This text is an automatic translation from Русский. It was generated by AI and may contain inaccuracies.
Read original →Unit 8200: How Military Signals Intelligence Became the Driving Force Behind a Nation's Cybersecurity Industry
The story of how Israel's Unit 8200 transformed from a signals intelligence operation into the world's largest incubator of cybersecurity startups. How its alumni built companies worth over $200 billion—and why this model can't be replicated.

AI summary
Unit 8200 of Israeli military intelligence has transformed over 70 years from an ordinary technical intelligence unit into the world's largest incubator of cybersecurity startups. Alumni of the unit have founded more than 1,000 companies with a combined value exceeding $200 billion, including Check Point, Palo Alto Networks, Wiz and CyberArk. The system's success is based on a unique combination of factors: mandatory conscription, early talent selection, real combat experience, venture capital financing and deliberate "release" of personnel into the civilian sector.
This text is the most comprehensive Russian-language history of one of the most famous, effective, and deeply mythologized units of the Israel Defense Forces (IDF), which over 70 years has evolved from an "ordinary" signals intelligence unit into the world's largest cybersecurity startup "incubator." It focuses primarily on this transformation—because the events of 1973 or 2023 alone could fill a separate book.
The author comes from the financial industry and is an entrepreneur and co-founder of two information security startups, as well as the author of several dozen texts on IDF history and Israeli military culture.
The unit first gained widespread attention after the publication of "Start-Up Nation" (Senor, Singer). For a deeper understanding of the subject, the author strongly recommends it.
This article should also not be viewed through the lens of experience serving in the Russian armed forces or other agencies. They are structured entirely differently.
Myths, Truth, and Reality
"8200 is a small and deeply secretive unit of elite hackers who develop spy software and monitor millions of people"—this is the classic description you'll find online.
While preparing this material, I was surprised to discover that there are virtually no quality Russian-language sources about what 8200 actually is, what their missions are, their recruitment principles, and so on. And it's not because everything is deeply classified. It just happened that way—almost no one talks about how 8200 ("shmone matayim" in Hebrew) traveled the enormous distance from military signals intelligence to what they are now. And even less is said about the highly specific military culture and the military's place in Israeli society. The image of 8200 outside Israel is heavily mythologized, not without the participation of unit veterans themselves. The description at the beginning of the article is precisely one of those myths, and it's complete nonsense. So let's start with the myths.
- 8200 is a small unit
No, it's the LARGEST independent unit ("yehida" in Hebrew) in the IDF. MORE people serve there than in any regular army brigade (for example, in Golani or the Paratroopers). It's a massive intelligence unit, comparable to the American NSA (which employs about 40,000 people versus roughly 5-7 thousand in 8200 and related units, though the Americans' missions are also larger in scale), while certain tasks are performed by smaller related units, such as 9900, 81, and even 501. And the Air Force has its own cybersecurity, as does Mossad, and surely even the prison service.
Besides 8200, the Israeli military has other large structures—the computer center (MAMRAM), a large communications and information technology unit (LOTEM), the General Staff's communications and cyber defense directorate, a software development unit ("Shahar"), and many, many others.
8200 (and any other similar structure) has an enormous staff, from operators, linguists, and translators to malware analysts, data scientists, and many others. They handle a huge spectrum of tasks.
Important point: 8200 is part of military intelligence (the closest Russian analog would be the GRU). There's Mossad (political intelligence, SVR), there's Shabak (internal security/counterintelligence, FSB), and information security units exist within the air force, navy, and so on. For example, judging by open publications, the Air Force has its own full-fledged red team.
- This is a unit staffed by the highest-level professionals
No, Unit 8200 is primarily staffed by conscripts drafted at ages 18-19, with about 1,000 people joining the unit each year. Yes, these aren't just "kids off the street"—they often come in after high school technical programs (Nahshon, Gvahim, Magshim, and others). The latter two are part of a government program to train cybersecurity personnel in schools, but more on that below. In short, if you want to serve there, it's advisable to prepare starting in high school. Or be exceptionally talented.
The majority of these "invisible front soldiers" are no older than 23—this is literally the NSA staffed by recent high schoolers, most of whom don't have college degrees. More precisely, their service replaces higher education. This leaves a very strong imprint on how the unit recruits.
- Unit 8200 develops spyware and runs global surveillance programs
That's true, but it's far from the whole story. The unit's mission is much broader, with a large number of "rank-and-file" personnel who aren't developers, red teamers, or anything like that. No joke, it most closely resembles L1 SOC work and other stereotypical, mass-market jobs for juniors.
What you get is this "NSA made of kids," yet they work no worse than their American counterparts. By the way, having large numbers of conscripts isn't unique to Unit 8200—for example, most of the Israeli Air Force's technical personnel are also conscripts. Often women. During joint exercises, Americans were regularly shocked to see a 20-year-old woman servicing a $50 million aircraft.
Meanwhile, around 15,000 to 20,000 former Unit 8200 personnel work at the world's largest IT companies, in Big Tech, and across the industry. Many of them maintain ties with the unit or serve as active reservists in the Israeli military—and that's also a tremendous resource that shouldn't be overlooked.
History and Context (1950s–1990s)
Originally, Unit 8200 (or rather, its predecessors in Units 848/515) was created as a radio-technical unit within AMAN, Israeli military intelligence. They handled completely standard, typical tasks for the military—radio and electronic intelligence, what the West calls SIGINT. Simply put, they intercepted enemy military communications and other sources of electromagnetic emissions (primarily working with radar signals).
For example, on the second day of the Six-Day War (which was highly successful for Israel), they intercepted a conversation between Egyptian President Nasser and King Hussein of Jordan, in which the Arab leaders agreed to claim that they were being bombed not by Israeli aircraft but by American and British ones—in order to drag the USSR into a war the Arabs were losing. The recording of the conversation was publicly broadcast—a first in Israeli history.
There were successes and failures (Mossad and AMAN veterans argued into old age about the reasons for the failures of '73), but overall, Unit 8200's mission didn't extend beyond functions the military understood. For example, in the USSR, similar tasks were handled by the GRU and the KGB's 16th Directorate. In the U.S., there were the NSA and DIA, and together with the USSR—a huge number of other structural subdivisions within the military. Israel is small; one Unit 8200 was enough for them.
It's important to add that the Israeli military has always had a strong culture of "bottom-up initiative." For example, the creator of Israel's first reconnaissance UAV literally assembled it in his garage, "borrowing" an engine from his neighbor's lawnmower. In the military, it (the drone, not the creator) was called "Zahavan" (Oriole in Hebrew).
Incidentally, it looks a lot like our Forpost (I think it's obvious why). Another story: in the early 1980s, two Israeli engineers modified the radar from an American Hawk missile system literally "on their knees" and successfully "caught" a Syrian MiG-25. The Israeli army has always been compact and built on "horizontal connections."
In 1982, Israel participated in its last "combined arms" war, facing full-fledged military formations with modern aviation and air defense systems. The confrontation with Syria showed that Israel was head and shoulders above any neighbor, and there were no states left in the Middle East capable of seriously threatening it. At the same time, a completely new threat emerged, one that
couldn't be countered with aircraft, tanks, and infantry brigades. That threat was terrorism. Fighting it required entirely different methods: intelligence networks, interception of "civilian" communication channels, wiretapping, and so on. And this is where Unit 8200 really came into its own...
