At a glance.
- Alternatives to IPOs in the cybersecurity sector.
- TPG Capital will acquire Thycotic.
- ScienceLogic raises $105 million in Series E round.
- GitHub hires a Chief Security Officer.
Alternatives to IPOs: SPACs may be more attractive to founders.
While cybersecurity startups continue to pursue initial public offerings (IPOs), alternative ways of going public are attracting more attention in the sector. In particular young privately held companies are increasingly turning to SPACs, that is, "Special Purpose Acquisition Corporations." The CyberWire devoted a special edition last month to the growing interest in SPACs, conducting an extended interview with SCVX's Hank Thomas and Mike Doniger. As they explained, companies looking for "the next evolution in their financial life" have a range of traditional options. They could be acquired by a larger company (which exit involves loss of control). They could raise more private equity or venture capital, although they find that such funding can become prohibitively hard to get as valuations rise. They could go the way of the initial public offering. The IPO works well for companies with high valuations, in the ten-billion-dollar range, but if you're much smaller than that you'll find the IPO a tough path to follow.
Or they could look to a SPAC. That trend is by no means confined to cyber companies: as an article in Crunchbase points out, many young firms are seeing the SPAC as a more attractive way of achieving desired liquidity. But it has a particular interest for companies in the cybersecurity sector.
Yesterday we spoke with Dave DeWalt, who's just taken his company NightDragon Acquisition Corporation public. It now trades on the Nasdaq under the symbol NDAC. NightDragon is designed to facilitate SPACs--it's a SCALE, that is, a Shareholder Control Aligned Listed Equity--designed to offer cyber companies (and companies from a few adjacent sectors like robotics, defense, and national security) an alternative that avoids the inefficiencies of other traditional routes to public investment.
No stranger to IPOs and other exits (he'd served as CEO of both McAfee and FireEye at crucial points in their corporate history) DeWalt sees several advantages to SPAC investments. They are, he told us, "designed to build a company through the whole lifecycle." Not only do SPACs provide liquidity with greater efficiency, but, DeWalt says, they perform better, and, from the founders' point of view, they attract a better class of investor, by which he means a growth and value investor who's naturally aligned with the company's interests more than would be the short-sellers and speculators who inevitably accompany traditional IPOs.
DeWalt has big ambitions for NightDragon. He's happy with the expertise he's attracted, and he believes NightDragon will offer a good option for companies who find themselves perhaps six months away from a traditional IPO. The company is tailored to cybersecurity startups, and DeWalt expects to provide excellent on-boarding for the companies that join NightDragon.
Mergers and acquisitions.
TPG Capital has signed a definitive agreement to acquire Washington, DC-based privileged access management (PAM) provider Thycotic for $1.4 billion, CRN reports. TPG plans to merge Thycotic with zero trust and PAM company Centrify. Centrify's CEO Art Gilliland will serve as CEO of the new company, while Thycotic's CEO James Legg will serve as President. Legg stated, "Combining these two synergistic platforms allows us to offer customers an expanded range of products to address their increasingly complex security requirements....Thycotic and Centrify together will help companies navigate this new environment with an innovative and intuitive product suite, backed by some of the most experienced operators in the identity security sector."
Tysons, Virginia-based risk analytics company QOMPLX is merging with Tailwind Acquisition Corp., a special purpose acquisition company (SPAC), to create a public company valued at $1.4 billion. The company added, "As part of the transaction, QOMPLX is acquiring cyber intelligence and analytics solutions provider Sentar and insurance modeling and actuarial platform Tyche to accelerate its leadership position in risk analytics."
Security awareness training company KnowBe4, based in Florida, has acquired MediaPRO, a security training firm headquartered in Bothell, Washington. KnowBe4 stated, "MediaPRO's customers will gain access to the additional benefits of KnowBe4's security awareness training and simulated phishing platform. The acquisition enables KnowBe4 to offer its customers a larger amount of privacy and compliance training modules."
Eden Prairie, Minnesota-based Data protection and recovery company Arcserve, of Eden Prairie, Minnesota, is merging with backup software provider StorageCraft (headquartered in Draper, Utah). They'll combine under the Arcserve brand. The companies stated, "With expanded geographic reach, the industry’s broadest product portfolio, flexible business models, and magnified innovation footprint, the merged companies will bring extensive market and revenue opportunities for MSPs, VARs, and distributors....Arcserve and StorageCraft will continue to fully support and invest in their existing solutions. In addition, both companies will increase investments in R&D and combined IP, which will strengthen both companies’ product portfolios."
