POS AMP1YP1YP1YP1Y0.11trueP1Y0001777946 0001777946 2021-02-01 2022-01-31 0001777946 2022-01-31 0001777946 2021-01-31 0001777946 2020-02-01 2021-01-31 0001777946 2021-08-26 2021-08-26 0001777946 2021-08-31 2021-08-31 0001777946 2021-06-21 0001777946 2018-12-29 0001777946 2018-12-29 2018-12-29 0001777946 2020-01-31 2020-01-31 0001777946 2021-02-01 2021-02-01 0001777946 2020-01-31 0001777946 us-gaap:SoftwareDevelopmentMember 2021-01-31 0001777946 us-gaap:ComputerEquipmentMember 2021-01-31 0001777946 us-gaap:LeaseholdImprovementsMember 2021-01-31 0001777946 us-gaap:FurnitureAndFixturesMember 2021-01-31 0001777946 us-gaap:FairValueMeasurementsRecurringMember us-gaap:FairValueInputsLevel1Member 2021-01-31 0001777946 us-gaap:FairValueMeasurementsRecurringMember 2021-01-31 0001777946 irnt:PublicWarrantsMember 2021-01-31 0001777946 irnt:PrivateWarrantsMember 2021-01-31 0001777946 irnt:EmployeesMember 2021-01-31 0001777946 us-gaap:CommonClassAMember 2021-01-31 0001777946 irnt:CommonStockBMember irnt:SoftwareSubscriptionAndSupportRevenueFromRelatedPartiesMember 2021-01-31 0001777946 us-gaap:DomesticCountryMember 2021-01-31 0001777946 us-gaap:StateAndLocalJurisdictionMember 2021-01-31 0001777946 irnt:SoftwareSubscriptionAndSupportRevenueFromRelatedPartiesMember srt:MaximumMember 2021-01-31 0001777946 irnt:CaresActMember irnt:PaybackProtectionProgramLoanMember 2021-01-31 0001777946 irnt:PaybackProtectionProgramLoanMember irnt:CaresActMember 2021-01-31 0001777946 2023-02-01 2022-01-31 0001777946 2024-02-01 2022-01-31 0001777946 2025-02-01 2022-01-31 0001777946 2026-02-01 2022-01-31 0001777946 irnt:IronnetClassACommonStocksMember 2022-01-31 0001777946 irnt:IssuanceOfCommonStockMember 2022-01-31 0001777946 irnt:LglClassACommonStocksMember 2022-01-31 0001777946 irnt:LGLSystemsAcquisitionCorpMember us-gaap:CommonClassAMember 2022-01-31 0001777946 irnt:LglFoundersSharesMember 2022-01-31 0001777946 irnt:PipeSharesMember 2022-01-31 0001777946 irnt:LGLSystemsAcquisitionCorpMember 2022-01-31 0001777946 irnt:EarnoutSharesMember 2022-01-31 0001777946 irnt:PrivateWarrantsExercisedMember 2022-01-31 0001777946 irnt:PublicWarrantsExercisedMember 2022-01-31 0001777946 irnt:ExerciseOfIsosMember 2022-01-31 0001777946 us-gaap:CommonStockMember 2022-01-31 0001777946 irnt:PaymentsOnSubscriptionNotesReceivableMember 2022-01-31 0001777946 irnt:SharesRepurchaseRelatedToLoanPayOffMember 2022-01-31 0001777946 irnt:RedemptionOfLglClassAMember 2022-01-31 0001777946 us-gaap:ComputerEquipmentMember 2022-01-31 0001777946 us-gaap:LeaseholdImprovementsMember 2022-01-31 0001777946 us-gaap:FurnitureAndFixturesMember 2022-01-31 0001777946 us-gaap:SoftwareDevelopmentMember 2022-01-31 0001777946 us-gaap:FairValueMeasurementsRecurringMember us-gaap:FairValueInputsLevel1Member 2022-01-31 0001777946 us-gaap:FairValueMeasurementsRecurringMember 2022-01-31 0001777946 irnt:FactoringAgreementMember 2022-01-31 0001777946 irnt:TwoThousandTwentyOneEquityIncentivePlanMember 2022-01-31 0001777946 irnt:PrivateWarrantsMember 2022-01-31 0001777946 us-gaap:FairValueMeasurementsRecurringMember us-gaap:FairValueInputsLevel2Member 2022-01-31 0001777946 irnt:StockIncentivePlanMember us-gaap:CommonClassAMember 2022-01-31 0001777946 irnt:PaybackProtectionProgramLoanMember irnt:CaresActMember 2022-01-31 0001777946 us-gaap:OtherCurrentAssetsMember 2022-01-31 0001777946 us-gaap:OtherNoncurrentAssetsMember 2022-01-31 0001777946 us-gaap:CommonClassAMember 2022-01-31 0001777946 irnt:CaresActMember irnt:ImpactOfPppLoanUnderCaresActMember irnt:DueOnDecemberThirtyOneTwoThousandTwentyOneMember 2022-01-31 0001777946 irnt:CaresActMember irnt:OtherCurrentAndLongTermLiabilitiesMember irnt:ImpactOfPppLoanUnderCaresActMember 2022-01-31 0001777946 us-gaap:DomesticCountryMember 2022-01-31 0001777946 us-gaap:StateAndLocalJurisdictionMember 2022-01-31 0001777946 irnt:YearTwoThousandAndThirtySevenMember 2022-01-31 0001777946 irnt:IndefinitelyCarryForwardMember 2022-01-31 0001777946 irnt:SoftwareSubscriptionAndSupportRevenueFromRelatedPartiesMember srt:MinimumMember 2022-01-31 0001777946 irnt:PublicWarrantsMember 2022-01-31 0001777946 us-gaap:RestrictedStockUnitsRSUMember 2022-01-31 0001777946 us-gaap:CommonStockMember 2022-01-31 0001777946 irnt:TwoThousandFourteenEquityIncentivePlanMember us-gaap:RestrictedStockUnitsRSUMember 2022-01-31 0001777946 us-gaap:EmployeeStockOptionMember 2022-01-31 0001777946 irnt:ServiceConditionMember 2022-01-31 0001777946 irnt:PerformanceConditionMember 2022-01-31 0001777946 irnt:ServiceAndPerformanceConditionMember 2022-01-31 0001777946 us-gaap:StockOptionMember 2022-01-31 0001777946 irnt:TwoThousandTwentyOneEquityIncentivePlanMember us-gaap:CommonStockMember 2022-01-31 0001777946 us-gaap:CommonStockMember irnt:PublicWarrantsMember 2022-01-31 0001777946 irnt:SoftwareSubscriptionAndSupportRevenueMember 2021-02-01 2022-01-31 0001777946 irnt:ProfessionalServicesRevenueMember 2021-02-01 2022-01-31 0001777946 irnt:SubscriptionRevenueMember 2021-02-01 2022-01-31 0001777946 irnt:SixCustomersMember 2021-02-01 2022-01-31 0001777946 us-gaap:ComputerEquipmentMember srt:MinimumMember 2021-02-01 2022-01-31 0001777946 us-gaap:ComputerEquipmentMember srt:MaximumMember 2021-02-01 2022-01-31 0001777946 us-gaap:FurnitureAndFixturesMember 2021-02-01 2022-01-31 0001777946 us-gaap:SoftwareDevelopmentMember 2021-02-01 2022-01-31 0001777946 irnt:CustomerBMember us-gaap:CustomerConcentrationRiskMember us-gaap:SalesRevenueNetMember 2021-02-01 2022-01-31 0001777946 irnt:CustomerCMember us-gaap:CustomerConcentrationRiskMember us-gaap:SalesRevenueNetMember 2021-02-01 2022-01-31 0001777946 irnt:TotalCustomerMember us-gaap:CustomerConcentrationRiskMember us-gaap:SalesRevenueNetMember 2021-02-01 2022-01-31 0001777946 us-gaap:CustomerConcentrationRiskMember us-gaap:SalesRevenueNetMember srt:MaximumMember 2021-02-01 2022-01-31 0001777946 us-gaap:PrivatePlacementMember 2021-02-01 2022-01-31 0001777946 irnt:PublicWarrantsMember 2021-02-01 2022-01-31 0001777946 irnt:PrivateWarrantsMember 2021-02-01 2022-01-31 0001777946 us-gaap:RestrictedStockUnitsRSUMember 2021-02-01 2022-01-31 0001777946 us-gaap:EmployeeStockOptionMember 2021-02-01 2022-01-31 0001777946 us-gaap:NonUsMember 2021-02-01 2022-01-31 0001777946 country:US 2021-02-01 2022-01-31 0001777946 us-gaap:LeaseholdImprovementsMember 2021-02-01 2022-01-31 0001777946 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember irnt:TwoCustomersMember 2021-02-01 2022-01-31 0001777946 srt:MinimumMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2021-02-01 2022-01-31 0001777946 irnt:SixCustomersMember us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember 2021-02-01 2022-01-31 0001777946 us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember irnt:TwoCustomersMember 2021-02-01 2022-01-31 0001777946 us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember irnt:OneCustomerMember 2021-02-01 2022-01-31 0001777946 irnt:PaybackProtectionProgramLoanMember irnt:CaresActMember 2021-02-01 2022-01-31 0001777946 irnt:IncomeTaxValuationAllowanceMember 2021-02-01 2022-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember 2021-02-01 2022-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember irnt:PublicWarrantsMember 2021-02-01 2022-01-31 0001777946 irnt:PublicWarrantsMember 2021-02-01 2022-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember irnt:PrivateWarrantsMember 2021-02-01 2022-01-31 0001777946 irnt:PrivateWarrantsMember 2021-02-01 2022-01-31 0001777946 irnt:LglFoundersSharesMember 2021-02-01 2022-01-31 0001777946 irnt:StockIncentivePlanMember 2021-02-01 2022-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember 2021-02-01 2022-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember irnt:PublicWarrantsMember 2021-02-01 2022-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember irnt:PrivateWarrantsMember 2021-02-01 2022-01-31 0001777946 us-gaap:CommonStockMember 2021-02-01 2022-01-31 0001777946 us-gaap:EmployeeStockOptionMember 2021-02-01 2022-01-31 0001777946 us-gaap:RestrictedStockUnitsRSUMember 2021-02-01 2022-01-31 0001777946 irnt:GradedVestingScheduleMember 2021-02-01 2022-01-31 0001777946 irnt:StraightLineVestingScheduleMember 2021-02-01 2022-01-31 0001777946 irnt:SoftwareSubscriptionAndSupportRevenueFromRelatedPartiesMember 2021-02-01 2022-01-31 0001777946 irnt:SubscriptionNotesReceivableMember 2021-02-01 2022-01-31 0001777946 srt:MaximumMember 2021-02-01 2022-01-31 0001777946 srt:MinimumMember 2021-02-01 2022-01-31 0001777946 us-gaap:RestrictedStockUnitsRSUMember irnt:TwoThousandFourteenEquityIncentivePlanMember 2021-02-01 2022-01-31 0001777946 irnt:IronnetCybersecurityIncMember irnt:BusinessCombinationAgreementMember 2021-02-01 2022-01-31 0001777946 irnt:PrivateWarrantsMember 2021-02-01 2022-01-31 0001777946 us-gaap:RetainedEarningsMember 2021-02-01 2022-01-31 0001777946 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2021-02-01 2022-01-31 0001777946 irnt:PublicWarrantsMember 2021-02-01 2022-01-31 0001777946 irnt:SoftwareSubscriptionAndSupportRevenueMember 2020-02-01 2021-01-31 0001777946 irnt:ProfessionalServicesRevenueMember 2020-02-01 2021-01-31 0001777946 irnt:SubscriptionRevenueMember 2020-02-01 2021-01-31 0001777946 irnt:SixCustomersMember 2020-02-01 2021-01-31 0001777946 us-gaap:SalesRevenueNetMember us-gaap:CustomerConcentrationRiskMember irnt:CustomerAMember 2020-02-01 2021-01-31 0001777946 irnt:TotalCustomerMember us-gaap:CustomerConcentrationRiskMember us-gaap:SalesRevenueNetMember 2020-02-01 2021-01-31 0001777946 irnt:PublicWarrantsMember 2020-02-01 2021-01-31 0001777946 irnt:PrivateWarrantsMember 2020-02-01 2021-01-31 0001777946 us-gaap:RestrictedStockUnitsRSUMember 2020-02-01 2021-01-31 0001777946 us-gaap:EmployeeStockOptionMember 2020-02-01 2021-01-31 0001777946 us-gaap:NonUsMember 2020-02-01 2021-01-31 0001777946 country:US 2020-02-01 2021-01-31 0001777946 us-gaap:AccountsReceivableMember us-gaap:CustomerConcentrationRiskMember irnt:ThreeCustomersMember 2020-02-01 2021-01-31 0001777946 irnt:SixCustomersMember us-gaap:CustomerConcentrationRiskMember us-gaap:SalesRevenueNetMember 2020-02-01 2021-01-31 0001777946 irnt:IncomeTaxValuationAllowanceMember 2020-02-01 2021-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember 2020-02-01 2021-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember 2020-02-01 2021-01-31 0001777946 us-gaap:EmployeeStockOptionMember 2020-02-01 2021-01-31 0001777946 us-gaap:RestrictedStockUnitsRSUMember 2020-02-01 2021-01-31 0001777946 irnt:SubscriptionNotesReceivableMember 2020-02-01 2021-01-31 0001777946 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2020-02-01 2021-01-31 0001777946 us-gaap:RetainedEarningsMember 2020-02-01 2021-01-31 0001777946 irnt:PaybackProtectionProgramLoanMember irnt:CaresActMember 2020-04-21 0001777946 irnt:PaybackProtectionProgramLoanMember irnt:CaresActMember 2020-04-21 0001777946 irnt:TwoThousandFourteenEquityIncentivePlanMember 2021-08-26 2021-08-26 0001777946 irnt:PipeSharesMember 2021-08-26 2021-08-26 0001777946 irnt:IronNetCybersecurityIncMember irnt:BusinessCombinationAgreementMember 2021-08-26 2021-08-26 0001777946 us-gaap:AdditionalPaidInCapitalMember 2021-08-26 2021-08-26 0001777946 irnt:PrivateWarrantsMember 2021-08-26 0001777946 irnt:PublicWarrantsMember 2021-08-26 0001777946 srt:MaximumMember irnt:StockIncentivePlanMember us-gaap:CommonClassAMember 2021-08-26 0001777946 irnt:IronNetCybersecurityIncMember irnt:BusinessCombinationAgreementMember irnt:SharePriceEqualsOrExceedsDollarsThirteenMember 2021-08-26 0001777946 irnt:PipeSharesMember 2021-08-26 0001777946 us-gaap:SubsequentEventMember irnt:TwoThousandTwentyOneEquityIncentivePlanMember 2022-02-02 0001777946 us-gaap:SubsequentEventMember irnt:TwoThousandTwentyOneEquityIncentivePlanMember 2022-03-09 0001777946 irnt:TwoThousandTwentyOneEquityIncentivePlanMember us-gaap:SubsequentEventMember 2022-03-15 0001777946 us-gaap:SubsequentEventMember irnt:TwoThousandTwentyOneEquityIncentivePlanMember 2022-04-21 0001777946 us-gaap:CommonClassAMember irnt:PrivateWarrantsMember 2021-10-31 0001777946 irnt:PublicWarrantsMember 2021-10-31 0001777946 irnt:PrivateWarrantsMember 2021-10-31 0001777946 us-gaap:CommonClassAMember irnt:PrivateWarrantsMember 2021-09-30 0001777946 irnt:PrivateWarrantsMember 2021-09-30 0001777946 us-gaap:SubsequentEventMember irnt:TwoThousandTwentyOneEquityIncentivePlanMember 2022-02-01 2022-02-01 0001777946 us-gaap:SubsequentEventMember irnt:TwoThousandTwentyOneEmployeeStockPurchasePlanMember 2022-02-01 2022-02-01 0001777946 us-gaap:SubsequentEventMember irnt:TwoThousandTwentyOneEmployeeStockPurchasePlanMember 2022-02-01 0001777946 irnt:TwoThousandTwentyOneEquityIncentivePlanMember us-gaap:SubsequentEventMember 2022-02-01 0001777946 us-gaap:SubsequentEventMember irnt:TumimStoneCapitalLlcMember 2022-02-11 2022-02-11 0001777946 irnt:TumimStoneCapitalLlcMember irnt:CommonStockPurchaseAgreementMember us-gaap:SubsequentEventMember 2022-02-11 2022-02-11 0001777946 irnt:TumimStoneCapitalLlcMember us-gaap:SubsequentEventMember 2022-03-07 2022-03-07 0001777946 us-gaap:SubsequentEventMember 2022-03-07 2022-03-07 0001777946 irnt:PublicWarrantsMember 2019-11-12 2019-11-12 0001777946 us-gaap:OverAllotmentOptionMember irnt:PublicWarrantsMember 2019-11-12 2019-11-12 0001777946 us-gaap:CommonClassAMember 2019-11-12 0001777946 irnt:PublicWarrantsMember 2019-11-12 0001777946 irnt:PublicWarrantsMember 2021-10-01 2021-10-31 0001777946 irnt:EarnoutSharesMember 2021-09-10 2021-09-10 0001777946 irnt:EarnoutSharesMember 2021-09-10 0001777946 irnt:PaybackProtectionProgramLoanMember irnt:CaresActMember 2020-04-21 2020-04-21 0001777946 irnt:IncomeTaxValuationAllowanceMember 2021-01-31 0001777946 irnt:IncomeTaxValuationAllowanceMember 2022-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember 2022-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember 2022-01-31 0001777946 us-gaap:RetainedEarningsMember 2022-01-31 0001777946 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2022-01-31 0001777946 us-gaap:SeriesAPreferredStockMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 us-gaap:SeriesBPreferredStockMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 irnt:SubscriptionNotesReceivableMember 2020-01-31 0001777946 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2020-01-31 0001777946 us-gaap:RetainedEarningsMember 2020-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember 2020-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember 2020-01-31 0001777946 srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 us-gaap:CommonClassBMember us-gaap:CommonStockMember srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 us-gaap:SeriesBPreferredStockMember srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 us-gaap:SeriesAPreferredStockMember srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 irnt:SubscriptionNotesReceivableMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 us-gaap:AccumulatedOtherComprehensiveIncomeMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 us-gaap:RetainedEarningsMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 us-gaap:CommonClassBMember us-gaap:CommonStockMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 irnt:IncomeTaxValuationAllowanceMember 2020-01-31 0001777946 us-gaap:CommonStockMember srt:RevisionOfPriorPeriodReclassificationAdjustmentMember 2020-01-31 0001777946 us-gaap:CommonStockMember srt:ScenarioPreviouslyReportedMember 2020-01-31 0001777946 srt:ScenarioPreviouslyReportedMember 2021-01-31 0001777946 us-gaap:CommonClassAMember us-gaap:CommonStockMember 2021-01-31 0001777946 us-gaap:AdditionalPaidInCapitalMember 2021-01-31 0001777946 us-gaap:RetainedEarningsMember 2021-01-31 0001777946 us-gaap:AccumulatedOtherComprehensiveIncomeMember 2021-01-31 0001777946 irnt:SubscriptionNotesReceivableMember 2021-01-31 iso4217:USD xbrli:shares utr:Year xbrli:pure utr:Month utr:Day iso4217:USD xbrli:shares irnt:Vote
Table of Contents
As filed with the U.S. Securities and Exchange Commission on May 16, 2022.
Registration No. 333-259731
 
 
 
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
 
 
POST-EFFECTIVE
AMENDMENT NO. 1
TO
FORM S-1
REGISTRATION STATEMENT
UNDER
THE SECURITIES ACT OF 1933
 
 
IronNet, Inc.
(Exact name of registrant as specified in its charter)
 
 
 
Delaware
 
7372
 
83-4599446
(State or other jurisdiction of
incorporation or organization)
 
(Primary Standard Industrial
Classification Code Number)
 
(I.R.S. Employer
Identification No.)
7900 Tysons One Place, Suite 400
McLean, VA
(443)
300-6761
(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)
 
 
Scott Alridge
Chief Legal Officer and Secretary
IronNet, Inc.
7900 Tysons One Place, Suite 400
McLean, VA 22102
(201)
793-1111
(Name, address, including zip code, and telephone number, including area code, of agent for service)
 
 
Copies to:
Brian F. Leaf
Cooley LLP
One Freedom Square
Reston Town Center
11951 Freedom Drive
Reston, VA 20190
(703)
456-8000
 
 
Approximate date of commencement of proposed sale to the public:
From time to time practicable after the effective date of this Registration Statement.
If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, check the following box.  ☒
If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, please check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  ☐
If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  ☐
If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  ☐
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a
non-accelerated
filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in
Rule 12b-2
of the Exchange Act.
 
Large accelerated filer      Accelerated filer  
       
Non-accelerated
filer
     Smaller reporting company  
       
         Emerging growth company  
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 7(a)(2)(B) of the Securities Act.  
 
 
The Registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933 or until the Registration Statement shall become effective on such date as the Commission, acting pursuant to said Section 8(a), may determine.
 
 
 

Table of Contents
EXPLANATORY NOTE
IronNet, Inc., a Delaware corporation, filed a Registration Statement on Form
S-1
on September 23, 2021, which was amended on September 28, 2021 (the
“Pre-Effective
Amendment”), and which was declared effective on September 30, 2021 (as amended and supplemented, the “Registration Statement”). This Post-Effective Amendment No. 1 to Form
S-1
(the “Post-Effective Amendment”) is being filed in order to update certain disclosures in the Registration Statement.
On May 2, 2022, IronNet, Inc. filed its Annual Report on Form
10-K
for fiscal year ended January 31, 2022 (the “Annual Report”). Interested parties should refer to such Annual Report for more information. The form of prospectus included in this Post-Effective Amendment may be used in one or more offerings by one or more selling stockholders identified in the prospectus contained herein with one or more of the underwriters named therein and with different types and amounts of securities offered. No additional securities are being registered under this Post-Effective Amendment. All applicable registration fees were paid at the time of the original filing of the Registration Statement or the
Pre-Effective
Amendment, as applicable.

