Roni Fuchs grew up in Jaffa, a tough neighborhood in Tel Aviv, Israel where he learned the value of hard work, exposed to technology at an early age by his Romanian immigrant and engineer father.
âI grew up with an emphasis on working hard and excelling and trying to build something. That hard work really paid off eventually because that, I think, was one of the reasons I got into 8200,â says Fuchs in an interview of his acceptance into Israelâs famed cybersecurity division of the Israel Defence Forces, where he met Liav Caspi and Lior Barak who would later join him in building Legit Security.
Fuchs is the CEO and co-founder of Legit Security, one of the companies leading the fast-growing application security posture management (ASPM) market. He, along with Caspi and Barak started the Tel Aviv-based Legit in 2021.
Legit Security protects software supply chains from attack by automatically discovering and securing the pipelines, infrastructure, code and people, providing continuous assurance that applications are released without vulnerabilities.
ASPM has become more relevant as the complexity of applications has grown, especially given the explosive growth of AI being incorporated all along the software application development supply chain.
Legit is part of a global ASPM market expected to reach $1.5 billion by 2026 and research firm Gartner predicts its adoption will increase from 5% to 40% of the market in two and a half years. Legit competitors include the likes of Apiiro, Cycode, ArmorCode, Devo and Threatstream.
Fuchs and his co-founders are a âband of brothersâ who met in the IDF and then followed each other through series of enterprise software security initiatives. After Fuchsâs first startup was acquired by Microsoft, he then brought the trio together again to found Lumobit, which was then acquired by Checkmarx.
âThat’s where the story of legit comes in again with the same team, working with the same R&D group. We’ve seen so many applications, security vendors, but we felt that we didn’t really see a lot of enterprise security teams within those enterprises that actually were doing a job they felt good about with securing the data organization software or applications. And we wanted to dig into that,â says Fuchs. To do that, they left Checkmarx and founded Legit Security.
They didn’t spend a lot of time on ideation because they knew the problem by talking to security teams and felt they understood their pain. CISOs and CSOs already had a lot of tools. And a typical security engineer is bombarded with a lot of scanners and an endless list of vulnerabilities, which were often dealt with manually.
In fact, many CISOs don’t know how some of their software applications are created, according to Fuchs. âMost organisations have an application security product security team that’s tasked with securing applications. But the fundamental question of how that software is being built, that’s not something they’re responsible for. It’s the engineering organization or R&D organization,â says Fuchs.
This causes a gap in knowledge and hence a potential lapse in security. âWeâre the only company that looks at it from an automatic discovery point of view,â further states Fuchs.
Closing that gap is now a priority for most large enterprises with Legit Security as one of the beneficiaries. With offices in both Tel Aviv and now in the US, the firmâs some 85 employees service many of worldâs largest and best known companies like Google, NYSE, Kraft Heinz, Takeda Pharmaceuticals, P&G, AIG, Freddie Mac and Palo Alto Networks to name a few.
Its fast growth and large company adoption has attracted nearly $80 million in venture funding with its latest $40 million Series B funding led by CRV with participation from existing investors Cyberstarts, Bessemer Venture Partners, and TCV.
In asking CRV General Partner James Green why they invested in Legit, he stated, âWe were highly impressed with the Legit Security team and amazed by the breadth and depth of their Fortune 500 customers in such a short time. What Wiz did for Cloud Security Posture Management, we think Legit can do for ASPM. We couldn’t be happier to invest in the best company in the space to disrupt that market.â
The company name came about because Fuchs says he wanted their software to be the âlegitâ stamp of approval for securing software applications, unaware of the nameâs indelible association with MC Hammer song, âToo Legit To Quit.â
âIt’s a funny story. I didn’t know the famous song by MC Hammer when we named the company Legit. And on one of our first sales calls we were shown the song on YouTube and it was awesome. Since then, I can renewably use that story and it’s like everybody loves it,âsays Fuchs.
With three engineer, code-writing co-founders who had been together since their days in the IDF , why is Fuchs the CEO? Fuchs answers:
âMy co-founders are brilliant. My CTO knows how to build the right solution at scale. I was always the one who between the three of us who was able to dream or sell that dream or tried to, build something around it. We feel so comfortable and trust each other, that it (title) doesnât really matter. It’s more about the dynamic between us. It’s everybody’s doing what they’re passionate about. And I’m proud and humbled and grateful, not just my co-founders, but also for every employee that chose to join us, put their faith in us and what we stand for, and what we want to achieve in application security. And that’s what drives me. That’s what motivates me. And I guess that’s why I’m in this role.â
As for the future? âAn open ASPM platform that reveals how software is being built in the software supply chain is the future of how software will be built securely. And I think, when you browse a website today, and you get the green HTTPS and you trust that website because there’s a certificate authority, I believe the opportunity for us is to do the same for security. And so that’s huge,â concludes Fuchs.