Technology innovation, global expansion, responsible vulnerability disclosures, special shoutouts from clients. Plus, personal accomplishments like job promotions, buying your first home, welcoming a new life into the world, traveling to new places, the list goes on. 

All of this and more was the focal point of our 2023 NetSPI Employee Kickoff event. We brought nearly 500 of our offensive security experts together to Minneapolis to connect face-to-face, celebrate our accomplishments, and align the entire organization on our vision for the future. This year’s theme was “A World of Opportunities” which explored the opportunities we can uncover to make a real impact as the global leader in pentesting, attack surface management, breach and attack simulation – and beyond! 

The claim “global leader in offensive security” is a bold one to make. The proof is in our impressive growth year-over-year, the skillset of our team, the comprehensiveness of our solutions, and our client’s desire to choose us over our competition. 

The kickoff event presented a unique opportunity to reflect on what exactly got us to this point. Certainly, a lot of hard work and grit from the team, but these four core narratives were made evident throughout the course of the day. 

Collaboration and diverse thought 

“Individual commitment to a group effort – that is what makes a team work, a company work, a society work, a civilization work.”

^{Vince Lombardi}

This quote articulates the importance of collaboration and the main reason we brought everyone together in one room (plus, I couldn’t let the day go by without at least one Green Bay Packers reference). Building relationships with one another and feeding that culture of collaboration was at the core of our 2023 kickoff. 

What we’ve built is special because of our people. But talented individuals alone are not enough. While it’s often an overused marketing term, collaboration is, and will always be, a core value of NetSPI. We pride ourselves on our ability to collaborate across boundaries and teams to uncover new offensive security solutions and solve seemingly impossible cybersecurity challenges.  

There is immense power in the diversity of thought that brings unique ideas and approaches to challenge the status quo. It was incredible to see members of the team spending time with people outside of their social circle or department, people with backgrounds and perspectives different to theirs. This is where the magic happens. 

Unwavering dedication to our clients 

Events like this are a great platform to reinforce the why behind everything we do. In our case the why is our clients, some of the world’s most prominent organizations. We are maniacally focused on customer delight, ensuring that everything we do brings value to programs and is not creating more work for security teams.  

At the end of the day, we are providing offensive security testing solutions so that businesses can innovate with confidence. 

Our keynote speaker, Brittany Hodak, spoke about how to create superfans, leaving us with the acronym SUPER (Start with your story, Understand your customer’s story, Personalize, Exceed expectations, Repeat). Her session was preceded by a panel of six NetSPI superfans, or soon to be. 

NetSPI Chief Revenue Officer Alex Jones moderated the panel, which centered around the key pain points cybersecurity leaders face today. Interacting with and speaking to customers to understand the challenges they are dealing with is invaluable, and something we make a conscious effort to do day in and day out. Key takeaways? 

• Cyber is not the #1 risk for businesses, it is just one of the risks. 
• Perimeter security is paramount. Understanding what is on your perimeter should be a priority. 
• Those who follow foundational security best practices are going to succeed. Get the basics done right. 
• Generative AI (e.g. ChatGPT) is a real concern for security leaders. Many are evaluating the risk and building policies. 
• Security now has a seat at the table! The role of the CISO is becoming less technical and more strategic. 
• Media headlines around breaches and other security incidents are helping cyber leaders get executive buy-in. 

NetSPI delivers real solutions to these mission critical challenges. We are a key player in the arms race against a sophisticated and well-funded adversary. Offensive security must be scaled and adopted globally, or our clients will fall short.  

This year, we made a strategic investment in a product leader, Vinay Anand, to help us rise to this challenge and create a strong technology platform that is scalable, continuous, easy to use, and leverages intelligent automation. Aligning on this vision as an organization was one of my top highlights of the day. I don’t want to give too much away, but a unified offensive security platform is on its way.  

Maintaining the NetSPI culture and staying true to our Purpose 

Innovation dies without a strong culture. While there may be amazing ideas brought to bear, they won’t flourish without a culture of collaboration, respect, motivation, and challenging our peers. Our culture is the foundation of our success.  

We spend a massive amount of our lives at work, so it’s truly meaningful when we say on top of all this, we’re having fun! We’re disciplined; we’re focused; we’re competitive. But at the end of the day, we enjoy each other’s company and the strong culture we’ve built together. 

Our clients feel this in their interactions with us. They tell us this regularly and it’s one of the many reasons they continue to work with us. They feel supported by a team that takes their offensive security goals as seriously as they do. Our culture at NetSPI is the formula for creating superfans that help us unlock opportunities.  