Simultaneously, a technological revolution was happening "outside" the unit. In 1983 (a year after the Lebanon War), ARPANET in the United States switched from the NCP protocol to TCP/IP—the internet was "born." The U.S. Department of Defense began implementing ARPANET on a large scale for defense purposes. Israel, as America's closest technological ally, gained access to these technologies earlier than most NATO allies, thanks to "horizontal connections" with American Jews.
In 1988, 23-year-old Cornell University graduate student Robert Morris launched the first "modern" virus in America, the so-called Morris worm. The epidemic infected about 6,000 ARPANET nodes, providing the first public proof that network security wasn't an abstraction. It became clear that networks could be attacked, which meant defenses were needed.
While Morris was writing his malware, a 20-year-old Unix administrator named Gil Shwed was serving in the Israeli army. He and Morris had much in common: both were children of programmers (Morris's father worked at the NSA), both started coding early (Shwed was a university sysadmin at 14), and both were extremely curious.
In the army, Shwed worked on building network architecture—and network security. That's when he developed the groundwork for what would become FireWall-1, one of the first modern firewalls. Shwed waited four years for a market to emerge for his startup, and in 1993 he approached his former service colleagues and said: "Remember my idea from four years ago? I think it's time to bring it to market." Once again—horizontal connections. Their first investment of $250,000 came from BRM, an Israeli software company that had developed one of the world's first antiviruses. For that money, BRM received half of Check Point. Three years later, that $250,000 had turned into $250 million. A year after that—half a billion. Today the company is worth about $15 billion. Morris demonstrated to the world that open networks are inherently vulnerable. Shwed created one of the solutions to that problem.
Incidentally, Robert Morris became known not only as a hacker—in 2005 he became one of the founders of the famous Y Combinator accelerator fund.
Technocratic Military Intelligence (1990s)
In June 1996, Check Point raised $67 million in an IPO on NASDAQ. This was unprecedented for an Israeli company—and sent a clear signal to the entire country: technologies from military intelligence have a market value in the hundreds of millions of dollars.
Paradoxically, it was precisely the "reorientation" from purely military objectives to counterterrorism, the start of the intifada, and the rapid growth of technology that created Unit 8200 in the form the modern world has come to know. Military SIGINT took a back seat—Israelis needed to monitor the communications of vast numbers of people, most of whom weren't career military. In 1987, the first intifada began, where the main adversary became "paramilitary formations," terrorists, and simply disgruntled protesting Arabs.
This required a fundamentally different data collection architecture. The old model—tracking military radio frequencies of enemy armies—involved a relatively small number of targets with predictable communication patterns. The new task was different: low tech, thousands of people using civilian infrastructure—telephone lines, pagers, and soon mobile networks. Unit 8200 began transforming from a narrowly specialized military unit into what today is called mass surveillance infrastructure. It was the combination of "classic" defense tasks and the need for constant monitoring of hostile Palestinian enclaves that made Unit 8200 what it is.
It was during this period that the unit began developing what would later become the foundation of Israel's technological superiority over its neighbors: automated collection and analysis of large volumes of unstructured data. In the early 1990s, this meant working with tools that were primitive by today's standards—indexing conversations, keyword spotting in audio streams, manual verification of results. But the very framing of the problem—how to process millions of data points and extract meaningful signals from them—was a decade ahead of the civilian industry. The concept of big data as we understand it today didn't exist yet, but large volumes of unstructured data were already emerging.
The Second Intifada, which began in 2000, radically accelerated this process. A series of suicide bombings in Israeli cities confronted intelligence services with the challenge of predictive analysis: not simply recording the fact of communication, but predicting intent before it could be acted upon. This required a shift from keyword-based to behavior-based analytics—analyzing not the content of conversations, but patterns: who with whom, when, how often, from which locations. This is where Unit 8200 began systematically working with what the civilian world would later call graph analytics and network topology analysis. We see them now in many solutions, such as anti-fraud systems, but back then it was a breakthrough. And again, let's emphasize: this entire story was driven "by problems"—without them, 8200 would have remained just another radio intercept unit.
In parallel, a technological revolution was unfolding in communications networks themselves. The GSM standard arrived in Israel in 1994. This meant that targets were no longer sitting on fixed communication lines—they were moving, changing SIM cards, using multiple devices, and protecting themselves. Unit 8200 adapted: methods were developed for IMSI interception, cell tower triangulation, and finding correlations between voice and data traffic. Many of these techniques later became the foundation of products that unit veterans would create in the civilian sector—from Cellebrite, which specializes in forensic data extraction from mobile devices, to Verint, which builds industrial interception systems for government clients worldwide.
By the mid-2000s, Unit 8200 had de facto become the largest employer in Israel's technology ecosystem—not by headcount, but by the number of people who had passed through it and emerged with specific expertise. An annual "graduating class" of a thousand people created a continuous flow of specialists who had gained real (and "combat-tested") experience working with systems that would cost tens of millions of dollars in the corporate world. Venture investors quickly understood: someone with a proven track record in 8200 wasn't just a good resume—it was proof of the ability to work with critical systems under pressure.
Around the same time, the concept of "Rosh Gadol" ("Big Head" in Hebrew) emerged—a focus on personnel with initiative, capable of rapidly acquiring necessary skills.
The idea is clear—I'll write about this many times, but personnel from the military were constantly "washing out" into the civilian sector, which led to the need to systematize the search for people whose time working for defense would be limited, often to the duration of mandatory service.
Back then, "startups" from Unit 8200 alumni were predominantly "blue" or simply military-oriented. For example, six years before Check Point, NICE Systems by Benny Levine appeared on the market, but it was oriented toward the military and only pivoted to the civilian market in the mid-nineties. In 1999, OneSecure by Nir Zuk appeared (a Check Point alumnus who went off to build his own company); in 2002 it was acquired by NetScreen—at the time Check Point's largest competitor—for $45 million. Comverse with their AudioDisk—also Israeli military and also initially a product for the military. Imperva (sold to Thoma Bravo fund for $2.1 billion) made a classic "blue" product.
But gradually it became clear that the main "strength" lay in offensive expertise.
First Startups (2000s)
In parallel with this, three very important events occurred in Israel and globally that directly influenced the transformation of 8200 into the largest talent forge.
First, the Israeli government launched the Yozma program. This was a very progressive program by the standards of the time for supporting venture capital funds: the country provided them with part of the money, the fund raised the other part itself, it insured risks and didn't claim profits. The program's main goal was not to generate profit, but to create a full-fledged venture ecosystem in Israel. It worked: the government invested $100 million in 10 venture funds, giving private investors an option to buy out the government stake at a fixed price, and the Israeli venture market grew from zero to $3 billion in ten years. But it didn't work in isolation: Israel had both a strong technical school and the American IT market as the end "consumer," meaning the program simply "filled" a missing niche in the ecosystem. Without the American market, it almost certainly wouldn't have achieved such results.
