San Francisco-based startup Cobalt has raised $29 million to speed up penetrating testing, or pentest, through a digital platform that connects ethical hackers with prospective clients to assess the strength of their software’s security.
Cobalt’s Series B round was led by Highland Europe.
Pen test is growing at 21.8% a year, and could be worth $4.5 billion by 2025, per Markets and Markets data. The coronavirus pandemic has only increased the importance of cybersecurity as more businesses move online, Cobalt’s CEO Jacob Hansen told Business Insider.
Cobalt was founded in 2013 by four Danish cofounders – Jacob Hansen, Esben Friis-Jensen, Jakob Storm and Christian Hansen.
Despite the growing size of the penetration testing market, the vast majority of spend currently goes to traditional consultancies — a slow, expensive process that frustrates both testers and customers, and that hasn’t seen innovation in over a decade, according to Hansen.
“Cybersecurity that has been performing well as an industry,” Hansen said.
The company fully closed its funding round in early August after a lengthy process which saw Cobalt begin fundraising in late January before the coronavirus hit and curtailed their plans.
“One by one the funds stopped making investments,” Hansen added. “They called me up and said, ‘We are stopping investments, we want to do this but can’t now.'”
The company hunkered down and went fully remote on the expectation that funding couldn’t be secured during this period. Despite some initial concerns, Hansen said that the company had no layoffs, no burn, and that it posted higher revenues in the first half of 2020. “As a company we are quite Covid-resistant,” he said.
Coping with capital scarcity and increased efficiency ended up being a net positive for Cobalt, according to Hansen.
“From an investor’s perspective, funding questions previously used to be all about growth at all costs but now it’s all about capital-efficient growth,” he said.
“Questions about how are business can work in this new environment are to our advantage because we’ve proved to be successful.”
Cobalt isn’t planning a spending splurge with its new capital but has identified three key areas which it wants to solve in the traditional pen testing model.
Namely that: Skills are mostly available locally, which is unhelpful in a global environment; secondly, that the usual consultancy structure makes getting set up a slow process; and finally that the output of a pentest is typically a static PDF, making it hard for data to make its way to developers in a form that allows them to patch vulnerabilities.
Not patching vulnerabilities can cause serious issues down the line — such as the 2017 Equifax data breach. Hansen said getting rid of PDFs which are “not developer friendly” is the company’s next step.
Previous investors in Cobalt include ByFounders, Elab Ventures, DG Incubation, Plug and Play Ventures and Tim Draper with Draper Associates, with this Series B round bringing its total funding level to $37 million.
Check out Cobalt’s (redacted) pitch deck below: