You may have missed it last week but a security company went public on Thursday. Without an IPO. Saint Bernard Software, a
Well, it is thanks to a strange little financial vehicle called a SPAC. A Special Purpose Acquisition Corporation is set up as a so called blank check company and goes public based on a very loosely worded prospectus that identifies what kind of acquisition the new company is going to make. Presumably investors buy the highly speculative stock on the hopes that the company will make a wise purchase and the stock will take off. In this case an ex security operations guy from Sun Microsystems, Humphrey Polanen, put together his SPAC, Sand Hill IT SecurityAcquisition Corp, in April of 2004 and spent 18 months looking for a suitable acquisition. Their spin is that they looked at over 800 security companies before selecting St. Bernard as the best possible acquisition. My analysis is that this was probably more of a financial decision than a technology decision. The SPAC has brought $24 million to St. Bernard which is already a healthy little company serving the small to medium business market. With a few acquisitions (using the newly gained currency of publicly traded stock) St Bernard can now add products and services that they can sell into their existing strong position in SMB.
Good luck to the newly public St. Bernard. I am hoping more security start-ups look at reverse mergers such as this one as a way to go public. It is not as flashy as the traditional IPO and the VC’s do not get out at the top but it is less disruptive for management, and less painful for the employees.
Anyone who has Googled "security + blog" will have noticed Martin McKeay's blog site at www.mckeay.net. I am not sure how he got to the exalted number two position but it probably has something to do with being one of the first to set up a security blog. In case you are wondering the ThreatChaos blog is relegated to the second page of results falling ignominiously behind the ARRP's Social Security Blog, and a broken link to Larry Seltzer's blog.
Marty is a security practitioner but blogs most often about privacy issues. He is also one of the first security podcasters. Listen to today's ThreatCast to hear what he has to say on blogging, ATT and the NSA, and the recent move on the part of the Census to collect geo-location data. This is the second in a series of "Meet The Bloggers" podcasts I am doing. Next up: Richard Bejtlich of the TaoSecurity blog.
Check out the post at http://blogs.zdnet.com/threatchaos
The CIA needs to get a clue. Read the posting at :http://blogs.zdnet.com/threatchaos/?p=291
A couple of weeks ago, on the first anniversary of this security blog, I hinted at some changes in the air. Here is the big news. As of tomorrow, Threatchaos will have a new home.
But that is not the only news. I am departing Webroot and launching a new venture. First, a brief history of an entrepreneur’s journey. Leaving out the gerbil husbandry business that I launched with my best friend when I was seven years old, I have started eighteen companies, some much less successful than others. Along the way I have learned some valuable lessons. Things like:
Don’t have business dealings with crooks. If this were a blog about startups I could elaborate but in short, do not assume that someone who is obviously a bad character is going to have the same interests in business that you do. In my case it was a crooked financier from Chicago that absconded with $75,000 from a holding company we had formed. He would have made lots more if he had just followed through on our business (rescuing a manufacturer of audio mixing boards). But we later learned that someone else was threatening him to pay back $75K he had stolen from *him*! It took five years but with the help of the FBI we put that guy in jail. If a business partner does not share your ethics, walk away.
Identify and jump on the next big thing. This has always been easy for me. In school I focused my studies on computer modeling of structures and learning finite element modeling. This helped land me my first job as the first product engineer at Hoover Universal (now Johnson Controls). After 18 months I struck off on my own as Stiennon Analysis. I left the CAD/CAM field when I discovered the Internet in 1993 and launched Rust.net, one of the first Midwestern ISPs. (Now part of Verio). For some reason when you encounter the next big thing you just know it.
Customer funding is the best funding. Of all the ways to launch a business, having customers that are willing to pay upfront is the best. Your customers are the best able to judge the demand for your product or service and they are the best able to collect from you. All you have to do is deliver on your business model. There is no less risky business to launch than one that has paying customers. When I created Virtual Engineering we had our first PO before investing a dollar. By the time we purchased our first SGI workstation and hired our first engineer we were cash flow positive.
Well, I believe that the next big thing is looming over us as obvious as a twelve foot comber on the North Shore of Oahu, ready to crash or propel us forward. It is the new wave of web offerings. The great thing is that this wave is hard to completely define. It is service based software platforms. It is social networking. It is XML. It is search. It is access to information. It is Web 2.0. It is a mash-up of all of these.
Tomorrow, March 1, 2006, I am putting a few of the things I have learned into practice. I am launching a new company. This company, IT-Harvest, will be an independent IT research firm covering the security industry. Along with dozens of tools and services that will be developed, the core of the product offering will be a complete knowledgebase of the IT Security market. Everything about the products, people, and revenue at IT security companies will be harbored in a data base that will be mine-able by subscribers.
If you need answers to questions like: ‘How many firewall vendors are there in Europe?’ And: What is the worldwide revenue in biometrics? Or: Who are the top marketing people at the 50 largest security vendors? Then you will find IT-Harvest to be a very valuable tool.
A complete knowledgebase will allow analysts at IT-Harvest to produce research reports based on knowledge combined with customer experience. To subscribers the underlying data will be completely transparent. Non-subscribers will have access to the reports at no cost.
The Internet has caused quite a few disruptions to the way people learn things, research things, and find things. It is time for the Internet to impact the way market research is produced and delivered.
But wait, there’s more! Starting tomorrow Threatchaos.com is moving to the CNET blog site. The URL will be: http://blogs.zdnet.com/threatchaos It seems so appropriate for this to happen so soon after its one year anniversary and coincident with the launch of IT-Harvest. I was very flattered by the way CNET reacted when they learned of the opportunity to take on Threatchaos; they said YES! rather resoundingly. I look forward to the editorial assistance and collaboration opportunities that come from being associated with an online publishing powerhouse.
According to Reporters Without Borders Yahoo provided information to Chinese authorities that led to the arrest of dissident Li Zhi. Li was sentenced to EIGHT YEARS in prison in 2003.
It sure would be hard sleeping at night knowing that your eagerness to do business in China was leading to the incarceration of people just for expressing their thoughts.