Overall, government support for venture capital funds is the norm in many countries around the world. In the United States, there was SBIC, which invested in Apple (not quite venture capital, but that's a topic for another conversation). Nokia received government funding. In the United Kingdom, there's BBB and other "funds of funds." Obviously, state funds exist in China and Russia as well—though RVK hasn't achieved any comparable results, hampered by the departure of international capital and weak protection of investor rights in Russia.
The second event was the dot-com crash in America—a catastrophic collapse of technology company stocks due to overly optimistic assessments of their prospects. Paradoxically, the dot-com crash of 2000–2001 didn't destroy Israeli high-tech; it gave it an enormous boost. American venture capital funds that had lost money on consumer internet projects began searching for more "grounded" and understandable solutions. Israeli cybersecurity looked exactly like that: a clear problem, real corporate clients, products with measurable results. Sequoia, Greylock, Bessemer, and other venture capital "giants" opened their Israeli offices or hired local partners.
Third, at the same time, the Second Intifada (2000–2005) created specific demand: the military needed new tools for real-time surveillance of civilian populations, processing large volumes of intercepts, and automating analysis. Unit 8200 received budgets for this and set tasks for young soldiers that in the civilian world would have cost tens of millions of dollars to develop. It was Unit 8200 that became the "technological foundation" for Israel's fight against terrorism and the creation of a total surveillance system in the Palestinian territories.
Predictably, these technologies entered the market along with their carriers. It was the Intifada that laid the groundwork for "red" projects.
To summarize: in the early 2000s, three factors converged in Israel—money appeared, along with challenges, people, and government support. Without any one of these factors, the chances of success would have been significantly reduced. At the same time, the first companies were "blue"—people from Unit 8200 and the technological wing of the Israeli military brought to market what they saw as ready products with market niches. For example, OneSecure, founded by Nir Zuk in 2000, is considered the first company to create a full-fledged Intrusion Prevention System (IPS) as a standalone device. That same year, CyberArk was founded. Its original product was privileged account management (PAM). Its creator Mokadi had seen this from inside military systems: it's the compromise of a privileged account that allows an attacker to do anything. Ultimately, CyberArk with its Digital Vault created an entire category—PAM—which hadn't existed as a separate market before. It went public in 2014, and in 2026 was acquired by another well-known company from Unit 8200—Palo Alto—for $25 billion.
And this is where personality played a role in history. The aforementioned Check Point had three founders: Unit 8200 alumni Gil Shwed and Shlomo Kramer, and Marius Nacht. Kramer left the company in 2003 and became one of the first serial entrepreneurs in Israeli cybersecurity. Moreover, he became the first in what's known as the "Check Point Mafia" (analogous to the famous PayPal Mafia, which included Peter Thiel, Elon Musk, Reid Hoffman, Jeremy Stoppelman, and others). Kramer became a co-founder, investor, mentor, and key node in the architecture of startups by Unit 8200 alumni. Co-founder of Check Point, Imperva, and Cato Networks, investor in Palo Alto Networks, Exabeam, Trusteer, WatchDox, LightCyber, and dozens of other companies. He participated in creating Gili Raanan's Cyberstarts—one of the first funds created as "Unit 8200 and friends," without outsiders.
Moving on. 2002—Imperva (Kramer + Miki Budai, both Unit 8200): web application and database protection. As technologies evolved, Check Point protected the network perimeter—what enters and exits the corporate network. Imperva asked the next question: what happens to data inside? When a hacker has already penetrated—what can they do? The Web Application Firewall (WAF) product intercepted attacks like SQL injection and XSS directly at the application level. This was a fundamentally new category, and Imperva in some sense created it. Ultimately, the company was acquired by Thoma Bravo in 2019 for $2.1 billion.
To be fair, AppShield from Perfecto Technologies might more correctly be considered the first WAF, and Ivan Ristić's ModSecurity appeared a year before the Israeli company, so technically the Israelis weren't industry pioneers. Incidentally, Budai (slightly less famous than Kramer) later became co-founder and CEO of Trusteer—a company sold to IBM in 2013 for $1 billion. This is just to understand how interconnected everything is.
And already in 2005, a star named Palo Alto Networks rose in Santa Clara, California. Its founder, Nir Zuk, was a Unit 8200 alumnus, one of Check Point's first employees, and an experienced virus creator. At the time, he was 34 years old. The company was immediately created for the American market; even the name was chosen to avoid immediate association with Israel. And his relationship with former colleagues was peculiar: he ordered a license plate for his car reading CHKP KLR—"CheckPoint Killer." He would arrive at meetings with investors and clients with this plate, and the sarcastic joke added fire to his pitches for Palo Alto Networks. Later, in 2013, when Palo Alto surpassed Check Point in revenue, Zuk installed a billboard along Ayalon Highway in Tel Aviv—right next to Check Point's office—with the slogan "You have just passed Check Point" (a play on words, as Check Point also translates as checkpoint).
In 2005, he assembled a team of 25 (!) former colleagues after his previous employer, Juniper Networks, ignored his idea for creating a fundamentally new firewall. Two years later, the PA-4000 series went into production, becoming the world's first NGFW-class device. In 2012, the company went public, and is now one of the market's flagships.
In the mid-2000s, a separate Endpoint Security category emerged. And immediately, companies founded by veterans of Israeli cyber intelligence appeared in this space—naturally, since during their service they had regularly broken into these very endpoint devices! And all the stories about USB attacks, phishing, and the first APTs—they're largely about Israel.
In 2006, the aforementioned Trusteer was founded (Mickey Boodaei, Oren Israeli—both from Unit 8200): real-time browser protection against viruses. Its emergence was largely driven by the Zeus and SpyEye trojans, which intercepted transactions directly in the victim's browser after the user had already authenticated on the bank's website. For example, Trusteer Rapport operated as an agent inside the browser, monitoring injection attempts.
Just a year later, an event occurred that would only become public knowledge much later, but would leave an indelible impression on the entire world. In 2007, the Stuxnet computer virus, created (presumably) by the NSA, CIA, and Unit 8200, was deployed on Iranian centrifuges. The Israelis were among the first in the world to prove that an attack could result in the physical destruction of a target, and that it could be just as effective as Israeli Air Force strikes—which that same year destroyed a Syrian nuclear reactor under construction in Deir ez-Zor.
Also in 2007, the iPhone appeared, which—along with the subsequent smartphone market explosion—posed a new challenge: corporate data was now on employees' personal devices that the company didn't control. BYOD (bring your own device) became a new headache. By 2008, MobileSmith and a series of startups around Mobile Device Management (MDM) had emerged, some founded by Unit 8200 alumni. But more significant was that during this period, Unit 8200 began systematically working with mobile communications interception—SS7 vulnerabilities, IMSI interception, mobile network metadata analysis. People who worked with these systems later founded companies in two directions: legitimate mobile security (MDM, MAM) and offensive mobile intelligence. Simply put, that's when Unit 8200 began breaking into targets' mobile devices at scale.
An Ecosystem Instead of Enthusiasts (2010s)
In June 2010, a client from Iran approached a small private firm in Minsk called VirusBlokAda. The problem seemed routine: a computer was spontaneously rebooting (boot loop) and running slowly, despite having antivirus software installed. The Belarusians weren't a "random" choice: they were competent, had local partners, and could work with a sanctioned country. The team lead was an experienced Belarusian malware expert, Sergey Ulasen.
