This is cache of http://www.stillsecureafteralltheseyears.com/ashimmy/2008/04/shimels-theory.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Shimel's theory of security company relativity or why there are so damn many security companies
2008-04-10 20:16:32 by ashimmy in StillSecure, After All These Years
 

This post was originally going to be a wrap up on RSA. In thinking about that, the current overcrowded state of the security industry came to mind.  This is a topic I have thought about before but in a AHA moment, I wanted to publish instead my own theory of security company relativity or why there are so damn many security companies. Like Einstein before me I have reduced relativity (OK not exactly the same kind of relativity and I ain't no Einstein) to a simple formula.  He had E=mc2, my formula is:

formula Where "A" equals the acquisition price of a security company, "R" equals the revenue of the company and "V" is the amount of venture money raised. The tilde squiggly line and the greater than sign are made up by me not to have a specific mathematical function but indicate that the amount of money raised is in relation to the revenue of the company  and is the exponential factor involved in finding the acquisition price.  I use squared in deference and in honor of Einstein's theory, but it actually means some exponent of the R and V, not necessarily the square of them. 

So what do I mean by this?  Let me explain.  It is no secret that there are too many security companies. In fact there are something like 800 in a space that would be challenged to support half that number.  Looking around the RSA show floor with some 350 companies or so represented, it is obvious that there is a lot of overlap and not very obvious what some of these companies do.  However, there is a very small number of security companies that are public and have revenue of over lets say 100 million dollars.  Of those the overwhelming majority are in the AV and firewall business.  In fact the smallest AV guys probably dwarf the revenue of most of the other security companies on the floor (Mike Rothman confirms this also).

In the past we have seen consolidation where the big fish eat the little fish. Everyone says we are going to see more consolidation and acquisitions in the time ahead. However, I would say recently that consolidation via acquisition is slowing down and many of those acquisitions are in fact at fire sale prices.  Too many companies are stuck in a purgatory of a slow death by a thousand little cuts or Chinese water torture as they fade into obscurity or irrelevance. As a result my prediction is we are going to see more companies go out of business ala Lockdown Networks, rather than see successful exits by many companies. Yes there will always be some that do well and using my formula will have a great exit, but too many are going to be forced to fire sale or go out of business. 

Why? The overwhelming majority of companies at RSA are stuck at a revenue level of somewhere between 5 and 20 million dollars. I would bet that covers 80% of the companies exhibiting at RSA.  Now 5 to 20 million is nothing to sneeze at.  But on top of this, they are not seeing their year to year growth rate break out substantially beyond that level.  Additionally, in order to grow the business to a sufficient level to support that type of revenue, they have probably raised anywhere from 25 to 40 million dollars over the years it takes to build to that revenue rate.  At those revenue levels and to support the base and modest growth, most of these companies are borderline profitable at best. In order to substantially grow the business would require even more capital.  That means raising more money, which in turns means having to sell for more to get a great return. There is the rub and where my formula comes into play. 

At these revenue levels, they cannot justify an acquisition price that returns a decent return to the investors.  Simply put they are hosed.  Lets say you have 10 million in revenue.  What can you hope to sell for?  A good number could be 40 to 80 million.  If you are 35 million in on VC money, you need every penny of that to return a profit and frankly the way VC's work, that doesn't leave a lot for the employees, founders, etc because of preferential positions and preferred stock. 

The simple answer is to raise the revenue number.  But most of these companies are growing at modest levels. On top of this, it is easy to go from 1 to 2, 2 to 4, 4 to 8.  You start going from 8 to 16 and 16 to 32, that gets tough.  Most of these companies can't do it.  The only way to do so, as I said is to raise more venture money, which means they need a higher acquisition price. They are stuck in security vendor purgatory. 

What is the way out for them or are they doomed?  My next post will talk about the answer.

 
Tags: companies, security companies, company, security company relativity, security company, revenue, revenue level, revenue levels, million
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia