Lacework Announces Layoffs, 6 Months After Raising $1.3B | #cloudsecurity | #hacking | #aihp

High-flying cybersecurity startup Lacework has announced layoffs – affecting 20% of its employees, according to one report – in a bid to strengthen its balance sheet.

See Also: The Power and Scale of XDR

The move comes just six months after the company raised $1.3 billion, making it the world’s third most valuable venture-backed cybersecurity firm.

But the San Jose, California-based cloud security vendor has since been forced to restructure its business in response to a seismic shift in the public and private markets, Lacework told employees in an email Wednesday that was later posted to the company’s blog. The company didn’t immediately respond to an Information Security Media Group request for further information. But it told Protocol the layoffs impacted 20% of employees (see: Late-Stage Startups Feel the Squeeze on Funding, Valuations).

“We have adjusted our plan to increase our cash runway through to profitability and significantly strengthened our balance sheet so we can be more opportunistic around investment opportunities and weather uncertainty in the macro environment,” Lacework co-CEOs David Hatfield and Jay Parikh write in the email to employees.

Reversal of Fortune

Lacework didn’t disclose how many employees were laid off. But in response to a claim on Twitter that 300 employees had been laid off, the company told Protocol that was a “significant overestimate.” In March, Lacework told VentureBeat that it employed more than 1,000 people, or quintuple its January 2021 headcount of 200.

“While we do not have control of the environment around us, we do have a responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success,” Hatfield and Parikh’s email to employees reads.

Lacework says it had taken every effort to provide laid off employees with severance encompassing compensation, healthcare coverage, and access to outplacement support. The company says it also opted to share the internal email announcing layoffs on its blog to help former team members looking for new roles.

“Our opportunity ahead remains unchanged but to preserve and strengthen our leadership position in this market for the long term, we must make these changes,” Hatfield and Parikh write.

Just six months ago, Lacework closed the largest funding round in security industry history and became the third most valuable venture-backed cybersecurity company in the world with a valuation of $8.3 billion. This placed Lacework behind only Tanium and Snyk. The company’s Series D funding round was led by Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners and Tiger Global Management.

Lacework’s hiring spree included bringing in Facebook engineering head Parikh in July 2021 as co-CEO to spearhead the company’s product, engineering and infrastructure efforts, allowing Hatfield to focus on operations, business strategy, business development and market expansion. In March 2022, Lacework hired Splunk executive Brian Lanigan to serve as the company’s first-ever global channel leader.

Sequoia Capital: Cuts Have Upsides

But in recent weeks, venture capitalists and private equity firms have been urging portfolio companies – particularly in the technology space – to pump the brakes on spending as macroeconomic storm clouds amass. Most notably, The Information reported Tuesday that Sequoia Capital is urging portfolio companies to move fast to extend runway and fully examine their business for excess costs.

Sequoia told founders to not expect a speedy economic bounce back because the monetary and fiscal policy tools that propelled the recovery at the start of the pandemic have been exhausted. The venture firm expects the market downturn to impact consumer behavior, labor markets and supply chains, and warns portfolio companies that the recovery will be longer than the V-shaped bounce back seen in 2020.

“Companies who move the quickest have the most runway and are most likely to avoid the death spiral,” Sequoia Capital writes in a 52-slide presentation shared by The Information. “In 2008, all companies that cut were efficient and better,” it says, adding that companies should not view cuts “as a negative, but as a way to conserve cash and run faster.”

Mid-stage and late-stage security startups have begun examining how many months of capital they have and whether they should slow hiring to buy more time to prove their value, investor and SentinelOne and CyCognito board member Dan Scheinman told ISMG. Startups want to extend how long they can operate before they have to approach investors for more money, given all the uncertainty in the market.

Investors are now tracking not only a prospect’s burn rate but also their burn multiple, which measures how much cash a startup is spending relative to the amount of annual recurring revenue it is adding each year, Rama Sekhar, partner at Norwest Venture Partners, told ISMG earlier this month. He expects it’ll take a few quarters for declining valuations and industry compression to work its way downstream from late-stage startups.

“It’s a day of reckoning,” Sekhar said. “Last year, it was growth at all costs. Investors were rewarding companies that were growing more than 100%. With these crazy valuations, they weren’t looking at burn rate. Now, the picture has completely flipped. It’s not growth at all costs anymore. Its growth with reasonable cost structures.”

Lacework: First Domino to Fall?

Publicly disclosed layoffs haven’t been common in the cybersecurity industry in recent years given how much the sector is growing, and Lacework is the first security company to reveal layoffs in the current downturn.

While cybersecurity sector layoffs might have been scarce in recent years, they haven’t been nonexistent. Notable examples include:

• Forcepoint (March 2021): The platform security vendor laid off most of its North American channel team just weeks after the being bought by private equity firm Francisco Partners for $1.1 billion.
• Mimecast (February 2021): The cloud-based email security firm announced plans to lay off 80 of its roughly 1,800 workers to shift upmarket and provide more resources to larger enterprises while leveraging automation and efficiency for mid-market and SMB customers.
• McAfee (January 2021): The endpoint security vendor notified California in that it would be laying off 137 employees at its San Jose headquarters, including three vice presidents of engineering and product management.
• Sophos (June 2020): The endpoint security vendor announced plans to cull its workforce by up to 16% and close some offices just three months after being acquired by private equity firm Thoma Bravo, Private Equity News reported. And FireEye reduced its headcount by 7 percent over the course of 2020 to align expenses more closely with the company’s projected revenue and position the company for improved operating performance.
• Symantec (September 2019): The endpoint security vendor disclosed plans to cut nearly 240 jobs across four sites in California and Oregon just a month after agreeing to sell its enterprise security business to Broadcom for $10.7 billion.

Experts say the message now is: prepare to work with the funding you’ve already raised. “If you’re investing beyond what you’re making, at some point you’re going to run out of money,” SentinelOne and CyCognito board member Scheinman told ISMG earlier this month. “Given the current uncertainties right now, people are saying, ‘Wow, we’re better off if we can use our money in the bank and extend the period we can go until we have to raise.’”