The promise of SaaS has always been about taking tedious, expensive manual tasks and finding a way to build a platform to automate them. Cobalt.io is doing that with pentesting, the process of testing an application for security vulnerabilities before it goes out the door. Today, the startup announced a $29 million Series B led by Highland Europe.
The company’s platform provides a way to move beyond traditional pentesting consultancies to connect pentesting professionals with companies who need their services. Beyond being a pure employment connection platform, the reports those pros generate, and the issues that need to be fixed get incorporated into the tools developers are using like Jira to help resolve them in the their existing workflow.
Cobalt CEO Jacob Hansen says the company began fundraising at the beginning of the year, just as the pandemic was beginning to take hold in Europe. He saw a lot of those discussions wither as some firms simply stopped investing, but he eventually hooked up with Highland Europe after a strong Q1 and Q2 where the company actually became cash flow positive, an unusual achievement for a startup at this stage.
The company also has 600 customers on the platform and Hansen projects it will be up to 900 by the end of the year. These customers buy a certain number of pentest credits on a subscription basis, based on the number of programs they need to test and the cadence of their testing. So as an example, a company with 4 applications might buy 8 credits to test twice a year.
Hansen says that the company’s retention numbers are comparable with other SaaS businesses. “If you’re a mid-enterprise or enterprise customer we’re at around 120% net dollar retention. And if it’s an SMB below a couple hundred employees, then we’re just below 100%,” he said. He pointed out that small businesses have been particularly hard hit by the pandemic, which probably has had an impact on that number.
The company started the year with 100 employees. Today, it has 105, choosing to keep it lean until it saw how COVID would affect the business, but the plan is to accelerate now with the new capital moving to 150 this year and 200 by next year.
When it comes to building a diverse workforce, Hansen says Chief Strategy Officer Caroline Wong is in charge of the company’s diversity efforts. He admits there is no formula for success, but you obviously know when your company isn’t diverse.
“It’s difficult to measure what success is, other than you don’t want everybody to be the same, but one thing that I’ve tried to do is to build a leadership team with people who have a lot of different perspectives,” he said. The other thing he says, is he tries to make decisions with the understanding of his own privilege through his upbringing in Denmark.
As the company grows, he wants to put more resources into engineering with the goal of making the process of signing up, getting a subscription and using the service to be even simpler. Hansen also hopes to build many more integrations into the platform with the broader applications security ecosystem.
The company was founded in 2013 and has raised $37 million with today’s investment, according to Crunchbase data. As part of the terms of this deal, Highland’s Gajan Rajanathan will be joining the board.