Table of Contents
PROSPECTUS
Up to 64,020,756 Shares of Common Stock
Up to 13,824,992 Shares of Common Stock Issuable Upon Exercise of Warrants
Up to 5,200,000 Warrants to Purchase Common Stock
 
 
This prospectus relates to the issuance by us of an aggregate of up to 13,824,992 shares of our common stock, $0.0001 par value per share (the “common stock”), which consists of (i) up to 5,200,000 shares of common stock that are issuable upon the exercise of 5,200,000 warrants (the “Private Warrants”) originally issued in a private placement to LGL Systems Acquisition Holding Company, LLC (the “Sponsor”) in connection with the initial public offering of LGL Systems Acquisition Corp. (“LGL”) and (ii) up to 8,624,992 shares of common stock that are issuable upon the exercise of 8,624,992 warrants (the “Public Warrants” and, together with the Private Warrants, the “Warrants”) originally issued in the initial public offering of LGL. We will receive the proceeds from any exercise of any Warrants for cash.
This prospectus also relates to the offer and sale from time to time by the selling securityholders named in this prospectus or their permitted transferees (the “selling securityholders”) of (i) up to 64,020,756 shares of common stock consisting of (a) up to 12,500,000 shares of common stock issued in a private placement pursuant to subscription agreements (the “Subscription Agreements”) entered into on March 15, 2021, (b) up to 2,904,375 shares of common stock issued in a private placement to the Sponsor in connection with the initial public offering of LGL (the “Founder Shares”), (c) up to 5,200,000 shares of common stock issuable upon exercise of the Private Warrants and (d) up to 43,416,381 shares of common stock (including up to 81,412 shares of common stock issuable pursuant to outstanding options, 7,465,923 shares of common stock issuable in connection with the vesting and settlement of restricted stock units, and 560,703 shares of common stock that were issued as Earnout Shares (as defined below) on September 17, 2021) pursuant to that certain Amended and Restated Registration Rights Agreement, dated August 26, 2021, between us and the selling securityholders granting such holders registration rights with respect to such shares and (ii) up to 5,200,000 Private Warrants. We will not receive any proceeds from the sale of shares of common stock or Warrants by the selling securityholders pursuant to this prospectus.
The selling securityholders may offer, sell or distribute all or a portion of the securities hereby registered publicly or through private transactions at prevailing market prices or at negotiated prices. We will not receive any of the proceeds from such sales of the shares of common stock or Warrants, except with respect to amounts received by us upon exercise of the Warrants. We will bear all costs, expenses and fees in connection with the registration of these securities, including with regard to compliance with state securities or “blue sky” laws. The selling securityholders will bear all commissions and discounts, if any, attributable to their sale of shares of common stock or Warrants. See the section titled “
Plan of Distribution
.”
Our common stock and Warrants are listed on the New York Stock Exchange under the symbols “IRNT” and “IRNT.WS”, respectively. On May 13, 2022, the last reported sales price of our common stock was $2.51 per share and the last reported sales price of our Warrants was $0.41 per warrant.
We are an “emerging growth company” as defined under U.S. federal securities laws and, as such, have elected to comply with reduced public company reporting requirements. This prospectus complies with the requirements that apply to an issuer that is an emerging growth company.
 
 
Investing in our securities involves a high degree of risks. You should review carefully the risks and uncertainties described in the section titled “
” beginning on page 8 of this prospectus, and under similar headings in any amendments or supplements to this prospectus.
 
 
Neither the Securities and Exchange Commission nor any state securities commission has approved or disapproved of these securities, or passed upon the accuracy or adequacy of this prospectus. Any representation to the contrary is a criminal offense.
 
 
Prospectus dated             , 2022

Table of Contents
ABOUT THIS PROSPECTUS
This prospectus is part of a registration statement on Form
S-1
that we filed with the Securities and Exchange Commission (the “SEC”) using the “shelf” registration process. Under this shelf registration process, the selling securityholders may, from time to time, sell the securities offered by them described in this prospectus. We will not receive any proceeds from the sale by such selling securityholders of the securities offered by them described in this prospectus. This prospectus also relates to the issuance by us of the shares of common stock issuable upon the exercise of any Warrants. We will not receive any proceeds from the sale of shares of common stock underlying the Warrants pursuant to this prospectus, except with respect to amounts received by us upon the exercise of the Warrants for cash.
Neither we nor the selling securityholders have authorized anyone to provide you with any information or to make any representations other than those contained in this prospectus or any applicable prospectus supplement or any free writing prospectuses prepared by or on behalf of us or to which we have referred you. Neither we nor the selling securityholders take responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. Neither we nor the selling securityholders will make an offer to sell these securities in any jurisdiction where the offer or sale is not permitted.
We may also provide a prospectus supplement or post-effective amendment to the registration statement to add information to, or update or change information contained in, this prospectus. You should read both this prospectus and any applicable prospectus supplement or post-effective amendment to the registration statement together with the additional information to which we refer you in the sections of this prospectus titled
“Where You Can Find More Information.”
On August 26, 2021, Legacy IronNet, LGL and Merger Sub (as such terms are defined below), consummated the closing of the transactions contemplated by the Business Combination Agreement (as defined below). Pursuant to the terms of the Business Combination Agreement, a business combination of Legacy IronNet and LGL was effected by the merger of Merger Sub with and into Legacy IronNet, with Legacy IronNet surviving the Business Combination (as defined below) as a wholly-owned subsidiary of LGL. Following the consummation of the Business Combination on the Closing Date (as defined below), LGL changed its name from LGL Systems Acquisition Corp. to IronNet, Inc.
Unless the context indicates otherwise, references in this prospectus to the “IronNet,” “we,” “us,” “our,” the “Company” and similar terms refer to IronNet, Inc. (f/k/a LGL Systems Acquisition Corp.) and its consolidated subsidiaries (including Legacy IronNet). References to “LGL” refer to the predecessor company prior to the consummation of the Business Combination.
 
i

Table of Contents
SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This prospectus contains “forward-looking statements” that involve substantial risks and uncertainties. The forward-looking statements are contained principally in the sections titled “
Prospectus Summary
” “
Risk Factors
,” “
Management’s Discussion and Analysis of Financial Condition and Results of Operations
,” “
Business
” and elsewhere in this prospectus. In some cases, you can identify forward-looking statements by terms such as “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “might,” “objective,” “ongoing,” “plan,” “potential,” “predict,” “project,” “should,” “will” and “would,” or the negative of these terms or other similar expressions intended to identify statements about the future. These statements speak only as of the date of this prospectus and involve known and unknown risks, uncertainties and other important factors that may cause our actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by the forward-looking statements. We have based these forward-looking statements largely on our current expectations and projections about future events and financial trends that we believe may affect our business, financial condition and results of operations. These forward-looking statements include, without limitation, statements about:
 
 
 
our ability to recognize the anticipated benefits of the Business Combination, which may be affected by, among other things, competition and the ability of the combined business to grow and manage growth profitably;
 
 
 
our future operating or financial results;
 
 
 
future acquisitions, business strategy and expected capital spending;
 
 
 
changes in our strategy, future operations, financial position, estimated revenues and losses, projected costs, prospects and plans;
 
 
 
the implementation, market acceptance and success of our business model and growth strategy;
 
 
 
our expectations and forecasts with respect to the size and growth of the cybersecurity industry and our products and services in particular;
 
 
 
the ability of our products and services to meet customers’ compliance and regulatory needs;
 
 
 
our ability to compete with others in the cybersecurity industry;
 
 
 
our ability to retain pricing power with our products;
 
 
 
our ability to grow our market share;
 
 
 
our ability to attract and retain qualified employees and management;
 
 
 
our ability to adapt to changes in consumer preferences, perception and spending habits and develop and expand our product offerings and gain market acceptance of our products, including in new geographies;
 
 
 
developments and projections relating to our competitors and industry;
 
 
 
our ability to develop and maintain our brand and reputation;
 
 
 
developments and projections relating to our competitors and industry;
 
 
 
the impact of health epidemics, including the
COVID-19
pandemic, on our business and on the economy in general;
 
 
 
the impact of the
COVID-19
pandemic on customer demands for our products;
 
 
 
our expectations regarding our ability to obtain and maintain intellectual property protection and not infringe on the rights of others;
 
ii

Table of Contents
 
 
expectations regarding the time during which we will be an emerging growth company under the JOBS Act;
 
 
 
our future capital requirements and sources and uses of cash;
 
 
 
our ability to obtain funding for our operations and future growth; and
 
 
 
our business, expansion plans and opportunities.
The foregoing list of risks is not exhaustive. Other sections of this prospectus may include additional factors that could harm our business and financial performance. Moreover, we operate in an evolving environment. New risk factors and uncertainties may emerge from time to time, and it is not possible for management to predict all risk factors and uncertainties. As a result of these factors, we cannot assure you that the forward-looking statements in this prospectus will prove to be accurate. Except as required by applicable law, we do not plan to publicly update or revise any forward-looking statements contained herein, whether as a result of any new information, future events, changed circumstances or otherwise, except as required by law.
Because forward-looking statements are inherently subject to risks and uncertainties, some of which cannot be predicted or quantified and some of which are beyond our control, you should not rely on these forward-looking statements as predictions of future events. Although we believe that we have a reasonable basis for each forward-looking statement contained in this prospectus, the events and circumstances reflected in our forward-looking statements may not be achieved or occur and actual results could differ materially from those projected in the forward-looking statements. You should refer to the ‘‘
Risk Factors
’’ section of this prospectus for a discussion of important factors that may cause our actual results to differ materially from those expressed or implied by our forward-looking statements.
You should read this prospectus and the documents that we reference in this prospectus and have filed as exhibits to the registration statement, of which this prospectus is a part, completely and with the understanding that our actual future results may be materially different from what we expect. We qualify all of our forward-looking statements by these cautionary statements.
In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the date of this prospectus and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and such statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain, and investors are cautioned not to unduly rely upon these statements.
 
iii

Table of Contents
TABLE OF CONTENTS
 
 
  
Page
 
  
 
ii
 
  
 
1
 
  
 
8
 
  
 
45
 
  
 
46
 
  
 
47
 
  
 
48
 
  
 
49
 
  
 
67
 
  
 
100
 
  
 
108
 
  
 
126
 
  
 
132
 
  
 
134
 
  
 
141
 
  
 
147
 
  
 
154
 
  
 
157
 
  
 
157
 
  
 
158
 
  
 
F-i
 
You should rely only on the information contained in this prospectus, any supplement to this prospectus or in any free writing prospectus, filed with the SEC. Neither we nor the selling securityholders have authorized anyone to provide you with additional information or information different from that contained in this prospectus filed with the SEC. We take no responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. The selling securityholders are offering to sell, and seeking offers to buy, our securities only in jurisdictions where offers and sales are permitted. The information contained in this prospectus is accurate only as of the date of this prospectus, regardless of the time of delivery of this prospectus or any sale of our securities. Our business, financial condition, results of operations and prospects may have changed since that date.
For investors outside of the United States: Neither we nor the selling securityholders, have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. Persons outside the United States who come into possession of this prospectus must inform themselves about, and observe any restrictions relating to, the offering of our securities and the distribution of this prospectus outside the United States.
 
iv

Table of Contents
FREQUENTLY USED TERMS
Business Combination
” means the transactions contemplated by the Business Combination Agreement.
Business Combination Agreement
” means the Agreement and Plan of Reorganization and Merger, dated as of March 15, 2021, by and among LGL, Merger Sub and IronNet, as amended by Amendment No. 1 to Agreement and Plan of Reorganization and Merger dated as of August 6, 2021, and as the same may from time to time be further amended, restated, supplemented or otherwise modified
Closing
” means the consummation of the Business Combination.
Closing Date
” means August 26, 2021, the date on which the Closing occurred.
common stock
” means the company’s common stock, $0.0001 par value per share.
company”
or any references to “IronNet,” “we,” “our,” or “us” means the registrant, IronNet, Inc., a Delaware corporation, immediately after the Closing, unless context requires otherwise.
DGCL
” means the Delaware General Corporation Law, as amended.
Earnout Shares
” means 1,078,125 shares of common stock of the Company issued to eligible former equityholders of Legacy IronNet in accordance with the earnout provision of the Business Combination Agreement in September 2021.
Exchange Ratio
” means 0.8141070 of a share of Company common stock per fully-diluted share of Legacy IronNet common stock.
Founder Shares
” means the 4,312,500 shares of common stock of LGL that were issued prior to the LGL IPO.
Legacy IronNet
” means formerly, IronNet Cybersecurity, Inc. a Delaware corporation, doing business as IronNet, Inc., and, unless the context requires otherwise, its consolidated subsidiaries.
LGL
” means LGL Systems Acquisition Corp. (which was renamed IronNet, Inc. in connection with the Business Combination).
LGL IPO
” means LGL’s initial public offering of units, consummated on November 12, 2019.
Merger Sub
” means LGL Systems Merger Sub Inc., a Delaware corporation and wholly-owned subsidiary of LGL.
NYSE
” means the New York Stock Exchange.
Private Placement
” or “
PIPE
” means that certain private placement in the aggregate of $125 million, consummated immediately prior to the consummation of the Business Combination, pursuant to those certain Subscription Agreements with LGL, pursuant to which subscribers purchased an aggregate of 12,500,000 shares of our common stock at a purchase price of $10.00 per share.
PIPE Shares
” means an aggregate of 12,500,000 shares of common stock issued to the subscribers in the PIPE.
Private Warrants
” means the 5,200,000 warrants to purchase shares of common stock at an exercise price of $11.50 per share (subject to adjustment) issued to the Sponsor in a private placement simultaneously with the LGL IPO.
Public Warrants
” means the warrants exercisable for our common stock at an exercise price of $11.50 per share (subject to adjustment) included in the units issued in the LGL IPO.
 
v

Table of Contents
Registration Rights Agreement”
means the amended and restated registration rights agreement, dated August 26, 2021, between and among LGL and certain securityholders who are parties thereto.
SEC
” means the Securities and Exchange Commission.
Sponsor
” means LGL Systems Acquisition Holding Company, LLC, a Delaware limited liability company.
Sponsor Shares
” means of the amounts subscribed for in the PIPE, the 566,000 shares of common stock that the Sponsor purchased for $5,660,000.
Subscription Agreements
” means, collectively, the subscription agreements, dated March 15, 2021, by and between LGL and the Subscription Investors.
Subscription Investors
” means the accredited investors or qualified institutional buyers with whom LGL entered into the Subscription Agreements.
Warrants
” means the Private Warrants and the Public Warrants, together.
 
vi

Table of Contents

PROSPECTUS SUMMARY
This summary highlights information contained elsewhere in this prospectus and does not contain all of the information that you should consider in making your investment decision. Before investing in our securities, you should carefully read this entire prospectus, including our consolidated financial statements and the related notes thereto and the information set forth in the sections titled “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Unless the context otherwise requires, we use the terms “IronNet,” “company,” “we,” “us” and “our” in this prospectus to refer to IronNet, Inc. and our wholly owned subsidiaries following the Business Combination.
Overview
We are a global cybersecurity company revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former National Security Agency cybersecurity operators with offensive and defensive cyber experience, we integrate deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today.
We were founded by GEN Keith Alexander in 2014 to solve the major cybersecurity problem he witnessed and defined during his tenure as former head of the NSA and founding Commander of U.S. Cyber Command: You can’t defend against threats you can’t see. Our innovative approach provides the ability for groups of organizations—within an industry sector, supply chain, state or country, for example—to see, detect and defend against sophisticated cyber attacks earlier and faster than ever before.
We have defined a new market category called Collective Defense. As the first mover in this category, we have developed our Collective Defense platform, the first, and to our knowledge, the only solution that can identify anomalous (potentially suspicious or malicious) behaviors on computer networks and share this intelligence anonymously and in real time among Collective Defense community members. Collective Defense communities comprise groups of organizations that have common risks, such as a supply chain, a business ecosystem, or across an industry sector, a state, or a country. This cybersecurity model delivers timely, actionable, and contextual alerts and threat intelligence on attacks targeting enterprise networks, and functions as an early-warning detection system for all community members.
This new platform addresses a large and unwavering compound problem: limited threat visibility for increasingly borderless enterprises across sectors and at the national level, paired with ineffective threat knowledge sharing across companies and sectors and a “go it alone” approach to cybersecurity. These operational gaps, combined with market dynamics like the increased velocity of sophisticated cyber attacks and the deepening scarcity of qualified human capital, have set our mission to transform how cybersecurity is waged.
Background
On August 26, 2021, Legacy IronNet, LGL and Merger Sub consummated the closing of the transactions contemplated by the Business Combination Agreement. Pursuant to the terms of the Business Combination Agreement, a business combination of Legacy IronNet and LGL was effected by the merger of Merger Sub with and into Legacy IronNet, with Legacy IronNet surviving the Business Combination as a wholly-owned subsidiary of LGL. Following the consummation of the Business Combination on the Closing Date, LGL changed its name from LGL Systems Acquisition Corp. to IronNet, Inc.
Pursuant to the Business Combination Agreement, at the effective time of the Business Combination:
(i) each outstanding share of Legacy IronNet common stock and Legacy IronNet preferred stock (with each share of Legacy IronNet preferred stock being treated as if it were converted into ten (10) shares of Legacy
 
1

Table of Contents
IronNet common stock on the effective date of the Business Combination) was converted into the right to receive (a) a number of shares of Company common stock equal to the Exchange Ratio (as defined below) and (b) a cash amount payable in respect of fractional shares of Company common stock that would otherwise be issued in connection with the foregoing conversion, if applicable; and
(ii) each Legacy IronNet option, Legacy IronNet restricted stock unit, Legacy IronNet restricted stock award that was outstanding immediately prior to the closing of the Business Combination (and by its terms did not terminate upon the closing of the Business Combination) remains outstanding and (x) in the case of options, represents the right to purchase a number of shares of Company common stock equal to the number of shares of Legacy IronNet common stock subject to such option multiplied by the Exchange Ratio used for Legacy IronNet common stock (rounded down to the nearest whole share) at an exercise price per share equal to the current exercise price per share for such option divided by the Exchange Ratio (rounded up to the nearest whole cent) and (y) in the case of restricted stock units and restricted stock awards, represent a number of shares of Company common stock equal to the number of shares of Legacy IronNet common stock subject to such restricted stock unit or restricted stock award multiplied by the Exchange Ratio (rounded down to the nearest whole share).
Upon consummation of the Business Combination, Legacy IronNet stockholders and eligible holders of options, restricted stock unit awards and restricted stock awards (as applicable, only to the extent time vested as of the closing of the Business Combination) were eligible to receive additional merger consideration in the form of a pro rata portion of the Earnout Shares if the volume weighted average closing share price for the Company’s common stock equaled or exceeded $13.00 for ten (10) consecutive days during
the two-year period
following the closing of the Business Combination (the “Triggering Event”). On September 10, 2021, the Triggering Event was satisfied and the eligible Legacy IronNet equityholders as of the closing of the Business Combination became eligible to be issued their pro rata portion of the Earnout Shares.
On the Closing Date, Subscription Investors purchased from the Company the PIPE Shares, for a purchase price of $10.00 per share and an aggregate purchase price of $125.0 million, pursuant to the Subscription Agreements. Pursuant to the Subscription Agreements, the Company granted certain registration rights to the Subscription Investors with respect to the PIPE Shares. The sale of the PIPE Shares was consummated concurrently with the closing of the Business Combination.
As of the Closing Date and following the completion of the Business Combination, we had the following outstanding securities: 84,423,567 shares of common stock (which figure excludes Earnout Shares); 13,784,096 Warrants; options representing the right to acquire an aggregate of 1,475,320 shares of our common stock; and restricted stock units representing the right to acquire an aggregate of 17,496,229 shares of our common stock (the liquidity event performance vesting condition of which RSUs was deemed satisfied by our Board of Directors upon consummation of the Business Combination). Our common stock and Public Warrants are currently listed on NYSE under the symbols “IRNT” and “IRNT.WS”, respectively.
The rights of holders of our common stock and Warrants are governed by our current amended and restated certificate of incorporation, our current amended and restated bylaws and the DGCL, and, in the case of the warrants, the warrant agreement between LGL and Continental Stock Transfer & Trust Company, entered into in connection with the LGL IPO (the “Warrant Agreement”). See the sections titled “
Description of Capital Stock
” and “
Certain Relationships and Related Party Transactions
.”
Implications of Being an Emerging Growth Company and Smaller Reporting Company
We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act of 2012 (“JOBS Act”). As an emerging growth company, we are exempt from certain requirements related to executive compensation, including the requirements to hold a nonbinding advisory vote on executive compensation and
 
2

Table of Contents
to provide information relating to the ratio of total compensation of our President and Chief Executive Officer to the median of the annual total compensation of all of our employees, each as required by the Investor Protection and Securities Reform Act of 2010, which is part of the Dodd-Frank Act.
Section 102(b)(1) of the JOBS Act exempts emerging growth companies from being required to comply with new or revised financial accounting standards until private companies are required to comply with the new or revised financial accounting standards. The JOBS Act provides that a company can choose not to take advantage of the extended transition period and comply with the requirements that apply to non-emerging growth companies, and any such election to not take advantage of the extended transition period is irrevocable. During the extended transition period, it may be difficult or impossible to compare our financial results with the financial results of another public company that complies with public company effective dates for accounting standard updates because of the potential differences in accounting standards used.
We will remain an emerging growth company under the JOBS Act until the earliest of (1) January 31, 2025 (the last day of the fiscal year following the fifth anniversary of the consummation of the Initial Public Offering), (2) the last day of the fiscal year in which we have total annual gross revenue of at least $1.07 billion, (3) the last day of the fiscal year in which we are deemed to be a “large accelerated filer,” as defined in Rule 12b-2 under the Securities Exchange Act of 1934, as amended (“Exchange Act”), and (4) the date on which we have, during the previous three year period, issued more than $1.0 billion in nonconvertible debt.
We are also a “smaller reporting company” as defined by Rule 12b-2 of the Exchange Act. We may continue to be a smaller reporting company even after we are no longer an emerging growth company. We may take advantage of certain of the scaled disclosures available to smaller reporting companies and will be able to take advantage of these scaled disclosures for so long as the market value of our common stock held by non-affiliates is less than $250.0 million measured on the last business day of our second fiscal quarter, or our annual revenue is less than $100.0 million during the most recently completed fiscal year and the market value of our common stock held by non-affiliates is less than $700.0 million measured on the last business day of our second fiscal quarter. If we are a smaller reporting company at the point when we cease to be an emerging growth company, we may continue to rely on exemptions from certain disclosure requirements that are available to smaller reporting companies. Specifically, as a smaller reporting company we may choose to present only the two most recent fiscal years of audited financial statements in our Annual Report on Form 10-K and, similar to emerging growth companies, smaller reporting companies have reduced disclosure obligations regarding executive compensation.
Summary of Risk Factors
Below is a summary of material factors that make an investment in our securities speculative or risky. Importantly, this summary does not address all of the risks and uncertainties that we face. Additional discussion of the risks and uncertainties summarized in this risk factor summary, as well as other risks and uncertainties that we face, can be found under the section titled “
Risk Factors
” in this prospectus. The below summary is qualified in its entirety by that more complete discussion of such risks and uncertainties. You should consider carefully the risks and uncertainties described under the section titled “
Risk Factors
” as part of your evaluation of an investment in our securities:
 
   
We have experienced rapid growth in recent periods, and if we do not manage our future growth, our business and results of operations will be adversely affected.
 