For Sergey and his small team in Minsk, the discovery became a turning point. They very quickly realized they were dealing with something whose complexity exceeded any malicious program they had ever seen before.
"It was like seeing alien technology. We looked at the code and understood that behind it were years of development and enormous budgets."
Four zero-day vulnerabilities, two legitimate certificates, complete autonomy, anti-analysis protection—but most shocking was its purpose. The virus searched infected machines for the following Siemens software: PCS 7, WinCC, STEP7. If found, it took control, checked what equipment was connected, and if it determined it was a centrifuge rather than any other factory system, it rewrote part of the controller code, setting incorrect rotation speeds. The developers were likely provided with a test rig for tuning the virus... or an actual centrifuge. We wouldn't be surprised. More details here.
On June 17, 2010, a small Belarusian firm discovered Stuxnet—the first modern example of cyberweapon, meaning a malicious program created to inflict maximum damage on an adversary.
The entire world came to understand that software capable of physically destroying industrial facilities had emerged. This, of course, upended the industrial security market and made Israeli offensive security specialists globally sought-after—governments, corporations, and private investors began actively seeking access to this expertise. Unit 8200 started becoming a global brand after the Stuxnet scandal. Incidentally, 8200 alumni also made their mark in industrial security: think Claroty (2015), Dragos (American, but with Israeli consultants), and Indegy (2014, acquired by Tenable).
In 2011, Netanyahu's government announced the creation of a national cyber strategy. Israel officially declared cybersecurity a strategic priority—on par with defense and energy. The National Cyber Bureau was established under the Prime Minister's Office (later transformed into the INCD—Israel National Cyber Directorate).
In parallel, a decision was made to create CyberSpark in Be'er Sheva: a technology cluster adjacent to the IDF base (where Unit 8200 and related units are located), Ben-Gurion University, and the R&D operations of major tech companies. The logic was straightforward: if Dell, Lockheed Martin, IBM, and Oracle opened R&D centers within two kilometers of Unit 8200, the unit's top graduates could transition there without leaving the country, then later, having gained experience, launch their own companies.
Then in 2012, Gili Raanan (ex-Checkpoint) founded Cyberstarts, a venture fund specializing in early-stage Israeli cybersecurity. The fund was built around a network of Unit 8200 veterans: Raanan got deal flow ahead of others because founders trusted him as one of their own. Early investments—Wiz, Axonius, Orca Security—would deliver returns incomparable to market averages. This created the "second tier" of the "Checkpoint Mafia"—serial founders and investors.
2013—Assaf Rappaport, Yami Lutwak, and Roy Reznik (all Unit 8200) created Adallom, a SaaS application security solution. Corporate data had migrated to the cloud, but there were no tools to understand who was accessing it and what they were doing with it. Adallom essentially created the CASB (cloud access security broker) category. Microsoft acquired it in 2015 for $320 million; today's Microsoft Defender for Cloud Apps is its successor. And this same team five years later founded Wiz, the protagonists of the M&A saga with Google.
That same year saw the emergence of Illusive Networks (Ofer Israel—Unit 8200). This was deception technology—a technique for deceiving attackers, derived entirely from military logic and the honeypots and decoys actively used in Unit 8200. Anyone who touches them is by definition an attacker, because a legitimate user should never see them.
2014—Indegy (Barak Perelman, Mille Gandelsman—Unit 8200): industrial network security, a direct descendant of Stuxnet developments. The product provided visibility into what was happening in OT networks (operational technology)—those that control physical processes at factories, power plants, and water systems. That same year, CyberArk went public, demonstrating to the entire market: from a niche PAM technology vendor, an Israeli company was transforming into a tech giant in the American market.
Looking at the chronology as a whole, one pattern emerges that's rarely articulated explicitly. Each generation of Unit 8200 startups defended and attacked the surface that was, at that moment, most actively exploited by real adversaries—those Unit 8200 worked against on the other side of the barricade.
In the early 2000s, the main problem was perimeter breaches through the web—and Imperva emerged with WAF. In the mid-2000s—targeted attacks on privileged accounts—and CyberArk. In 2007–2010—banking trojans in browsers—and Trusteer.
After 2010—industrial systems—and Indegy, Claroty. After 2013—cloud applications—and Adallom/Wiz.
This is no coincidence. Unit 8200 didn't just produce technical specialists—it produced people who knew exactly how attacks were carried out and had practical experience conducting such attacks. In commercial cybersecurity, this is the most valuable knowledge.
That said, not everyone who played a major role in the lives of Unit 8200 alumni was a professional hacker. One of them—Nadav Zafrir—was no computer genius. He was the son of a diplomat and spent most of his youth with his family in Latin America. In 1988, he was drafted into the IDF, and computers held little interest for him at the time; he specialized in something quite different. He began his military career in the paratroopers brigade, from which he managed to get into Sayeret Matkal—the General Staff's special forces unit, a prestigious, well-known, and classified formation (our equivalent would be GRU Spetsnaz). Details of his service remain unknown. Awards aren't particularly popular in Israel—for instance, the country's highest military decoration, the Medal of Valor, hasn't been awarded since 1975, and before that only 40 people received it, half posthumously. So the personal Chief of General Staff Citation that Zafrir received in the mid-nineties was already quite significant.
During his service, Zafrir worked extensively with the aforementioned Unit 81—a more compact analog of 8200 that works exclusively with hardware. For example, it's believed that in the 1970s, Sayeret Matkal installed listening devices on numerous Arab communication lines. In short, Unit 81 is something of a "James Bond workshop."
It was then that Zafrir met Guy Sella, commander of Unit 81, a tech geek, entrepreneur, investor, and one of the (future) cult figures in Israeli high-tech. Incidentally, Sella was the founder of SolarEdge Technologies, one of the leaders in the American renewable energy market. This acquaintance turned Zafrir's life upside down—soon after, to everyone's surprise, he was appointed deputy commander of Unit 81.
Here's the funny part: not only did he lack technical education at that point, he wasn't even an officer! Legend has it that this fact came to light by accident: Zafrir was ordered to appear at a meeting in dress uniform, after which everyone present discovered with some surprise that technically speaking, Zafrir was still a non-commissioned officer. However, the then-commander of Matkal, Boogie Ayalon, promoted him to officer rank right there on the spot—and this story perfectly captures the way things work in the Israeli army.
After five years with Unit 81, Zafrir moved to deputy commander of 8200, and four years later (in 2009) became its commander. Zafrir ended his 25-year military career in 2013 with the rank of brigadier general. But the most interesting part was just beginning—and now you'll understand what this whole long story was leading to.
The thing is, already in 2014 Zafrir and two other former colleagues created the first full-fledged incubator (and venture fund, of course) for startups founded by Unit 8200 alumni. His partners were Israel Grimberg (former CTO of 8200), Liran Grimberg (also from intelligence, focused on marketing), and slightly later Yuval Shachar (former head of R&D at 8200). And here's the key point—this wasn't just a venture fund, but a venture studio. Zafrir and company helped find clients, the right people, CEOs, searched for ideas and assembled teams around them. In its first ten years, the fund built and invested in over forty companies, attracted Microsoft, Cisco, Walmart, and Temasek as investors, and brought total assets under management to $1.2 billion.
