It’s been a little over a year since Carbon Black debuted on the Nasdaq stock exchange, raising $152 million selling its shares to the public for the first time.
The Waltham, MA-based cybersecurity company’s stock price (NASDAQ: [[ticker:CBLK]]) has bounced around since its initial pricing at $19 a share and closing its first day of trading near $24 a share. The stock slid to about $12 a share in late December amid a broad market rout, and since has inched back up to the neighborhood of $18 a share.
That daily-fluctuating value metric for the company has proved to be a management issue for the newly public company. Employees, many of whom calculate portions of their regular compensation in stock, can attach significant, if perhaps outsized, importance to the rise and fall of Carbon Black’s share price, chief executive Patrick Morley tells Xconomy.
“I tell people not to focus on the IPO, but it’s hard to ignore,” says Morley, the company’s CEO since 2007 and previously occupying the corner office at digital access firm Imprivata in Lexington, MA.
Morley says the price per share is somewhat based on how Carbon Black’s business is doing, but the dollar figure is also impacted by what President Donald Trump says about China, what other cybersecurity companies are doing, and a thousand other factors. It also doesn’t help that Carbon Black has yet to turn a profit, but more on that later.
“You have to be cautious not to equate value with the stock price,” Morley argues.
For the ticker-watchers out there, however, Carbon Black’s stock price increased 3 percent Monday, amid a large market sell-off that saw the Dow Jones Industrial Average and the S&P 500 each sink nearly 2.5 percent. At its current share price, the company is worth $1.3 billion.
Carbon Black was founded in 2002 as Bit9 by offensive hackers from the US National Security Agency and Central Intelligence Agency, Morley says. (It took the name Carbon Black in 2016 after it acquired a Texas company by that name in 2014.) Carbon Black raised $191 million prior to going public from investors including Accomplice, Highland Capital Partners, Kleiner Perkins, .406 Ventures, and Sequoia Capital.
The company competes in a heated cybersecurity sector alongside McAfee, Symantec (NASDAQ: [[ticker:SYMC]]), Palo Alto Networks (NYSE: [[ticker:PANW]]), FireEye (NASDAQ: [[ticker:FEYE]]), Cisco Systems (NASDAQ: [[ticker:CSCO]]), CrowdStrike, and Cylance. Carbon Black had 1,138 employees at the end of 2018, up from its 932 employees at the end of 2017. Most of them work at the company’s headquarters in Waltham, but the company also runs US offices in Boston; Boulder, CO; Hillsboro, OR; and San Antonio, TX; as well as international outposts in Australia, England, Japan, and Singapore.
Carbon Black’s business plan is rooted in several trends, Morley says.
One, enterprises are packing up and moving data storage and computing power from servers sitting in their offices to remotely located “cloud” servers and computing centers. Two, businesses are increasingly letting employees work far from the confines of a corporate firewall. And three, hackers are shifting from using malware to co-opting a device’s core utilities to execute an attack, acting more like a cancer than a virus in that respect.
Carbon Black’s cybersecurity tools work by recording everything that’s going on with a device on a network. That activity data is uploaded to the company’s cloud servers to determine what’s normal activity and what’s not. Then, taking all the data and activity—normal and not—from across the thousands of companies, Carbon Black’s algorithms develop up-to-date profiles of how adversaries are trying to penetrate computers and other devices.
“The ability to use machine learning fundamentally changes the equation for the defender,” he says. “The more data we can get to help those models learn, the more successful it will be.”
Carbon Black released its first-quarter sales numbers earlier this month, showing a steady increase in sales. That revenue increase was outweighed by higher spending on sales, marketing, and research. All that resulted in a $20.3 million loss from operations and a $19.7 million net loss. Much of the research spending went into the company’s push to be a cloud-first security platform rather than running off of—and limited to—its customers’ on-premise servers, Morley says.
Morley says he’s told investors that they’ll have to wait until the last quarter of 2020 to see the red ink subside.
“In our arena, the big thing is you want a path to profitability,” he says. “But you really want a path to growth, and you have to balance them all the time.”