   
We have a history of losses and we may not be able to achieve or sustain profitability in the future.
 
   
If organizations do not adopt cloud-enabled, and/or software as a service (“SaaS”)-delivered cybersecurity solutions that may be based on new and untested security concepts, our ability to grow our business and results of operations may be adversely affected.
 
3

Table of Contents
   
Competition from existing or new companies could cause us to experience downward pressure on prices, fewer customer orders, reduced margins, the inability to take advantage of new business opportunities and loss of market share.
 
   
If our solutions fail or are perceived to fail to detect or prevent incidents or have or are perceived to have defects, errors, or vulnerabilities, our brand and reputation would be harmed, which would adversely affect our business and results of operations.
 
   
We rely on third-party data centers and our own colocation data centers to host and operate our platform, and any disruption of or interference with its use of these facilities may negatively affect our ability to maintain the performance and reliability of our platform, which could cause our business to suffer.
 
   
Our future success will be substantially dependent on our ability to attract, retain, and motivate the members of our management team and other key employees throughout our organization, and the loss of one or more key employees or an inability to attract and retain highly skilled employees could harm our business.
 
   
If we are unable to maintain successful relationships with our distribution partners, or if our distribution partners fail to perform, our ability to market, sell and distribute our platform and solutions efficiently will be limited, and our business, financial position and results of operations will be harmed.
 
   
Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and results of operations.
 
   
The success of our business will depend in part on our ability to protect and enforce our intellectual property rights.
 
   
We are subject to laws and regulations, including governmental export and import controls, sanctions, and anti-corruption laws, that could impair our ability to compete in our markets and subject us to liability if we are not in full compliance with applicable laws.
 
   
Our management identified material weaknesses in our internal control over financial reporting, which resulted in a restatement of our unaudited condensed consolidated financial statements as of and for the period ended October 31, 2021. In the future, we may identify additional material weaknesses or otherwise fail to maintain effective internal control over financial reporting, which may result in material misstatements of our financial statements or cause us to fail to meet our periodic reporting obligations.
Corporate Information
Our principal executive offices are located at 7900 Tysons One Place, Suite 400, McLean, Virginia, 22102, and our telephone number is (443)
300-6761.
Our corporate website address is www.ironnet.com. Information contained on or accessible through our website is not a part of this prospectus, and the inclusion of our website address in this prospectus is an inactive textual reference only.
“IronNet” and our other registered and common law trade names, trademarks and service marks are property of IronNet, Inc. This prospectus contains additional trade names, trademarks and service marks of others, which are the property of their respective owners. Solely for convenience, trademarks and trade names referred to in this prospectus may appear without the
®
or
symbols.
Disclosure Channels
Our investors and others should note that we intend to announce material financial and other information to our investors using our investor relations website (
https://ir.ironnet.com
), blog, SEC filings, press releases, public
 
4

Table of Contents
conference calls and webcasts. In addition to these channels, we will continue to use social media to communicate with our customers and the public about our products and services, our markets and other topics. Given the SEC guidance regarding the use of social media channels to announce material information to investors, we are notifying investors, the media and others interested in us that in the future we might choose to communicate material information via social media channels and it is possible that the information we post on social media could be deemed to be material information. Therefore, in light of the SEC’s guidance, we encourage investors, the media and others interested in us to review the information we post from time to time on social media channels.
 
5

Table of Contents
The Offering
Issuance of common stock
 
Shares of common stock offered by us
13,824,992 shares of common stock, consisting of (i) 5,200,000 shares of common stock that are issuable upon exercise of the Private Warrants and (ii) 8,596,273 shares of common stock that are issuable upon exercise upon the exercise of the Public Warrants.
 
Shares of common stock outstanding prior to the exercise of all Warrants
100,426,374 (as of April 30, 2022)
 
Shares of common stock outstanding assuming
exercise of all Warrants
148,929,699 (based on the total shares outstanding as of April 30, 2022)
 
Exercise price of warrants
$11.50 per share, subject to adjustment as described herein
 
Use of proceeds
We will receive up to an aggregate of approximately $159.0 million from the exercise of the Warrants if they are exercised for cash. To the extent that Warrants are net exercised in accordance with their terms, we will not receive any net proceeds. We expect to use the net proceeds from the exercise of the Warrants, if any, for general corporate purposes. We will not receive any proceeds from the sale of shares of common stock that are issuable upon the exercise of the Private Warrants or the Public Warrants. See “
Use of Proceeds.
Resale of common stock and Warrants
 
Shares of common stock offered by the selling securityholders
We are registering the resale by the selling securityholders named in this prospectus, or their permitted transferees, an aggregate of 64,020,756 shares of common stock, consisting of:
 
   
up to 12,500,000 PIPE Shares;
 
   
up to 2,904,375 Founder Shares;
 
   
up to 5,200,000 shares of common stock issuable upon the exercise of the Private Warrants; and
 
   
up to 43,416,381 shares of common stock pursuant to the Registration Rights Agreement (including up to 81,412 shares of common stock issuable pursuant to outstanding options, 7,465,923 shares of common stock issuable in connection with the vesting and settlement of restricted stock units, and 560,703 shares of common stock that were issued as Earnout Shares on September 17, 2021).
 
Warrants offered by selling securityholders
Up to 5,200,000 Private Warrants
 
Redemption
The Public Warrants are redeemable in certain circumstances. See “
Description of Our Securities – Warrants.
 
6

Table of Contents
Lock-Up
Agreements
Certain of our securityholders are subject to certain restrictions on transfer until the termination of applicable
lock-up
periods. See the section titled “
Certain Relationships and Related Party Transactions—IronNet Related
Agreements — Lock-Up
Agreements.
 
Terms of the offering
The selling securityholders will determine when and how they will dispose of the securities registered for resale under this prospectus.
 
Use of proceeds
We will not receive any proceeds from the sale of shares of common stock or Warrants by the selling securityholders.
 
Risk factors
Before investing in our securities, you should carefully read and consider the information set forth in “Risk Factors” beginning on page 8.
 
NYSE ticker symbols
“IRNT” and “IRNT.WS”
For additional information concerning the offering, see “
Plan of Distribution
” beginning on page 161.
 
7

Table of Contents
RISK FACTORS
Investing in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below together with all of the other information contained in this prospectus, including our financial statements and related notes appearing at the end of this prospectus and in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” before deciding to invest in our common stock. If any of the events or developments described below were to occur, our business, prospects, operating results and financial condition could suffer materially, the trading price of our common stock could decline, and you could lose all or part of your investment. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business.
Risks Related to Our Business and Industry
We have experienced rapid growth in recent periods, and if we do not manage our future growth, our business and results of operations will be adversely affected.
We have experienced rapid revenue growth in recent periods we expect to continue to invest broadly across our organization to support our growth. For example, our headcount grew from 246 full-time employees as of January 31, 2021 to 316 full-time employees as of January 31, 2022. Although we have experienced rapid growth historically, we may not be able sustain our current growth rates, nor can we assure you that our investments to support our growth will be successful. The growth and expansion of our business will require us to invest significant financial and operational resources and the continuous dedication of our management team. We have encountered and will continue to encounter, risks and difficulties frequently experienced by rapidly growing companies in evolving industries, including market acceptance of our products, adding new customers, intense competition, and our ability to manage our costs and operating expenses. Our future success will depend in part on our ability to manage our growth effectively, which will require us to, among other things:
 
   
effectively attract, integrate and retain a large number of new employees, particularly members of our sales and marketing, data science, and research and development teams;
 
   
further improve our platform and products, including our cloud modules and security capabilities, analytics, collective defense capabilities, and visualizations, and IT infrastructure, including expanding and optimizing our data centers, collection, and analytic capabilities, to support our business needs;
 
   
enhance our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of customers and partners; and
 
   
improve our financial, management, and compliance systems and controls.
If we fail to achieve these objectives effectively, our ability to manage our expected growth, ensure uninterrupted operation of our platform and key business systems, and comply with the rules and regulations applicable to our business could be impaired. Additionally, the quality of our platform and services could suffer and we may not be able to adequately address competitive challenges. Any of the foregoing could adversely affect our business, results of operations, and financial condition.
We have a history of losses and may not be able to achieve or sustain profitability in the future.
We have incurred net losses in all periods since our inception. We experienced net losses of $242.6 million and $55.4 million for fiscal 2022 and fiscal 2021, respectively. As of January 31, 2022, we had an accumulated deficit of $417.7 million. While we have experienced significant growth in revenue in recent periods, we cannot predict when or whether we will reach or maintain profitability. We also expect our operating expenses to increase over our historical expenses in the future as we continue to invest for future growth, which will
 
8

Table of Contents
negatively affect our results of operations if our total revenue does not increase. We cannot assure you that these investments will result in substantial increases in our total revenue or improvements in our results of operations. In addition to the anticipated costs to grow our business, we also expect to incur significant additional legal, accounting, and other expenses as a newly public operating company. Any failure to increase our revenue as we invest in our business or to manage our costs could prevent us from achieving or maintaining profitability or positive cash flow.
Our limited operating history makes it difficult to evaluate our current business and our future prospects and may increase the risk of your investment.
We were founded in 2014 and we launched our first cybersecurity network detection and response product in 2016, IronDefense, and our first collective defense product in 2018, IronDome. Our limited operating history makes it difficult to evaluate our current business, our future prospects, and other trends, including our ability to plan for and model future growth. We have encountered, and we will continue to encounter, risks, uncertainties, and difficulties frequently experienced by rapidly growing companies in evolving industries, including our ability to achieve broad market acceptance of cloud-enabled, and/or SaaS delivered cybersecurity solutions and our platform, attract additional customers, grow partnerships, compete effectively, build and maintain effective compliance programs, and manage increasing expenses as we continue to invest in our business. If we do not address these risks, uncertainties and difficulties successfully, our business, and results of operations will be harmed. Further, we have limited historical financial data and operate in a rapidly evolving market. As a result, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market.
The COVID-19 pandemic could adversely affect our business, operating results and future revenue.
The ongoing COVID-19 pandemic has and may continue to impact worldwide economic activity and financial markets. Some of the precautionary measures taken at the outset of the pandemic, many of which we have now made largely permanent and sustainable, and associated economic issues, both in the United States and across the globe, could negatively affect our cybersecurity efforts, significantly delay and lengthen our sales cycles, impact our sales and marketing efforts, reduce employee efficiency and productivity, slow our international expansion efforts, increase cybersecurity risks, and create operational or other challenges, any of which could harm our business and results of operations. Moreover, due to our subscription-based business model, the effect of the
COVID-19
pandemic may not be fully reflected in our results of operations until future periods, if at all.
In addition, the
COVID-19
pandemic, and variants thereof, may disrupt the operations of our prospective clients, customers, and partners for an indefinite period of time. Some of our customers have been negatively impacted by the
COVID-19
pandemic, which could result in delays in accounts receivable collection, or result in decreased technology spending, including spending on cybersecurity, which could negatively affect our revenues. Some of our prospective clients have also been negatively impacted by the
COVID-19
pandemic, which could result in delays in sales or lengthen purchasing decisions.
More generally, the
COVID-19
pandemic, including the emergence of variant strains of COVID-19, has adversely affected economies and financial markets globally, and continued uncertainty could lead to a prolonged economic downturn, which could result in a larger customer turnover than is currently anticipated, reduced demand for our products and services, and increased length of sales cycles, in which case our revenues could be significantly impacted. The impact of the
COVID-19
pandemic may also exacerbate other risks discussed in this “
Risk Factors
” section and elsewhere in this prospectus. It is not possible at this time to estimate the impact that the
COVID-19
pandemic could have on our business, as the impact will depend on future developments, which are highly uncertain and cannot be predicted.
 
9

Table of Contents
If organizations do not adopt cloud-enabled, and/or SaaS-delivered cybersecurity solutions that may be based on new and untested security concepts, our ability to grow our business and results of operations may be adversely affected.
Our future success depends on the growth in the market for cloud-enabled and/or SaaS-delivered cybersecurity solutions. The use of SaaS solutions to manage and automate security and IT operations is rapidly evolving. As such, it is difficult to predict our potential growth, customer adoption and retention rates, customer demand for our solutions, or the success of existing or future competitive products. Any expansion in our market depends on a number of factors, including the cost, performance and perceived value associated with our solutions and those of our competitors. If our solutions do not achieve widespread adoption or there is a reduction in demand for our solutions due to a lack of customer acceptance, technological challenges, competing products, privacy or other liability concerns, decreases in corporate spending, weakening economic conditions, or otherwise, it could adversely affect our business, results of operations and financial results, resulting from such things as early terminations, reduced customer retention rates, or decreased sales. We do not know whether the trend in adoption of cloud- enabled and/or SaaS-delivered cybersecurity solutions that we have experienced in the past will continue in the future. Furthermore, if we or other SaaS security providers experience security incidents, loss, or disclosure of customer data, disruptions in delivery, or other problems, the market for SaaS solutions as a whole, including our security solutions, could be negatively affected.
In addition to reliance on a cloud-enabled and/or SaaS-delivered model, our cybersecurity offerings utilize a novel and relatively new approach to collective defense that relies on customers sharing sensitive customer information with us. Some of that raw customer information may contain personal or confidential information, or data perceived to be personal or confidential information. From that customer information, we generate analytics that allow us to deliver threat knowledge and network intelligence at machine speed across a wide variety of industries. Because this new approach requires the sharing of sensitive customer information, concerns may exist that sharing of the customer information may violate, or be perceived as potentially violating, privacy laws or providing a competitive advantage to another entity. As a result, some current or prospective customers may decide not to procure our products or share any customer information. Such lack of acceptance could have negative effects on us, including reduced or lost revenues or inadequate information being available for our analysis, thus making our products less effective. In addition, uncertainties about the regulatory environment concerning personal information and the potential liability raised by sharing such information could further inhibit the broad-scale adoption of our solutions.
Historically, information sharing related to cybersecurity has been a very well accepted concept from a theoretical perspective but very difficult to implement in practice. Companies are generally reluctant to share their sensitive cyber information with other entities, despite knowing the advantages of doing so. Although raw customer information will not be shared with other parties, it does undergo filtering, concatenation, and other transformations within our solutions with the goal of removing any sensitive or personal information. Misperceptions may exist, however, about what information gets shared, with whom that information is shared, and the jurisdictions (including foreign countries) of the companies with which the information gets shared. Further, concerns of existing or potential customers may exist related to the ability to completely remove any indicia of the source company, general market rejection of information sharing, or specific market skepticism of our approach to collective defense, which may further add to a lack of customer acceptance.
In addition to the potential concerns related to sharing sensitive information in a system consisting of commercial or potentially competitive entities, additional concerns can arise when governments become involved as participants in the collective defense ecosystem. From a commercial perspective, companies frequently view information sharing with governments as risky, based on perceptions that the governments might use such shared information to take action against the companies or to otherwise utilize it in a way that will expose such companies to liability. Such perceptions could lead commercial entities to stop sharing, not procure our services in the first place, or terminate their relationship with us altogether. Similarly, governments (as customers) may be unable to properly process such data or utilize it in a meaningful way, or share useful information back into our
 
10

Table of Contents
solutions. Any of these concerns could lead to reduced sales or contribute to a lack of customer acceptance. In addition, the mere involvement of one or more government entities may harm our reputation with certain companies.
If we are unable to attract new customers, our future results of operations could be harmed.
To expand our customer base, we will need to convince potential customers to allocate a portion of their discretionary budgets to purchase our platform and solutions. Our sales efforts have often involved educating our prospective customers about the uses and benefits of our platform and solutions. Enterprises and governments that use legacy security products, such as signature-based or malware-focused products, firewalls, intrusion prevention systems and endpoint technologies, may be hesitant to purchase our platform and solutions if they believe that legacy security products are more cost effective, provide substantially the same functionality as our platform and solutions or provide a level of cybersecurity that is sufficient to meet their needs.
We may have difficulty convincing prospective customers of the value of adopting our solutions. Even if we are successful in convincing prospective customers that a cloud-enabled platform like ours is critical to protect against cyberattacks, they may not decide to purchase our platform and solutions for a variety of reasons, some of which are out of our control. For example, any future deterioration in general economic conditions, including a downturn due to the outbreak of diseases such as
COVID-19,
may cause our current and prospective customers to cut their overall security and IT operations spending, and such cuts may fall disproportionately on cloud-based security solutions. Economic weakness, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue and adversely affect our results of operations and financial condition. Additionally, if the incidence of cyberattacks were to decline, or enterprises or governments perceive that the general level or relative risk of cyberattacks has declined, our ability to attract new customers and expand sales of our solutions to existing customers could be adversely affected. If organizations do not continue to adopt our platform and solutions, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations, and financial condition would be harmed.
If our customers do not renew their subscriptions for our products, our future results of operations could be harmed.
In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our platform and solutions when existing contract terms expire, and that we expands our commercial relationships with our existing customers by selling additional subscriptions. Our customers have no obligation to renew their subscriptions after the expiration of their contractual subscription period, which is generally one year, and in the normal course of business, some customers have elected not to renew. In addition, our customers may renew for shorter contract subscription lengths or cease using certain solutions. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our services, our pricing, customer security and networking issues and requirements, our customers’ spending levels, mergers and acquisitions involving our customers, industry developments, competition and general economic conditions. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business, results of operations, and financial condition may materially suffer.
As a first mover in collective defense for the commercial sector, we may face significant liability if we are unable to effectively anonymize and safeguard our clients’ data.
We are the first major commercial vendor to offer an
end-to-end
means to take full advantage of the collective defense concept that relies on customers sharing sensitive customer information with us. While raw customer information is not shared with other parties and shared data undergoes filtering and other transformations within our solution, with the goal of removing any sensitive or personal information, it is possible that customer information could be accessed by third parties (including competitors of our clients), through a failure of our
 
11

Table of Contents
procedures to effectively anonymize the shared data or as a result of hackers gaining access to the raw data collected by us. To the extent we are not able to effectively anonymize and protect our customers’ data, we may be subject to liability, which could adversely affect our business, results of operations and financial condition. In addition, given the novelty of our approach, it is possible that other risks related to our clients’ data could surface of which we are currently unaware.
Competition from existing or new companies could cause us to experience downward pressure on prices, fewer customer orders, reduced margins, the inability to take advantage of new business opportunities and loss of market share.
The market for cybersecurity solutions is intensely competitive, fragmented, and characterized by rapid changes in technology, customer requirements, industry standards, increasingly sophisticated attackers, and by frequent introductions of new or improved products to combat security threats. We expect to continue to face intense competition from our current competitors, as well as from new entrants into the market. If we are unable to anticipate or react to these challenges, our competitive position could weaken, and we could experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition and results of operations. The ability to compete effectively will depend upon numerous factors, many of which are beyond our control, including, but not limited to:
 
   
product capabilities, including performance and reliability, of our platform, including our services and features particularly in the areas of analytics and collective defense, compared to those of our competitors;
 
   
our ability, and the ability of our competitors, to improve existing products, services and features, or to develop new ones to address evolving customer needs;
 
   
our ability to attract, retain and motivate talented employees;
 
   
our ability to establish, capitalize on, maintain, and grow relationships with distribution and technology partners;
 
   
the strength of our sales and marketing efforts; and
 
   
acquisitions or consolidation within our industry, which may result in more formidable competitors.
Our competitors include the following companies by general category:
 
   
first-generation NDR vendors such as DarkTrace or Vectra Networks, who offer point products based on Bayesian analysis, outlier analysis, and heuristic detection-based detection;
 
   
network security vendors, such as Cisco and Palo Alto Networks, Inc., who are supplementing their core network security additional behavioral-based detection with behavioral-based detection, threat intelligence and security operations solutions; and
 
   
legacy network infrastructure and performance monitoring companies such as ExtraHop and Arista Networks, who are adding security use cases to their infrastructure products.
Many of these competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a significantly larger base of customers than we do. They may be able to devote greater resources to the development, promotion, and sale of services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions, or they may have other financial, technical or other resource advantages. Our larger competitors have substantially broader and more diverse product and services offerings as well as routes to market, which may allow them to leverage their relationships based on other products, or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products.
 