In 2015, the fund founded Claroty—an industrial and operational security company. In 2021, the company became the first unicorn in team8's portfolio. Another example is Sygnia—team8 invested $4.3 million in it, and less than a year after launch it was acquired for $250 million by Singapore's state holding company Temasek. Other significant exits from the fund include Talon and Dig Security, sold to Palo Alto Networks for a combined $1 billion, Curv, acquired by PayPal, and Portshift, absorbed by Cisco. But even this wasn't the end of Zafrir's career.
In December 2024, Zafrir took the helm at Check Point—a company founded thirty years earlier by another graduate of the same unit. Ironically, his main task in this position was to... catch up with Palo Alto Networks.
"The New Reds" (2010s)
Part One—Those Who Did It Wrong
The intifadas, counterterrorism efforts, and constant attacks on Palestinian militants' and activists' devices led Unit 8200 to accumulate over the years an enormous body of expertise in perhaps the most unsavory aspect of their work—mass surveillance. And yes, that's how Pegasus came to be. Put simply: it couldn't not happen.
In the spring of 2009, a representative of a certain European intelligence service approached two Israeli entrepreneurs (Shalev Hulio and Omri Lavie—naturally from 8200). At the time, their startup CommuniTake was developing a tool for remote technical support: it allowed mobile operators to connect to a customer's phone and fix problems. The Israelis were asked a question that would change the world of cybersecurity: could you do the same thing, but WITHOUT the user's knowledge? That's how NSO Group came into being in 2010—founded by Niv Carmi, Shalev Hulio, and Omri Lavie. The company's name is an acronym of the founders' first initials: Niv, Shalev, Omri. Hulio and Lavie are childhood friends commonly believed to be former members of Unit 8200; Niv Carmi came from Mossad.
The first product didn't even have a name. It was a suite of exploits that allowed complete access to a target's smartphone. Technically, it was an elegant solution: exploiting vulnerabilities in the browser, operating system, and system processes, the program installed itself on the device and then began transmitting everything to operators—messages, calls, messenger conversations, geolocation, files. The device became a listening device whose owner had no idea it existed.
The business model was fundamentally different from typical cybersecurity companies. NSO didn't sell software licenses. It sold an "intelligence platform"—a package that included exploits, infrastructure, a management operating system, operator training, and technical support. Only governments could be clients. The price of a single "deployment"—installing the system for a specific customer—ran into the millions of dollars.
The company's annual revenue was around $40 million in 2013 and grew to $150 million by 2015. Back then, the Israelis hadn't yet developed 0-click attacks and were actively using 1-click. On August 10, 2016, human rights activist Ahmed Mansoor from the UAE received two SMS messages on his iPhone promising "new secrets about torture in Emirati prisons." Mansoor was experienced enough not to click the link. Instead, he forwarded the messages to Citizen Lab—a Canadian research organization at the University of Toronto.
The researchers recognized the links: the domain name belonged to infrastructure they had already associated with NSO Group. They clicked the link from a test iPhone—and captured the attack in real time.
What they discovered became the first public documented evidence of Pegasus's existence. The exploit chain—dubbed Trident—included three iOS zero-day vulnerabilities that allowed a complete remote jailbreak of an iPhone. This was the third time Mansoor had been targeted by commercial spyware: in 2011, FinFisher was used against him; in 2012, a Hacking Team product. But the genie was out of the bottle. Citizen Lab published a detailed technical report, and the Washington Post, Guardian, and dozens of other outlets reproduced its contents. The world learned that a commercial company existed that sold governments an iPhone hacking tool with capabilities rivaling the NSA.
But the most explosive event was something else.
In the fall of 2018, Saudi journalist Jamal Khashoggi was murdered and dismembered in the Saudi Arabian consulate in Istanbul. The investigation revealed that in the months leading up to the murder, Pegasus had been used against the journalist's inner circle. Amnesty International established that the phone of Khashoggi's fiancée, Hatice Cengiz, was successfully infected in the days immediately following his murder. CEO Shalev Hulio stated that the company had no connection to the "horrible murder," but refused to comment on reports that he had personally flown to Riyadh to close a $55 million contract.
In 2021, the main myth was shattered—about "surgical precision" and exclusively counterterrorism use. Among the identified potential targets were 189 journalists, more than 600 politicians and government officials, at least 65 top executives, 85 human rights defenders, and several sitting heads of state. In November 2021, the Biden administration added NSO Group to the list of organizations under trade sanctions as acting "contrary to the foreign policy and national security interests of the United States."
Part Two —those who promised to do it right
By 2018, NSO Group had become a toxic brand. Pegasus had been exposed in Mexico against journalists, in the UAE against human rights defenders, and Amnesty International and Citizen Lab were circling the company's name. Western governments—potential buyers—faced an awkward choice: the technology was needed, but publicly associating with NSO was impossible.
The Israeli intelligence community saw the problem differently. The scandals around NSO threatened not just one company's reputation—they threatened the entire industry.
If Israel loses credibility as a supplier of intelligence technologies, it will strike at a strategic instrument of influence that the country has carefully built over two decades.
What did the Israelis do? That's right, they started a new company!
Paragon Solutions was founded in 2019 by former Unit 8200 commander Ehud Schneorson, along with Idan Nurik, Igor Bogudlov, Liad Avraham, and former Israeli President Ehud Barak—the latter, obviously, handling government relations. Schneorson was the commander who succeeded Zafrir. That's when the first scandal erupted: many believed he had simply poached part of Unit 8200's experienced team (not conscripts, but career personnel), offering them commercial salaries that the military simply couldn't match. Nurik as CEO, Bogudlov as CTO, and Avraham as research director formed the operational backbone. All three came from Israeli military intelligence circles, and "extracting" the right people from any Israeli structure wasn't much of a problem for them. After all, this company was being created by a former president!
The irony is that Paragon was created as "NSO for democracies"—its product surgically precise, preventing abuse, used only to fight "bad guys," and no more surveillance of journalists, ex-wives, and Khashoggi... yeah, right!
According to Citizen Lab's description, Graphite provided "access to messaging apps on the device, rather than full control over the entire phone." In practice, this meant: intercepting conversations in WhatsApp, Telegram, and Signal, extracting files linked to these apps, accessing cloud backups. The distinction is real, but not fundamental. For most purposes, messaging app conversations are all the private life that intelligence services care about. Access to Signal means access to the most encrypted communication channel that exists. The claim that Graphite is "less invasive" than Pegasus was roughly equivalent to claiming that reading someone's mail is less problematic than installing a massive video camera in their apartment.
Technically, Graphite used zero-click exploits—infection without a single action by the victim. The CVE-2025-43200 vulnerability used in documented 2025 attacks was a logic error in iOS media file processing, had a critical CVSS rating of 9.8, and was activated through a malicious photo or video transmitted via an iCloud link.
The irony is that the Biden administration, with one hand adding NSO GROUP to blacklists, with the other was signing contracts with Paragon—the positioning worked. Besides the Americans, there were other U.S. NATO partner clients. One of them was Italy, whose intelligence services purchased the software, naturally, for matters of national importance. Yeah, right...
