Cloud Security , Security Operations , Vendor Roundup

Lacework Announces Layoffs 6 Months After Raising $1.3B

Layoffs Designed to Increase Lacework's Cash Runway and Strengthen Balance Sheet
Lacework Announces Layoffs 6 Months After Raising $1.3B

High-flying cybersecurity startup Lacework has announced layoffs affecting 20% of its employees in a bid to strengthen its balance sheet.

See Also: Essential Elements to Consider when Choosing a Micro-Segmentation Solution

The move comes just six months after the company raised $1.3 billion, making it the world's third-most valuable venture-backed cybersecurity firm.

But the San Jose, California-based cloud security vendor has since been forced to restructure its business in response to a seismic shift in the public and private markets, Lacework told employees in an email Wednesday that was later posted to the company's blog. A Lacework spokesperson told Information Security Media Group that the layoffs affected 20% of employees. That figure was first reported by Protocol (see: Late-Stage Startups Feel the Squeeze on Funding, Valuations).

"We have adjusted our plan to increase our cash runway through to profitability and significantly strengthened our balance sheet so we can be more opportunistic around investment opportunities and weather uncertainty in the macro environment," Lacework co-CEOs David Hatfield and Jay Parikh write in the email to employees.

Reversal of Fortune

Lacework didn't disclose how many employees were laid off. But in response to a claim on Twitter that 300 employees had been laid off, the company told ISMG and Protocol that was a "significant overestimate." In March, Lacework told VentureBeat that it employed more than 1,000 people, or quintuple its January 2021 headcount of 200.

"While we do not have control of the environment around us, we do have a responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success," Hatfield and Parikh's email to employees reads.

Lacework says it had made every effort to provide laid-off employees with severance encompassing compensation, healthcare coverage, and access to outplacement support. The company says it also opted to share the internal email announcing layoffs on its blog to help former team members looking for new roles.

"Our opportunity ahead remains unchanged but to preserve and strengthen our leadership position in this market for the long term, we must make these changes," Hatfield and Parikh write.

Just six months ago, Lacework closed the largest funding round in security industry history and became the third-most-valuable venture-backed cybersecurity company in the world with a valuation of $8.3 billion. This placed Lacework behind only Tanium and Snyk. The company's Series D funding round was led by Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners and Tiger Global Management.

Lacework's hiring spree included bringing in Facebook engineering head Parikh in July 2021 as co-CEO to spearhead the company's product, engineering and infrastructure efforts, which allowed Hatfield to focus on operations, business strategy, business development and market expansion. In March 2022, Lacework hired Splunk executive Brian Lanigan to serve as the company's first-ever global channel leader.

Sequoia Capital: Cuts Have Upsides

But in recent weeks, venture capitalists and private equity firms have been urging portfolio companies - particularly in the technology space - to pump the brakes on spending as macroeconomic storm clouds amass. Most notably, The Information reported Tuesday that Sequoia Capital is urging portfolio companies to move fast to extend runway and fully examine their business for excess costs.

Sequoia told founders to not expect a speedy economic bounce back because the monetary and fiscal policy tools that propelled the recovery at the start of the pandemic have been exhausted. The venture firm expects the market downturn to affect consumer behavior, labor markets and supply chains, and warns portfolio companies that the recovery will be longer than the V-shaped bounce back seen in 2020.

"Companies who move the quickest have the most runway and are most likely to avoid the death spiral," Sequoia Capital writes in a 52-slide presentation shared by The Information. "In 2008, all companies that cut were efficient and better," it says, adding that companies should not view cuts "as a negative, but as a way to conserve cash and run faster."

Midstage and late-stage security startups have begun examining how many months of capital they have and whether they should slow hiring to buy more time to prove their value, investor and SentinelOne and CyCognito board member Dan Scheinman told ISMG earlier this month. Startups want to extend how long they can operate before they have to approach investors for more money, given all the uncertainty in the market.

Investors are now tracking not only a prospect's burn rate but also their burn multiple, which measures how much cash a startup is spending relative to the amount of annual recurring revenue it is adding each year, Rama Sekhar, partner at Norwest Venture Partners, told ISMG earlier this month. He expects it will take a few quarters for declining valuations and industry compression to work their way downstream from late-stage startups.

"It's a day of reckoning," Sekhar said. "Last year, it was growth at all costs. Investors were rewarding companies that were growing more than 100%. With these crazy valuations, they weren't looking at burn rate. Now, the picture has completely flipped. It's not growth at all costs anymore. Its growth with reasonable cost structures."

Lacework: First Domino to Fall?

Publicly disclosed layoffs haven't been common in the cybersecurity industry in recent years given how much the sector is growing, and Lacework is the first security company to reveal layoffs in the current downturn.

While cybersecurity sector layoffs might have been scarce in recent years, they haven't been nonexistent. Notable examples include:

  • Forcepoint - March 2021: The platform security vendor laid off most of its North American channel team just weeks after the being bought by private equity firm Francisco Partners for $1.1 billion.
  • Mimecast - February 2021: The cloud-based email security firm announced plans to lay off 80 of its roughly 1,800 workers to shift upmarket and provide more resources to larger enterprises while leveraging automation and efficiency for midmarket and SMB customers.
  • McAfee - January 2021: The endpoint security vendor notified California that it would be laying off 137 employees at its San Jose headquarters, including three vice presidents of engineering and product management.
  • Sophos - June 2020: The endpoint security vendor announced plans to cull its workforce by up to 16% and close some offices just three months after being acquired by private equity firm Thoma Bravo, Private Equity News reported. And FireEye reduced its headcount by 7% over the course of 2020 to align expenses more closely with the company's projected revenue and position the company for improved operating performance.
  • Symantec - September 2019: The endpoint security vendor disclosed plans to cut nearly 240 jobs across four sites in California and Oregon just a month after agreeing to sell its enterprise security business to Broadcom for $10.7 billion.

Experts say the message now is: Prepare to work with the funding you've already raised. "If you're investing beyond what you're making, at some point you're going to run out of money," Scheinman told ISMG. "Given the current uncertainties right now, people are saying, 'Wow, we're better off if we can use our money in the bank and extend the period we can go until we have to raise.'"

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.