Special Editions 2.16.21
Ep 40 | 2.16.21

Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC. [update]


Dave Bittner: Hello everyone, and welcome to this special CyberWire extended interview. My guests today are Hank Thomas and Mike Doniger, both experienced investors, and they formed a new company called SCVX. Their plan is to bring a funding mechanism known as a "SPAC" to cybersecurity, which they say is new to the space. A shorter version of this interview originally aired on the January 24th, 2020 edition of the CyberWire Daily Podcast.

Dave Bittner: This CyberWire special edition is made possible by the upcoming Cybersecurity Conference for Executives. The Johns Hopkins University Information Security Institute and Ankura will host this event on Wednesday, March 25th in Baltimore, Maryland, on the Johns Hopkins Homewood campus. You can find out more at isi.jhu.edu. Click on the Sixth Annual Cybersecurity Conference for Executives. Learn about the dos and don'ts of risk management with industry leaders and other cyber professionals. Check out the details at isi.jhu.edu. Click on the Sixth Annual Cybersecurity Conference for Executives. And we thank the Johns Hopkins University Information Security Institute for sponsoring this CyberWire special edition.

Mike Doniger: I was talking with one of our partners...

Dave Bittner: That's Mike Doniger.

Mike Doniger: ...Sander Gerber, who's the head of Hudson Bay, a hedge fund in New York, and he has expressed a longtime interest in cybersecurity, to the point where they're the main investor in cybersecurity ventures, and Hank's been running that for a number of years now, is doing Series A investments in cyber. And we were looking at doing a potentially larger transaction in the space. We were also looking for a vehicle that had permanent capital. And, you know, we noted that over the last couple of years, the cybersecurity landscape has gone – you know, what's the right word? (Laughs)...

Hank Thomas: Fragmented? 

Mike Doniger:...Has gone parabolic, you know, market cap and presence on Wall Street, et cetera. And so, you know, we also we're talking about how fragmented the spaces.

Mike Doniger: And we had discussed, you know, how a SPAC vehicle might be an excellent vehicle to approach acquiring a larger asset in the space and participating in the consolidation in the space. We decided to work on it together.

Dave Bittner: So, I think you used that term "SPAC" – I think that's something that a lot of people may not be familiar with. Can you take us through what does SPAC stand for and what does it mean?

Mike Doniger: So, a SPAC – Special Purpose Acquisition Corporation – is essentially a blank check company. So, what it is, is we raise a blind pool of capital on Wall Street in the form of an IPO. And by definition, you're not allowed to know what you're going to buy. There's very strict rules behind that. However, you can target a specific space. And so, some are more general in what they approach – let's say, agriculture or chemicals or something very broad. We decided to take a very specific approach in targeting the cybersecurity space. And in that, created an infrastructure around that with our board, which we'll get into, with Hank and his team, to have a lot of expertise in a very targeted area.

Dave Bittner: So, why a SPAC versus other methods of gathering capital, of making investments?

Mike Doniger: If you are a target company and you're looking for the next evolution in your financial life, you have a couple options. You can obviously continue to raise venture capital money, or private equity money. The cyber space in general doesn't like a lot of leverage, because they're high-growth companies, and so it tends to be more venture capital than private equity. And then has you hit that kind of Series C, Series D part of your evolution, you know, and your valuation starts to get upwards towards that billion dollar range, you know, the venture capital money is not as readily available at that point, and these companies are extremely expensive to continue to grow with large sales forces and getting a footprint inside that Fortune 1000. 

Mike Doniger: As you go to explore the opportunity for more capital, you're now at the stage where you have a couple options. One is you can go the traditional IPO route – you know, the first companies in a vertical, like a CrowdStrike, you know, who that are going to demand ten billion dollar valuation, the IPOs tend to work very well. But if you're in that billion, two billion dollar range, it's a little harder to IPO. Your liquidity in your stock because you're only IPOing a small portion of it isn't particularly good. And that path to an IPO is a long and arduous one.