On January 18, 2025, WhatsApp named a list of 90 journalists attacked by Paragon's Graphite spyware. On March 19, 2025, Citizen Lab published Report No. 183—the first complete technical investigation of Graphite's infrastructure and operations.
Paragon terminated its contracts with Italy, citing abuse. And then on February 11, 2026, Paragon's General Counsel Reut Yamen posted a photo on LinkedIn. The image showed her monitor screen with an open Graphite dashboard.
The interface contained: a Czech phone number with the name "Valentina," interception status "Completed" dated February 10, 2026, categories of collected data—"Apps," "Accounts," "Media," data from encrypted applications.
Security researcher Jurre van Bergen, under the pseudonym @DrWhax, noticed the photo and spread it. By the time Yamen deleted the post, screenshots had already circulated through all relevant channels. Citizen Lab called the incident "an epic operational security failure."
However, the biggest scandal in Paragon's history happened slightly earlier.
In December 2024, Paragon was sold to American private investment firm AE Industrial Partners and merged with Virginia-based REDLattice. The deal was valued at $900 million. Barak received approximately $20 million in the first stage. The key reason for the deal was sales problems in the U.S.—Americans were willing to purchase such services from an American company, but not from an Israeli one.
The problem was solved quite simply.
A senior Unit 8200 officer told an Israeli publication: "When we realized that Meta had disclosed the vulnerabilities that Paragon was using to hack phones, it immediately caused panic. We held a meeting and decided we would have to shut down capabilities against our targets. In our world, this means losing critical intelligence—and all of this during wartime."
Shneorson and Barak were accused of selling strategic state assets in the midst of war. "These powerful tools, once out of Israel's control, could be turned against us," critics wrote at the time. And after it emerged that Meta had disclosed some of the vulnerabilities being used during the deal, panic broke out among current Unit 8200 personnel, spilling into the press. This was the first confirmation that Paragon and Israeli intelligence services were using more or less the same set of exploits.
The Present Day (late 2010s to present)
- The Greatest Catastrophe
By the late 2010s, Unit 8200 had reached what the Israeli military community calls "complete information dominance." The operation against Iran was multi-year and methodical: attacks on the Shahid Rajaee port infrastructure in 2020, arson and explosions at nuclear program facilities, physical elimination of scientists. In 2020, Unit 8200 members received medals for a cyberattack on an Iranian port—as retaliation for Tehran's attempt to attack Israeli water treatment plants.
In parallel, the unit was undergoing an internal transformation whose significance would only become clear after October 7th. In 2019, Brigadier General Yossi Sariel became commander of Unit 8200—a technocrat and firm believer in machine learning and big data. Under his leadership, the unit began systematically shifting from intelligence as an analytical discipline to intelligence as an engineering problem. Israel decided: the future lay in rapid analysis of big data. And they were right... partially. Israel was building a "small, technocratic army," surrounding Gaza with surveillance systems, sensors, walls, and turrets.
Surveillance specialists... were reassigned to other tasks.
The thing is, besides "hackers" and security specialists, Unit 8200 always had groups of Arabic-speaking specialists: they helped attack devices, participated in intelligence operations, and better understood context—for example, better understanding what a Gaza resident says when their speech is saturated with local metaphors, euphemisms, and so on. A program trained on "standard Arabic" cannot translate these accurately enough. People can.
Unit 504 (Humint) was shifting focus to Lebanon, Shin Bet and the army were closing Arabic-language units, while the "smart" machine failed to understand that Hamas operatives were using the word "watermelon" as code for bomb. And in 2022, Unit 8200 stopped monitoring Hamas radios, considering it a waste of time.
On the night of October 7, 2023 (the Hamas attack), Unit 8200 was not conducting operational work on the Gaza border. The world's largest SIGINT unit, equipped with the most advanced technology, on the morning of the largest terrorist attack in Israeli history simply wasn't working—they had an official day off.
- Money, Clouds, and AI
By 2017, a globally unique investment ecosystem had formed around Israeli cybersecurity. Four funds—Team8, Cyberstarts, Glilot Capital, and YL Ventures—occupied a niche that existed nowhere else in the world: early stage, exclusively cybersecurity, exclusively graduates of intelligence units.
Gili Raanan, founder of Cyberstarts and partner at Sequoia Capital, says that even when he's not deliberately seeking founders with military backgrounds, 90% to 95% of the teams he meets consist of Unit 8200 veterans.
It's a self-reinforcing cycle that's extremely difficult to break from the outside. The best Unit 8200 graduates go to Cyberstarts or YL Ventures because they'll provide funding faster and with fewer questions. Cyberstarts and YL invest in them because they already know these people from serving together. Portfolio companies hire new Unit 8200 graduates because they trust them. Those graduates then go on to found startups—and approach the same funds.
The data confirms the effectiveness of this closed system: the four tier-1 Israeli VCs seeded 25% of all companies that exited above $100 million; of all exits above $100 million, they financed 41%. Cyberstarts has the highest number of exits above $100 million and leads in total number of exits in Israeli cybersecurity.
In 2017, Axonius emerged (Dean Sysman, Ofri Shur, Avidor Bartov—all Unit 8200): a company that solved a problem CISOs had known about for years but hadn't articulated as a product category. By 2017, any large corporation had dozens of tools for managing devices, identity, cloud resources, and endpoint agents. But nowhere was there a single source of truth: an answer to the simple question "what devices are actually connected to our network and what's installed on them?" The startup solved this problem.
In less than five years, the company reached a $2.6 billion valuation and exceeded $100 million ARR. By 2024, Axonius was operating in more than 70 U.S. federal agencies, including the Pentagon and the Department of Homeland Security. In December 2024, the Department of Defense selected Axonius to modernize its Continuous Monitoring Risk Scoring (CMRS) program—a system that tracks cyber risks across all DoD networks.
The COVID-19 pandemic did for Israeli cloud cybersecurity what October 7th would do for recognizing intelligence failures—it forced everyone to act immediately. Within a few weeks in early 2020, corporations worldwide moved hundreds of thousands of employees to remote work. Data that had been stored within the protected perimeters of office networks was suddenly scattered across home computers, cloud applications, and Zoom calls. CISOs around the world simultaneously realized they didn't understand where exactly their data was located or who had access to it.
In January 2020, four Unit 8200 graduates—Assaf Rappaport, Ami Luttwak, Roy Reznik, and Yinon Costica (we mentioned them earlier)—founded a company in Tel Aviv. All four had worked together before: in 2012 they founded Adallom (CASB), which was sold to Microsoft for $320 million in 2015. After the sale, Rappaport became CEO of Microsoft's Israeli R&D center. In January 2020, he left.
The new company was named Wiz.
The product was simple in concept and complex in execution: Wiz connected via API to cloud environments—AWS, Azure, Google Cloud—and scanned them for vulnerabilities without a single installed agent. CISOs received a dashboard with a complete picture of cloud security: all attack surfaces, prioritized by risk. The technical idea came from Unit 8200. Rappaport and his team in military intelligence had worked on a problem that became the mirror image of the corporate one: how to gain a complete picture of someone else's infrastructure without inside access.
The agentless approach—reading cloud configuration through public APIs instead of installing agents on every machine—was a transfer of intelligence thinking into corporate cybersecurity.
