Corey Thomas

Corey Thomas earned a B.E. in Electrical Engineering and Computer Science from Vanderbilt University, then an MBA from Harvard Business School — graduating as a Baker Scholar, placing him in the top five percent of his class.¹ He was a member of the African American Student Union at HBS.¹ He graduated in 2002.

After HBS, Thomas went to Deloitte Consulting, working on technology and operations strategy for large multinational banks.¹ He moved to Rapid7 in 2008 as a sales executive. The case study built around his 2015 IPO decision notes that he was 'one of the few African-Americans at the company' when he joined.² That sentence appears once. The case then proceeds for fourteen more pages as if race has no bearing on what follows — on what it meant to be a Black CEO negotiating with VC investors, managing employee equity expectations, and representing a company on a public market roadshow.

CEO (2012)

Thomas became CEO in 2012 — four years after joining as a sales executive.¹ He rebuilt the sales team toward technical selling, hired a new CFO, expanded internationally, and drove the company's transition from perpetual software licenses toward a SaaS subscription model.²

Rapid7's most significant product decisions during his tenure: the 2009 acquisition of Metasploit — the open-source penetration testing framework used by 45,000+ security researchers — which became the foundation of the company's brand and community strategy.² AppSpider, acquired in 2015, expanded dynamic application testing capabilities.²

The IPO (2015)

Rapid7's IPO was in July 2015 on NASDAQ, ticker RPD.³ The company raised $168 million.³ The offering priced at $16 per share. The company had never turned a profit. Deferred revenue from SaaS subscriptions — $58 million by 2014 — made the true cash position stronger than the income statement suggested to investors who did not understand the subscription billing model.²

Financial Trajectory

The company's path to profitability took longer than the 2015 investors anticipated. In 2024, Rapid7 delivered full-year revenue of $844 million (up 9% year-over-year), Annual Recurring Revenue (ARR) of $840 million (up 4%), and Non-GAAP operating income of $164 million.⁴ By Q3 2025, ARR had reached $838 million — slightly declining, reflecting a more competitive market environment — with revenue of $218 million and Non-GAAP operating income of $37 million.⁴

Thomas was recognized in the Boston Globe's 2024 list of Boston Tech Leaders.⁵ He serves on the board of directors of LPL Financial, the largest independent broker-dealer in the United States.⁶ He serves as a board member of the Federal Reserve Bank of Boston.⁷ These institutional roles — a Black CEO on the board of a Federal Reserve Bank — are largely absent from the public narrative about his career.

Race-Silent at the Top

The HBS case study built around Corey Thomas's IPO decision mentions his race once — to note he was 'one of the few African-Americans at the company' when he joined in 2008 — and then never addresses it again. Fifteen pages about a Black CEO deciding whether to take a company public, managing VC investors, navigating employee equity expectations, and representing the company to institutional investors: race is a footnote. That editorial choice in the case is itself a constraint — it means that the documented experience of being one of very few Black executives in the cybersecurity industry exists primarily in Thomas's own interviews and external coverage, not in the institutional record.

A second structural constraint: Rapid7 was not profitable at the time of the IPO and did not reach net profitability until FY2024 — nine years after going public. The SaaS transition that Thomas drove (moving from perpetual licenses toward subscription revenue) was the right long-term call, but it extended the loss period significantly. During that period, Thomas managed investor expectations across multiple market cycles, including the 2021 SaaS peak and the subsequent repricing that reduced Rapid7's market cap from $6.7 billion to approximately $384 million by April 2026. Leading a public company through that trajectory while Black, in an industry where Black CEOs are rare enough to be countable, was a constraint the case does not document.

$844M Revenue; Institutional Board Roles

Rapid7 delivered $844 million in full-year 2024 revenue (up 9% year-over-year), with Annual Recurring Revenue of $840 million.⁴ Non-GAAP operating income reached $164 million, and operating cash flow was $172 million.⁴ The SaaS transition Thomas drove is the mechanism of these results.

As of Q3 2025, ARR was $838 million — growth has slowed as the cybersecurity market has matured and competition has intensified.⁴ The company's stock has contracted significantly from its 2021 peak of $6.7 billion market cap. The contraction reflects a sector-wide repricing of growth-at-all-costs SaaS valuations, not a Rapid7-specific judgment on Thomas's leadership.

Thomas continues as CEO and Chairman of Rapid7's board of directors.¹ He serves on the board of LPL Financial and as a board member of the Federal Reserve Bank of Boston.⁶⁷ The Boston Globe recognized him in its 2024 Boston Tech Leaders list.⁵