Mike Doniger: The other option is obviously to sell your company to a larger company like a CrowdStrike, like a Palo Alto, et cetera. But at that point, you tend to lose control. And even if you go and do a lot of venture capital raising, eventually you start to lose control as well.

Mike Doniger: The SPAC provides an interesting opportunity for a company to maintain control of their future, because they'll roll a large portion of their equity. It provides a very liquid currency because the whole company goes public instantaneously. And it provides a fast-track opportunity to take your company public on the market if you believe that the opportunity is ripe for future acquisitions of smaller companies and you want to partake of that at the current time. 

Dave Bittner: I have to say that when I was doing my own research in preparation for our conversation, there were some elements to the SPAC that I had a hard time wrapping my head around, and I'm curious if you're if you're finding as you're out there telling your story, if that's a similar thing. 

Hank Thomas: You know, we haven't spoken – because of some of the rules associated with a SPAC – we haven't been able to go and speak to these operators and founders and the cybersecurity community yet...

Dave Bittner: That's Hank Thomas. 

Hank Thomas: ...In large numbers about exactly how this works, which is one of the reasons why we're excited to be here talking to you today about this, because there are some – as a non-Wall Street guy myself, as a career cybersecurity guy turned venture capitalist, it's been tough for me to wrap my head around some of the intricacies involved in this. But one of the reasons why I decided to slow down our traditional venture investing right now and to do a SPAC is because once I learned about how it worked, I've discovered that it really provided an opportunity for, you know, a whole host of companies at a certain stage to accelerate their path to whatever that next thing is.

Hank Thomas: It's almost like an incubator is to a seed – a company that just raised – is raising seed capital. It's sort of takes them to the next level. It gives them a ready-baked team of business professionals that guide them to that place. We've put together that team already with the SPAC in the form of our board, and in the form of the investors that are involved in it, and it allows somebody that's at that stage and they don't quite know how to go to do an IPO, or quite know how to raise that next round of capital at that later stage beyond venture – we're going to fill that void, I think. And so, that's why I was so excited about getting involved with this.

Dave Bittner: So, from my own understanding it, can you sort of lay out for me – tell me if I'm right here – is it that the money that you're raising with the SPAC, for the people who are putting their money in, you're saying to them, this is the team we've put together, have confidence in this team that we are going to take your investment and we're going to go out and do good things with it?

Hank Thomas: That's right. And we've already had validation on that. We've gone out and done a roadshow. We've spoken to investors. They're extremely excited about the team we've put together, equally as excited about the thesis we've put together – which much of it's available in the prospectus that you can see online. And they know cybersecurity, infosec, is on the front page of every newspaper in the world. It's on the – even on non-cybersecurity podcasts, they're talking about cybersecurity... 

Dave Bittner: Right. 

Hank Thomas: ...Yet there aren't these large platform solutions that most people know about yet, because there really aren't that many larger platform players, because this is still a very new problem. So, we think that, while the industry is starting to consolidate, we can make some wise choices, because of the team we have in place, to put together a really interesting business combination.

Dave Bittner: Well, let's talk about the team then. What's the group of people that you put together and what are they bringing to the table?

Mike Doniger: Let's take a two second step back and talk about, you know, SPACs have been around for quite some time. Traditionally, maybe they didn't have the greatest name.

Dave Bittner: I was – I wanted to touch on that. I'm glad you brought it up, because there was – I mean, there has been some skepticism, traditionally, when it came to SPACs. But it seems as though that's been turning lately?

Mike Doniger: Exactly. So, you know, they've been around for over ten years, maybe even longer. And traditionally, they were used to buy undervalued, kind of lost assets, you know, to find some monetization for them, just put a whole bunch of leverage on them, you know, get some kind of high free cash flow yield off them. But really, over the last like two or three years, what I'll call, like, SPAC 2.0, has really been taking the front page. You know, the Virgin Galactic spaceship company, Clarion, you know, there's been a number of really kind of blue-chips SPACs recently.