The startup became a global phenomenon, posting record growth: from $1 million to $100 million in revenue in just 18 months. Within a few years, Wiz would become the most successful Israeli cybersecurity startup of all time.
In 2021, Israeli cybersecurity companies raised a record $8.8 billion across more than 100 deals. That was nearly triple the 2020 figure and accounted for 40% of all global venture capital funding in cybersecurity. Eleven new companies achieved unicorn status in a single year—meaning one in every three cybersecurity unicorns worldwide at that point was Israeli.
Most of them were founded by Unit 8200 alumni.
Israeli cyber startups are flooding the world. Their name is legion. Orca Security (Avi Shua and Gil Geron, Check Point veterans), Cyera (Yotam Segev and Tamar Bar-Ilan), and countless others. But the most remarkable company came a bit later.
- AI Agents and Our Time
This story featured many extraordinary people, all of them men. But the most remarkable protagonist of this tale is a woman.
Sanaz Yashar was born in Tehran in the early eighties. She was a bright and talented girl who excelled in school. In the mid-nineties, she skipped two grades and became the only girl to compete in the city chemistry olympiad. As it happened, she won.
The grand prize was a tour of an actual nuclear reactor—a facility Israel would spend billions of dollars trying to destroy. The message to the children was clear: you are our country's future, this is where you belong.
Yashar had exactly two problems. First, like many Iranian teenagers, she deeply disliked the Iranian authorities. Second, Yashar was Jewish—a fact that wasn't hidden. At 17, after numerous threats, her family fled to Israel.
Around age 21, after earning her bachelor's degree from Tel Aviv University, she found herself in Unit 8200. Sanaz stayed in the military for an extended period—she retired after 15 years of service with the rank of major. Her specialty was cyber operations against Iran.
Then came Cybereason, leading the cyber threat analysis group at FireEye/Mandiant, including investigating cyberattacks on several Israeli hospitals—during which time she met Ben Seri and Snir Havdala. For context, Havdala is a Unit 8200 veteran with ten years of service, recipient of the Israeli Defense Prize and the IDF Chief of Staff's Technology Prize. Seri is a graduate of Unit 81, which specializes in hardware development, also a Defense Prize laureate.
In other words, these are extremely serious people even by Unit 8200 standards. That's when they identified a problem: existing security solutions operated within their own perimeter and didn't interact with each other, especially when it came to software from different vendors. They didn't share information and got in each other's way.
In 2022, Google acquired Mandiant for $5.4 billion. Walking away from a company just acquired by Google at a multibillion-dollar valuation means leaving precisely when most employees are hunkering down, waiting for their vesting to kick in. Yashar clearly operated by a different set of principles.
Zafran was founded in 2022—not as yet another security tool, but as a platform that aggregates data from all existing tools (EDR, firewalls, cloud systems, vulnerability scanners) and asks a question no one had systematically asked before: out of the thousands of vulnerabilities you have, which ones are actually exploitable right now—and are they already covered by your existing defenses?
This sounds like a technical detail. In reality, it's a paradigm shift. Traditional vulnerability management says: here's a list of everything you need to fix. Zafran says: from that list, here's what's dangerous in your specific configuration right now—and here's what the AI agent has already fixed autonomously while you were reading this report. AI serves two functions here. First—prioritization: the model analyzes correlations between data from different tools and attack context, something impossible to do manually within a reasonable timeframe. Second—autonomous remediation: agents don't just flag problems, they automatically apply mitigations—firewall configuration changes, EDR rule updates—without waiting for human intervention.
At the peak of the AI boom, the company was flooded with money. In 2024—two rounds totaling $70 million: Sequoia Capital, Cyberstarts, and, unusually for a cybersecurity round, Penny Jar Capital from NBA player Steph Curry.
December 2025—another $60 million, a round led by Menlo Ventures with participation from Sequoia and Cyberstarts. All told, by early 2026—$130 million in raised capital, ARR tripled in a year, company valuation in the hundreds of millions of dollars.
It was far from alone: in 2023, Prompt Security emerged (Itamar Golan and Lior Drihem—both 8200). The product scans all touchpoints between the corporate environment and AI tools: browser extensions, coding assistants, internal applications, API integrations. It looks for data leaks in prompts, prompt injection attempts, policy violations. By 2024, Prompt Security found itself at the center of M&A interest. Then there was Blockaid, a Web3 platform (Ido Ben-Natan and Raz Niv—both 8200), and many others.
By 2023, the Israeli cybersecurity ecosystem faced new dynamics. The market began consolidating. Palo Alto Networks, CrowdStrike, Microsoft were building out their own platforms, acquiring specialized players. Israeli startups faced a choice: go public (and compete with platforms in the open market), sell to a strategic buyer, or become platforms themselves.
The data shows: nearly 50% of Israeli founders whose companies were acquired for more than $100 million over the past decade served in 8200. The average acquisition price for companies founded by 8200 alumni exceeds $317 million.
Wiz chose the third path—become a platform independently, through aggressive acquisitions. In 2024, the company bought Gem Security for ~$350 million and Dazz for ~$450 million. Meanwhile, Google offered $23 billion—Rappaport declined, deciding to pursue an IPO. In March 2025, Google came back with $32 billion. This time Wiz agreed.
This is the largest deal in cybersecurity history and the largest acquisition in Google's history. A company founded in January 2020 reached $32 billion in five years. All four founders—veterans of 8200.
The Bottom Line
By 2023–2024 estimates, 8200 alumni have founded over 1,000 startups—in cybersecurity alone. Including consumer tech, telecom, and other sectors, the total number of companies exceeds this figure. At least five publicly traded companies on U.S. exchanges founded by 8200 alumni have a combined market cap of around $160 billion—and that's without counting companies already acquired by major players.
In 2024, Israeli cybersecurity companies raised $3.8 billion across 75 deals—accounting for 36% of all tech funding in the country, despite cybersecurity firms representing just 7% of Israel's tech companies.
In 2021, Israeli cybersecurity technology exports totaled $11 billion—roughly 10% of the global market.
In 2024, private cybersecurity funding in Israel nearly doubled compared to 2023, reaching the equivalent of 40% of the entire U.S. venture capital market for cybersecurity.
- Unit 8200 has long since evolved from a military unit into something resembling a university.
Over the past decade, companies founded by Stanford alumni have raised $166 billion in venture funding. Harvard—$173.5 billion. MIT—$45.9 billion. Unit 8200—approximately $44 billion. Stanford leads all universities in unicorn founders: 285 graduates have founded 207 companies valued above $1 billion.
Now for context. Stanford graduates roughly 17,000 students per year—undergraduates, master's students, and doctoral candidates. Unit 8200 graduates about 1,250 people annually.
If we roughly compare per-capita productivity: companies founded by Unit 8200 alumni are collectively worth over $200 billion by 2026 (counting only those mentioned above, excluding Check Point and Palo Alto). That's roughly the same order of magnitude as Stanford—with an alumni population 13 times smaller.
In other words, each Unit 8200 graduate generates approximately 10–15 times more market value than each Stanford graduate. And Stanford has been operating for ninety years, while Unit 8200 has functioned as a startup incubator for roughly twenty.