Someone who emulates the NetSPI culture is our very own Eric Gruber who was the recipient of the NetSPI Founders Award at this year’s kickoff event.  

Another component of our culture is our passion for giving back, whether that’s by way of security community involvement, donating our time to help others, or financially with our philanthropic partner, the Masonic Children’s Hospital.  

Last year, we raised $250,000 for Jersey, the newest facility dog at the University of Minnesota Masonic Institute for the Developing Brain. Jersey made her debut at the kickoff, and we heard first-hand how she is making an impact supporting the emotional and social needs of patients.

Making an impact, globally 

In attendance were teams from across the US, UK, and Canada – then we took the show on the road to Pune, India where our team of 60+ came prepared with unbelievable energy. 

Most organizations have global aspirations, so who are we to think our global aspirations are so unique? Well when you have something so special, you want others to experience it. In a very short time, we’ve ramped up top-notch teams in Canada and the UK and continue to build our Pune team. There’s no doubt in my mind that we have the top offensive security teams in those regions today. There are many large multinational clients who need NetSPI to have global operations, and many regions where we can advance and accelerate their testing programs. 

Circling back to a point made earlier, innovation thrives in diversity of thought. Learning new cultures and ways of doing business is a once in a lifetime experience for our team and an opportunity to bring increasingly diverse viewpoints and approaches to support our clients.

I mentioned this in the written recap of last year’s kickoff, but it’s worth reiterating: To other business leaders considering an all-employee in-person event, I couldn’t recommend it more. There’s no replacement for human connection. 

We are at an inflection point as an organization and we cannot become complacent. We continue to find ways to ensure we attract top talent, refine our processes, and stay agile while driving innovation. 

I am both honored and privileged to be a part of the global leader in offensive security. Keep an eye on this team. You won’t want to miss the world of opportunities we uncover next. I’ll leave you with this recap video to keep the energy high until next year – cheers!

The post Celebrating a World of Opportunities with a World-Class Offensive Security Team  appeared first on NetSPI.

+++

NetSPI has acquired nVisium to enhance its offensive security solutions and address heightened demand for human-delivered penetration testing, the companies announced in a prepared statement. Financial terms of the deal were not disclosed.

This is technology M&A deal number 12 that MSSP Alert and sister site ChannelE2E have covered so far in 2023.

• See more than 2,000 technology M&A deals listed here.
• See all MSSP M&A deals listed here.

A Closer Look at NetSPI and nVisium

NetSPI, which specializes in enterprise penetration testing and attack surface management, is based in Minneapolis, Minnesota and has 418 employees listed on LinkedIn.

nVisium, a Falls Church, Virginia-based company focused on security testing, has 33 employees listed on LinkedIn.

With the acquisition, NetSPI now has more 450 offensive security experts globally who can support and scale to meet the needs of current and future clients. As NetSPI CEO Aaron Shilts explained:

“Our decision to acquire nVisium comes down to one core factor: acquiring amazing talent. We’re bringing two brilliant, culturally-aligned and complementary offensive security teams together who are committed to delivering the highest standard of penetration testing on the market today. I’m excited to see what nVisium and NetSPI can accomplish together.”

You can read the full article at MSSP Alert!

The post MSSP Alert: Security Testing Merger: NetSPI Acquires nVisium appeared first on NetSPI.

+++

The Minneapolis-based attack surface management vendor says Washington, D.C.-area nVisium’s deep understanding of the niceties of different cloud platforms will come in handy since Azure penetration testing differs from AWS pen testing, says CEO Aaron Shilts. Hacking – with permission – into cloud-based apps requires different skill sets than testing the security of traditional web applications or networks.

The terms of the acquisition, which closed Dec. 22 and was announced Jan. 3, aren’t being disclosed. All 50 of nVisium’s employees will join NetSPI, including founder and CEO Jack Mannino, who will focus on R&D and building next-generation technologies for clients and testers as part of the NetSPI labs organization (see: Pen Test Firm NetSPI Gets $410M Boost From KKR to Fuel M&A).

Why Customers Need Cloud Pen Testing

An ongoing mass migration to cloud environments from on-premises data is driving demand for cloud penetration testing, according to Shilts. He says NetSPI is already one of the leaders in the cloud pen testing space but will benefit from nVisium’s capabilities. The Washington firm excels at working with businesses with mature security programs in highly regulated industries such as energy and financial services, Shilts says. Financial services has long been one of NetSPI’s largest markets, but the CEO says little overlap exists between the NetSPI and nVisium clients’ bases.