Mike Doniger: And so, back to your earlier question, when we were saying, okay, if I'm going to pause my career, and I'm twenty years Wall Street veteran, you know, and do this full time, I'm not doing it to do some small, like, rinky-dink buy a lost asset. You know, we wanted to do a blue-chip SPAC, you know, and so that's why we teamed up with Credit Suisse as our sole banker. That's why we use Skadden Arps, as, you know, one of the best legal firms. That's why we teamed up with the hedge fund Hudson Bay as a capital partner. And in that, we decided to put together a really robust board. You know, not all these SPACs have robust boards, but we really, I think, went over the top, purposely, in designing that team.

Mike Doniger: And to your question, you know, so that team consists of Senator Coats, you know, was our former Director of National Intelligence. This is the first thing he's doing since he left his job in August, and obviously he ran the NSA, ran the CIA, and if anyone knows the threats that our country faces around the corner, we couldn't imagine having a better steward than that. We have Sounil Yu, who was the recent – I'm going to say head of cybersecurity at Bank of America. I think his official title was Mad Scientist, is that right?...

Hank Thomas: That was on his business card, right. 

Dave Bittner: (Laughs) All right.

Mike Doniger: (Laughs)...Who's, you know, an author now and very respected in the space. We have Jeff Lunglhofer, who is the current CISO of the Bank of New York. And we find that particularly interesting that the Bank of New York said OK to him being on this board. And I think – and Hank will go into our thesis more – it's because there is a problem in cyberspace. And that problem is the massive fragmentation, and the CISOs feel overwhelmed by the amount of vendors they have, and we think this is obviously a solution to that problem, and Jeff is excited to be a part of that. And we have Vivian Schneck-Last, who was the head of Goldman's technology procurement and a kind of life-Goldman steward. She's also on the board of Sallie Mae and, you know, provides a roundabout, you know, public company experience. And then you have Hank and myself, you know, anchoring that board. And so, that's the team.

Dave Bittner: And so, the breadth and depth of the knowledge that that team brings – because you can't go into this saying, these are the companies we're targeting, these are who we're going to invest in – I mean, that's – at this stage of the game, that's the ballgame. I mean, that's who the people are putting their money in, their confidence in this group that you've assembled.

Mike Doniger: Yeah. I mean, that's exactly right. So, you know, they're giving us their capital to hope that we do something wise with it. The way the SPAC is structured, they obviously have the choice when we find our company, to say, you know, I think you guys found something amazing or I don't like it and I want my money back. That's the structure of the SPAC. 

Mike Doniger: Into your question on the target list, no, we can't know the specific company we want to buy, but we do have parameters for which we're looking at. And those parameters are particularly have to do with critical mass, like, the company has to be large enough to be something that we're targeting, and we're targeting something in the 600 million to 1.5 billion dollar range. And so, we're looking for companies that have substantial ARR, maybe that's north of 40 million, maybe higher. You know, we're looking at companies that have a footprint in that Fortune 1000. You know, maybe it's six, maybe it's a dozen, maybe it's more. And Hank will go further into the thesis, but if we're going to try to build a platform-type company, if we're trying to build something that is scalable and that we can attach interesting technologies onto, by definition, that has to have a good reputation and a critical mass, you know, at this point.

Dave Bittner: Well, Hank, let's dig in here. I mean, take us through the thesis.

Hank Thomas: Yeah, so, the thesis is that the average CISO has more than seventy-five tools in their war chest right now. Some north of that, some south of that. It is the security stack has become unwieldy. It necessarily itself into always integrated like it should be. If you're a J.P. Morgan and you're spending billions on cybersecurity, you have the ability to properly integrate things, but move down from that and you're struggling to integrate maybe the tools you have with the other security tools to integrate them with the rest of your IT stack. You're really just kind of like in crisis management mode all the time. I'm not saying everyone's in this situation, but that's kind of the general feeling in cybersecurity these days, is like...

Dave Bittner: Right.

Hank Thomas: ...You know, what bad's gonna happen next? And we think that, you know – go to RSA for the last twenty years, like many of us have, or go to any of these security conferences, and you see these rows and rows of things, that if you're not in the sector, you know, how can you tell these things apart? And if you are, you still sort of struggle to a certain extent.