12

Table of Contents
Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by competitors or continuing market consolidation. Some of our current or potential competitors have made or could make acquisitions of businesses or establish cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. These competitive pressures in the market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Further, many competitors that specialize in providing protection from particular types of security threats may be able to deliver these more targeted security products to the market quicker than we can or may be able to convince organizations that these more limited products meet their needs.
Even if there is significant demand for cloud-based security solutions like ours or if our competitors include functionality that is, or is perceived to be, equivalent to or better than ours in legacy products that are already generally accepted as necessary components of an organization’s cybersecurity architecture, we may have difficulty increasing the market penetration of our platform. Furthermore, even if the functionality offered by other security and IT operations providers is different and more limited than the functionality of our platform, organizations may elect to accept such limited functionality in lieu of adding products from additional vendors like us. If we are unable to compete successfully, our business, financial condition, and results of operations would be adversely affected.
Competitive pricing pressure may reduce gross profits and adversely affect our financial results.
If we are unable to maintain our pricing due to competitive pressures or other factors, our margins may be reduced and our gross profits, business, results of operations and financial condition may be adversely affected. The subscription prices for our platform, solutions, and professional services may decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new solutions by competitors, or promotional programs offered by us or our competitors. Competition continues to increase in the market segments in which we operate, and we expect competition to further increase in the future. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions in an effort to leverage their existing market share to make it harder for newer companies, like us, to effectively compete.
If our solutions fail or are perceived to fail to detect or prevent incidents or have or are perceived to have defects, errors, or vulnerabilities, our brand and reputation would be harmed, which would adversely affect our business and results of operations.
Real or perceived defects, errors, or vulnerabilities in our platform and solutions, the failure of our platform to detect or prevent incidents, including advanced and newly developed attacks, misconfiguration of our solutions, actions or inactions by employees or contractors that create vulnerabilities in our platform or solutions, or the failure of customers to take action on attacks identified by our platform could harm our reputation and adversely affect our business, financial position, and results of operations. Because our cloud-enabled security platform is complex, it may contain defects or errors that are not detected until after deployment. We cannot assure you that our products will detect all cyberattacks, especially in light of the rapidly changing security threat landscape that our solution seeks to address. Due to a variety of both internal and external factors, including, without limitation, defects or misconfigurations of our solutions, our solutions could become vulnerable to security incidents (both from intentional attacks and accidental causes) that cause them to fail to secure networks and detect and block attacks. In addition, because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, there is a risk that an advanced attack could emerge that our cloud-enabled security platform is unable to detect or prevent until after some of our customers are affected. For example, certain computer hackers may be supported or directly employed by
so-called
nation-states, which are generally defined as sovereign territories with individuals who share a common history and set of ideals. In the context of cybersecurity, certain aggressive nation-states with a history of
 
13

Table of Contents
disregarding generally acceptable computer network norms may employ particularly sophisticated and experienced actors who focus on being persistent, unpredictable, and innovative, with the ability to tap into significant nation-state budgets. This allows such nation-state attackers to develop expansive attack playbooks and access to cutting-edge technology to facilitate their attacks, including new, or
so-called
zero-day,
attacks. Such nation-state attackers could successfully attack us or our customers, which could significantly harm our reputation. Additionally, our platform may falsely indicate a cyberattack or threat that does not actually exist, which may lessen customers’ trust in our solutions.
Moreover, as our cloud-enabled security platform is adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced cyberattacks will begin to focus on finding ways to defeat our security platform. If this happens, our systems and subscription customers could be specifically targeted by attackers and could result in vulnerabilities in our platform or undermine the market acceptance of our platform and could adversely affect our reputation as a provider of security solutions. Because we host customer data on our cloud and other platforms, which in some cases may contain personally identifiable information (“PII”) or potentially confidential information, a security compromise, or an accidental or intentional misconfiguration or malfunction of our platform could result in PII and other customer data being accessible to attackers or to other customers. Further, if a high-profile security breach occurs with respect to another next-generation or cloud-enabled security system, our customers and potential customers may lose trust in such solutions generally, and cloud-enabled security solutions in particular.
Organizations are increasingly subject to a wide variety of attacks on their networks, systems, and endpoints. No security solution, including our platform, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security incident. There could be situations where our solutions detect attacks against a customer but the customer does not address the vulnerability, which could cause customers and the public to erroneously believe that our solutions were not effective. Real or perceived security breaches of our customers’ networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, and other customer relations issues, and may adversely affect our revenue and results of operations.
As a cybersecurity provider, we may be a target of cyberattacks. If our internal networks, systems or data are or are perceived to have been compromised, our reputation may be damaged and our financial results may be negatively affected.
As a provider of security solutions, our platform may be specifically targeted by bad actors for attacks intended to circumvent our security capabilities or to exploit our platform as an entry point into customers’ endpoints, networks, or systems. In particular, because we have been involved in the identification of organized cybercriminals and nation-state actors, we may be the subject of intense efforts by sophisticated cyber adversaries who seek to compromise our systems or leverage our access. We are also susceptible to inadvertent compromises of our systems and data, including those arising from process, coding, or human errors. A successful attack or other incident that compromises us or our customers’ data or results in an interruption of service could have a significant negative effect on our operations, reputation, financial resources, and the value of our intellectual property. We cannot assure you that any of our efforts to manage this risk will be effective in protecting us from such attacks.
It is virtually impossible to entirely eliminate the risk of such compromises, interruptions in service, or other security incidents affecting our internal systems or data. Organizations are subject to a wide variety of attacks on their networks, systems and endpoints, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently. Furthermore, employee error or malicious activity could compromise its systems. As a result, we may be unable to anticipate these techniques or implement adequate measures to prevent an intrusion into our networks, which could result in unauthorized access to customer data, intellectual property including access to our source code, and information about vulnerabilities in our product, which in turn could reduce the effectiveness of our solutions, or lead to
 
14

Table of Contents
cyberattacks or other intrusions of our customers’ networks. If any of these events were to occur, they could damage our relationships with our customers and could have a negative effect on our ability to attract and retain new customers. We have expended, and we anticipate we will continue to expend significant amounts and resources in an effort to prevent security breaches and other security incidents impacting our systems and data. Since our business is focused on providing reliable security services to our customers, an actual or perceived security incident affecting our internal systems or data or data of its customers would be especially detrimental to our reputation and customer confidence in our solutions.
In addition, while we maintain, and we will continue to maintain, insurance policies that may cover certain liabilities in connection with a cybersecurity incident, we cannot be certain that the insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on commercially reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims that exceed available insurance coverage, or the occurrence of changes in insurance policies, including premium increases or the imposition of large deductible or coinsurance requirements, could have a material adverse effect on our business, including our financial condition, results of operations and reputation.
We rely on third-party data centers and our own colocation data centers to host and operate our platform, and any disruption of or interference with our use of these facilities may negatively affect our ability to maintain the performance and reliability of our platform, which could cause our business to suffer.
Our customers depend on the continuous availability of our platform. We currently host our platform and serves our customers using a mix of third-party data centers, primarily Amazon Web Services (“AWS”) and Microsoft Azure, and, primarily for our own use, in our own data centers, hosted in colocation facilities. Consequently, we may be subject to service disruptions as well as failures to provide adequate support for reasons that are outside of our direct control. We may experience interruptions, delays and outages in service and availability from time to time due to a variety of factors, including infrastructure changes, human or software errors, website hosting disruptions and capacity constraints. Also, customers may be subject to the same risk factors as some of them host our solutions in their own data centers.
The following factors, many of which are beyond our control, can affect the delivery, availability, and the performance of our platform:
 
   
the development and maintenance of the infrastructure of the internet;
 
   
the performance and availability of third-party providers of cloud infrastructure services with the necessary speed, data capacity, and security for providing reliable internet access and services;
 
   
decisions by the owners and operators of the data centers where our cloud infrastructure is deployed to terminate our contracts, discontinue services, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties;
 
   
physical or electronic
break-ins,
acts of war or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events;
 
   
cyberattacks, including denial of service attacks, targeted at us, our data centers, or the infrastructure of the internet;
 
   
failure by us to maintain and update our cloud infrastructure to meet our data capacity requirements;
 
   
errors, defects, or performance problems in our software, including third-party or open-source software incorporated in our software;
 
   
improper deployment or configuration of our solutions;
 
   
the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network;
 
15

Table of Contents
   
the failure of our disaster recovery and business continuity arrangements; and
 
   
effects of third-party software updates with hidden malware, similar to the supply chain attack that occurred via SolarWinds.
The adverse effects of any service interruptions on our reputation, results of operations, and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers have a low tolerance for interruptions of any duration. Interruptions or failures in our service delivery could result in a cyberattack or other security threat to one of our customers during such periods of interruption or failure. Additionally, interruptions or failures in our service could cause customers to terminate their subscriptions, adversely affect renewal rates, and harm our ability to attract new customers. Our business would also be harmed if our customers believe that a cloud-enabled and/or SaaS- delivered cybersecurity solution is unreliable. We may experience service interruptions and other performance problems due to a variety of factors. The occurrence of any of these factors, or if it is unable to rapidly and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively affect our relationship with our customers or otherwise harm our business, results of operations and financial condition.
If we do not effectively expand and train our direct sales force, we may be unable to add new customers or increase sales to existing customers, and our business will be adversely affected.
We depend on our direct sales force to obtain new customers and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel, particularly in international markets. We have expanded our sales organization significantly in recent periods and expect to continue to add additional sales capabilities in the near term. There is significant competition for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay is accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plans to do business. In addition, a large percentage of our salesforce is new to our business and selling our solutions, and therefore this team may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business and results of operations will be adversely affected.
Because we recognize revenue from subscriptions to our platform and other forms of providing customers with access to our software over the term of the subscription or contract, downturns or upturns in new business will not be immediately reflected in our results of operations.
We generally recognize revenue from customers ratably over the terms of their subscription or contract term, which average over three years in length, though may be as short as one year or less. As a result, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period will not be immediately reflected in our revenue for that period. Any such change, however, would affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods.
 
16

Table of Contents
A limited number of customers represent a substantial portion of our revenue. If we fail to retain these customers, our revenue could decline significantly.
We derive a substantial portion of our revenue from a limited number of customers. For the fiscal year 2022, six customers accounted for 51%, or $13,975, with two of those customers accounting for 21% of our revenue, and for fiscal year 2021, six customers accounted for 46%, or $13,381, with one of those customers accounting for 10%, of our revenue. Significant customers are those which represent at least 10% of our total revenue at each respective period ending date. The following table presents customers that represented 10% or more of our total annual revenue:
 
    
Year Ended January 31,
 
    
2022
   
2021
 
Customer A
     *       10
Customer B
     11         
Customer C
     10         
  
 
 
   
 
 
 
     21     10
 
*
Less than 10%
As a result of this customer concentration, our revenue could fluctuate materially and could be materially and disproportionately impacted by purchasing decisions of these customers or any other significant future customer. Any of our significant customers may decide to purchase less than they have in the past, may alter their purchasing patterns at any time with limited notice, or may decide not to continue to license our products at all, any of which could cause our revenue to decline and adversely affect our financial condition and results of operations. If we do not further diversify our customer base, we will continue to be susceptible to risks associated with customer concentration.
Our results of operations may fluctuate significantly, which could make our future results difficult to predict and could cause our results of operations to fall below expectations.
Our results of operations have varied significantly from period to period, and we expect that our results of operations will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
 
   
the impact of the
COVID-19
pandemic, including the emergence of variant strains of COVID-19, on our operations, financial results, and liquidity and capital resources, including on customers, sales, expenses, and employees;
 
   
our ability to attract new and retain existing customers;
 
   
the budgeting cycles, seasonal buying patterns, and purchasing practices of customers;
 
   
the timing and length of our sales cycles;
 
   
changes in customer or distribution partner requirements or market needs;
 
   
changes in the growth rate of our market;
 
   
the timing and success of new product and service introductions by us or our competitors or any other competitive developments, including consolidation among our customers or competitors;
 
   
the level of awareness of cybersecurity threats, particularly advanced cyberattacks, and the market adoption of our platform;
 
   
our ability to successfully expand our business domestically and internationally;
 
   
decisions by organizations to purchase security solutions from larger, more established security vendors or from their primary IT equipment vendors;
 
17

Table of Contents
   
changes in our pricing policies or those of our competitors;
 
   
any disruption in our relationship with distribution partners;
 
   
insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions;
 
   
significant security breaches of, technical difficulties with or interruptions to, the use of our platform;
 
   
extraordinary expenses such as litigation or other dispute-related settlement payments or outcomes;
 
   
rising inflation and our ability to control costs, including our operating expenses
 
   
general economic conditions, both in domestic and foreign markets;
 
   
future accounting pronouncements or changes in our accounting policies or practices;
 
   
negative media coverage or publicity;
 
   
political events;
 
   
the amount and timing of operating costs and capital expenditures related to the expansion of our business; and
 
   
increases or decreases in expenses caused by fluctuations in foreign currency exchange rates.
In addition, we experience seasonal fluctuations in our financial results as we can receive a higher percentage of our annual orders from new customers, as well as renewal orders from existing customers, in the fourth fiscal quarter as compared to other quarters due to the annual budget approval process of many of our customers. Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other results from period to period. As a result of this variability, our historical results of operations should not be relied upon as an indication of future performance. Moreover, this variability and unpredictability could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, our stock price could fall substantially, and we could face costly lawsuits, including securities class action suits.
Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.
Our revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our platform, particularly with respect to large organizations and government entities. Customers often view the subscription to our platform as a significant strategic decision and, as a result, frequently require considerable time to evaluate, test, and qualify our platform and solutions prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens our sales cycle.
Our direct sales team develops relationships with our customers, and works with our distribution partners on account penetration, account coordination, sales and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Security solution purchases are frequently subject to budget constraints, multiple approvals, and unanticipated administrative, processing, and other delays. As a result, it is difficult to predict whether and when a sale will be completed. The failure of our efforts to secure sales after investing resources in a lengthy sales process could adversely affect our business and results of operations.
We rely heavily on the services of our senior management team, and if we are not successful in attracting or retaining senior management personnel, we may not be able to successfully implement our business strategy.
Our future success will be substantially dependent on our ability to attract, retain, and motivate the members of our management team. In particular, we will be highly dependent on the services of our
co-chief
executive
 
18

Table of Contents
officers, who will be critical to our future vision and strategic direction. We will also rely on our leadership team in the areas of operations, security, analytics, engineering, product management, research and development, marketing, sales, partnerships, mergers and acquisitions, support, and general and administrative functions. GEN Alexander, our founder, is important to our future growth as he provides access to key decisionmakers within government agencies and the private sector, and his leadership role would be difficult to replace. Although we expect that we will enter into new employment agreements with some of our key personnel, our employees, including our executive officers, will be employed on an
“at-will”
basis, which means they may terminate their employment with us at any time. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business could be harmed.
If we are unable to attract and retain qualified personnel, our business could be harmed.
There is significant competition for personnel with the skills and technical knowledge that we will require across our technology, cyber, sales, professional services and administrative support functions. Competition for these personnel in the Washington, D.C. metro area, where our corporate headquarters is located, and in other locations where we maintain offices or otherwise operate, is competitive, especially for experienced sales professionals, engineers and data scientists experienced in designing and developing cybersecurity software. Although our current remote work environment facilitates our ability to attract talent across a wider geographic base, we have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. Many of the companies with which we compete for experienced personnel have greater resources than us. Our competitors also may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. We may also be subject to allegations that employees we hire have been improperly solicited, or that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product, or that they have been hired in violation of
non-compete
provisions or
non-solicitation
provisions.
In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Volatility or lack of performance in our stock price may also affect our ability to attract and retain key employees. Some of our employees will become vested in a substantial amount of equity awards, which may give them a material amount of personal wealth. This may make it more difficult for us to retain and motivate these employees, and this wealth could affect their decision about whether or not they continue to work for us. Any failure to successfully attract, integrate or retain qualified personnel to fulfill our current or future needs could adversely affect our business, results of operations and financial condition.
If we are not able to maintain and enhance our brand and our reputation as a provider of high-efficacy cybersecurity solutions, our business and results of operations may be adversely affected.
We believe that maintaining and enhancing our brand and our reputation as a provider of high-efficacy cybersecurity solutions is critical to our relationship with our existing customers and distribution partners and our ability to attract new customers and partners. The successful promotion of our brand will depend on a number of factors, including our investment in marketing efforts, our ability to continue to develop additional features for our platform, our ability to successfully differentiate our platform from competitive cloud-enabled or legacy security solutions and, ultimately, our ability to detect and remediate cyberattacks. Although we believe it is important for our growth, these brand promotion activities may not be successful or yield increased revenue.
In addition, independent industry or financial analysts and research firms often test our solutions and provide reviews of our platform, along with the products of our competitors, and perception of our platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors’ products, our brand may be adversely affected. Our solutions may fail to detect or prevent threats in any particular test for a number of reasons that may or may not be related to the efficacy of our solutions in real world environments. To the extent potential customers, industry analysts, or
 
19

Table of Contents
testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our solutions or services do not provide significant value, we may lose customers, and our reputation, financial condition, and business would be harmed. Additionally, the performance of our distribution partners may affect our brand and reputation if customers do not have a positive experience with these partners. In addition, we have in the past worked, and we will continue to work, with high profile customers and to assist in analyzing and remediating high profile cyberattacks. This work with such customers and cyberattacks may expose us to negative publicity and media coverage. Negative publicity, including about the efficacy and reliability of our platform, our products offerings, our professional services and the customers we work with, even if inaccurate, could adversely affect our reputation and brand.
If we are unable to maintain successful relationships with our distribution partners, or if our distribution partners fail to perform, our ability to market, sell and distribute our platform and solutions efficiently will be limited, and our business, financial position and results of operations will be harmed.
In addition to our direct sales force, we rely on certain key distribution partners to sell and support our platform. An increasing amount of our sales flow through our distribution partners, and we expect our reliance on such partners to continue to grow for the foreseeable future. Additionally, we have entered into, and we intend to continue to enter into, partnerships with third parties to support our future growth plans. The loss of a substantial number of distribution partners, or the failure to recruit additional partners, could adversely affect our results of operations. Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our distribution partners and in training them to independently sell and deploy our platform. If we fail to effectively manage our existing sales channels, or if our distribution partners are unsuccessful in fulfilling the orders for our solutions, or if we are unable to recruit and retain a sufficient number of high quality distribution partners who are motivated to sell our products, our ability to sell our products and results of operations will be harmed.
Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and results of operations.
Our future growth depends, in part, on increasing sales to government organizations. Demand from government organizations is often unpredictable, subject to budgetary uncertainty and typically involves long sales cycles. We have made significant investments to address the government sector, but we cannot assure you that these investments will be successful, or that we will be able to maintain or grow our revenue from the government sector. Although we anticipate that they may increase in the future, sales to U.S. federal, state and local governmental agencies have not accounted for, and may never account for, a significant portion of our revenue. U.S. federal, state and local government sales are subject to a number of challenges and risks that may adversely impact our business. Sales to such government entities include the following risks:
 
   
selling to governmental agencies can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;
 
   
government certification requirements applicable to our products may change and, in doing so, restrict our ability to sell into the U.S. federal government sector until it has attained the required certifications.
 
   
government demand and payment for our platform may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our platform;
 
   
governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our platform, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit were to uncover improper or illegal activities;
 
20

Table of Contents
   
interactions with the U.S. federal government may be limited by post-employment ethics restrictions on members of our management; 
 
   
foreign governments may have concerns with purchasing security products from a company that employs former NSA employees and officials, which may negatively impact sales; and
 
   
governments may require certain products to be manufactured, hosted, or accessed solely in their country or in other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet these requirements, affecting our ability to sell these products to governmental agencies.
We have achieved “FedRAMP- ready” status, but such status is only available for a certain period of time before which it must be utilized. If not utilized, we would likely have to go through certain parts of the FedRAMP process again in order to sell our products to government agencies. Moreover, even if we were to achieve FedRAMP-certified status, such certification is costly to maintain, and if we were to lose such a certification in the future it would restrict our ability to sell to government customers. It is also possible that additional guidelines and/or certifications, such as the Cybersecurity Maturity Model Certification, will be required to expand participation in the government sectors.
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions in the future or otherwise have an adverse effect on our business and results of operations.
We may not scale and adapt our existing technology in a timely and cost-effective manner to meet our customers’ performance and other requirements.
Our future growth will be dependent upon our ability to continue to meet the needs of new customers and the expanding needs of our existing customers as their use of our solutions grows. As our customers gain more experience with our solutions, the number of events, the amount of data transferred, processed, and stored by our solutions and the number of locations where our platform and services are being accessed, have in the past, and may in the future, expand rapidly. In order to meet the performance and other requirements of our customers, we intend to continue to make significant investments to increase capacity and to develop and implement new technologies in our service and cloud infrastructure operations. These technologies, which include databases, applications, and server optimizations, network and hosting strategies, and automation, are often advanced, complex, new, and untested. We may not be successful in developing or implementing these technologies. In addition, it takes a significant amount of time to plan, develop, and test improvements to our technologies and infrastructure, and we may not be able to accurately forecast demand or predict the results we will realize from such improvements. To the extent that we do not effectively scale our operations to meet the needs of our growing customer base and to maintain performance as our customers expand their use of our solutions, we may not be able to grow as quickly as anticipated, customers may reduce or cancel use of our solutions and we may be unable to compete as effectively and our business and results of operations may be harmed.
Additionally, we have made, and we will continue to make, substantial investments to support growth at our data centers partners and improve the profitability of our cloud platform. If our cloud-based server costs were to increase or pricing pressure causes price movements out of proportion with changes in unit operating costs, our business, results of operations and financial condition may be adversely affected. Although we expect that we could receive similar services from other third parties, if any of our arrangements with third-party providers are terminated, we could experience interruptions on our platform and in our ability to make our solutions available to customers, as well as delays and additional expenses in arranging alternative cloud infrastructure services. Ongoing improvements to cloud infrastructure may be more expensive than anticipated and may not yield the expected savings in operating costs or the expected performance benefits. In addition, we may be required to
re-invest
any cost savings achieved from our prior cloud infrastructure improvements in future infrastructure projects to maintain the levels of service required by our customers. We may not be able to maintain or achieve cost savings from our investments, which could harm our financial results.
 
21

Table of Contents
The market opportunity estimates and growth forecasts included in this prospectus could prove to be inaccurate, and any real or perceived inaccuracies may harm our reputation and negatively affect its business.
This prospectus includes our estimates of the addressable market for our cloud-based SaaS-delivered cybersecurity solution. Market opportunity estimates and growth forecasts, whether obtained from third-party sources or developed internally, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The estimates and forecasts in this prospectus relating to the size and expected growth of our target markets may prove to be inaccurate. In particular, the estimates regarding our current and projected market opportunity are difficult to predict. In addition, our estimates of the addressable market for cloud-based SaaS-delivered cybersecurity solutions reflect the opportunity available from all participants and potential participants in the market, and we cannot predict with precision its ability to address this demand or the extent of market adoption of our solutions. The addressable market we estimates may not materialize for many years, if ever, and even if the markets in which we compete meet the size estimates and growth forecasted in this registration statement, our business could fail to grow at similar rates, if at all. Accordingly, the forecasts of market growth included in this registration statement should not be taken as indicative of our future growth.
The success of our business will depend in part on our ability to protect and enforce our intellectual property rights.
We believe that our intellectual property is an essential asset of our business, and our success and ability to compete will depend in part upon protection of intellectual property rights. We have relied, and we will continue to rely, on a combination of patent, copyright, trademark, and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights in the United States and abroad, all of which provide only limited protection. The efforts we have taken to protect our intellectual property may not be sufficient or effective, and our trademarks, copyrights and patents may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications, including in a manner that will give us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain
non-U.S.
jurisdictions, but such protections may not be available in all countries in which we will operate or in which we will seek to enforce intellectual property rights, or the intellectual property rights may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties under certain circumstances. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. Moreover, we may need to expend additional resources to defend our intellectual property rights in these countries, and our inability to do so could impair our business or adversely affect our plans for international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection or they may not prove to be enforceable in actions against alleged infringers.
We may not be effective in policing unauthorized use of our intellectual property, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. Protecting against the unauthorized use of intellectual property rights, technology and other proprietary rights is expensive and difficult, particularly outside of the United States. Any enforcement efforts undertaken, including litigation, could be time-consuming and expensive and could divert management’s attention, which could harm our business and results of operations. Further, attempts to enforce rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or challenge our intellectual property rights which could result in a holding that invalidates or narrows the scope of our intellectual property rights, in whole or in part. The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, results of operations and financial condition. Even if we are able to secure our intellectual property rights, we cannot assure you that such rights will provide us with competitive advantages or distinguish our services from those of our competitors or that our competitors will not independently develop similar technology, duplicate any of our technology, or design around our patents.
 
