Picus Security provides a security validation platform that simulates real-world cyberattacks (breach and attack simulation) to continuously test defenses, pinpoint control gaps, and recommend remediations. Pulse 2.0 interviewed Picus Security co-founder and CEO H. Alper Memiş to gain a deeper understanding of the company.
Alper Memiş’ Background
Could you tell me more about your background? Memiş said:
“After more than 20 years in international business, finance, and strategy, I gained a deep appreciation for how risk and resilience shape organizations. During my time as an executive in treasury and risk management, I saw just how fragile digital defenses can be and how quickly vulnerabilities turn into business risk. Founding Picus Security gave me the opportunity to apply that perspective to cybersecurity and build a company focused on providing organizations a reliable and measurable way to strengthen their defenses.”
Formation Of The Company
How did the idea for the company come together? Memiş shared:
“In 2013, we recognized that most organizations were making critical security decisions without knowing how effective their defenses were. Traditional penetration tests and vulnerability scans only provided limited, one-off snapshots that quickly became outdated. Security leaders needed continuous visibility into their security posture, and we built Picusto fill that gap. From the very beginning, our mission has always been to help organizations validate their defenses against real-world threats on an ongoing basis, replacing assumptions with clarity and evidence.”
Core Products
What are the company’s core products and features? Memiş explained:
“We have developed a platform to support organizations in continuously testing, measuring, and improving their security effectiveness. We include adversarial simulation and automated validation so customers can see how tools will react to the latest attack techniques and immediately see where their controls are lacking. A major differentiator is our ability to focus on exposures specific to customer environments so teams can focus on what attackers can actually exploit. We also quantify risk that business leadership can understand, so they can consider their exposures in financial terms and make informed decisions to prioritize fixing security gaps that align with business objectives.”
Evolution Of The Company’s Technology
How has the company’s technology evolved since launching? Memiş noted:
“We pioneered breach and attack simulation, and over the years, we’ve expanded to a broader exposure validation platform. This includes automated penetration testing, risk quantification, and integrations that support Continuous Threat and Exposure Management (CTEM) programs. Our technology has grown in tandem with the complexity of modern IT, spanning cloud, hybrid, and OT environments, to give customers a comprehensive, real-time view of their resilience. Right now, we are the leading vendor in the adversarial exposure validation category.”
Significant Milestones
What have been some of the company’s most significant milestones? Memiş cited:
“There are a few moments that stand out. Expanding worldwide and establishing offices in more than five global locations has allowed us to support a growing customer base of over 400 enterprises across finance, healthcare, government, and critical infrastructure. Securing $80 million in total funding has been another important milestone, enabling us to invest in product innovation and global growth. The release of our annual research reports has also become a signature marker each year. The Red Report provides deep insights into attacker techniques, while the Blue Report measures how well defenses perform against real-world threats. They give the community a fuller picture of offensive and defensive trends. And of course, developing strong partnerships with managed security service providers (MSSPs) and technology providers has helped us scale our overall impact in the market.”
Customer Success Stories
Can you share any specific customer success stories? Memiş highlighted:
“One example I like to discuss is a financial services company that had difficulty keeping pace using traditional testing methods. Using our platform, the company simulated real-world threats on an ongoing basis, which allowed it to increase the number of tested threats from 130 to over 2,200 in one year. Its security effectiveness score improved dramatically, giving the security team and executives much stronger confidence in its defenses. We’ve seen similar results in healthcare organizations that successfully improved prevention rates despite budget limits.”
Funding/Revenue
Are you able to discuss funding and/or revenue metrics? Memiş revealed:
“While we don’t disclose revenue figures, in September 2024, we announced a $45 million growth investment, bringing our total funding to $80 million, to support global expansion and ongoing R&D. Our growth, 100% year-over-year for two consecutive years, is fueled by demand for proactive validation, and our customer base has scaled across sectors that are most targeted by advanced threats. We continue to see strong adoption from enterprises and MSSPs.”
Total Addressable Market (TAM)
What total addressable market (TAM) size is the company pursuing? Memiş assessed:
“Exposure validation is at the intersection of several very large markets: vulnerability management, breach and attack simulation, risk quantification, and general security operations. All of these markets involve tens of billions of spend per year. The TAM is growing quickly as more organizations implement CTEM programs and move toward proactive, continuous validation of their environments.”
Differentiation From The Competition
What differentiates the company from its competition? Memiş affirmed:
“Rather than bombarding teams with theoretical vulnerabilities, we let them know what weaknesses they should be most concerned about, given their unique environment, and focus on what matters most, helping them close critical gaps faster. With our new risk quantification capabilities, powered by continuous attack simulation data, security leaders can see which controls failed and what those failures mean to the business. This clarity allows customers to allocate their resources effectively and get the most out of their existing tools. We provide organizations with evidence they can act upon with confidence.”
Future Company Goals
What are some of the company’s future goals? Memiş emphasized:
“We aim to expand our platform’s capabilities to be the go-to brand when it comes to exposure validation, expanding our offerings to cover more attack surfaces and help organizations solve inefficient remediation problems. We’re investing heavily in AI, intelligence, and partnerships so that organizations of all sizes can adopt proactive security validation as a core practice. We aim to make continuous validation a standard across industries, just as penetration testing once was.”
Additional Thoughts
Any other topics you would like to discuss? Memiş concluded:
“While cybersecurity is often framed as a technical topic, it’s about trust at its core. Trust from customers, employees, and partners that organizations will protect their data and operations. When organizations can provide clear, continuous evidence of security effectiveness, we help organizations build that trust and make smarter decisions.”