Hank Thomas: But we know that within those rows and rows and rows of things, there are some really awesome platforms – and we can get into what a platform really means – cybersecurity companies that we could, if injected with the proper amount of capital and the right – maybe a right new thinking to how to take it to the next level, you could build a really cool security control platform that you could hang a number of other things off – let's call them ornaments – that give it far more capability than it has today.

Hank Thomas: And people were talking about this already. I mean, this is a conversation I had before we started seriously talking about doing this back – the last four years at RSA, where we said, you know what if we could only roll these four companies up? And our goal is to find one really cool company right now that meets most of our criteria, if not all of them, invest in that company, help them develop a strategy to integrate a few other critical security controls into that platform, and then create something that doesn't really exist in the industry today.

Dave Bittner: And what makes the SPAC attractive to a company who's in that position? Why would they be happy to have you come knocking on their door?

Mike Doniger: Right. So, the target company that wants to merge with a SPAC, that company is not looking for a massive cash exit. If you were to do that, you would go sell to CrowdStrike, or what have you. The intention is that that company will roll a large portion of their equity if – you know, we have two-hundred-and-thirty plus million dollars in cash, and so that we can take some cash off the table. But really, that cash is designed for growth and for acquiring new companies, and that equity is similarly designed that way.

Mike Doniger: So, the company that we're looking for is a company where the founder wants to maintain control, is excited about buying new companies in the space, believes that they have a technology that is scalable and can be plugged into with other different technologies – whether that's the term "one screen" or it's just an expandable platform-type type technology – and wants to go now, believes the opportunity is now.

Mike Doniger: And by going public with us, you will go public literally the next day, because we've done all the work of creating the structure, creating – you know, our board is an excellent board and serves as advisors to us, and they haven't committed to being on the board of the pro forma company, but that's obviously an opportunity for them. Take your own board, add our board – it's very, very, very flexible structure. And whether it's myself or, you know, Hank's team, you know, pro forma, we're not going to be large owners of this entity. You know, we're going to own – I'm going to own less than a couple percent of the company. You will, as a founder, maintain control of this entity or a group of founders or venture capital or whoever the equity holder base is.

Dave Bittner: From an investors point of view, how does a SPAC compare to other investment vehicles they have available to them?

Mike Doniger: Well, if you say investor, I mean, it'll be a public company, and so there'll be public shareholders who are technically the investors. You know, between now, the people who are giving us the money, and the eventual acquisition, I think they view it as a relatively cheap call option. Meaning, they like our team, they like us, they like the space, and they're really excited to get a first look at a company that we potentially may buy, and then have that decision down the road.

Mike Doniger: The really more interesting part about this whole structure is what happens after we announce our first transaction and everyone gets to vote on that. And then hopefully that vote is successful, which we think it will be. But then the investor is like the investor in any other public company that exists. It becomes a fully tradable, you know, public market of the XYZ company that we buy.

Mike Doniger: To that point, when I go back to the optimal target company, again, if they're looking for thirty times revenue, you know, like, that's great and maybe someone will pay that. But for us, we need these investors to say, yes, I like the valuation and I like the company, and I want to partake in it, which is why you should be rolling a large part of your equity where if the stock goes up a hundred percent over the next year, you partake in that, right? You don't try to maximize your value on day one. You're trying to get a reasonable valuation, a good valuation, have a low cost of capital at a good multiple so that you can go and acquire things, but you're not trying to extract every last penny now. This is about building something for the next three to five years, ten years, that you think you can become the next, you know, ten, twenty billion dollar company.

Hank Thomas: And I think for the size of the problem, the size of cybersecurity problem, we're constantly talking about it and referenced that earlier. And for the number of privately held cybersecurity companies that are out there, there are very few cybersecurity companies that – of the size that we're trying to create – that give investors the opportunity to have exposure in the cybersecurity market. There just aren't that many publicly traded cybersecurity companies as you would think, compared to the size of the problem. So, I think that's another advantage for investors.