22

Table of Contents
Claims by others that we infringe their proprietary technology or other intellectual property rights could result in significant costs and substantially harm our business, financial condition, results of operations and prospects.
Claims by others that we infringe or misappropriate their proprietary technology or other intellectual property rights could harm our business. Companies in the cybersecurity industry could hold patents and also protect their copyright, trade secret and other intellectual property rights, entering into litigation based on allegations of patent infringement or other violations of intellectual property rights. We will face increasing competition as we grow and the possibility of intellectual property rights claims against us could also grow. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such personnel have divulged proprietary or other confidential information of competitors to us. From time to time, third parties may assert claims of infringement or misappropriation of intellectual property rights against us. Although there have been no such claims made against us to date, there can be no assurance that such claims may not be made in the future.
Third parties may in the future also assert claims against our customers or distribution partners, whom our standard license and other agreements may obligate us to indemnify against claims that our solutions infringe the intellectual property rights of third parties. As the number of products and competitors in the cybersecurity market increases and overlaps occur, claims of infringement, misappropriation, and other violations of intellectual property rights may increase. While we intend to increase the size of our patent portfolio, many of our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve
non-practicing
entities, companies, or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. Any claim of intellectual property infringement by a third party, even a claim without merit, could cause us to incur substantial costs defending against such claim, could distract our management from our business and could require us to cease use of such intellectual property.
Additionally, our insurance may not cover intellectual property rights infringement claims that may be made. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties, or other costs or damages; or we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative,
non-infringing
technology, which could require significant time, during which we could be unable to continue to offer our affected services or features, effort and expense, and may ultimately not be successful.
Although third parties may offer a license to their technology or other intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be adversely affected. In addition, some licenses may be nonexclusive, and therefore our competitors may have access to the same technology licensed to us. If a third party does not offer us a license to its technology or other intellectual property on reasonable terms, or at all, we could be enjoined from continued use of such intellectual property. As a result, we may be required to develop alternative,
non-infringing
technology, which could require significant time, during which we could be unable to continue to offer our affected products, subscriptions or services, effort, and expense and may ultimately not be successful. Any of these events could harm our business, financial condition and results of operations.
We license technology from third parties, and our inability to maintain those licenses could harm our business.
We currently incorporate, and will in the future incorporate, technology that we license from third parties, including software, into our solutions. We cannot be certain that our licensors do not or will not infringe on the
 
23

Table of Contents
intellectual property rights of third parties or that our licensors have or will have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our platform. Some of our agreements with our licensors may be terminated by them for convenience, or otherwise provide for a limited term. If we are unable to continue to license technology because of intellectual property infringement claims brought by third parties against our licensors or against us, or if we are unable to continue the license agreements or enter into new licenses on commercially reasonable terms, our ability to develop and sell solutions and services containing that technology would be limited, and our business could be harmed. Additionally, if we are unable to license technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and may require us to use alternative technology of lower quality or performance standards. This could limit or delay our ability to offer new or competitive solutions and increase our costs. As a result, our margins, market share, and results of operations could be significantly harmed.
If we are not able to satisfy data protection, security, privacy, and other government- and industry-specific requirements or regulations, our business, results of operations, and financial condition could be harmed.
Personal privacy, data protection, information security, telecommunications regulations, and other laws, regulations, and industry standards (including proposed new proposed versions) applicable to specific categories of information are significant issues in the United States, Europe, and in other key jurisdictions where we offer our solutions, including in South and East Asia and the Middle East. The data that we collect, analyze and store is subject to a variety of laws and regulations, including regulation by various government agencies. The U.S. federal government, and various state and foreign governments, have adopted or proposed limitations on the collection, distribution, use, and storage of certain categories of information, such as PII of individuals, health information, and other sector-specific types of data, including but not limited to regulations promulgated by Federal Trade Commission and under the provisions of the Electronic Communication Privacy Act, Computer Fraud and Abuse Act, the Health Insurance Portability and Accountability Act, and the Gramm-Leach-Bliley Act. Laws and regulations outside the United States, and particularly in Europe, often are more restrictive than those in the United States. Such laws and regulations may require companies to implement privacy and security policies, permit customers to access, correct, and delete personal information stored or maintained by such companies, inform individuals of security breaches that affect their personal information, and, in some cases, obtain individuals’ consent to use PII for certain purposes. In addition, some foreign governments require that any information of certain categories, such as financial or PII collected in a country not be transferred outside of that country without consent. We also may find it necessary or desirable to join industry or other self-regulatory bodies or other information security or data protection-related organizations that require compliance with their rules pertaining to information security and data protection. We also may be bound by additional, more stringent contractual obligations relating to our collection, use and disclosure of personal, financial and other data. We cannot yet determine the impact of future laws, regulations, standards, or perception of their requirements may have on our business. For example, the European Commission adopted the European General Data Protection Regulation (“GDPR”), that applies to the processing of certain personal data of data subjects in the European Economic Area (“EEA”). As compared to previously data protection law in the European Union, the GDPR imposes additional obligations and risk upon our business and increases substantially the penalties to which we could be subject in the event of any
non-compliance.
Administrative fines for certain violations under the GDPR can amount up to 20 million Euros or four percent of worldwide annual revenue for the prior fiscal year, whichever is higher. We have incurred substantial expense in complying with the obligations imposed by the GDPR, and we may be required to do so in the future, potentially making significant changes in our business operations, which may adversely affect our revenue and our business overall. Additionally, we are unable to predict how obligations under the GDPR will be applied to us or our customers. Despite our efforts to attempt to comply with the GDPR, a regulator may determine that a customer has not done so and subject it to fines and public censure, which could harm our business.
Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States. We
 
24

Table of Contents
have undertaken certain efforts to conform transfers of personal data from the EEA to the United States and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities. Despite this, we may be unsuccessful in establishing or maintaining conforming means of transferring such data from the EEA, in particular as a result of continued legal and legislative activity within the European Union. For example, in July 2020 the European Court of Justice (“ECJ”) invalidated the
EU-U.S.
Privacy Shield in a decision known as
Schrems II
. The ECJ decision also raised questions about the continued validity of one of the primary alternatives to the
EU-U.S.
Privacy Shield, namely the European Commission’s Standard Contractual Clauses, and EU regulators have issued additional guidance regarding considerations and requirements that we and other companies must consider and undertake when using the Standard Contractual Clauses. Although the EU has presented a new set of contractual clauses, at present, there are few, if any, viable alternatives to the
EU-U.S.
Privacy Shield and the Standard Contractual Clauses. The ECJ’s decision and other regulatory guidance or developments otherwise may impose additional obligations with respect to the transfer of personal data from the EU and Switzerland to the United States, each of which could restrict our activities in those jurisdictions, limit our ability to provide products and services in those jurisdictions, or increase our costs and obligations and impose limitations upon our ability to efficiently transfer personal data from the EU and Switzerland to the United States.
Further, the exit of the United Kingdom (UK) from the EU, often referred to as Brexit, has created uncertainty with regard to data protection regulation in the UK. Specifically, the UK exited the EU on January 1, 2020, subject to a transition period that ended December 31, 2020. While the Data Protection Act of 2018, that “implements” and complements the GDPR achieved Royal Assent on May 23, 2018 and is now effective in the United Kingdom, it is still unclear whether transfer of data from the EEA to the United Kingdom will remain lawful in the long term under GDPR. With the expiration of the transition period, companies will have to comply with the GDPR and the GDPR as incorporated into United Kingdom national law, which has the ability to separately fine up to the greater of £17.5 million or 4% of global turnover. On June 28, 2021, the European Commission announced a decision of “adequacy” concluding that the UK ensures an equivalent level of data protection to the GDPR, which provides some relief regarding the legality of continued personal data flows from the EEA to the UK. Some uncertainty remains, however, as this adequacy determination must be renewed after four years and may be modified or revoked in the interim. We cannot fully predict how the Data Protection Act, the UK GDPR, and other UK data protection laws or regulations may develop in the medium to longer term nor the effects of divergent laws and guidance regarding how data transfers to and from the UK will be regulated.
The implementation of the GDPR has led other jurisdictions to either amend, or propose legislation to amend their existing data privacy and cybersecurity laws to resemble all or a portion of the requirements of the GDPR. For example, on June 28, 2018, California adopted the California Consumer Privacy Act of 2018, or CCPA, which went into effect on January 1, 2020. The CCPA has been characterized as the first “GDPR-like” privacy statute to be enacted in the United States because it contains a number of provisions similar to certain provisions of the GDPR. In addition, the California Privacy Rights Act of 2020, or the CPRA was passed by California voters in November 2020. The CPRA amends the CCPA by creating additional privacy rights for California consumers and additional obligations on businesses, which could subject us to additional compliance costs as well as potential fines, individual claims and commercial liabilities. The majority of the CPRA provisions will take effect on January 1, 2023. The CCPA and CPRA could mark the beginning of a trend toward more stringent privacy legislation in the United States, as other states or the federal government may follow California’s lead and increase protections for U.S. residents. For example, on March 2, 2021, the Virginia Consumer Data Protection Act, which will take effect on January 1, 2023, was signed into law and on June 8, 2021, Colorado enacted the Colorado Privacy Act (the “CPA”), which also takes effect on July 1, 2023.
Evolving and changing definitions of personal data and personal information within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expand our business, including limiting partnerships that may involve the sharing of data. Further, we may be affected by evolving notions of data sovereignty, or the concept that data collected in a particular jurisdiction must be either physically maintained in
 
25

Table of Contents
that jurisdiction or maintained in compliance with all local law, including under all conditions or controls mandated by the jurisdiction in which it was collected. In light of current regulatory trends, such data sovereignty requirements may increase causing us to expend additional resources and increase our applicable budgets to remain compliant or cease doing business in such jurisdiction.
Even the perception of privacy or security concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent. In addition, changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could impact our business. We expect that existing laws, regulations and standards may be interpreted in new manners in the future. Future laws, regulations, standards, and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could require us to modify our solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.
Beyond broader data processing regulations affecting our business, the cybersecurity industry may face direct regulation. In 2018, Singapore introduced what is believed to be the world’s first cybersecurity licensing requirement, mandating that providers of specific types of incident response services receive a government license before providing such services. License requirements such as these may impose upon us significant organizational costs and high barriers of entry into new markets.
Although we have worked and will continue to work to comply with applicable laws and regulations, certain applicable industry standards and our contractual obligations and other legal obligations, along with laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another. In addition, they may conflict with other requirements or legal obligations that apply to our business or the security features and services that our customers expect from our solutions. As such, we cannot assure ongoing compliance with all such laws, regulations, standards and obligations. Any failure or perceived failure by us or our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations, or applicable industry standards that we represent compliance with or that may be asserted to apply to us, or to comply with employee, customer, partner, and other data privacy and data security requirements pursuant to contract and our stated notices or policies, could result in enforcement actions, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business. Any inability of us or our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties to adequately address privacy and security concerns, even if unfounded, or comply with applicable laws, regulations, standards and obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business and results of operations.
Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose customers in the public sector or negatively impact our ability to contract with the public sector.
Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing privacy and data protection laws and regulations, employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. Noncompliance by us, our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties with applicable regulations or requirements could subject us to:
 
   
investigations, enforcement actions and sanctions;
 
26

Table of Contents
   
mandatory changes to our platform;
 
   
disgorgement of profits, fines and damages;
 
   
civil and criminal penalties or injunctions;
 
   
claims for damages by our customers or distribution partners;
 
   
termination of contracts;
 
   
loss of intellectual property rights; and
 
   
temporary or permanent debarment from sales to government organizations.
If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, results of operations and financial condition.
We endeavor to properly classify employees as exempt versus
non-exempt
under applicable law. Although there are no pending or threatened material claims or investigations against us asserting that some employees are improperly classified as exempt, the possibility exists that some of our current or former employees could have been incorrectly classified as exempt employees.
These laws and regulations will impose added costs on our business, and failure by us, our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties to comply with these or other applicable regulations and requirements could lead to claims for damages, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could result in reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, and other sanctions, any of which could harm our business, reputation, and results of operations.
We are subject to laws and regulations, including governmental export and import controls, sanctions, and anti-corruption laws, that could impair our ability to compete in our markets and subject us to liability if we are not in full compliance with applicable laws.
We are subject to laws and regulations, including governmental export controls, that could subject us to liability or impair our ability to compete in our markets. Our products are subject to U.S. export controls, including the U.S. Department of Commerce’s Export Administration Regulations, and we and our employees, representatives, contractors, agents, intermediaries, and other third parties are also subject to various economic and trade sanctions regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Control and other governmental authorities. We incorporate standard encryption algorithms into our products, which, along with the underlying technology, may be exported outside of the U.S. only with the required export authorizations, including by license, license exception or other appropriate government authorizations, which may require the filing of further encryption registration and classification requests. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain cloud-based solutions to countries, governments, and persons targeted by U.S. sanctions. Governmental regulation of the import or export of our products, or our failure to obtain any required import or export authorization for our products under the laws of the United States or other countries, could harm our ability to engage in international trade and adversely affect our revenue. Moreover, any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export our products to existing or potential customers or to conduct business with foreign parties. An actual or alleged violation of these laws or regulations would negatively affect our business, financial condition and results of operations.
 
27

Table of Contents
Various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Under these global trade and sanctions laws and regulations, as well as other laws governing our operations, various government agencies may seek to impose modifications to business practices, including cessation of business activities in sanctioned countries or with sanctioned persons or entities and modifications to compliance programs, which may increase compliance costs, and may subject us to fines, penalties and other sanctions. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, results of operations and financial condition.
We are also subject to the U.S. Foreign Corrupt Practices Act of 1977 (“FCPA”), the UK Bribery Act 2010, (the “Bribery Act”), and other anti-corruption, sanctions, anti-bribery, anti-money laundering and similar laws in the United States and other countries in which it conducts activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees, agents, intermediaries, and other third parties from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including intermediaries, agents, and distribution partners, to conduct our business in the United States and abroad, to sell subscriptions to our platform and to collect information about cyber threats. We and these third-parties may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these third- party business partners and intermediaries, our employees, representatives, contractors, distribution partners, agents, intermediaries, and other third parties, even if we do not explicitly authorize such activities.
While we have, and we will continue to have, policies and procedures to address compliance with FCPA, Bribery Act and other applicable anti-corruption, sanctions, anti-bribery, anti-money laundering and similar laws, we cannot assure you that they will be effective, or that all of our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties have taken, or will not take actions, in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. Noncompliance with these laws could subject us to investigations, severe criminal or civil sanctions, settlements, prosecution, loss of export privileges, suspension or debarment from U.S. government contracts, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, whistleblower complaints, adverse media coverage and other consequences. Any investigations, actions, or sanctions could harm our reputation, business, results of operations, and financial condition.
We also collect information about cyber threats from open sources, intermediaries, and third parties that we make available to our customers. While we have implemented certain procedures to facilitate compliance with applicable laws and regulations in connection with the collection of this information, we cannot assure you that these procedures have been effective or that we, or third parties, many of whom we do not control, have complied with all laws or regulations in this regard. Failure by us or our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations in the collection of this information also could have negative consequences, including reputational harm, government investigations and penalties.
Although we have taken precautions to prevent our information collection practices and services from being provided in violation of such laws, our information collection practices and services may have been in the past,
 
28

Table of Contents
and could in the future be, provided in violation of such laws. If we or our employees, representatives, contractors, distribution partners, agents, intermediaries, or other third parties fail to comply with these laws and regulations, we could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may also be adversely affected through reputational harm, loss of access to certain markets, or otherwise. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities.
Some of our technology incorporates “open source” software, which could negatively affect our ability to sell our platform and subject us to possible litigation.
Our products and subscriptions contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products and subscriptions. The use and distribution of open source software may entail greater risks than the use of third- party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Many of the risks associated with use of open source software cannot be eliminated and could negatively affect our business. In addition, the wide availability of source code used in our solutions could expose us to security vulnerabilities.
Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public, including authorizing further modification and redistribution, or otherwise be limited in the licensing of our services, each of which could provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our solutions, require us to
re-engineer
all or a portion of our platform, and could reduce or eliminate the value of our services. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales.
The terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize products and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open source software in our products and subscriptions has been or will be effective. From time to time, we may face claims from third parties asserting ownership of, or demanding release of, the open source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation. Litigation could be costly to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions. Responding to any infringement or noncompliance claim by an open source vendor, regardless of its validity, discovering certain open source software code in our platform, or a finding that we have breached the terms of an open source software license, could harm our business, results of operations and financial condition, by, among other things:
 
   
resulting in time-consuming and costly litigation;
 
   
diverting management’s time and attention from developing our business;
 
   
requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;
 
   
causing delays in the deployment of our platform or service offerings to our customers;
 
   
requiring us to stop offering certain services or features of our platform;
 
   
requiring us to redesign certain components of our platform using alternative
non-infringing
or
non-open
source technology, which could require significant effort and expense;
 
29

Table of Contents
   
requiring us to disclose our software source code and the detailed program commands for our software;
 
   
prohibiting us from charging license fees for the proprietary software that uses certain open source; and
 
   
requiring us to satisfy indemnification obligations to our customers.
We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.
Certain of our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our platform. Any failure of or disruption to our infrastructure could impact the performance of our platform and the availability of services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions, and, in certain cases, refunds. To date, there has not been a material failure to meet our service level commitments, and we do not currently have any material liabilities accrued on our balance sheet for such commitments. However, our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.
We may become involved in litigation that may adversely affect us.
We may be subject to claims, suits and government investigations and other proceedings including patent, product liability, class action, whistleblower, personal injury, property damage, labor and employment, commercial disputes, compliance with laws and regulatory requirements and other matters, and we may become subject to additional types of claims, suits, investigations and proceedings as our business develops. While we believe that we have acted in compliance in all material respects with applicable antitrust laws, such investigation, as well as any other claims, suits, and government investigations and proceedings that may be asserted against us in the future, are inherently uncertain and their results cannot be predicted with certainty. Regardless of outcome, any of these types of legal proceedings could have an adverse impact on us because of legal costs and diversion of management attention and resources, and could cause us to incur significant expenses or liability, adversely affect our brand recognition, and/or require us to change our business practices. The expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations. It is possible that a resolution of one or more such proceedings could result in substantial damages, settlement costs, fines and penalties that could adversely affect our business, consolidated financial position, results of operations, or cash flows in a particular period. These proceedings could also result in reputational harm, sanctions, consent decrees, or orders requiring a change in our business practices. Because of the potential risks, expenses and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations, and prospects.
Our ability to maintain customer satisfaction will depend in part on the quality of our customer support.
Once our platform is deployed within our customers’ networks, our customers depend on our customer support services to resolve any issues relating to implementation and maintenance of the platform. If we do not provide effective ongoing support, our ability to sell additional subscriptions to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many larger organizations have more complex networks and require higher levels of support than smaller customers. Failure to maintain high-quality customer support could also have a material adverse effect on our business, results of operations and financial condition.
 
30

Table of Contents
We may need to raise additional capital to maintain and expand our operations and invest in new solutions, which capital may not be available on terms acceptable to us, or at all, and which could reduce our ability to compete and could harm our business.
Retaining or expanding our current levels of personnel and products offerings may require additional funds to respond to business challenges, including the need to develop new products and enhancements to our platform, improve our operating infrastructure, or acquire complementary businesses and technologies. The failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business. Accordingly, we may need to engage in additional equity or debt financings to secure additional funds. If we raise additional equity financing, stockholders may experience significant dilution of their ownership interests and the market price of the common stock could decline. If we engage in debt financing, the holders of debt would have priority over the holders of common stock, and we may be required to accept terms that restrict our operations or our ability to incur additional indebtedness or to take other actions that would otherwise be in the interests of the debt holders. Any of the above could harm our business, results of operations and financial condition.
Our business is subject to the risks of warranty claims, product returns, product liability, and product defects from real or perceived defects in our solutions or their misuse by customers or third parties, and indemnity provisions in various agreements potentially expose we to substantial liability for intellectual property infringement and other losses.
We may be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our products may harm our business and results of operations. Although we generally have limitations of liability provisions in our terms and conditions of sale, these provisions may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. These provisions may also be negotiated to varying levels with different customers. The sale and support of products also entails the risk of product liability claims.
Additionally, our agreements with customers and other third parties typically include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims regarding intellectual property infringement, breach of agreement, including confidentiality, privacy and security obligations, violation of applicable laws, damages caused by failures of our solutions or to property or persons, or other liabilities relating to or arising from our products and services, or other acts or omissions. These contractual provisions often survive termination or expiration of the applicable agreement. We have not to date received any indemnification claims from third parties. However, as we continue to grow, the possibility of these claims against us will increase. Large indemnity obligations, whether for intellectual property or other claims, could harm our business, results of operations and financial condition.
Additionally, our platform and solutions may be used by our customers and other third parties who obtain access to our solutions for purposes other than for which the platform was intended. For example, the platform might be misused by a customer to monitor our employee’s activities in a manner that violates the employee’s privacy rights under applicable law.
During the course of performing certain solution-related services and professional services, our teams may have significant access to our customers’ networks. We cannot be sure that a disgruntled employee may not take advantage of such access, which may make our customers vulnerable to malicious activity by such employee. Any such misuse of our platform could result in negative press coverage and negatively affect our reputation, which could result in harm to our business, reputation and results of operations.
We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are
 
31

Table of Contents
unsuccessful could result in the expenditure of funds in litigation, divert management’s time and other resources, and harm our business and reputation.
Future acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value and adversely affect our results of operations and financial condition.
As part of our business strategy, we have in the past completed, and we are likely to continue to complete, investments in and/or acquisitions of complementary companies, services, or technologies. The ability to acquire and integrate other companies, services or technologies in a successful manner in the future is not guaranteed. We may not be able to find suitable investment and/or acquisition candidates, and we may not be able to complete such investments and/or acquisitions on favorable terms, if at all. If we do complete investments and/or acquisitions, we may not ultimately strengthen our competitive position or ability to achieve our business objectives, and any investments and/or acquisitions we complete could be viewed negatively by our customers or investors. In addition, if we are unsuccessful at integrating any acquisitions, or the technologies associated with such investments and/or acquisitions, our revenue and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an investment or acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition and the market price of our common stock. The sale of equity or issuance of debt to finance any such investments or acquisitions could result in dilution to stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.
Additional risks we may face in connection with investments and/or acquisitions include:
 
   
diversion of management time and focus from operating our business to addressing acquisition integration challenges;
 
   
coordination of engineering, analytics, research and development, operations, and sales and marketing functions;
 
   
integration of product and service offerings;
 
   
retention of key employees from the acquired company;
 
   
changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;
 
   
cultural challenges associated with integrating employees from the acquired company into the organization;
 
   
integration of the acquired company’s accounting, management information, human resources and other administrative systems;
 
   
the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures and policies;
 
   
financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that are not adequately addressed and that cause our reported results to be incorrect;
 
   
liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and other known and unknown liabilities;
 
   
unanticipated write-offs or charges; and
 
32

Table of Contents
   
litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties.
The failure to address these risks or other problems encountered in connection with acquisitions and investments could cause us to fail to realize the anticipated benefits of these investments and/or acquisitions, cause us to incur unanticipated liabilities, and harm our business generally.
If we cannot maintain our company culture as we grow, we could lose the innovation, teamwork, passion and focus on execution that have contributed to our success, and our business may be harmed.
We believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork, passion and focus on building and marketing our platform. As we grow and develop the infrastructure of a public operating company, it may be difficult to maintain our corporate culture. Any failure to preserve that culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. Additionally, our productivity and the quality of our solutions may be adversely affected if we do not integrate and train new employees quickly and effectively. If we experience any of these effects in connection with future growth, it could impair our ability to attract new customers, retain existing customers and expand their use of our platform, all of which would adversely affect our business, financial condition and results of operations.
Our international operations and plans for future international expansion expose us to significant risks, and failure to manage those risks could adversely impact our business.
We derived 10% and 7% of our total revenue from our international customers for fiscal 2022 and fiscal 2021, respectively. Our growth strategy includes expansion into target geographies, but there is no guarantee that such efforts will be successful. We expect that our international activities will continue to grow in the future, as we continue to pursue opportunities in international markets. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:
 
   
greater difficulty in negotiating contracts with standard terms, enforcing contracts, and managing collections, including longer collection periods;
 
   
higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for international operations and creating international operating entities, where applicable;
 
   
management communication and integration problems resulting from cultural and geographic dispersion;
 
   
risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries;
 
   
greater risk of unexpected changes in applicable foreign laws, regulatory practices, tariffs, and tax laws and treaties;
 
   
compliance with anti-bribery laws, including the FCPA, the U.S. Travel Act and the Bribery Act, violations of which could lead to significant fines, penalties, and collateral consequences;
 