- Selection and Recruitment Methods
First, a few words about how the Israeli military is staffed—Unit 8200 is very much a product of this system.
The IDF is built on a system of conscription for mandatory service followed by transfer to the reserves. This is called "miluim," and a reservist is a "miluimnik." Unlike most other countries, the "reserves" aren't just a formality—reserve soldiers serve in permanent units (reserve brigades, battalions, etc.), are regularly called up for reserve duty with their unit, participate in exercises, and when necessary fight in wars just like active-duty conscripts. The Swiss system is the closest parallel to Israel's.
The Israeli military as a whole has several aspects that are atypical and difficult for outsiders to grasp:
- no higher military education (except for the "general-level" National Security College). Both officers and complex technical specialists (including pilots) go through "courses." An infantry officer trains for about 9 months, learning only what's necessary—their task is purely utilitarian: to fight. A pilot trains for 3 years (not counting academic degrees). Meanwhile, training a soldier takes roughly the same amount of time—8-9 months.
- reservists form the backbone of the army. Even among technical specialties (such as aviation technicians), the majority are reservists. Even 70% of pilots are reservists who fly 1-2 times a week and work civilian jobs the rest of the time. The military has a culture of constant rotation in positions from platoon commander to fleet commander (called "cadence"). Those who've served maintain their connection to the military.
- the military defines social connections. The majority of Israelis serve, and often it's the military that determines a conscript's network. For example, serving in the Air Force flight crew or as a naval officer is highly prestigious. As is serving in 8200.
A fundamental difference between 8200 and other similar units worldwide is that more than half of its personnel are conscripted soldiers.
These are people who arrive after high school (less often after their first academic degree) and will almost certainly leave after completing their service.
8200 doesn't look for ready-made specialists. It seeks people with maximum learning potential—and invests state resources in them while they're still teenagers.
This leads to a counterintuitive principle: prior technical knowledge is secondary in the selection process. For example, the Magshimim program (which teaches talented teenagers programming and cybersecurity) accepts roughly 30% of applicants—after testing and interviews that assess determination, commitment, and social skills, but not prior computing experience. In other words, existing skills are deeply secondary; learning speed is what matters. Magshimim is overseen by the Ministry of Defense and the private Rashi Foundation—typically about a third of its graduates end up in 8200 and other technical units.
The earliest identifier of a potential recruit is the Gvahim program, which accepts students around grades 4-6. It's a kind of "tagging" system for talented teenagers—they learn robotics, logic, and programming basics.
Grades 9-12 are crucial for military "selection." Here there are different programs—Magshimim/Mamriot, Gvahim (for the ultra-Orthodox), Nahshon (schools in the periphery), Maantech (Arabs). These are primarily programs for "finding talent in the periphery"—enrolling from, say, wealthier Tel Aviv is virtually impossible; there the issue is resolved through private courses and "elite" schools.
Importantly, active and former military personnel are deeply integrated into these programs, especially in places like Beer-Sheva, where Unit 8200's base is located. The city itself has the status of a kind of "cyber capital," with Ben-Gurion University and a high-tech park nearby. Let's emphasize again: the key to testing isn't finding the "best professionals," but finding those who can learn the fastest. This has both obvious advantages and obvious drawbacks.
Around age 16, top candidates (or graduates of Magshimim/Mamriot, who automatically get flagged in their files) receive an offer to undergo extended testing—mathematics, programming, cryptography, psychological assessment. Running parallel to this is the Cyber Defense Cadet League (CTF), though it's more related to pre-military preparation. Overall, preparing for military service is quite common in Israel.
A separate topic is Atuda, which is essentially a "deferment" program for obtaining an academic degree. It's popular in technology fields and obviously often involves degrees in engineering or computer science. Many well-known founders of successful companies went through Atuda (though many didn't).
Key tracks within:
- Gama (offensive) — the main track that most recruits go through. Red team operations, social engineering, covert device penetration. This is what civilians call offensive security.
- Erez / Erezim — the data science track. Recruits can earn a dual academic degree here (mathematics and computer science) funded by the military over two years. Requirement: exceptional mathematical abilities. This is essentially parallel university study during service.
- Havatzalot — the analytical track. The program trains intelligence analysts for assignment to 8200, 9900, and other intelligence units. Upon graduation, graduates receive the rank of lieutenant. People who serve here often have strong command of needed languages (Arabic, Farsi).
- Talpiot — technically a separate program from 8200, but closely connected to it. Essentially, military service plus an academic degree. High-tech of the highest order.
Demobilization is not the end of one's connection to the system.
The 8200 Alumni Association brings together around 14,000 people worldwide and has launched the EISP program (a startup accelerator) and Impact (social technologies). These programs have supported more than 300 companies, over half of which remain operational. In essence, this vast reserve of veterans forms the powerful social networks that enable the search for suitable candidates.
This is a rare feedback mechanism between the military and civilian sectors that exists in no other country.
How feasible is it to replicate this in Russia?
The short answer: impossible.
The longer answer is more complex. Russia already has a fairly strong mathematics education system, an olympiad structure, and technical skills training for schoolchildren, including in cybersecurity. Russia has no shortage of candidates for this type of unit—we have mechanisms for identifying gifted children, launching an analog of Magshimim would be straightforward, and CTF communities exist as well. The problem begins the moment a student turns 18.
Russia has no de facto mandatory military service. In Israel, huge numbers of conscripts also avoid uniforms, but the army's influence on society runs much deeper. In Russia, conscript service is isolated from contract service; conscripts typically don't fight (unlike in Israel, where they form the backbone of combat-ready units). Similarly, conscript service is an "obligation" for those who couldn't find a legitimate reason to avoid it, while an academic degree is a perfectly legal exemption from service.
The key, fundamental, and irresolvable problem is that the Israeli system deliberately lets people go. The system works because graduates enter the civilian market and create companies. Recruits know this from the moment they're drafted. This makes service attractive: you're not just fulfilling an obligation, you're gaining seed capital for your future career.
In the Russian context, the system would face an obvious contradiction—people who have potentially acquired real cybersecurity competencies in the military are confronted not with an "exit" into the venture capital market, but with non-disclosure agreements, travel restrictions, and extremely murky prospects for monetizing their acquired skills.
The Israeli system works because the state deliberately lets people go—and extracts value from their success indirectly, through taxes, exports, and geopolitical influence. This requires a certain institutional faith that the "leakage" of capital and technology into the civilian sector is a benefit, not a threat. This is philosophically incompatible with a logic where the FSB or GRU views its former employees primarily as objects of control. Moreover, their technical competencies often fall short of colleagues from the "commercial" sector—there's simply nothing to leak.
Perhaps the most promising alternative is corporate training programs, where private companies and state-owned enterprises attempt to create a pipeline from schoolchildren to cybersecurity specialists. But even here, much is lost—people enter the corporate environment directly, bypassing what in Israel is called "the army."
Unit 8200 is not a random anomaly. It's a system cultivated under specific conditions: a small country facing an existential threat, mandatory conscription creating an annual flow of young people, an open civilian market with venture capital funding, a legal system that protects intellectual property, and—most importantly—thirty years of consistent effort.
We won't be able to build something similar. We need to create something of our own.