Vienna, Virginia-based cybersecurity contractor Criterion Systems has acquired Realm Consulting, an IT consulting firm headquartered in Reston. Criterion stated, "Realm operates as a wholly-owned subsidiary of Criterion and Criterion Chief Financial Officer Steve Mast serves as President of the subsidiary. Realm employees form the nucleus of Criterion’s new Intelligence Solutions business unit, which focuses on providing systems integration and cyber operations-focused services to current and future customers. Realm co-founder Ross Deem serves as the Vice President and Chief Technology Officer of the new business unit and John Abromavage, the former Vice President of Strategy for Realm, serves as Vice President, Intelligence Solutions."
Investments and exits.
Reston, Virginia-headquartered IT infrastructure monitoring company ScienceLogic has raised $105 million in a Series E round led by Silver Lake Waterman, with participation from existing investors Goldman Sachs, Intel Capital, and NewView Capital. The company stated, "The funding is intended to accelerate ScienceLogic’s product development and engineering leadership, supporting the company’s broader expansion plans and the reach of its flagship SL1 digital infrastructure monitoring platform. Funds are expected to be allocated toward recruitment efforts and product investments aimed at cloud-native technologies including microservices and container solutions, AI/machine learning, and hybrid cloud operations that transform digital experiences and enhance security."
Cybersecurity asset management provider Axonius, based in New York, has raised $100 million in a Series D round led by Stripes, with participation from Bessemer Venture Partners, OpenView, Lightspeed, and Vertex. The company's CEO and co-founder Dean Sysman stated, "We will use the new funding to scale company growth globally and expand our cybersecurity asset management platform to meet surging market demand."
Cupertino, California-based email security company Armorblox has raised $30 million in a Series B round led by Next47, with participation from Polaris Partners, Unusual Ventures, and General Catalyst. Armorblox's CEO Dhananjay (DJ) Sampath stated that the funding round "helps us scale our commitment to our customers by continuing to deliver a top-notch product and augmenting that with customer service that cares about the people and the teams within these enterprises. Every single function is getting fueled. Engineering, Sales, Customer Success, Support, Marketing, and more."
Victoria, Canada-based threat intelligence firm HYAS has raised $16 million in a Series B round led by S3 Ventures, with participation from Uncorrelated Ventures, Tightline Holdings, Cyber Mentor Fund, Dcode Capital, and existing investors M12, Startup Capital Ventures, and 205 Capital. The company says "[t]he funds will be used to accelerate product development and global market expansion for the company’s cyber attack infrastructure identification and blocking technology."
Data privacy company TripleBlind, headquartered in Missouri, has raised $8.2 million in a seed funding round led by Dolby Family Ventures with participation from Okta Ventures, NextGen Venture Partners, Operator Partners, Wavemaker Three-Sixty Health, AVG Basecamp Fund, Anorak Ventures, Quiet Capital, Clocktower Technology Ventures, Parity Responsible Technology Fund, and Manresa Ventures. Existing investors Accenture Ventures, Flyover Capital, and KCRise Fund also participated in the round.
Science Applications International Corp. (SAIC) has hired Michael Scruggs as its new Senior Vice President of Artificial Intelligence, WashingtonExec reports. Scruggs previously worked for IBM’s Cloud and Cognitive business.
LookingGlass Cyber has added Gus Hunt, former Chief Technology Officer for the CIA, to its advisory board. The company has also appointed former DARPA director Dr. Victoria Coleman to its advisory board.
Companies in the news.
The Washington Post reports that the US Securities and Exchange Commission is investigating the possibility of insider trading. The Post says that private equity firms Silver Lake and Thoma Bravo led the sale of $315 million in SolarWinds shares “days before the hack was revealed.” The firms hadn’t commented to the Post by the time the story ran, and SolarWinds itself says it’s cooperating fully with the SEC. The company’s Annual Report comments:
“As a result of the Cyber Incident, we are subject to numerous lawsuits and investigations. Multiple class action lawsuits alleging, among other things, violations of the federal securities laws are pending against us and certain of our current and former officers. The complainants seek certification of a class of all persons who purchased or otherwise acquired our securities during set periods of time and unspecified monetary damages, costs and attorneys’ fees. We dispute the allegations in these complaints and intend to defend against the claims.
“In addition, there are underway numerous investigations and inquiries by domestic and foreign law enforcement and other governmental authorities related to the Cyber Incident, including from the Department of Justice, the Securities and Exchange Commission, and various state Attorneys General. We are cooperating and providing information in connection with these investigations and inquiries and are incurring, and in future periods expect to incur, costs and other expenses in connection with these investigations and inquiries.”
Where business is done.
Massachusetts-based cybersecurity firm Rapid7 has opened a base in Belfast, the Irish News reports. The company's global real estate senior manager, Michael Keimig, stated, "We want this office to not only house our current employees, but also those we’ll be bringing on as part of future expansion in the region. As such, we intentionally designed the layout of the office to include enough space for 400 employees."