Shilts plans to fully integrate nVisium into the NetSPI organization by Feb. 1, with a focus on training, onboarding and familiarizing nVisium’s staff with NetSPI’s platform and programs. According to Shilts, nVisium customers should be able to more easily meet developer and testing timelines thanks to the size of the NetSPI organization.

NetSPI’s automation tools focus primarily on the tester experience, report automation and report generation, and Shilts says these tools will be integrated and brought into NetSPI’s mainline code base. NetSPI today has both employee-facing automation tools similar to what nVisium offers as well as client-facing automation tools that are unlike anything nVisium provides today.

The nVisium deal comes just three months after NetSPI received a $410 million growth investment from private equity giant KKR to pursue acquisitions and expand its technological and geographic footprint – money that helped move the nVisium acquisition across the finish line.

You can read the full article at InfoRisk Today!

The post InfoRisk Today: NetSPI Doubles Down on Pen Testing With nVisium Acquisition appeared first on NetSPI.

Why nVisium/NetSPI?

Aaron Shilts: The nVisium team brings an impressive track record in cloud and application pentesting, and we’re incredibly excited to welcome them to NetSPI. Coming together, we will unlock great potential in meeting the increasing demand for quality pentesting solutions and reinforce our commitment to growth and innovation. It took months of research, discussions, and interactions to come to this decision, but one thing is for sure, we were always convinced the nVisium team will be the perfect complement to our DNA and culture we’ve built at NetSPI.

Jack Mannino: We’ve competed with NetSPI in the past, and I’ve always respected what Aaron and his team have built. Agreeing to an acquisition is not a small decision, but as soon as we started talking with the NetSPI team, it was clear that both organizations were extremely aligned from a culture, delivery, and people perspective. They care deeply about their people and maintaining a culture of collaboration, plus, we have the same high standards for security testing as they do. With this acquisition, nVisium employees and clients will be presented with a wide array of new opportunities. I’m eager to see what we can accomplish together.

How will this acquisition impact mutual clients and the greater security community?

Aaron: This news follows our recent announcement of KKR’s investment in NetSPI’s future and its promise to continue to bring positive impact to the security community. By joining forces with nVisium, we can move faster, offer clients access to an incredibly talented team of offensive security professionals, and double down on our promise for innovative, platform driven, and human delivered offensive security solutions.

Jack: By joining forces with NetSPI, nVisium has a massive opportunity to expand the breadth and depth of solutions we deliver, improve the client experience, and introduce new growth opportunities to our employees. We have built strong enterprise relationships and we are eager to support them in new ways and, at the same time, build on our capabilities within cloud and application security testing.

Notably, NetSPI’s penetration testing as a service (PTaaS) delivery model has made an incredible impact on its clients, enabling them to test continuously, digest results in a dynamic way, improve vulnerability management efforts, and increase manual testing and triaging. nVisium and NetSPI together will amplify the PTaaS model and allow us to increase our capacity to help more organizations.

What’s next for the combined companies?

Aaron: This acquisition is proof that we are committed to staying true to our mission, disrupting the penetration testing industry by attracting and retaining top talent, and setting the highest standards in the penetration testing market. Over the next few months, we will be focused on integrating the nVisium team to help deliver high-caliber pentesting solutions to more enterprises, globally.

Over the next year, you will see an emphasis on NetSPI’s R&D, particularly with our cloud, IoT, and blockchain solutions. We’ve recently formed an official NetSPI Labs team, who will lead the development and expansion of new offensive security solutions and tools.

Jack: The industry can expect continued growth, innovation, and quality pentesting from NetSPI and nVisium – with no signs of slowing. The power of our combined teams will certainly be a force to be reckoned with.

The post NetSPI Acquires nVisium – Q&A with the CEOs appeared first on NetSPI.

+++

NetSPI, a top penetration testing and vulnerability management company, recently announced a $410 million funding round, a huge amount in a year in which $100+ million rounds have become a rarity. The investor was KKR, one of the world’s largest alternative asset firms.

KKR previously invested $90 million in NetSPI in May 2021, so NetSPI has demonstrated considerable traction since then.

That the funding round occurred in a difficult environment makes it all the more impressive. According to data from Crunchbase, the total amount of investments in cybersecurity startups came to $2.6 billion in the third quarter. This was the lowest since the same period in 2020.

The number of deals for this year’s Q3 was only 124. This is a level not seen since 2014.

Filling the Cybersecurity Talent Gap

Of course, the drop-off has been widespread across the tech sector. With a bear market, high inflation, rising interest rates, and concerns of a recession, investors are certainly getting more conservative – and generally focusing on top-notch deals.