Mike Doniger: Yeah, that's an excellent point. You know, if we think about the public landscape, maybe there's ten public cyber companies. A lot of them are enormous – you know, ten plus billion dollars. If a ten billion dollar company buys a really interesting, like, A technology that's got ten million dollars in ARR and thinks it's scalable, that's not moving the needle for them, and as an investor, you don't partake in that. If a billion dollar company, however, rolls up a couple of these things, that can really move the needle.

Mike Doniger: I mean, the synergies – one of the reasons we're so excited about this is if you think about the problem – and Hank knows this firsthand because he deals with these Series A and B companies – that these new technologies face, let's think about it for a second. They think they have a better technology and probably do than whatever is currently standard. But the CISO is completely overloaded with too many vendors and it's very hard to get a new technology onto their stack. It's critical infrastructure, as we all know, and so they end up having to run these things in parallel. I think at Bank of New York, he was saying it's an eighteen-month cycle to put in a new technology. So if I'm a young company, I've got a great technology, I have maybe a ten-percent hit rate of getting a new contract. I've got to run them all over the place, so I have multiple companies I'm trying with. It's extremely, extremely, extremely expensive. And you don't know what it's going to be.

Mike Doniger: However, if I have a platform and I have a good relationship with that CISO and they tell me, hey, you know, we really needed something better in making up identity, go find me an interesting identity platform and include it into your infrastructure. You already know that your revenue is going to go up by multiples, you know, the second you buy that. So I can now pay a huge price for a twenty million revenue company, because I know that instantaneously my revenue synergies are going to be, you know, multiple X of what of what I paid for, and everybody gets to partake in that. And that's really the opportunity that we think is so exciting for Wall Street and for the target company.

Dave Bittner: There's obviously been no shortage of investment dollars in cybersecurity over the past few years, and as we touched on earlier, you know, SPACs have been growing in popularity as well. By your estimation, this is the first time we've seen this combination of a SPAC targeting cybersecurity.

Mike Doniger: We definitely think so. We definitely think we're the first definitely targeted directly at cybersecurity. There may be one or two other SPACs that are technology focused or defense-focused that cybersecurity may fall in their subsphere. But no one, to our knowledge, has really targeted and put a board like this and put a team like Hank's team, like, at the task.

Dave Bittner: I guess my question is, why not? There's no shortage of money.

Mike Doniger: It's brand new. I mean, this base is not that old, right? It's three or four years old, really, like in getting critical mass, so...

Dave Bittner: In terms of cyber, you're saying. 

Mike Doniger: Yeah, definitely. We're entering one of a really, really, really, really long story. I mean, I don't have to tell your listeners this, but if data is the key to the gig economy, protecting that data is obviously going to be one of your biggest expenses going forward. And that's new. And that's, you know, I don't think it's happenstance that, you know, a vehicle like this comes across a space like this – we just happen to be the first. 

Hank Thomas: I think also there's never been a SPAC that's come together with a combination of so many sort of operators and Wall Street people, with operators being so focused on one sector. I mean, that was by design. But most SPACs come together to make money. Obviously, that's ultimately a goal of this, is for everybody involved to make money...

Dave Bittner: Sure.

Hank Thomas: ...But it's also about – at the risk of sounding a little bit hokey – about a financial tool that could maybe help revolutionize an industry and help people sort of break a logjam and get to the next level, and sort of force consolidation in a smart way. One of the reasons why I think it hasn't happened yet – and twenty-five percent of the IPOs on the New York Stock Exchange right now are SPACs, which is something I didn't realize until we got involved in this – is because most other managers of SPACs, the teams that come together to do these things, they want to have a wide aperture as possible so that they can find the best, most profitable business combination. And we could have done the same thing. We could have had a SPAC that said, like, we're gonna go out and buy, like, anything from a hotel to a, you know, a horse ranch. But we decided that we were going to hyperfocus on this, because it's for the revolutionary aspect of it and it's for the business aspect of it. And most business people wouldn't want to take the sort of revolutionary aspect of things, which is where I think we're different.

