SaaS Talk

Brian, you have decades of experience leading innovative cybersecurity companies throughout all phases of growth. Tell us a bit about your background.

I'm currently the Executive Chairman and Founder of Arctic Wolf and I've been doing this 11+ years running. Prior to that I supposedly retired, but that obviously didn't stick. Previously, I was CEO of a company called Blue Coat (once called CacheFlow), and then several networking and security companies before that as well. I've been in this business much longer than I like to even count anymore. 

We were living in a period for so long where capital was very inexpensive, and a lot of projects were getting funded. I think that is changing dramatically.  

Speaking to more broad industry trends, the liability issues associated with companies are increasing. The real thing that they're worried about from a breach is the liability that comes along with that: Are they going to get sued by, or challenged by, a government organization? Are they going to get sued by people that are potentially harmed? All those scenarios float in their heads.  

I'd like to tell you the risk environment is getting better, but it's not. It continues to degrade and it changes and morphs and evolves, but it's still a very challenging space and I expect cybersecurity is going to be a challenge for a lot of organizations for a long time.

There are a couple interrelated things there and we do feel some effect. We’re seeing buying cycles extended with a bit more emphasis on prioritization of spending. For good or bad –good for Arctic Wolf, but bad in general – people still get breached. It doesn't matter whether their business is in a downturn or not. So, the risk profile hasn't changed, and I think that's the core of what causes our business to continue to grow. We see businesses are moving online—it’s not slowing down, and I think that continues to really drive the majority of the growth. 

Separately, in terms of security operations, we enable organizations to be more robust and more resilient in that environment, especially in the face of a lack of talent or spending or budget. We're very economical, and in some ways, probably lower risk for an organization than looking for more complete security operations capability.

I'd say the purchasing environment for our category of customers is broad-based; sometimes it can be a large enterprise, medium, small. There is some pullback and prioritization, more inspection of the budget and timing associated with it. But, nothing in particular by size or environment with those companies. We're fortunate in that the risks just haven't changed. What little bit of money they have, they're having to prioritize. I think it's clearly having a negative impact on other areas of the business where they're spending—so there's some challenges there, but not in our business. 

I'd say we saw a little bit of acceleration, but it was already a trend that was underway. I think that when budgets come under pressure, people start looking for ways to not spend capital. We're a pure expense, not a capitalized item, so that's very attractive to a lot of organizations. If you're trying to build your own security operations function, the challenge is that there are a lot of tools that are required, a lot of tooling that you have to put in place, a lot of configuration work – all of which requires a lot of people. Analyzing that data also requires a lot of people, and all of those requirements come at a heavy cost.  

If you didn't already have that up and running entering this challenging economic environment, you weren't going to do it. We're gradually seeing some organizations moving away from that. As budgets come up for renewal or they're looking to change out their security information event management system or some other aspect of their core security infrastructure, they're questioning whether they want to buy that versus use a service like Arctic Wolf.

I'm an angel investor in a lot of companies—and so a lot of those companies, they see a cliff approaching and they're approaching it at a fairly high rate of speed. I would say it started as a trickle at the beginning of the calendar year, and it’s starting to accelerate. The fundraising environment is much tougher. The cost of capital has really gone up dramatically. 

Whether you're getting venture or you're getting debt, clearly everybody is subjecting companies to much higher-level scrutiny. That's an opportunity for Arctic Wolf, being that we are a platform and we have the ability to integrate a lot of other technologies into that. We're afforded a lot of opportunities and we've been fairly acquisitive. We've done a half dozen over the last eight months and I expect we'll do several more opportunistic acquisitions. I think it's clearly a buyer's environment if you're on the M&A side of things right now. 

With buying patterns, we're just seeing a little bit of back pressure and more companies trying to understand “is this the priority where we want to spend our money?”  

The fundraising environment—for anybody that's passed the early rounds—has gotten way more challenging. I think you're seeing a lot of companies adjust their spending profile to try to extend out their cash to weather this storm. Until the IPO market picks up again, I think that's going to stay.  

Without a doubt, the IPO market right now is very challenging and those ripples roll right upstream to other companies. You are seeing seed, Series A, Series B still doing pretty good, but I think the ripple effect will eventually start to affect those early-stage companies as well. So, it’s a lot more impactful to fundraising than it is to buying patterns. 

If I had that crystal ball, I'd probably be in a different business. I'm not the person to predict macroeconomic events. Clearly, the current global macroeconomic conditions all create uncertainty.  

That said, as we approach the end of this calendar year there are a lot of companies that I think are going to have to go public. They've got too many shareholders; they're going to enter a registration requirement that's going to force them to do something. I think that you'll see a little bit of that pressure. I wouldn't say it's as bad as 2007-2008, but it's got some flavor of that. 

From an overall macroeconomic standpoint, it’s obviously not something you'd like to see. Still, I think debt—on the right terms—is extremely attractive and I think it will remain so for companies. That said, I think the suppliers of debt may get a little more cautious in this market. When the cost of capital is very low, it's much easier to provide funding. As it gets more challenging, we all end up being a bit more discerning. I think that companies either raising capital or debt are going to find themselves subjected to more scrutiny. 

So far, we haven’t seen many secondary effects of the SVB failure. Operationally, our biggest challenge is that we used SVB for bill collection and small payments and the like. We had a little bit of debt from them, but we obviously had to move away from them in the midst of what was going on. We would not move back, at least not at this point in time. 

At Arctic Wolf, we're looking to enrich the capabilities within the security operations market, and its various submarkets—MDR (Managed Detection and Response), EDR (Endpoint Detection and Response), IAM (Identity and Access Management). We think it's still a very lightly tapped market and there's a lot of room for growth.  

For us specifically, we've been expanding into a few countries in Europe, and we've started expanding into Asia. We’re really at the beginning of our international expansion and we continue to see growth upmarket. Otherwise, it's more of the same: adding more capability, getting better at detecting failures of infrastructure and when people have been breached and being able to remediate it quickly. We continue to invest in those areas. 

The big wild card is the new technologies related to machine learning and how they could potentially create risk from a privacy or a breach standpoint. Or they could enhance how well we perform. We have historically invested a lot in ML/AI-type capabilities, and I think we'll increase that amount of our R&D budget because there's so much value to be had there. On the other side, we're having to invest a lot more in detection capabilities for tools that can be used to attack organizations. I guess you could call it a win-win for Arctic Wolf but call it a win-lose for our industry overall, because those tools are enablers for hackers just as much as they are for companies trying to defend against attacks.  

Not in particular. I'd like to see the IPO market come back, but I don't know if that keeps me up at night. I can't control that event, but that's probably about it.