As for NetSPI, it fits into this sweet spot. Founded over 20 years ago, the company’s vision is “technology powered, human delivered.” This involves sophisticated penetration testing for some of the world’s largest financial institutions, cloud operators, and healthcare organizations.

For the past five years, revenues have spiked by 5X. Organic growth was 50% in 2021 and 61% thus far in 2022.

“We combine human ingenuity from our 400 global offensive security professionals with our innovative technology platforms – a unique combination that ensures quality, consistency, transparency, accountability, and efficiency across all NetSPI assessments,” said Aaron Shilts, CEO, NetSPI.

A key focus is on hiring top talent in ethical hacking and adversary simulation and leveraging NetSPI’s three technology platforms, which include Resolve, ASM, and AttackSim.

“Additionally, the scarcity of talent is still one of the biggest issues in the cybersecurity industry,” said Shilts. “Investors are aware of this and have become acutely focused on acquiring organizations with a concentration on hiring the best talent globally and who offer programs to fill the talent gap.”

NetSPI plans to use the capital for investing in R&D, hiring, and global expansion. Part of the money will also be to recapitalize the equity investment of an early investor, Sunstone Partners.

You can read the full article at eSecurity Planet!

The post eSecurity Planet: NetSPI Lands $410 Million in Funding – And Other Notable Cybersecurity Deals appeared first on NetSPI.

+ + +

Private equity powerhouse KKR obviously likes what it’s seen since it first invested in cybersecurity firm NetSPI last year.

The New York-based KKR, which led a $90 million funding round for NetSPI in 2021, is now investing an additional $410 million in the penetration testing and attack surface management firm, NetSPI said on Wednesday.

The massive growth investment will be used to support NetSPI’s product development, talent hirings, possible company acquisitions and aggressive expansion of the firm’s channel program, said NetSPI chief executive Aaron Shilts.

Much of the money will also be used to effectively buy out previous majority owner Sunstone Partners, Shilts told CRN.

As for the channel, Shilts said less than 10 percent of the private company’s current revenues come from the channel. But NetSPI, which recently hired a new channel chief and launched a new partner program in August, is determined to boost its sales via various players within the channel, he said.

“It was the right time for us to double down on channel investment,” said Shilts, whose company was founded in 2001 but only received its first outside investment in 2017, led by Sunstone Partners.

Shilts said the firm decided to wait a bit after its first equity investment five years ago before moving from mostly direct sales to channel sales.

“We wanted to ensure that we had the maturity and the growth,” he said. “I think the worst thing that we could do is not have that [initial sales] mastery in place. It was just a matter of maturing over several years before we were ready.”

You can read the full article at CRN!

The post CRN: KKR Invests Another $410M In Fast-Growing Security Firm NetSPI appeared first on NetSPI.

+ + +

In an era of cloud computing and off-site third-party services, traditional network-based security approaches simply aren’t effective. With research showing that large organizations maintain an average of 600 software-as-a-service (SaaS) applications, the modern attack surface is too vast to manage without a purpose-built attack surface management solution.

Attack surface management solutions provide a tool to automatically discover public-facing assets located outside the perimeter network, and identify vulnerabilities in shadow IT assets and misconfigured systems that hackers can exploit.  

As the need to secure cloud environments increases, these solutions are beginning to pick up more interest, with penetration testing and attack surface management vendor NetSPI today announcing that it has received $410 million in growth funding from global investment firm KKR.

The new funding demonstrates that vulnerability management is giving way to the broader, automated and decentralized approach of mitigating exploits across the entire attack surface. 

NetSPI’s answer to cloud vulnerability sprawl 

The writing on the wall is that enterprises need an approach to managing vulnerabilities that can scale to address exploits across the entire attack surface. For NetSPI, that comes down to offensive security. 

“As we look forward to this next chapter, NetSPI will continue to challenge the status quo in offensive security,” said Aaron Shilts, CEO of NetSPI. “With KKR’s support, we are well positioned to amplify our success building the best teams, developing new technologies, and delivering excellence, so that the world’s most prominent organizations can innovate with confidence.”

In effect, NetSPI provides enterprises with a solution to scan for assets in real-time, 24/7/365, using Open Source Intelligence (OSINT) and other methods. 

You can read the full article at VentureBeat!

The post VentureBeat: Need for secure cloud environments continues to grow, as NetSPI raises $410M appeared first on NetSPI.

+++

Minneapolis-based cybersecurity firm NetSPI has pulled off one of the largest raises in Minnesota this year.