Dave Bittner: Can you give me a sense of the timeline that you're on? How are things going to play out in the short term and then the long game itself?

Mike Doniger: Our IPO is scheduled for January 24th. And at that point, our floodgates kind of open. So, at that point, we are allowed to talk to companies, we're allowed to start having negotiations, we're allowed to really start, you know, tackling the task ahead of us. RSA is the last week in February, and so we're hoping to meet...

Dave Bittner: What fortuitous timing. (Laughs)

Mike Doniger: (Laughs) By the way, by design.

Hank Thomas: By design, yeah.

Mike Doniger: We could have launched this back earlier, but we wanted to, you know, okay, so the number one issue with a SPAC – let's just put that out on the table – is timing. You have two years to make an acquisition. If you don't make an acquisition, you give the money back. So, time is your enemy.

Dave Bittner: So, that's a regulatory element?

Mike Doniger: It's a regulatory, it's in the structure of the SPAC. 

Dave Bittner: I see, yep.

Mike Doniger: And so, you really want to do this on the front end of that. You know, and you don't want to, like, get into some long negotiation and then have to restructure it, and then all of a sudden you have to extend it, and it's not the optimal path. The optimal path is to strike quickly. I think we were both lucky and smart that, you know, the cyber landscape is evolving so rapidly in front of our faces, you know, on the cover of the newspaper every day. It's a hot topic. There's plenty of capital for it, as you said. So, we're super excited about that. So, yes, we purposely launched this into RSA, knowing that all the great companies are going to be there, or most of them.

Mike Doniger: So, the timing will be the IPO on Friday, and then we hope that everyone listens to this and wants to have a meeting with us, you know, and we have scheduled those four days to do that. And then we, in a perfect world, you know, over the next couple of months, we'll have a couple of companies that we're very close to having a deal with, and find one optimal one hopefully by the fall. And then it would quickly go to a shareholder vote, and then it's a three month process from then on out to officially close the deal. I mean, that would be in a perfect world, with what we're designing.

Hank Thomas: And we've perfectly structured this in a way that we can look internationally. It doesn't have to be a US company. It could be an Israeli company, UK company, a European company. We're looking for a best athlete, best technology platform to invest in.

Mike Doniger: Yeah, I think that's a great point. So we structure this as a Cayman entity specifically because a lot of great technologies come out of Tel Aviv, you know, which is one of the hotbeds of cybersecurity. I think Hank was telling me there's two thousand startups in Tel Aviv right now in the cyber landscape. And so we're going to RSA and then we plan on going to Israel shortly thereafter. We're obviously open to a US company, but that yeah – we have given ourselves flexibility in that.

Dave Bittner: So, in terms of – from a practical point of view, maybe trying to help both you all out and the folks who think that they may be a potential candidate for you, to try to save everyone some time, do you have some general dos and don'ts, like, these are the things we're interested in and these are the things we're – you know, please, let's not waste each other's time as we're setting up these meetings and trying to get these things going.

Hank Thomas: Yeah, I would say if you're not at least a Series C round capital size cybersecurity company, you're probably too early. That's sort of the first financial gate to look at. I think that, you know, having a – being a force in a particular sector, and primarily the commercial sector – so, say, having a large footprint in the financial services industry, or maybe you're a major player in the critical infrastructure protection sector, or you are, you know, have a sort of a niche security control that doesn't necessarily have a lot of competition yet, but have also established a strong presence across multiple commercial sectors. Those would all be things that we would be interested in looking at upfront, and saying, you know, this would give us – this would be an interesting both technically and financially, because there has to be – you have to have met certain milestones to be interesting to the public markets as well, because, you know, you're going to be merging into a SPAC, you're going to be a publicly traded company in short order, you have to sort of scratch that itch as well.

Mike Doniger: Yeah. And just to repeat what I said before, like, if you're looking for an exit, this is not the right opportunity for you. This is the opportunity for a CEO who thinks he can make his company multiples of what it is today and just needs a little more firepower. He wants to maintain control. He knows he has a good reputation or she has a good reputation and that with a public currency and some cash can really, really, really grow this company and wants to do it now.

