SaaS Talk

At LLR Partners, you specialize in security investments. Information security is perhaps more important today than ever before. Where do you see the most compelling opportunities right now, and how has the industry evolved in the last five years?

Security in and of itself hasn’t changed that much in terms of the overall goals of the industry. What’s interesting is that in the last two decades, the offensive and defensive sides of the industry have both matured a lot, and there have been material investments on both sides that continually counteract each other.

The first wave of cybersecurity was largely addressing the security gaps of unprotected emerging IT infrastructure with rudimentary perimeter-based security systems, similar to traditional physical security systems. The second wave, which we saw in the late 2000s, was driven by the rise in awareness of sophisticated attackers. After the world became exponentially connected through the internet, we saw the introduction of the advanced, persistent threat coming from well-funded organizations actively trying to steal money and information from companies and individuals. Today, in the latest phase of security, the awareness of cyber threats has become very strong, with companies now understanding that they need to make investments today to prevent future attacks. Rather than a rise in awareness fueling growth, we are seeing sustained market growth resulting from an informed buyer realizing they need to protect their rapidly changing IT infrastructure.

Over the last few years, particularly in middle market companies and larger enterprises, there have been major digital transformations inside organizations, leading to new IT infrastructure and applications that need protecting. The last six months have accelerated and compressed years-long strategic plans and IT roadmaps to support a now largely remote workforce and, as a result, has rapidly created new security needs to support these new environments. It’s exciting to watch from a security perspective, and we see opportunities there.

I think there’s an opportunity for both. What’s been interesting is that we’ve seen a surge in offensive attacks in the last few months, and cybersecurity providers have responded with new defensive solutions to address this. There is a lot of confusion in the landscape now, with many new devices connecting remotely to cloud networks, with less protection than they would have in a corporate environment. In IT infrastructure, there is the underlying data, the networks on which that data moves, the endpoints connecting to the networks, the apps running on those endpoints and the users interacting with the applications. In this COVID-19 environment, all of those components have changed dramatically, with many requiring a new way to be protected. We’re seeing vendors that are well positioned to track all of this, even outside of corporate networks.

I think at a high level what we’re doing at LLR Partners hasn’t really changed. We’re primarily investing in tech businesses. A lot of those companies are growth-stage businesses that, even before COVID-19, had significant levels of remote workers or had already digitally transformed their operations. We’re used to engaging with people in remote environments. On the investment side, we’re attracted to security, risk management and compliance-driven markets based on a lot of stickiness and tailwinds associated with those, which to date have largely withstood a lot of the pain sustained by the broader market.

The biggest shift for us has been in how we build relationships with prospective management teams. Our firm is very partnership driven. We’re focused on making sure we have a strong relationship with management before investing in a company and making sure we’re going to be supportive of each other in that relationship. A lot of the recalibration has come from the way in which we develop relationships, which has gone virtual. So, we’re still seeing a healthy pipeline of opportunities, but we’ve had to make shifts in how we build and maintain those partnership-based relationships with our management teams.

It’s always hard to look through a crystal ball, especially these days. But we’re still seeing, particularly in cybersecurity, a sustained interest from private equity firms. In recent years, private equity firms have had record levels of fundraising, especially in tech sectors. As those firms look for interesting areas to deploy capital, they will be looking for predictable growth markets that have good levels of downside protection and sustained runways to support their returns. Looking at the broader tech landscape, cybersecurity and risk management fall squarely into that camp.

The last few months have forced many firms to look inward and take care of their employees and customers first, and strategic M&A has likely just not been a focus. It will be interesting to see how that plays out for firms going forward.

We’re thesis-based investors, so we do a lot of analysis based on primary research. Once we identify an interesting market, we build a profile of the “ideal company” in that market and then try to meet companies that align with that vision. Cybersecurity presents those kinds of opportunities really rapidly. In the last few months, we’ve seen continued acceleration in areas that are important in our minds – and we think that’s exciting.

One of those areas is the broader concept of zero trust networking, and within that, secure remote access. COVID-19 has created an immediate opportunity in the secure remote access space, but we believe the long-term zero trust opportunity will be around the reconstruction of traditional identity management capabilities in a continuous monitoring, multicloud, SaaS application model. Companies that can monitor and secure users, applications or devices that are logging in through nontraditional methods, outside of the corporate environment, will be really interesting to us.

Another area of long-term opportunity that we are actively spending time in is the refinement of the internal security organization. The recent surge of both offensive threats and cybersecurity vendors has resulted in a good amount of redundancy and inefficiency within security departments, as companies are just plugging holes with products instead of implementing long-term solutions. Our view is that security vendors that partner with their customers to build a more structured, measurable and efficient security organization will become increasingly relevant in the future.

We trust our management teams. We’re not looking to operate companies; we are looking to support operators of companies and help them build stronger organizations as best we can. Whether the board meeting is in-person or virtual, we ultimately rely on the senior team to provide us with a view into the organization. As a result, a lot of our time is spent with management and senior executives, taking the time to understand them as people, including their experience, expertise, leadership style and how they are able to work with and through people. We look for leaders who can lead strategically, rally teams around a vision and then help execute. That type of leadership tends to attract high-performing teams, and a culture of success flows from there.

We’ve been investing in growth stage businesses for more than 20 years. No two businesses or markets are the same, but we have experience working through similar growing pains across many businesses of a similar scale. As investors, we couple those growth strategies with domain expertise in core end markets that help us leverage not only best practices, but also industry networks to help support growth, whether it’s on the product side, at the board level or for go-to-market expertise. For example, with cybersecurity in particular, we have relationships with operators in the space, security buyers that are responsible for procuring technology from cyber vendors and other stakeholders in the industry that we can bring to our portfolio companies as resources. We do this in-house, as well, and have built out internal capabilities to help with all core business functions. For example, we have former sales and marketing leaders on staff who advise our companies on best go-to-market practices, or in-house executive recruiters to attract talent into our companies. At LLR Partners, we invest a lot in the resources we provide to our portfolio companies.

Our approach to relationships supports this, as well. Our industry gets painted with a broad brush. A lot of investors have a specific way they want their portfolio companies to operate, but our approach is supportive, not directive. We want to partner with our management teams, not override them.

That’s right. We think about growth differently than early stage venture capital and later stage private equity. We’re very focused on driving growth in all our businesses, and because we have a wider aperture on the transactions we’re supporting, we’re thinking about achieving and structuring that growth through different means. Working with folks like Golub Capital is a by-product of that focus. Partnering with Golub Capital makes us a more fulsome partner for our companies, making us a lot less rigid as a result.

Networking and warm introductions are always helpful, but even more than that, founders should understand their goals for the next phase of growth and develop relationships with a small handful of like-minded investors that are aligned with those goals. Are they looking for another round of funding? A liquidity event? Talking to investors can be a full-time job, but as a CEO I think it’s important to focus on developing relationships with investors who are well-suited to where the firm is now and where they want to go long-term. At LLR Partners we maintain relationships with companies that are maybe not ready for an investment from us yet, but we think will be interesting to us in the future. Maintaining that long-term relationship lets us get to know a management team and company culture over time, de-risks the investment process and makes for better outcomes for everyone in the long run.