behind how Naar approaches security architecture.