Hank Thomas: And a ready-baked, awesome board. 

Mike Doniger: Yeah, And an excellent infrastructure. You even get Hank and I if you want us for as long as you want us or you can fire us, it's totally OK. (Laughs)

Hank Thomas: (Laughs) Or we'll just go into – fade into the background.

Mike Doniger: So, the beauty of this is the flexibility, right? But the opportunity for the perfect company is what I said, is someone has to have tremendous energy, like, really, really, really thinks that, like, they're about to tackle the universe, you know, a visionary, a leader, has a great reputation. This is what we're looking for. So if you don't meet those criteria, we're probably not going to get anywhere.

Hank Thomas: So, there's financial platform criteria and then there's cybersecurity platform criteria. And you're gonna have to be at that certain level for us to – for it to be worth their time and our time.

Dave Bittner: Mm-hmm. So, you spin up the SPAC, you make your initial decision, you buy your company, you invest in your company. What is the amount of flexibility you have at that point? What directions can you go in?

Hank Thomas: Yeah. So, you know, that company will be capable of using both the expertise we have in place through our board, using some of the capital who's been injected to bring on additional expertise, survey the landscape, and say, you know, what are the things that kind of kept us where we were before we IPO'd? And now we have the flexibility to use this newly found capital to go out and acquire a couple of those missing components, integrate those successfully into what we're doing, and then become a platform that is more viable to either a particular industry sector or across multiple industry sectors, something that's more viable technically and more interesting to the public markets as well.

Mike Doniger: You know, you're asking what a perfect company – another attribute of a perfect company would be, oh, I wish I could buy company Z, J, and V, you know, and I had those on my wish list, I just don't have the capital right now to do that. Because one of things, to your question on timeline, is we'll announce initial transaction and then we'll go to a shareholder vote. It would be amazing if in that interval – those two or three months – we could say, oh, and we have an LOI with another company and maybe another one even down the road. Now, you do want to close multiple transactions at the same time, for the complexity. But to lay that temporal landscape out, you know, the market will find very, very exciting. And that's exactly what we're trying to build.

Mike Doniger: And then when we think about roll-up, you know, a roll-up can have a bad connotation to it. You know, there tend to be like a lot of leverage and, you know, shenanigans in accounting, et cetera. But a roll up with intention, a roll-up that has obvious synergies, obvious growth potential, and it's not done under a lot of leverage, is done with a lot of equity, it could be a really powerful story.

Hank Thomas: And we've looked at a number of tools that we plan on using once we start to look at our potential business combinations, one of which is the cyber defense framework. So, say we pick a company that falls into this vertical on the cyber defense framework, we can then look at gaps that they might have based on that framework. That's just one of many frameworks to use, that's one I find more particularly compelling.

Dave Bittner: Mm-hmm.

Hank Thomas: And then beyond that, another tool you can use is something like Wardley maps, where you can look at business combinations and strategies associated with maybe the accommodation you designed on using the cyber defense framework to build out an even more interesting business combination using an existing respected business process or tool like the cyber defense framework or Wardley maps. There's others as well. Those are ones that I think we're going to explore first.

Dave Bittner: That's Hank Thomas and Mike Doniger from SCVX.

Update published 2/15/21: 

Dave Bittner: It has been just about a year since I spoke with Hank Thomas and Mike Doniger from SCVX about their SPAC, I caught up with Hank Thomas recently to find out how things have been going.

Hank Thomas: I think the whole world has become more familiar with SPACs, you know, if only through Jim Cramer, but hopefully also through our efforts with SCVX, which is the SPAC that that we created and took public just over a year ago. I can really break our year up into four sections I think. The first section being pre-pandemic IPO, RSA telling the cybersecurity community what a SPAC is. The second quarter of the year really being a briefing every cybersecurity company of scale out there on what the world's first cybersecurity SPAC is and what we're attempting to do. And then the third and fourth quarters having very deep, serious conversations with companies kind of large enough to be considered as our anchor entity for our SPAC.