   
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
 
   
the uncertainty of protection for intellectual property rights in some countries;
 
   
general economic and political conditions in these foreign markets;
 
   
foreign exchange controls or tax regulations that might prevent us from repatriating cash earned outside the United States;
 
33

Table of Contents
   
political and economic instability in some countries;
 
   
the potential for foreign government demands for access to information or corporate property;
 
   
double taxation of international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States or the foreign jurisdictions in which we operate;
 
   
unexpected costs for the localization of services, including translation into foreign languages and adaptation for local practices and regulatory requirements;
 
   
requirements to comply with foreign privacy, data protection, and information security laws and regulations and the risks and costs of noncompliance;
 
   
greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities;
 
   
greater difficulty identifying qualified distribution partners and maintaining successful relationships with such partners;
 
   
differing employment practices and labor relations issues; and
 
   
difficulties in managing and staffing international offices and increased travel, infrastructure, and legal compliance costs associated with multiple international locations.
Additionally, all of our sales contracts are currently denominated in U.S. dollars. However, a strengthening of the U.S. dollar could increase the cost of our solutions to our international customers, which could adversely affect our business and results of operations. In addition, an increasing portion of operating expenses is expected to be incurred outside the United States and denominated in foreign currencies, and will be subject to fluctuations due to changes in foreign currency exchange rates. If we become more exposed to currency fluctuations and are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.
In addition, international nation states continue to increase their threats of action against other countries and high profile companies in them, as has most recently been evidenced by statements made by certain leaders relating to the recent military activity in Ukraine. The fact that we provide products and services to high profile customers in many of the countries that have been and remain under such threats and the high profile of leaders associated with us make those customers and us potential targets for attacks by those nation states and their proxies creating additional risks to our ability to continue to expand and operate effectively.
As we continue to develop and grow our business globally, our success will depend in large part on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage international operations and the associated risks could limit the future growth of our business.
Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.
As of January 31, 2022 and January 31, 2021, we had aggregate U.S. federal and state net operating loss carryforwards of $324.8 million and $154.6 million, respectively, which may be available to offset future taxable income for income tax purposes.
U.S. federal net operating loss carryforwards generated in taxable years beginning before January 1, 2018 may be carried forward for 20 years to offset future taxable income. Under tax legislation commonly referred to as the Tax Cuts and Jobs Act (the “Tax Act”), as modified by the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”), U.S. federal net operating losses generated in taxable years beginning after December 31, 2017, can be carried forward indefinitely, but the deductibility of such net operating loss carryforwards in taxable
 
34

Table of Contents
years beginning after December 31, 2020 is limited to 80% of taxable income. It is uncertain if and to what extent various states will conform their tax laws and regulations to the Tax Act or the CARES Act.
If not utilized, $25.3 million of our U.S. federal net operating loss carryforwards expire on various dates through 2037 and $299.5 million are able to be carried forward indefinitely under current law. Realization of these net operating loss carryforwards depends on future taxable income, and there is a risk that, even if we achieve profitability, our existing carryforwards could expire unused or be subject to limitations and be unavailable to offset future income tax liabilities, which could adversely affect our results of operations.
In addition, under Sections 382 and 383 of the Internal Revenue Code of 1986, as amended (the “Code”), if a corporation undergoes an “ownership change,” generally defined as a greater than 50% change (by value) in ownership by “5 percent shareholders” over a rolling three-year period, the corporation’s ability to use our
pre-change
net operating loss carryovers and other
pre-change
tax attributes to offset our post-change income or taxes may be limited. We may experience ownership changes in the future as a result of shifts in our stock ownership (which may be outside of our control). In addition, at the state level, there may be periods during which the use of net operating loss carryforwards is suspended or otherwise limited, which could accelerate or permanently increase state taxes owed. As a result, if we earn net taxable income, our ability to use
pre-change
net operating loss carryforwards to offset U.S. federal taxable income may be subject to limitations, which could potentially result in increased future tax liability to us.
Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.
We do not collect sales and use, value added or similar taxes in all jurisdictions in which we have sales because we have been advised that such taxes are not applicable to our services in certain jurisdictions. Sales and use, value added, and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties and interest, to us or our customers for the past amounts, and we may be required to collect such taxes in the future. If we are unsuccessful in collecting such taxes from our customers, we could be held liable for such costs, which may adversely affect our results of operations.
Our operations and intercompany arrangements will be subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.
We plan to expand our international operations and staff to support our business in international markets. We expect that we will generally conduct international operations through wholly owned subsidiaries and may be required to report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships will be subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The amount of taxes paid in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in
one-time
tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.
We will be subject to U.S. federal, state, and local income, sales, and other taxes in the United States and income, withholding, transaction, and other taxes in numerous foreign jurisdictions. Significant judgment will be required in evaluating our tax positions and our worldwide provision for taxes. During the ordinary course of our business,
 
35

Table of Contents
there are many activities and transactions for which the ultimate tax determination may be uncertain. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes, sales taxes and value added taxes against it. Even if we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have an adverse effect on our results of operations or cash flows in the period or periods for which a determination is made.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We have historically based our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as discussed in the section titled “
Management’s Discussion and Analysis of Financial Condition and Results of Operations
.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements will include, and may include in the future, those related to revenue recognition; allowance for doubtful accounts; costs to obtain or fulfill a contract; valuation of common stock; valuation of stock-based compensation; carrying value and useful lives of long-lived assets; loss contingencies; and the provision for income and related deferred taxes. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of industry or financial analysts and investors, resulting in a decline in the market price of the common stock.
Additionally, we will regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit, or cause an adverse deviation from our revenue and operating profit targets, which may negatively impact our financial results.
Our business will be subject to the risks of natural catastrophic events and to interruption by
man-made
problems such as power disruptions, computer viruses, data security breaches or terrorism.
A significant natural disaster, such as an earthquake, a fire, a flood, or significant power outage could have a material adverse impact on our business, results of operations and financial condition. Natural disasters could affect our personnel, data centers, supply chain, manufacturing vendors, or logistics providers’ ability to provide materials and perform services such as manufacturing products or assisting with shipments on a timely basis. In addition, climate change could result in an increase in the frequency or severity of natural disasters. In the event that we or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, we could result in missed financial targets, such as revenue, for a particular quarter. In addition, computer malware, viruses and computer hacking, fraudulent use attempts and phishing attacks have become more prevalent in the cybersecurity industry, and our internal systems may be victimized by such attacks. Likewise, we could be subject to other
man-made
problems, including but not limited to power disruptions and terrorist acts.
 
36

Table of Contents
Although we maintain incident management and disaster response plans, in the event of a major disruption caused by a natural disaster or
man-made
problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, breaches of data security and loss of critical data, and our insurance may not cover such events or may be insufficient to compensate it for the potentially significant losses we may incur. Acts of terrorism and other
geo-political
unrest could also cause disruptions in our business or the business of our supply chain, manufacturers, logistics providers, partners, or customers or the economy as a whole. Any disruption to our supply chain, manufacturers, logistics providers, partners or customers that impacts sales at the end of a fiscal quarter could have a significant adverse impact on our financial results. All of the aforementioned risks may be further increased if disaster recovery plans prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, or the delay in the manufacture, deployment, or shipment of our products, our business, financial condition, and results of operations would be adversely affected.
Our management identified material weaknesses in our internal control over financial reporting, which resulted in a restatement of our unaudited condensed consolidated financial statements as of and for the period ending October 31, 2021. In the future, we may identify additional material weaknesses or otherwise fail to maintain effective internal control over financial reporting, which may result in material misstatements of our financial statements or cause us to fail to meet our periodic reporting obligations.
In connection with the preparation and audit of our consolidated financial statements for the year ended January 31, 2022, we and our independent registered public accounting firm identified material weaknesses in our internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. We did not have a sufficient number of personnel with an appropriate degree of accounting and internal controls knowledge, experience, and training to appropriately analyze, record and disclose accounting matters commensurate with our accounting and reporting requirements, which resulted in an inability to consistently establish appropriate authorities and responsibilities in pursuit of our financial reporting objectives. This material weakness contributed to the following additional separation of duties material weaknesses in that certain personnel had the ability to both (i) create and post journal entries within our general ledger system, and (ii) prepare and review account reconciliations. We did not design and maintain effective controls over information technology (“IT”) general controls for information systems that are relevant to the preparation of our financial statements. Specifically, we did not design and maintain: (i) program change management controls for the financial systems to ensure that information technology program and data changes affecting financial IT applications and underlying accounting records are identified, tested, authorized and implemented appropriately; (ii) appropriate user access controls to ensure appropriate segregation of duties and that adequately restrict user and privileged access to financial applications, programs and data to appropriate personnel; (iii) computer operations controls to ensure data backups are authorized and restorations monitored; and (iv) testing and approval controls for program development to ensure that new software development is aligned with business and IT requirements. We did not design and maintain effective controls over the accounting for stock-based compensation modifications.
As discussed in the Form 8-K as filed with the SEC on April 25, 2022, on April 22, 2022, the Audit Committee of the Board of Directors (the “Audit Committee”) of the Company determined, based on the analysis and recommendation of management, that our unaudited consolidated financial statements and related disclosures included in the Quarterly Report on Form 10-Q for the quarterly period ended October 31, 2021, as filed with the Securities and Exchange Commission (the “SEC”) on December 15, 2021, should no longer be relied upon due to an error. The error was the result of the Company not appropriately applying modification accounting to stock-based compensation awards that were issued and outstanding as of August 26, 2021, the closing date of the merger between the Company and Legacy IronNet. This overstatement relates to stock-based compensation expense for certain of the Company’s outstanding restricted stock units (“RSUs”) granted pursuant to Legacy IronNet’s 2014 Stock Incentive Plan. We filed an amendment to the Form 10-Q with the SEC on May 2, 2022.
 
37

Table of Contents
With the oversight of senior management, we have instituted and continue to execute on plans to remediate these material weaknesses and will continue to take remediation steps, including hiring additional key supporting accounting personnel with public company reporting and accounting operations experience, implementing the required segregation of roles and duties both in manual and systems related processes including for journal entries and account reconciliations, and formalizing the documentation and performance of information technology general controls for information systems utilized for financial reporting.
While we implement and execute on our plan to remediate the material weaknesses described above, we cannot predict the success of such plans or the outcome of our assessment of these plans at this time. If the steps are insufficient to remediate the material weaknesses successfully and otherwise establish and maintain effective internal control over financial reporting, the reliability of our financial reporting, investor confidence, and the value of our common stock could be materially and adversely affected. We can give no assurance that the implementation of this plan will remediate these deficiencies in our internal control over financial reporting or that additional material weaknesses or significant deficiencies in our internal control over financial reporting will not be identified in the future. The failure to implement and maintain effective internal control over financial reporting could result in errors in our financial statements that could result in a restatement of our financial statements, causing us to fail to meet our reporting obligations.
Risks Related to an Investment in Our Securities
There may not be an active trading market for our common stock, which may make it difficult to sell shares of our common stock.
It is possible that an active trading market will not develop or, if developed, that any market will not be sustained. This would make it difficult for you to sell shares of our common stock at an attractive price or at all.
The market price of our securities has been and is likely to be highly volatile, and you may not be able to resell your securities at or above the purchase price. The trading price of our securities has been and is likely to be volatile, and you could lose all or part of your investment.
The following factors, in addition to other factors described in this “
Risk Factors
” section and included elsewhere in this prospectus, may have a significant impact on the market price of our securities:
 
   
threatened or actual litigation or government investigations;
 
   
the occurrence of severe weather conditions and other catastrophes;
 
   
publication of research reports or news stories about us, our competitors or our industry, or positive or negative recommendations or withdrawal of research coverage by securities analysts;
 
   
the public’s reaction to our press releases, our other public announcements and our filings with the
   
SEC;
 
   
announcements by us or our competitors of acquisitions, business plans or commercial relationships;
 
   
any major change in our Board or senior management;
 
   
additional sales of our securities by us, our directors, executive officers or principal stockholders;
 
   
adverse market reaction to any indebtedness we may incur or securities we may issue in the future;
 
   
short sales, hedging and other derivative transactions in our securities;
 
   
exposure to capital market risks related to changes in interest rates, realized investment losses, credit spreads, equity prices, foreign exchange rates and performance of insurance linked investments;
 
   
our creditworthiness, financial condition, performance, and prospects;
 
38

Table of Contents
   
our dividend policy and whether dividends on our common stock have been, and are likely to be, declared and paid from time to time;
 
   
perceptions of the investment opportunity associated with our securities relative to other investment alternatives;
 
   
regulatory or legal developments;
 
   
changes in general market, economic, and political conditions;
 
   
conditions or trends in our industry, geographies or customers; and
 
   
changes in accounting standards, policies, guidance, interpretations or principles.
In addition, broad market and industry factors may negatively affect the market price of our securities, regardless of our actual operating performance, and factors beyond our control may cause our stock price to decline rapidly and unexpectedly. In addition, in the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. As described in the
“Legal Proceedings”
section in this prospectus, in April 2022, a purported class action complaint was filed alleging violations of the federal securities laws against a group of defendants including us and certain of our executive officers. We intend to defend the matter vigorously, but litigation of this type is expensive and could result in substantial costs and diversion of management’s attention and resources, which could have an adverse effect on our business, financial condition, results of operations or prospects. Any adverse determination in litigation could also subject us to significant liabilities.
A small number of stockholders will continue to have substantial control over us, which may limit other stockholders’ ability to influence corporate matters and delay or prevent a third party from acquiring control over us.
Our directors, executive officers, and beneficial owners of 5% or more of our voting securities and their respective affiliates, beneficially owned, in the aggregate, approximately 43% of our outstanding common stock as of January 31, 2022. This significant concentration of ownership may have a negative impact on the trading price for our common stock because investors often perceive disadvantages in owning stock in companies with controlling stockholders. In addition, these stockholders will be able to exercise influence over all matters requiring stockholder approval, including the election of directors and approval of corporate transactions, such as a merger or other sale of our company or our assets. This concentration of ownership could limit stockholders’ ability to influence corporate matters and may have the effect of delaying or preventing a change in control, including a merger, consolidation or other business combination, or discouraging a potential acquirer from making a tender offer or otherwise attempting to obtain control, even if that change in control would benefit the other stockholders.
There can be no assurance that we will be able to comply with the continued listing standards of the NYSE.
If NYSE delists our securities from trading for failure to meet the listing standards, we and our stockholders could face significant negative consequences including:
 
   
limited availability of market quotations for our securities;
 
   
a determination that our common stock is a “penny stock” which will require brokers trading in our common stock to adhere to more stringent rules,
 
   
possibly resulting in a reduced level of trading activity in the secondary trading market for shares of our common stock;
 
   
a limited amount of analyst coverage; and
 
   
a decreased ability to issue additional securities or obtain additional financing in the future.
 
39

Table of Contents
If our operating and financial performance in any given period does not meet the guidance provided to the public or the expectations of investment analysts, the market price of our common stock may decline.
We may, but are not obligated to, provide public guidance on our expected operating and financial results for future periods. Any such guidance will consist of forward-looking statements, subject to the risks and uncertainties described in this prospectus and in our other public filings and public statements. Our actual results may not always be in line with or exceed any guidance it has provided, especially in times of economic uncertainty, such as the current global economic uncertainty. If, in the future, our operating or financial results for a particular period do not meet any guidance provided or the expectations of investment analysts, or if we reduce our guidance for future periods, the market price of our common stock may decline as well. Even if we do issue public guidance, there can be no assurance that we will continue to do so in the future.
We qualify as an “emerging growth company” as well as a “smaller reporting company.” The reduced public company reporting requirements applicable to emerging growth companies and smaller reporting companies may make our common stock less attractive to investors.
We qualify as an “emerging growth company” under SEC rules. As an emerging growth company, we are permitted and plan to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These provisions include, but are not limited to: (1) an exemption from compliance with the auditor attestation requirement in the assessment of internal control over financial reporting pursuant to Section 404 of Sarbanes-Oxley, (2) not being required to comply with any requirement that may be adopted by the PCAOB regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, (3) reduced disclosure obligations regarding executive compensation arrangements in periodic reports, registration statements, and proxy statements, and (4) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. Further, Section 102(b)(1) of the JOBS Act exempts emerging growth companies from being required to comply with new or revised financial accounting standards until private companies (that is, those that have not had a Securities Act registration statement declared effective or do not have a class of securities registered under the Exchange Act) are required to comply with the new or revised financial accounting standards. The JOBS Act provides that a company can elect to opt out of the extended transition period and comply with the requirements that apply to
non-emerging
growth companies but any such election to opt out is irrevocable. As a result, the information we provide will be different than the information that is available with respect to other public companies that are not emerging growth companies.
We are also a “smaller reporting company” as defined by Rule 12b-2 of the Exchange Act. We may continue to be a smaller reporting company even after we are no longer an emerging growth company. We may take advantage of certain of the scaled disclosures available to smaller reporting companies and will be able to take advantage of these scaled disclosures for so long as the market value of our common stock held by non-affiliates is less than $250.0 million measured on the last business day of our second fiscal quarter, or our annual revenue is less than $100.0 million during the most recently completed fiscal year and the market value of our common stock held by non-affiliates is less than $700.0 million measured on the last business day of our second fiscal quarter.
We cannot predict whether investors will find our securities less attractive because we will rely on these exemptions. If some investors find our securities less attractive as a result of our reliance on these exemptions, the trading prices of our securities may be lower than they otherwise would be, there may be less active trading market for our securities and the trading prices of our securities may be more volatile.
Our management has limited experience in operating a public company.
Our executive officers have limited experience in the management of a publicly traded company. Our management team may not successfully or effectively manage our transition to a public company that will be
 
40

Table of Contents
subject to significant regulatory oversight and reporting obligations under federal securities laws. Our limited experience in dealing with the increasingly complex laws pertaining to public companies could be a significant disadvantage in that we are likely that an increasing amount of their time may be devoted to these activities, which will result in less time being devoted to the management and our growth. We may not have adequate personnel with the appropriate level of knowledge, experience, and training in the accounting policies, practices or internal control over financial reporting required of public companies in the United States. The development and implementation of the standards and controls necessary for us to achieve the level of accounting standards required of a public company in the United States may require costs greater than expected. It is possible that we will be required to expand its employee base and hire additional employees to support our operations as a public company, which will increase our operating costs in future periods.
Future sales, or the perception of future sales, could cause the market price of our common stock to drop significantly, even if our business is doing well.
Sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that members of our management or holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.
Our warrants, if exercised, would increase the number of shares eligible for future resale in the public market and result in dilution to stockholders, which may have an adverse effect on the market price of our common stock.
We have warrants outstanding to purchase an aggregate of approximately 8.6 million shares of our common stock at $11.50 per share, subject to adjustment. To the extent the warrants are exercised, it will increase the number of issued and outstanding shares of common stock, which will result in dilution to our stockholders and increase the number of shares eligible for resale in the public market. Sales of substantial numbers of such shares in the public market could adversely affect the market price of our common stock.
We have no current plans to pay cash dividends on our common stock. As a result, stockholders may not receive any return on investment unless they sell their common stock for a price greater than the purchase price.
We have no current plans to pay dividends on our common stock. Any future determination to pay dividends will be made at the discretion of the Board, subject to applicable laws. It will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual, legal, tax and regulatory restrictions, general business conditions, and other factors that the Board may deem relevant. In addition, the ability to pay cash dividends may be restricted by the terms of debt financing arrangements, as any future debt financing arrangement likely will contain terms restricting or limiting the amount of dividends that may be declared or paid on the common stock. As a result, stockholders may not receive any return on an investment in our Common Stock unless they sell their shares for a price greater than that which they paid for them.
We may issue additional shares of common stock or other equity securities without your approval, which would dilute your ownership interests and may depress the market price of our common stock.
We may issue additional shares of common stock or other securities in the future without your approval. For example, under our equity incentive plans, we may issue a significant number of shares of common stock both upon the exercise of currently outstanding stock options and settlement of currently outstanding restricted stock units, as well as the exercise of stock options or settlement of restricted stock units that we may grant from time to time under these plans. In addition, the number of shares available for issuance under our equity incentive plans automatically increases each year under the terms of those plans.
 
