Cloud security unicorn cuts 20% of staff after raising $1.3b

Time to play blame bingo: Markets? Profits? Too much growth? Russia? Space aliens?

Cloud security company Lacework has laid off 20 percent of its employees, just months after two record-breaking funding rounds pushed its valuation to $8.3 billion.

A spokesperson wouldn't confirm the total number of employees affected, though told The Register that the "widely speculated number on Twitter is a significant overestimate."

The company, as of March, counted more than 1,000 employees, which would push the jobs lost above 200. And the widely reported number on Twitter is about 300 employees. The biz, based in Silicon Valley, was founded in 2015.

The layoffs come amid crashing markets that have prompted job cuts and hiring freezes across the entire tech industry.

We're told the Lacework co-CEOs notified employees via email about the bad news earlier this week, and on Wednesday the firm posted the letter on its website. 

"Today, we made the very difficult decision to say goodbye to some of our colleagues, as part of a restructuring and modification to the company plan, co-CEOs David Hatfield and and Jay Parikh wrote

The pair cite the "seismic shift" in the public and private markets in recent months, and noted their "responsibility to control how we operate our business and make changes as needed to best position the company for continued and long-term success."

"We have adjusted our plan to increase our cash runway through to profitability and significantly strengthened our balance sheet so we can be more opportunistic around investment opportunities and weather uncertainty in the macro environment," the email continued. "We remain 100 percent committed to continued best-in-class growth and leading the industry with our innovation."

This comes as yet another cautionary tale about skyrocketing valuations, especially among security startups, which have set all kinds of funding and M&A records [PDF] in recent years as increasingly costly and destructive cyberattacks have massively inflated security vendors' worth — at least on paper.

Last November, when Lacework announced it had raised $1.3 billion in funding on an $8.3 billion valuation, it set a new record for cybersecurity venture capital, breaking the company's earlier record-setting round from January 2021 when it raised $525 million.

Also in November, the company boasted a "more than 3x year-over-year revenue growth, a 3.5x year-over-year increase in new customers, and more than 3x year-over-year employee growth worldwide."

At the time, Lacework CFO Mike Staiger said, "Certainly the amount of the financing, $1.3 billion, is unprecedented in the security space, and so we're excited to have had such a large bet placed on us in this space ... It enables us to chart a very aggressive course as we invest in a range of areas in the company."

This investment would include adding more employees, and expanding the company's global reach, he added.

In hindsight, it seems the growth happened too quickly. And Lacework likely won't be the last security firm to lose its sky-high valuation, while axing jobs, as the fake money disappears. ®

Similar topics

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading
  • What to do about inherent security flaws in critical infrastructure?
    Industrial systems' security got 99 problems and CVEs are one. Or more

    The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. 

    But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that control electric grids and keep clean water flowing through faucets, according to some industrial cybersecurity experts.

    "Industrial control systems have these inherent vulnerabilities," Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register. "That's just the way they were designed. They don't have patches in the traditional sense like, oh, Windows has a vulnerability, apply this KB."

    Continue reading

Biting the hand that feeds IT © 1998–2022