Dave Bittner: And so, have you selected an anchor entity yet?

Hank Thomas: So essentially, we've we've used a lens to down-select large enough entities, ones of scale, and also received and parallel receive feedback from the market as to exactly what the market, meaning Wall Street, is going to look for for the next publicly traded cybersecurity company. So we we're down to we're in the ninth inning. We're down to a group of finalists on each one of them has a slightly different course of action associated with it to include ones that have multiple tuck-ins and bolt-ons and others that are just large enough and big enough on their own to kind of be the enterprise we select.

Dave Bittner: Now, you're about a year into this, and I'm correct in my recollection that there's a there's a two-year clock running on this?

Hank Thomas: That's right. We're not an old SPAC yet, but we're no longer a junior varsity young SPAC. We're kind of in the varsity league now and we have to get a deal done within the next 12 months. And or the SPAC is forced to return its money back to its investors. Generally speaking, we're in a really good spot right now. Kind of the window for for picking our target.

Dave Bittner: And what's the response been from the cybersecurity community or are they on board or are they getting what you're out to do here?

Hank Thomas: You know, when we first met with folks at RSA and then spent the better part of the spring of 2020 talking to people about this, almost nobody had heard about what a SPAC was. But almost every cybersecurity company out there had one at least, at least one board member that had had a terrible experience with a SPAC somewhere 10 years ago on a different endeavor. And so they are now, but for a while, for a period of several months, there was a big educational push on our front to kind of tell people about what a 2.0 SPAC was and why this was a tremendously popular way to go public in other industry verticals. And I think for the most part now we have more inbound request to have conversations about our SPAC, than us reaching out and and talking to people about how this might be the next best course of action for them. No, No one, to summarize, nobody was thinking about the SPAC as their exit strategy or the next big step for them to grow their company in cybersecurity until we came along. Now, I think I would say the majority of of the community at least knows about it. And they're considering it as a as a viable course of action

Dave Bittner: Yeah. I mean, are there other SPACs that have been following in your footsteps and targeting cybersecurity?

Hank Thomas: Believe it or not, there's nobody else out there that's a cybersecurity focused SPAC, I think that's probably because it's a bit risky on our part in the sense that we've narrowed our aperture to just cybersecurity. And when you dig into cybersecurity, it's still a very, you know, we might be in our ninth inning of the ball game for our SPAC, but the industry as a whole is it's still kind of in the second or third inning. You know, our anchor entity that we're looking for needs to be essentially a billion dollar enterprise valuation or more, up to three billion or even more. And there just aren't that many cybersecurity companies that fit into that category. So there are other companies out there that are that are SPACs out there that are software-focused, that are IT-focused, but they they really aren't doubling down on cybersecurity quite like we are.

Dave Bittner: Anything that you've learned along the way, you know, in the past year, since you started this, anything that came along that perhaps you weren't expecting?

Hank Thomas: Well, we structured our unity in a way where we thought that we might need to go, we were willing to look overseas. We were willing to look domestically just to cast a wide net possible to find targets of interest. And and I've been surprised at just how many cybersecurity companies have kind of plateaued at certain revenue values. And you can really look at it, you know, whether you look at in the upper-left quadrant of the cybersecurity industry or the bottom-right quadrant of the cybersecurity industry, sort of by category, you each one of them maybe have has a category leader, but none of them really have one person in that category that's kind of far and ahead everybody else in that category, a lot of people are really plateauing in each one of these categories. And I think it kind of only ties into our thesis that the cybersecurity industry has become highly fragmented and, if maybe only temporary, but there is a period of consolidation that needs to occur now to build more multi-capable platforms. And I've heard and received a lot of feedback from CISOs out there that our thesis resonates with them as well. You know, the average CISO Fortune 100 CISO even up to Fortune 500 has over 100 security controls in their ecosystem and they want to get that number down to something more manageable.

Dave Bittner: All right. Well, Hank Thomas, good luck to you. Thanks for taking the time for us.

Hank Thomas: Thank you.