41

Table of Contents
We may also sell shares of common stock to Tumim Stone Capital LLC (“Tumim”) under a common stock purchase agreement that we entered into with Tumim in February 2022 (the “Purchase Agreement”) at prices which will fluctuate based on the price of our common stock. Depending on market liquidity at the time, sales of such shares may cause the trading price of our common stock to fall. If and when we do sell shares to Tumim, after Tumim has acquired the shares, Tumim may resell all, some, or none of those shares at any time or from time to time in its discretion. Therefore, sales to Tumim by us could result in substantial dilution to the interests of other holders of our common stock. Additionally, the sale of a substantial number of shares of our common stock to Tumim, or the anticipation of such sales, could make it more difficult for us to sell equity or equity-related securities in the future at a time and at a price that we might otherwise wish to effect sales.
We may also issue additional shares of common stock or other equity securities of equal or senior rank in the future in connection with, among other things, future acquisitions or repayment of outstanding indebtedness, without stockholder approval, in a number of circumstances.
The issuance of additional shares or other equity securities of equal or senior rank would have the following effects:
 
   
existing stockholders’ proportionate ownership interest in our company will decrease;
 
   
the amount of cash available per share, including for payment of dividends in the future, may decrease;
 
   
the relative voting strength of each share of previously outstanding common stock may be diminished; and
 
   
the market price of our common stock may decline.
Provisions in our organizational documents and provisions of the DGCL may delay or prevent an acquisition by a third party that could otherwise be in the interests of stockholders.
Our amended and restated certificate of incorporation (the “Charter”) and our amended and restated bylaws contain several provisions that may make it more difficult or expensive for a third party to acquire control of our company without the approval of the Board. These provisions, which may delay, prevent or deter a merger, acquisition, tender offer, proxy contest, or other transaction that stockholders may consider favorable, include the following:
 
   
the division of the Board into three classes and the election of each class for three-year terms;
 
   
advance notice requirements for stockholder proposals and director nominations;
 
   
provisions limiting stockholders’ ability to call special meetings of stockholders, to require special meetings of stockholders to be called, and to take action by written consent;
 
   
restrictions on business combinations with interested stockholders;
 
   
in certain cases, the approval of holders representing at least 66 2/3% of the total voting power of the shares entitled to vote generally in the election of directors will be required for stockholders to adopt, amend or repeal the bylaws, or amend or repeal certain provisions of the Charter;
 
   
no cumulative voting; and
 
   
the ability of the Board to designate the terms of and issue new series of preferred stock without stockholder approval, which could be used, among other things, to institute a rights plan that would have the effect of significantly diluting the stock ownership of a potential hostile acquirer, likely preventing acquisitions by such acquirer.
These provisions of the Charter and amended and restated bylaws could discourage potential takeover attempts and reduce the price that investors might be willing to pay for the shares of our common stock in the future, which could reduce the market price of the common stock.
 
42

Table of Contents
The provision of our Charter requiring exclusive venue in the Court of Chancery in the State of Delaware and the federal district courts of the United States for certain types of lawsuits may have the effect of discouraging lawsuits against directors and officers.
Our Charter provides that, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware shall be the sole and exclusive forum for: (1) any derivative action, suit or proceeding brought on behalf of our company, (2) any action, suit or proceeding asserting a claim of breach of fiduciary duty owed by any director, officer or stockholder to the company or our stockholders, (3) any action, suit or proceeding arising pursuant to any provision of the DGCL, the Charter or our amended and restated bylaws, (4) any action asserting a claim against us governed by the internal affairs doctrine. The Charter further provides that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States of America shall, to the fullest extent permitted by law, be the exclusive forum for the resolutions of any complaint asserting a cause of action arising under the Securities Act. The exclusive forum clauses described above shall not apply to suits brought to enforce a duty or liability created by the Exchange Act, or any other claim for which the federal courts have exclusive jurisdiction. Although these provisions are expected to benefit us by providing increased consistency in the application of applicable law in the types of lawsuits to which they apply, the provisions may have the effect of discouraging lawsuits against directors and officers. The enforceability of similar choice of forum provisions in other companies’ certificates of incorporation has been challenged in legal proceedings and there is uncertainty as to whether a court would enforce such provisions. In addition, investors cannot waive compliance with the federal securities laws and the rules and regulations thereunder. It is possible that, in connection with any applicable action brought against us, a court could find the choice of forum provisions contained in the Charter to be inapplicable or unenforceable in such action. If so, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, financial condition or results of operations.
General Risk Factors
We will continue to incur significant costs as a result of operating as a public company, and our management will continue to devote substantial time to compliance initiatives.
As a public company, we have incurred and will continue to incur significant legal, accounting and other expenses. As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), the Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as rules adopted, and to be adopted, by the SEC and Nasdaq. Our management and other personnel need to continue to devote a substantial amount of time to comply with these requirements. Moreover, these rules and regulations have increased, and will continue to increase, our legal and financial compliance costs and make some activities more time- consuming and costly. The increased costs may increase our net loss. For example, these rules and regulations make it more difficult and more expensive for us to obtain director and officer liability insurance and we may be forced to accept reduced policy limits or incur substantially higher costs to maintain the same or similar coverage as we did prior to becoming a public company. These rules and regulations are often subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in future uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. The impact of these requirements could also make it more difficult for us to attract and retain qualified persons to serve on our Board, our board committees or as our executive officers. As a public company, we are obligated to develop and maintain proper and effective internal controls over financial reporting and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of shares of our common stock.
Pursuant to Section 404 of the Sarbanes Oxley Act (“Section 404”), we are required to furnish a report by our management on our internal control over financial reporting, including an attestation report on internal control over financial reporting issued by our independent registered public accounting firm. To maintain compliance
 
43

Table of Contents
with Section 404, we engage in a process to document and evaluate our internal control over financial reporting, which is both costly and challenging. In this regard, we will need to continue to dedicate internal resources, engage outside consultants and refine and revise a detailed work plan to assess and document the adequacy of internal control over financial reporting, continue steps to improve control processes as appropriate, validate through testing that controls are functioning as documented and implement a continuous reporting and improvement process for internal control over financial reporting. Despite our efforts, there is a risk that neither we nor our independent registered public accounting firm will be able to conclude that our internal control over financial reporting is effective as required by Section 404.
If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of shares of our common stock could decline, and we could be subject to sanctions or investigations by NYSE, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also negatively impact our ability to access to the capital markets.
In addition, effective disclosure controls and procedures enable us to make timely and accurate disclosure of financial and non-financial information that we are required to disclose. As a public company, if our disclosure controls and procedures are ineffective, we may be unable to report our financial results or make other disclosures accurately on a timely basis, which could cause our reported financial results or other disclosures to be materially misstated and result in the loss of investor confidence and cause the market price of shares of our common stock to decline.
If securities or industry analysts do not publish research or reports about our business or publish negative reports, the market price of our common stock could decline.
The trading market for our common stock will be influenced by the research and reports that industry or securities analysts publish about us or our business. If regular publication of research reports ceases, we could lose visibility in the financial markets, which in turn could cause the market price or trading volume of our common stock to decline. Moreover, if one or more of the analysts who cover us downgrade our common stock or if reporting results do not meet their expectations, the market price of the common stock could decline.
 
44

Table of Contents
MARKET AND INDUSTRY DATA
Certain industry data and market data included in this prospectus were obtained from independent third-party surveys, market research, publicly available information, reports of governmental agencies and industry publications and surveys. All of management’s estimates presented herein are based upon management’s review of independent third-party surveys and industry publications prepared by a number of sources and other publicly available information. All of the market data used in this prospectus involves a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. We believe that the information from these industry publications and surveys included in this prospectus is reliable. The industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the section titled “
Risk Factors
.” These and other factors could cause results to differ materially from those expressed in the estimates made by the independent parties and by us.
 
45

Table of Contents
USE OF PROCEEDS
All of the shares of common stock and Warrants offered by the selling securityholders pursuant to this prospectus will be sold by the selling securityholders for their respective accounts. We will not receive any of the proceeds from these sales.
We will receive up to an aggregate of approximately $159.0 million from the exercise of the Warrants, assuming the exercise in full of all of the Warrants for cash. We expect to use the net proceeds, if any, from the exercise of the Warrants for general corporate purposes, including to fund potential future investments and acquisitions of companies that we believe are complementary to our business and consistent with our growth strategy. We will have broad discretion over the use of proceeds from the exercise of the Warrants. There is no assurance that the holders of the Warrants will elect to exercise any or all of such Warrants. To the extent that the Warrants are exercised on a “cashless basis,” the amount of cash we would receive from the exercise of the Warrants will decrease.
 
46

Table of Contents
DETERMINATION OF OFFERING PRICE
The offering price of the shares of common stock underlying the Warrants offered hereby is determined by reference to the exercise price of the Warrants of $11.50 per share. The Public Warrants are listed on NYSE under the symbol “IRNT.WS.”
We cannot currently determine the price or prices at which shares of common stock or Warrants may be sold by the selling securityholders under this prospectus.
 
47

Table of Contents
MARKET INFORMATION FOR SECURITIES AND DIVIDEND POLICY
Market Information
Our common stock and Public Warrants are currently listed on NYSE under the symbols “IRNT” and “IRNT.WS”, respectively. Prior to the consummation of the Business Combination, our common stock and our Public Warrants were listed on NYSE under the symbols “DFNS” and “DFNS.WS”, respectively. As of April 30, 2022 there were 361 holders of record of the common stock and three holders of record of our Warrants. We currently do not intend to list the Private Warrants offered hereby on any stock exchange or stock market.
Dividend Policy
We have never declared or paid any dividends on shares of our common stock. We anticipate that we will retain all of our future earnings, if any, for use in the operation and expansion of our business and do not anticipate paying cash dividends in the foreseeable future. Any decision to declare and pay dividends in the future will be made at the sole discretion of our board of directors and will depend on, among other things, our results of operations, cash requirements, financial condition, contractual restrictions and other factors that our board of directors may deem relevant.
 
48

Table of Contents
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the consolidated financial statements and related notes thereto included elsewhere in this prospectus. The consolidated financial statements are presented in U.S. dollars (USD) rounded to the nearest thousand, with the amounts in this Management’s Discussion and Analysis of Financial Condition and Results of Operations (“MD&A”) rounded to the nearest tenth of a million. Therefore, differences in the tables between totals and sums of the amounts listed may occur due to such rounding.
The following discussion contains forward-looking statements that involve risks and uncertainties. Our actual results could differ materially from those discussed in the forward-looking statements. Factors that could cause or contribute to these differences include those discussed below, in the consolidated financial statements and related notes thereto included elsewhere in this prospectus, and in the sections of this prospectus titled “Cautionary Note Regarding Forward-Looking Statements” and “Risk Factors.” Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. Our fiscal years ended January 31, 2022 and January 31, 2021 are referred to herein as fiscal year 2022 and fiscal year 2021, respectively.
Business Combination and Basis of Presentation
We were originally known as LGL Systems Acquisition Corp. (“LGL”). On August 26, 2021, LGL consummated the Business Combination with IronNet Cybersecurity, Inc. (“Legacy IronNet”) pursuant to the Business Combination Agreement (the “Merger”). Legacy IronNet survived the Merger as a wholly-owned subsidiary of LGL. In connection with the closing of the Merger, LGL changed its name from LGL Systems Acquisition Corp. to IronNet, Inc. The Merger was accounted for as a reverse recapitalization (the “Reverse Recapitalization”). Under this method of accounting, LGL is treated as the “acquired” company and Legacy IronNet is treated as the acquirer for financial reporting purposes. The Reverse Recapitalization was treated as the equivalent of Legacy IronNet issuing stock for the net assets of LGL, accompanied by a recapitalization. The net assets of LGL are stated at historical cost, with no goodwill or other intangible assets recorded.
As a result of Legacy IronNet being the accounting acquirer in the Merger, the financial reports filed with the SEC by the Company subsequent to the Merger are prepared as if Legacy IronNet is the accounting predecessor of the Company. The historical operations of Legacy IronNet are deemed to be those of the Company. See Note 3 in the accompanying annual consolidated financial statements for more information.
As a public company, we have been and will continue to be required to hire additional personnel and implement procedures and processes to address public company regulatory requirements and customary practices. We expect to continue to incur additional annual expenses as a public company for, among other things, directors’ and officers’ liability insurance, director fees and additional internal and external accounting, legal and administrative resources, including increased audit and legal fees.
Overview
GEN Keith B. Alexander (Ret.) founded our company in 2014 to solve the major cybersecurity problem he witnessed and defined during his tenure as former head of the NSA and founding Commander of U.S. Cyber Command: You can’t defend against threats you can’t see. Our innovative approach provides the ability for groups of organizations—within an industry sector, supply chain, state or country, for example—to see, detect and defend against sophisticated cyber attacks earlier and faster than ever before.
IronNet has defined a new market category called Collective Defense. IronNet has developed the Collective Defense platform, a solution that can identify anomalous (potentially suspicious or malicious) behaviors on
 
49

Table of Contents
computer networks and share this intelligence anonymously and in real time among Collective Defense community members. Collective Defense communities comprise groups of organizations that have common risks, such as a supply chain, a business ecosystem, or across an industry sector, a state, or a country. This cybersecurity model delivers timely, actionable, and contextual alerts and threat intelligence on attacks targeting enterprise networks, and functions as an early-warning detection system for all community members.
This new platform addresses a large and unwavering compound problem: limited threat visibility for increasingly borderless enterprises across sectors and at the national level, paired with ineffective threat knowledge sharing across companies and sectors and a “go it alone” approach to cybersecurity. These operational gaps, combined with market dynamics like the increased velocity of sophisticated cyber attacks and the deepening scarcity of qualified human capital, have set our mission to transform how cybersecurity is waged.
Our Business
We have focused on the development and delivery of a suite of advanced cybersecurity capabilities for detection, alerting, situational awareness and hunt/remediation combined into a comprehensive Collective Defense platform. We compliment these capabilities, delivered to both commercial and public sector enterprises, with professional services.
Software, Subscription and Support
Our primary line of business is the delivery of our integrated software capabilities through our Collective Defense platform. The platform is comprised of two flagship products:
IronDefense
is an advanced NDR solution that uses
AI-driven
behavioral analytics to detect and prioritize anomalous activity inside individual enterprises. We leverage advanced AI/ML algorithms to detect previously unknown threats, which are those that have not been identified and “fingerprinted” by industry researchers, in addition to screening known threats, and apply our Expert System to prioritize the severity of the behaviors—all at machine speed and cloud scale.
IronDome
is a threat-sharing solution that facilitates a crowdsource-like environment in which the IronDefense threat detections from an individual company are shared among members of a Collective Defense community, consisting of our customers who have elected to permit their information to be anonymously shared and cross-correlated by our IronDome systems. IronDome analyzes threat detections across the community to identify broad attack patterns and provides anonymized intelligence back to all community members in real time, giving all members early insight into potential incoming attacks. Automated sharing across the Collective Defense community enables faster detection of attacks at earlier stages.
Our Collective Defense platform is designed to deliver strong network effects. Every customer contributing its threat data (anonymously) into the community is able to reap benefits from the shared intelligence of the other organizations. The collaborative aspect of Collective Defense, and the resulting prioritization of alerts based on their potential severity, helps address the known problem of “alert fatigue” that plagues overwhelmed security analysts.
Our Collective Defense platform is largely cloud-deployed (public or private), though it is also available in
on-premise
and hybrid environments, and is scalable to include
small-to-medium
businesses and public-sector agencies as well as multinational corporations. We provide professional cybersecurity services such as incident response and threat hunting, as well as programs to help customers assess cybersecurity governance, maturity, and readiness. Our CS services are designed to create shared long-term success measures with our customers, differentiating us from other cybersecurity vendors by working alongside customers as partners and offering consultative and service capabilities beyond implementation.
 
50

Table of Contents
Our Collective Defense platform is a subscription-based pricing and flexible delivery model, with 63% of our revenue for the year ended January 31, 2022 related to deployments involving our key public cloud providers Amazon Web Services and Microsoft Azure. We also support private cloud, or HCI such as Nutanix as well as
on-premise
environments through hardware and virtual options. To make it as easy as possible for customers to add Collective Defense into their existing security stack, we built a rich set of APIs that enable integrations with standard security products, including SIEM, SOAR, EDR, NGFW tools, and cloud-native logs from the major public cloud providers.
Professional Services
We sell professional services, including development of national cybersecurity strategies, cyber operations monitoring, security, training, red team, incident response and tailored maturity assessments. Revenue derived from these services is recognized as the services are delivered.
Financing to Date
Historically, we have financed our operations primarily through private placements of common stock, warrants and redeemable convertible preferred stock.
In connection with the execution of the Merger Agreement, a number of purchasers (each, a “Subscriber”) purchased an aggregate of 12,500,000 shares of our common stock (the “PIPE Shares”), for a purchase price of $10.00 per share and an aggregate purchase price of $125.0 million. Transaction costs associated with the issuance of the PIPE shares were $21.2 million. As a result of the Merger, we also received $13.3 million held in Legacy LGL’s trust account from proceeds related to public trust shares, net of stockholder redemptions. Transaction costs related to the issuance of the trust shares were $9.0 million.
During fiscal year 2022, we incurred a net loss of $242.6 million, of which $156.6 million related to a
non-cash
expense related to the modification of Restricted Stock Units, as well as a further
non-cash
expense to reflect the increase in fair market value in Private Warrants through the dates they were exercised, and used $83.7 million in cash to fund our operations. As of January 31, 2022, we had $47.7 million of cash on hand to continue to fund operations.
We expect our capital and operating expenditures to increase in connection with our ongoing activities, as we:
 
  1.
continue to invest in research and development related to new technologies;
 
  2.
increase our investment in marketing and advertising, as well as the sales and distribution infrastructure for its products and services;
 
  3.
maintain and improve operational, financial, and management information systems;
 
  4.
hire additional personnel;
 
  5.
obtain, maintain, expand, and protect our intellectual property portfolio; and
 
  6.
enhance internal functions to support our operations as a publicly-traded company.
Key Factors Affecting Our Performance
New customer acquisition
Our future growth depends in large part on our ability to acquire new customers. If our efforts to attract new customers are not successful, our revenue may decline in the future. Our IronDefense and IronDome platforms are designed to be used in conjunction with point solutions to capture and share critical data and findings to
 
51

Table of Contents
enable our behavioral analytics to identify threats and for defenders to respond more accurately and quickly. We believe that we have significant room to capture additional market share and intend to continue to invest in sales and marketing to engage our prospective customers, increase brand awareness, and drive adoption of our solution.
Customer retention
Our ability to increase revenue depends in large part on our ability to retain existing customers.
Investing in business growth
Since inception, we have invested significantly in the growth of our business. While remaining judicious and targeted in our investments, we intend to continue to invest in our research and development team to lead product improvements, our sales team to broaden our brand awareness and our general and administrative expenses to increase for the foreseeable future given the additional expenses for finance, compliance and investor relations as we grow as a public company. In addition to our internal growth, we may also consider acquisitions of businesses, technologies, and assets that complement and bolster additional capabilities to our product offerings.
Key Business Metrics
We monitor the following key metrics to measure our performance, identify trends, formulate business plans and make strategic decisions.
Recurring Software Customers
We believe that our ability to increase the number of subscription and other recurring contract type customers on our platform is an indicator of our market penetration, the growth of our business, and our potential future business opportunities. We have a history of growing the number of customers who have contracted for our platforms on a recurring basis, which does not include our professional services customers. Our recurring software customers include customers who have a recurring contract for either or both of our IronDefense and IronDome platforms. These platforms are generally sold together, but they also can be purchased on a standalone basis. We have consistently increased the number of such customers period-over-period, and we expect this trend to continue as we increase subscription offerings to small and
medium-sized
businesses, in addition to increased subscription offerings for our larger enterprise customers. The following table sets forth the number of recurring software customers as of the dates presented:
 
    
January 31,
 
    
2022
   
2021
 
Recurring Software Customers
     88       27  
Year-over-year growth
     226     35
Annual Recurring Revenue (“ARR”)
ARR is calculated at a particular measurement date as the annualized value of our then existing customer subscription contracts and the portions of other software and product contracts that are to be recognized over the course of the contracts and that are designed to renew, assuming any contract that expires during the 12 months following the measurement date is renewed on its existing terms. The following table sets forth our ARR as of the dates presented:
 
    
January 31,
 
    
2022
   
2021
 
     ($ in millions)  
Annual recurring revenues
   $ 31.8     $ 25.8  
Year-over-year growth
     23     72
 
52

Table of Contents
Dollar-based Average Contract Length
Our dollar-based average contract length is calculated from a set of customers against the same metric as of a prior period end. Because many of our customers have similar buying patterns and the average term of our contracts is more than 12 months, this metric provides a means of assessing the degree of
built-in
revenue repetition that exists across our customer base.
We calculate our dollar-based average contract length as follows:
 
  a.
Numerator: We multiply the average total length of the contracts, measured in years or fractions thereof, by the respective revenue recognized for fiscal year 2022 and 2021, as applicable.
 
  b.
Denominator: We use the revenue attributable to software and product customers for fiscal year 2022 and fiscal year 2021 in the numerator. This effectively represents the revenue base that is being generated by those customers.
Dollar-based average contract length is obtained by dividing the Numerator by the Denominator. Our dollar-based average contract length decreased from 2.9 to 2.7 years, or (7)%, for the year ended January 31, 2022 as compared to fiscal year 2021. As our revenues and our customer base increases, we expect our average contract length to trend downward over time. Declines in average contract length are not reflective of the average lifetime of a customer.
 
    
January 31,
 
    
2022
    
2021
 
     (in years)  
Dollar-based average contract length
     2.7        2.9  
Calculated Billings
Calculated billings is a
non-GAAP
financial measure that we believe is a key metric to measure our periodic performance. Calculated billings represent our total revenue plus the change in deferred revenue in a period. Calculated billings in any particular period aims to reflect amounts invoiced or invoiceable to customers to access our software-based, cybersecurity analytics products, cloud platform and professional services, together with related support services, for our new and existing customers. We typically invoice our customers on multi-year or annual contracts in advance, either annually or monthly.
Calculated billings decreased $15.8 million, or (37)%, for fiscal year 2022 as compared to fiscal year 2021, primarily due to the timing of unusually high multi-year contract billings during the latter half of fiscal year 2021 as we typically invoice customers multi-year or annually in advance and, to a lesser extent, monthly in advance.
While we believe that calculated billings may be helpful to investors because it provides insight into the cash that will be generated from sales of our subscriptions, this metric may vary from
period-to-period
for a number of reasons, and therefore has a number of limitations as a
quarter-to-quarter
or year-over-year comparative measure. In addition, other companies, including companies in our industry, may calculate similarly-titled
non-GAAP
measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our metric of calculated billings as a tool for comparison. Because of these and other limitations, you should consider calculated billings along with revenue and our other GAAP financial results.
 