On Wednesday, the company announced that it has secured $410 million from New York City-based investment firm KKR & Co. Inc. In a news release, NetSPI said it will use the funds for “continued technology innovation, talent acquisition, and global expansion.” The company currently employs 400 security professionals and plans to add about 200 more employees over the next year, said NetSPI president and CEO Aaron Shilts in an email. He described the deal as a “growth investment.”

“This is KKR’s second investment in the company, bringing the private equity firm’s total commitment to $500 million,” Shilts said. “KKR is doubling down on NetSPI during a time of high growth activity for the company.”

You can read the full article at Twin Cities Business!

The post Twin Cities Business: Minneapolis Cybersecurity Firm NetSPI Raises $410M appeared first on NetSPI.

+ + +

A New York investment firm is injecting $410 million in fresh capital into Minneapolis cybersecurity firm NetSPI to fuel the company’s global expansion, a move that reinforces investor confidence in the company’s rising profitability.

The investment from KKR is nearly five times the amount NetSPI raised last May, when it piled up $90 million in growth funding from investors, including KKR, the firm’s first investment in the cyber company. It also is one of the largest this year in Minnesota.

NetSPI will use the money for hiring and further development of its technology, according to a release from KKR. In addition to personnel in Canada, NetSPI is expanding its footprint in Europe, the Middle East, Africa and India.

NetSPI, based in Minneapolis’ North Loop with more than 400 security professionals on payroll, develops offensive security tools that other companies use to test their cyber defense systems against various threats to uncover gaps and reduce security breaches. The list of clients includes financial institutions, cloud providers and health care organizations.

“We’re both grateful and proud of the industry disruption we drove during our partnership with Sunstone Partners,” said Aaron Shilts, CEO at NetSPI. “With KKR’s support, we are well-positioned to amplify our success.”

The company secured its first outside investment in 2017 from Sunstone Partners, an investment firm based in San Mateo, Calif. NetSPI officials did not share the company’s value following the recent funding round, which puts it its total of outside growth capital at or above $500 million since its founding in 2001.

Following the company’s $90 million raise in 2021, Shilts told the Star Tribune he anticipated the company would finish the year with about $50 million in 2021 sales. So far in 2022, the company has experienced a 61% increase in revenue, year over year.

The funding round by NetSPI is one of the largest by an investor-backed, Minnesota private company this year.

“We are excited to double down on our investment in NetSPI to help build a differentiated leader in offensive cybersecurity,” Jake Heller, partner and head of KKR’s technology growth team in the Americas, said in a statement. “We have been very impressed by the performance of the company and the exceptional execution by Aaron and his team over the past 18 months. We believe this is just the beginning of what we can accomplish together.”

You can read the article at Star Tribune!

The post Star Tribune: Minneapolis cybersecurity firm NetSPI raises $410M to expand globally appeared first on NetSPI.

+ + +

Although venture funding in cybersecurity has taken a slight dip this year—as it has in most sectors—that does not mean large growth rounds do not exist.

Minneapolis-based cybersecurity company NetSPI locked up a $410 million growth investment from private equity giant KKR. The company provides enterprise penetration testing and attack surface management by simulating cyber attacks for large enterprises and helping businesses defend against them.

KKR initially invested $90 million into NetSPI in May 2021. This new round of funding will recapitalize Sunstone Partners’ stake in the company and allow the firm to exit.

“As we look forward to this next chapter, NetSPI will continue to challenge the status quo in offensive security,” said CEO Aaron Shilts in a release. “With KKR’s support, we are well positioned to amplify our success building the best teams, developing new technologies, and delivering excellence, so that the world’s most prominent organizations can innovate with confidence.”

Founded in 2001, NetSPI has now raised $500 million. It has grown its revenue fivefold and is seeing 61% revenue growth in 2022 to date, according to the company.

Cyber funding

Funding to VC-backed cybersecurity startups is not on pace to hit last year’s high of more than $23 billion, as it was at about $10.3 billion through the first six months of the year, according to Crunchbase data.

That is not surprising considering venture capital as a whole has seen a slowdown. However, it is worth noting cyber startups saw more funding in the first half of the year than in all of 2020, which saw $8.9 billion invested in the industry.

The NetSPI deal also shows KKR’s continued interest in cybersecurity. In May, the firm led a $200 million Series C for Hoboken, New Jersey-based Semperis, an enterprise identity protection provider.

You can read the article at Crunchbase!

The post Crunchbase: KKR Invests $410M In Cyber Firm NetSPI appeared first on NetSPI.