Snyk cofounder on IPO plans: ‘We’ll pick our time wisely’

Snyk — which offers a popular developer security platform in the burgeoning space known as DevSecOps — is assembling all of the necessary components to go public, said cofounder and president Guy Podjarny. The company will be “ready to pull the trigger” on an initial public offering (IPO) at the ideal time, Podjarny told VentureBeat.

A December report from Bloomberg said that Snyk is preparing for an IPO as soon as the middle of this year, and has been in discussions with banks about a listing.

This week, Podjarny declined to say whether a Snyk IPO could happen in 2022 — but made it clear that going public is the trajectory that the company is on.

“We eventually expect that we will be a public company. And we’re building and evolving the company accordingly,” said Podjarny, who was previously the chief technology officer at Akamai from 2012 to 2015, which he left to cofound Snyk in 2015.

In terms of the question of “when precisely we will do it,” he said, “we monitor the market and we keep on growing and improving our systems — so that we’re ready to pull the trigger at the right time.”

The Boston-based firm reports accelerating revenue growth, a marquee customer list, and a valuation of $8.5 billion.

Ultimately, Snyk is positioned as a main player within a fast-growing area of cybersecurity, driven by concerns around vulnerabilities and insecure software supply chains. Research firm MarketsandMarkets forecasts that DevSecOps spending will reach $5.9 billion by 2023, up from $1.5 billion in 2018.

Expanding horizons

The company’s latest move to grow its territory is with the acquisition of Fugue, a move that expands the company’s offerings into the red-hot cloud security market. MarketsandMarkets sees cloud security spending reaching $77.5 billion by 2026, up from $40.8 billion last year.

The acquisition of Fugue aims to make it easier for developers to secure the cloud infrastructure that’s needed to run applications. While Snyk specializes in offering tools for scanning and fixing code, Fugue brings capabilities for detecting misconfigurations in cloud infrastructure, with its solution for cloud security posture management (CSPM).

It’s the fifth acquisition for Snyk in the past 18 months, and comes as the company reports that it had a faster rate of revenue growth in 2021 than in 2020 — a difficult feat as companies grow in size. “And we’re seeing that trend continue into Q1,” Podjarny said.

Major customers of Snyk include Google, AWS, Salesforce, Comcast, CVS Health, Atlassian, MongoDB, and Reddit. The company reports having more than 1,500 customers in total.

Picking the right time

Growing to this size would appear to be paving the way for Snyk, which already sports a valuation on par with many public companies, to join their ranks.

In the interview with VentureBeat, Podjarny said that Snyk is “working to ensure that we are able to go public when the market’s circumstances are correct.”

“We’ll pick our time wisely,” he said.

Snyk has raised a total of $775 million to date, including the $530 million series F funding round in September that brought with it the $8.5 billion valuation.

If it completes its IPO, Snyk would join other companies that are focused on code security including JFrog, which went public in 2020.

Meanwhile, another major company in the space, Sonatype, could go public “as soon as late this year,” CEO Wayne Jackson recently told VentureBeat. The Sonatype IPO is more likely to arrive in 2023, however, Jackson said.

Code security concerns

DevSecOps is an approach meant to improve application security by aligning development, security, and operations. The idea is to enable applications to be secured during the development process itself — and it’s a rising priority for many enterprises, as vulnerabilities such as Log4Shell and growing software supply chain attacks continue to rattle the industry.

CSPM, meanwhile, has become an essential tool for many cloud-focused enterprises — given that misconfigurations are the predominant cause of data breaches in the cloud. According to Gartner, more than 99% of breaches in the cloud are attributable to a misconfiguration or other mistake.

Terms of the acquisition for Fugue weren’t disclosed, but Podjarny said it ranks as one of the biggest acquisitions by a company in the DevSecOps space to date.