New wave of cyber hiring, acquisitions after mega-funding rounds
This morning came the news that Devo Technology, a Cambridge-based cybersecurity startup, raised $250 million. So what?
We’re starting to see such high dollar values almost every week. Devo has also reached unicorn status, that once rarified but now increasingly common valuation level of at least $1 billion.
The Boston area has become a top destination for cybersecurity businesses. Before Devo’s news, we had Aura raising $200 million, BitSight collecting $250 million, Cybereason $275 million, and Snyk $530 million (which was its second big round in 2021). In smaller deals, Black Kite, SecZetta, and Kolide, among others, have also found plentiful VC funds. In total, Massachusetts-based cybersecurity firms have raised almost $4 billion in venture capital so far this year, our friends at PitchBook say.
It does beg the question of where all the money will go. After all, cybersecurity is mostly a software business — thanks to computing resources from the likes of Amazon and Google available to rent, startups no longer have to spend vast sums on hardware.
So I called up Snyk CEO and fellow bicycling aficionado Peter McKay to get some context. McKay, who took over the top role at Snyk in 2019, has been around the block a few times and seen how these cycles go, including selling several startups he ran to bigger outfits such as IBM and VMware.
One use of the new funding is for rapid staff expansion. Just in Boston, Snyk will go from about 400 people at the beginning of 2021 to more than 900 by year-end. That hiring wave includes everyone from programmers to sales people and customer service reps, and it’s no doubt being duplicated across the ecosystem. Devo says it’s up to 50 people in the area and is looking to add engineering talent and grow by 60 percent, for example. Competition for workers means higher compensation, in the form of pay, bonuses, and company equity. Job sites list well over 1,000 cyber-related openings in the area.
But there’s a second use for all the funds, and it might require even more money than hiring. That is acquisitions.
With customers wanting to one-stop-shop for their security needs, the race is on for startups to bulk up and offer more features. Snyk’s software looks for security vulnerabilities in programming code, so an acquisition might increase the number of programming languages it can analyze, for example. Other companies may seek to add better protection against threats like ransomware. Sometimes the quickest way is to buy another startup. McKay has done three relatively modest acquisitions at Snyk so far, with more likely on the way.
“You can add technology in quickly,” he explained. “That’s what you want to use your currency for — to expand quickly.”
Consolidation in cybersecurity, and tech, is nothing new. The end result may be fewer, larger companies in Boston, but ones that are more likely to succeed.
Aaron Pressman can be reached at [email protected]. Follow him on Twitter @ampressman.
