In 2014, Dima and his co-founder Ben sat down and gave themselves 18 months. If they couldn’t pay themselves a salary by then, they’d shut it all down. No fallback, no infinite runway, no romanticized “pivot until it works” story. Just two engineers with families and the clarity that building a startup is a privilege that comes with an expiration date.
Their first idea? Spear phishing as a service, powered by AI. Ahead of its time—and dead on arrival. “We pitched it, and VCs told us: get fired first, then maybe we’ll talk,” Dima recalls. Once they did, the feedback was even more direct: interesting, but not a big enough market. That forced the team to think bigger.
What came next would reshape cloud security. Sitting in a café in Herzliya, Dima—a Linux veteran at Microsoft—noticed containers starting to trend on Hacker News. They were obscure. Experimental. Mostly used by devs. But to him, they smelled like the next infrastructure shift.
That insight birthed Twistlock.
They pitched the idea as security for containers before enterprises even adopted containers. Still, one paragraph buried at the bottom of a 2014 Gartner virtualization report gave them just enough signal to raise from YL Ventures and build what became one of the defining companies of the space. When container adoption surged, Twistlock was ready—with runtime protection, machine learning-based profiling, and real-time visibility into container vulnerabilities. Eventually, Palo Alto Networks came calling. The acquisition closed in under two months.
You’d expect Dima’s next move to be easy. It wasn’t.
After three years at Palo Alto Networks, he returned to build again—this time, Minimus. Armed with reputation, capital, and a proven team, he expected things to click fast. They didn’t. Their first idea—process mining for cybersecurity—generated interest, but not urgency. “It wasn’t interesting enough. And it doesn’t matter why,” he says. “In a startup, if there’s no sales, nothing else matters.”
That hard-earned clarity led to a full reset. They downsized the team from 50 to 30, killed the MVP, and went back to stealth. Eight months later, they re-emerged with a new thesis: the real security problem in containers wasn’t visibility—it was the base image itself.
The vast majority of container vulnerabilities, Dima explains, don’t come from the code developers write. They come from bloated base images filled with outdated libraries and packages no one actually needs. So Minimus built a new Linux distribution from the ground up—lightweight, hardened, and rebuilt every time a package is updated upstream. They call it Minimos.
“Instead of pulling an image from Docker Hub and inheriting thousands of vulnerabilities,” he says, “you get a minimal, secured image with just the dependencies you actually use.” It’s called “distroless,” and the difference is staggering: organizations reduce 95% of their container vulnerabilities without touching a line of code.
In a world where developers own infrastructure, this is Secure by Design at its most elegant form.
But Minimus doesn’t stop there. They add compliance automation, FedRAMP-ready variants, webhooks for new vulnerabilities, and seamless observability—all on top of the registry experience customers already know. “At first, we just want to be the Docker Hub—but secure,” Dima says. Later, orchestration might follow.
And this time, it’s clicking. “At Gutsy, people told us ‘nice to have,’” Dima says. “With Minimus, they say, ‘we need this.’” Proof-of-concepts turn into negotiations. Adoption happens fast. And the contrast is night and day.
Looking back, Dima frames his journey in three waves: first, visibility with agents (Twistlock, Aqua). Then, agentless scanning (Wiz, Orca). Now, it’s prevention through better infrastructure. “If you shift left far enough,” he says, “you don’t need 10,000 vulnerabilities. You just need better containers.”
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