53

Table of Contents
The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated billings:
 
    
Year Ended January 31,
               
    
    2022    
    
    2021    
    
2022 vs 2021
 
     ($ in millions)                
Revenue
   $ 27.5      $ 29.2      $ (1.7      (6 )% 
Add: Total Deferred revenue, end of period
     33.6        34.0        (0.4      -1  
Less: Total Deferred revenue, beginning of period
     34.0        20.3        13.7        67  
  
 
 
    
 
 
    
 
 
    
 
 
 
Calculated billings
   $ 27.1      $ 42.9      $ (15.8      (37 )% 
  
 
 
    
 
 
    
 
 
    
 
 
 
Adjusted Net Loss
The following table shows our Adjusted Net Loss, a
non-GAAP
measure, for fiscal year 2022, which excludes the impacts of stock-based compensation expense, the revaluation of the Private Warrants prior to their cashless exercise, and transaction costs incurred related to the Merger from our net loss. These expenses were nonexistent as of January 31, 2021:
 
    
For the Year Ended
January 31,
 
    
2022
 
     ($ in thousands)  
Net loss
   $ (242,647
Stock compensation expense
(1)
     156,596  
Change in fair value of warrants liabilities
     11,265  
Transaction costs expense
(2)
     3,166  
  
 
 
 
Adjusted Net Loss
   $ (71,620
  
 
 
 
 
1.
Total stock based compensation of $156.6 million has been recorded within research and development of $22.9 million, sales and marketing of $51.8 million, and general and administrative expense of $81.9 million on the statement of operations
2.
Transaction expenses have been recorded within general and administrative expense on the statement of operations
Components of Our Results of Operations
Revenue
Our revenues are derived from sales of product, subscriptions, subscription-like software products and software support contracts as well as from professional services. Products, subscriptions and support revenues accounted for 92% of our revenue in fiscal year 2022 and for 85% of our revenue in fiscal year 2021. Professional services revenues accounted for 8% of our revenue in fiscal year 2022 as compared to 15% in fiscal year 2021.
Our typical customer contracts and subscriptions range from one to five years. We typically invoice customers annually, in advance. We combine intelligence dependent hardware and software licenses as well as subscription-type deliverables with the related threat intelligence and support and maintenance as a single performance obligation, as it delivers the essential functionality of our cybersecurity solution. Most companies also participate in the IronDome collective defense software solution that provides them access to IronNet’s collective defense infrastructure linking participating stakeholders. As a result, we recognize revenue for this single performance obligation ratably over the expected term with the customer. Amounts that have been invoiced are recorded in deferred revenue or they are recorded in revenue if the revenue recognition criteria have been met. Significant judgment is required for the assessment of material rights relating to renewal options associated with our contracts.
 
54

Table of Contents
Professional services revenues are generally sold separately from our products and include services such as development of national cyber security strategies, cyber operations monitoring, security, training, red team, incident response and tailored maturity assessments. Revenue derived from these services is recognized as the services are delivered.
Cost of Revenue
Cost of product, subscription and support revenue includes expenses related to our hosted security software, employee-related costs of our customer facing support, such as salaries, bonuses and benefits, an allocated portion of administrative costs and the amortization of deferred costs.
Cost of professional services revenue consists primarily of employee-related costs, such as salaries, bonuses and benefits, cost of contractors and an allocated portion of administrative costs.
Gross Profit
Gross profit, calculated as total revenue less total costs of revenue is affected by various factors, including the timing of our acquisition of new customers, renewals from existing customers, the data center and bandwidth costs associated with operating our cloud platform, the extent to which we expand our customer support organization, and the extent to which we can increase the efficiency of our technology and infrastructure through technological improvements. Also, we view our professional services in the context of our larger business and as a significant lead generator for future product sales. Because of these factors, our services revenue and gross profit may fluctuate over time.
Operating Expenses
Research and development
Our research and development efforts are aimed at continuing to develop and refine our products, including adding new features and modules, increasing their functionality, and enhancing the usability of our platform. Research and development costs primarily include personnel-related costs and acquired software costs. Research and development costs are expensed as incurred.
Sales and marketing
Sales and marketing expenses consist primarily of employee compensation and related expenses, including salaries, bonuses and benefits for our sales and marketing employees, sales commissions that are recognized as expenses over the period of benefit, marketing programs, travel and entertainment expenses, and allocated overhead costs. We capitalize our sales commissions and recognize them as expenses over the estimated period of benefit.
We intend to continue to make significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market and expand our global customer base. In particular, we will continue to invest in growing and training our sales force, broadening our brand awareness and expanding and deepening our channel partner relationships. We expect our sales and marketing expenses to decrease as a percentage of our revenue over the long term, although our sales and marketing expenses may fluctuate as a percentage of our revenue from period to period due to the timing and extent of these expenses.
General and administrative
General and administrative costs include salaries, stock-based compensation expenses, and benefits for personnel involved in our executive, finance, legal, people and culture, and administrative functions, as well as third-party professional services and fees, and overhead expenses.
 
55

Table of Contents
We expect that general and administrative expenses will increase in absolute dollars as we hire additional personnel and enhance our systems, processes, and controls to support the growth in our business as well as our increased compliance and reporting requirements as a public company.
Other income
Other income consists primarily of interest income
Other expense
Other expense consists primarily of interest expense and foreign currency exchange losses.
Change in fair value of warrants liabilities
Change in fair value of warrants liabilities consists of the change in the fair value of warrants between the time on which they were valued as of the prior quarterly reporting period and the date on which they were exercised.
Provision for income taxes
Provision for income taxes consists of federal and state income taxes in the United States and income taxes and withholding taxes in certain foreign jurisdictions in which we conduct business. We maintain a full valuation allowance on our U.S. federal and state deferred tax assets.
 
56

Table of Contents
Results of Operations
Comparison of Fiscal Year 2022 and Fiscal Year 2021
The following tables set forth our consolidated statements of operations in dollar amounts and as a percentage of total revenue for each period presented and the year over year change for each line item in dollar amounts and as a percentage:
 
    
Fiscal Year Ended January 31,
   
2022 vs 2021
 
    
2022
   
2021
   
Change $
   
Change %
 
     ($ in thousands)              
Product, subscription and support revenue
   $ 25,347       92   $ 24,701       85   $ 646       3
Professional services revenue
     2,197       8     4,526       15     (2,329     (51 )% 
  
 
 
     
 
 
     
 
 
   
 
 
 
Total revenue
     27,544       100     29,227       100     (1,683     (6 )% 
Cost of product, subscription and support revenue
     8,225       30     5,393       18     2,832       53
Cost of professional services revenue
     1,158       4     1,629       5     (471     (29 )% 
  
 
 
     
 
 
     
 
 
   
 
 
 
Total cost of revenue
     9,383       34     7,022       24     2,361       34
  
 
 
     
 
 
     
 
 
   
 
 
 
Gross profit
     18,161       66     22,205       76     (4,044     (18 )% 
  
 
 
     
 
 
     
 
 
   
 
 
 
Operating expenses
            
Research and development
     52,899       192     25,754       88     27,145       105
Sales and marketing
     82,922       301     30,381       104     52,541       173
General and administrative
     112,099       407     21,347       73     90,752       425
  
 
 
     
 
 
     
 
 
   
 
 
 
Total operating expenses
     247,920       900     77,482       265     170,438       220
  
 
 
     
 
 
     
 
 
   
 
 
 
Operating loss
     (229,759     -834     (55,277     -189     (174,482     316
Other income
     25       0     71       0     (46     (65 )% 
Other expense
     (1,183     -4     (90     0     (1,093     1,214
Change in fair value of warrants liabilities
     (11,265     -41     —         0     (11,265     100
  
 
 
     
 
 
     
 
 
   
 
 
 
Loss before income taxes
     (242,182     -879     (55,296     -189     (186,886     338
Provision for income taxes
     (465     -2     (77     0     (388     504
  
 
 
     
 
 
     
 
 
   
 
 
 
Net loss
   $ (242,647     -881   $ (55,373     -190   $ (187,274     338
  
 
 
     
 
 
     
 
 
   
 
 
 
Revenue
Total revenue decreased by $1.7 million or (6)% in fiscal year 2022 compared to fiscal year 2021.
Product, subscription and support revenue increased by $0.6 million primarily due to the net effect of the Company’s transition from contracts that had material
non-recurring
elements which would not renew in full, replaced by revenues from contract forms that were designed to fully renew with legacy customers and signing new customers.
Professional services revenue decreased $2.3 million or (51)% in fiscal year 2022 compared to fiscal year 2021, primarily due to the completion of a national cybersecurity strategy engagement in EMEA and a key enterprise engagement, in fiscal year 2021. Professional services accounted for 8% of our total revenue in fiscal year 2022 and 15% of our total revenue in fiscal year 2021.
Cost of revenue
Total cost of revenue increased by $2.4 million or 34%, in fiscal year 2022, compared to fiscal year 2021. Cost of product, subscription and support revenue increased by $2.8 million or 53%, in fiscal year 2022,
 
57

Table of Contents
compared to fiscal year 2021. The increase was due primarily to an increase in customer count during fiscal year 2022 as compared to fiscal year 2021, as well as costs incurred to fully ramp cloud hosting environments related to a significant revenue customer that was onboarded in fiscal year 2021, and a $0.7 million charge due to
one-time
product, subscription and support cost adjustments.
Cost of professional service revenue decreased by $0.5 million or (29)% in fiscal year 2022, compared to fiscal year 2021. The decrease in cost of service revenue was primarily due to a decrease in overall professional services revenue in 2022 compared to fiscal year 2021.
Gross Profit and Gross Margin
Customer mix changes resulted in a decrease in software gross margin to 68% in fiscal year 2022 compared to 78% in fiscal year 2021, and a decrease in professional services gross margin to 47% in fiscal year 2022 as compared to 64% in fiscal year 2021. The decrease in margin in fiscal year 2022 as compared to 2021 for software was primarily the result of onboarding a significant revenue customer in fiscal year 2021 which did not fully ramp their cloud costs until fiscal year 2022, and the delivery of a key significant service contract in EMEA in fiscal year 2021. Professional services margin will continue to be volatile contract to contract as we scale our business.
We expect that gross margins will improve in the near term. The
in-period
effect of the
one-time
adjustments to product, subscription and support gross margin related to an amortization
catch-up
for deployed sensors of $0.7 million was 2.0% impact to gross margin in fiscal year 2022. Margins may remain volatile compared to fiscal year 2021 due to the continuing presence of large contracts in our revenue mix.
The following tables show gross profit and gross margin, respectively, for software products and support revenue and professional services revenue for fiscal year 2022 as compared to fiscal year 2021.
 
   
Fiscal Year Ended January 31,
   
2022 vs 2021
 
   
        2022        
   
        2021        
   
Change $
   
Change %
 
    ($ in thousands)              
Product, subscription and support gross profit
  $ 17,122     $ 19,308     $ (2,186     (11 )% 
Professional services profit
    1,039       2,897       (1,858     (64 )% 
 
 
 
   
 
 
   
 
 
   
 
 
 
Total gross profit
  $ 18,161     $ 22,205     $ (4,044     (18 )% 
 
 
 
   
 
 
   
 
 
   
 
 
 
   
2022
   
2021
   
Change
       
Product, subscription and support margin
    67.6     78.2     (10.6 )%   
Professional services margin
    47.3     64.0     (16.7 )%   
 
 
 
   
 
 
   
 
 
   
Total gross margin
    65.9     76.0     (10.1 )%   
 
 
 
   
 
 
   
 
 
   
Operating expenses
Research and development
Research and development expenses increased by $27.1 million or 105%, in fiscal year 2022, compared to fiscal year 2021, primarily as the result of
non-cash
stock compensation expenses of $22.9 million, which was triggered by the modification of the restricted stock units. The remaining increase of $4.2 million was driven by the ramping of external costs to support product development and the increase in internal headcount, with some increase driven by cloud computing costs.
Overall research and development expenditure was 192% of total revenues in fiscal year 2022 as compared to 88% in fiscal year 2021, with the increase primarily being driven by an increase in
non-cash
stock compensation expense. We expect that our overall research and development expenditure rate as a percentage of revenues will decline in the future as compared to fiscal year 2022.
 
58

Table of Contents
Sales and marketing
Sales and marketing expenses increased by $52.5 million
or 173% in fiscal year 2022 as compared to fiscal year 2021, primarily as the result of
non-cash
stock compensation expenses of $51.8 million, which was triggered by the modification of the restricted stock units. The remaining increase of $0.7 million is due to the expansion of sales and marketing efforts as the Company is focused on growth.
Overall sales and marketing expenditure was 301% of total revenues in fiscal year 2022 as compared to 104% in fiscal year 2021, with the increase primarily being driven by the increase in
non-cash
stock compensation expense. We expect that our overall sales and marketing expenditure rate as a percentage of revenues will decline in the future as compared to fiscal year 2022.
General and administrative
General and administrative expenses increased by $90.8 million or 425% in fiscal year 2022, as compared to fiscal year 2021, primarily due to
non-cash
stock compensation expenses of $81.9 million, which was triggered by the modification of the restricted stock units. The remaining increase of $8.9 million was the result of an increase in costs related to becoming a publicly traded company and the overall efforts to grow and support business operations, including increased headcount, directors and officers insurance costs, and the implementation of systems to support operations as a public company.
Overall general and administrative expense was 407% of total revenues in fiscal year 2022 as compared to 73% in fiscal year 2021, with the increase primarily being driven by the increase in
non-cash
stock compensation expense. We expect that our overall G&A expenditure rate as a percentage of revenues will decline in the future.
Other income
Other income decreased by $46 thousand or (65)% in fiscal year 2022, compared to fiscal year 2021, primarily as the result of interest income.
Other expense
Other expense decreased by $1.1 million or 1,214% in fiscal year 2022, compared to fiscal year 2021, primarily as the result of interest expense related to loans outstanding during the year. These debts and the interest were paid off at the date of the Merger.
Change in fair value of warrants liabilities
Simultaneously with the closing of the Initial Public Offering, LGL Systems Acquisition Holding Company, LLC, a Delaware limited liability company, purchased an aggregate of 5,200,000 Private Warrants at a price of $1.00 per Private Warrant, for an aggregate purchase price of $5.2 million from Legacy LGL in a private placement that occurred simultaneously with the completion of the Initial Public Offering. Each Private Warrant entitles the holder to purchase one share of common stock at $11.50 per share. The purchase price of the Private Warrants was added to the proceeds from the Initial Public Offering and was held in the Trust Account until the closing of the Merger. The Private Warrants (including the shares of common stock issuable upon exercise of the Private Warrants) were not transferable, assignable or salable until 30 days after the closing date of the Merger, and they may be exercised on a cashless basis and are
non-redeemable
so long as they are held by the initial purchasers of the Private Warrants or their permitted transferees.
The warrants issued by Legacy LGL, our legal predecessor, to purchase its common stock in a private placement concurrently with its Initial Public Offering (the “Private Warrants”), were evaluated under ASC
815-40,
Derivatives and Hedging—Contracts in Entity’s Own Equity, and it was determined that they do not meet the criteria to be classified as stockholders’ equity, and as such will be accounted for as liabilities, as further discussed in Note 1 of the notes to our consolidated financial statements included elsewhere in this prospectus.
 
59

Table of Contents
For the private warrants that have been exercised since the date of the Merger, the change in fair value of warrants liabilities consists of the change in fair value between the date on which they were valued, which is the date of the Merger, through the date on which they were exercised. The change in fair value of warrant liabilities for those private warrants that remain outstanding at the end of fiscal year 2022 consists of the change in fair value between the date of the Merger and January 31, 2022.
Provision for income taxes
The change in provision for income taxes was immaterial to the results of operations primarily due to our continued net loss position, the accumulation of net loss carryforwards, and offsetting valuation allowance.
Liquidity and Capital Resources
Sources of Liquidity
We have incurred losses and negative cash flows from operations since inception. Through January 31, 2022, we have funded our operations with proceeds from sales of common stock and redeemable convertible preferred stock, proceeds related to the public trust shares held by LGL that were received as part of the recapitalization, loans, and receipts from sales of our products and services to customers in the ordinary course of business. As of January 31, 2022, we had cash and cash equivalents of $47.7 million, with no debt outstanding as of the end of the fiscal year. As of January 31, 2021, we had $31.5 million cash and cash equivalents and $5.6 million loans payable.    
As of January 31, 2022, we had approximately 8.6 million Warrants outstanding. Each Warrant is exercisable to purchase one share of common stock at $11.50 per share. Assuming the exercise in full of all of the Warrants for cash, we would receive up to an aggregate of approximately $99 million from the exercise of the Warrants. However, there can be no assurances that the Warrants will ever be exercised or that we will receive any proceeds from the exercise thereof.
Tumim Stone Capital Committed Equity Financing
On February 11, 2022, we entered into the Purchase Agreement with Tumim, pursuant to which Tumim has committed to purchase up to $175 million of common stock (the “Total Commitment”), at our direction from time to time, subject to the satisfaction of the conditions in the Purchase Agreement. Also on February 11, 2022, we entered into a registration rights agreement with Tumim (the “Registration Rights Agreement”), pursuant to which we have filed with the SEC the registration statement to register for resale under the Securities Act, the shares of common stock that have been and may be issued to Tumim under the Purchase Agreement. Pursuant to the terms of the Purchase Agreement, at the time we signed the Purchase Agreement and the Registration Rights Agreement, we paid a cash fee of $1.75 million, or 1% of the Total Commitment, to Tumim as consideration for its commitment to purchase shares of our common stock under the Purchase Agreement.
The sales of common stock by us to Tumim under the Purchase Agreement, if any, will be subject to certain limitations and may occur, from time to time at our sole discretion, over the approximately
36-month
period commencing upon the initial satisfaction of all conditions to Tumim’s purchase obligations set forth in the Purchase Agreement (the “Commencement,” and the date on which the Commencement occurs, the “Commencement Date”), including that the registration statement covering the resale by Tumim of shares of common stock that have been and may be issued under the Purchase Agreement is declared effective by the SEC. From and after the Commencement Date, we will have the right, but not the obligation, from time to time at our sole discretion, to direct Tumim to purchase certain amounts of our common stock, subject to certain limitations in the Purchase Agreement, that we specify in purchase notices that we deliver to Tumim under the Purchase Agreement (each such purchase, a “Purchase”). Shares of common stock will be issued to Tumim at either a (i) 3% discount to the average daily volume weighted average price (the “VWAP”) of the common stock during the
 
60

Table of Contents
three consecutive trading days from the date that a purchase notice with respect to a particular purchase (a “VWAP Purchase Notice”) is delivered to Tumim (a “Forward VWAP Purchase”), or (ii) 5% discount to the lowest daily VWAP during the three consecutive trading days from the date that a VWAP Purchase Notice with respect to a particular purchase is delivered to Tumim (an “Alternative VWAP Purchase”). Each VWAP Purchase Notice to Tumim will specify whether the applicable purchase is a Forward VWAP Purchase or an Alternative VWAP Purchase, and will direct that Tumim purchase the applicable number of shares of common stock at the applicable purchase price. There is no upper limit on the price per share that Tumim could be obligated to pay for the common stock under the Purchase Agreement. The purchase price per share of common stock to be sold in a Purchase will be appropriately adjusted for any reorganization, recapitalization,
non-cash
dividend, stock split, reverse stock split or other similar transaction.
Long- Term Liquidity Requirements
Based on our growth plan, we believe that our cash on hand and collectable receivables, the cash generated from sales of our products and services and proceeds from the Tumim Stone Capital committed financing will satisfy our working capital and capital requirements for at least the next twelve months. See Note 1 and Note 17 in the accompanying Notes to the Consolidated Financial Statements, respectively, for our going concern assessment and discussion of the terms of the equity line.
Following the closing of the Merger, we no longer have any indebtedness, as all amounts then outstanding were repaid.
Our future capital requirements will depend on many factors, including, but not limited to the rate of our growth, our ability to attract and retain customers and their willingness and ability to pay for our products and services, and the timing and extent of spending to support our efforts to market and develop our products. Further, we may enter into future arrangements to acquire or invest in businesses, products, services, strategic partnerships, and technologies. As such, we may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If additional funds are not available to us on acceptable terms, or at all, our business, financial condition, and results of operations could be adversely affected.
Cash Flows
For Fiscal Year 2022 and Fiscal Year 2021
The following table summarizes our cash flows for the periods presented:
 
    
Year Ended January 31,
 
    
2022
    
2021
 
     (in millions)  
Net cash used in operating activities
   $ (83.7    $ (42.7
Net cash (used in) provided by investing activities
   $ (3.9    $ 0.1  
  
 
 
    
 
 
 
Net cash provided by financing activities
   $ 103.4      $ 63.3  
  
 
 
    
 
 
 
Operating Activities
Net cash used in operating activities during fiscal year 2022 was $(83.7) million, which resulted from a net loss of $(242.6) million, primarily driven by the modification of the restricted stock units awards of $156.6 million and related
non-cash
expenses. There was also an increase in the fair value of warrants liabilities of $11.3 million and an increase in accrued expenses. This was offset by an increase in accounts receivable of $3.2 million, attributable to higher than usual, multi-year cash prepayments received in 2021 as compared to the current year, and an increase in inventory of $0.5 million. We also saw a decrease in services revenue and increases in cost of sales totaling approximately $2.8 million as more customers’ analytics came more fully online during 2022.
 
61

Table of Contents
Net cash used in operating activities during fiscal year 2021 was $(42.7) million, which resulted from a net loss of $(55.4) million, primarily driven by growth-related operating expenses exceeding gross profits from sales, adjusted for
non-cash
charges of $1.4 million and net cash inflows of $11.3 million from changes in operating assets and liabilities.
Non-cash
charges primarily consisted of $1.2 million of depreciation and amortization expense, $0.2 million in losses on the sale of fixed assets as the result of the closure of facilities, offset by a net credit in stock-based compensation expense due to increased forfeiture rates in fiscal 2021. Cash used in operating activities during fiscal year 2021 benefited from the change in deferred revenue of $13.7 million, offset by a decrease in accounts receivable of $3.4 million, which were the result of timing of new customer contracts.
Investing Activities
Net cash used in investing activities during fiscal year 2022 of $(3.9) million was primarily due to $(3.9) million in purchases of property and equipment.
Net cash provided by investing activities during fiscal year 2021 of $0.1 million was primarily due to $1.0 million in proceeds from the maturity of
investments and $0.1 million in proceeds from the sale of property and equipment offset by $1.0 million in purchases of property and equipment.
Financing Activities
Net cash provided by financing activities of $103.4 million during fiscal year 2022 was primarily due to gross proceeds from the Merger recapitalization of $13.3 million and issuance of PIPE Shares of $125.0 million and bank borrowings of $15.0 million, offset by loan repayments of $5.6 million.
Net cash provided by financing activities of $63.3 million during fiscal year 2021 was primarily due to net proceeds from our sale of preferred stock of $57.4 million, the net proceeds from loans of $5.6 million and the issuance of common stock, including upon exercise of stock options by employees of $0.3 million.
Contractual obligations
Our principal commitments consist of lease obligations for office space. As of January 31, 2022, we had lease payment obligations of $4.0 million, of which $1.0 million is payable within twelve months. For more information regarding our lease obligations, see Note 12, Commitments and Contingencies to the consolidated financial statements.
During fiscal year 2022 and in future years, we have made and expect to continue to make additional investments in our product, scale our operations, and continue to enhance our security measures. We will continue to expand the use of software systems to scale with our overall growth.
Critical Accounting Policies and Estimates
Our financial statements are prepared in accordance with GAAP. The preparation of these financial statements require us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Our actual results could differ from these estimates.
The critical accounting policies, assumptions and judgements that we believe have the most significant impact on our consolidated financial statements are described below.
 
62

Table of Contents
Revenue Recognition
Our revenues are derived from sales of software, subscriptions, support and maintenance, and other services. We satisfy our performance obligations to recognize revenue for a single performance obligation ratably over the expected term with the customer.
Revenue is recognized when all of the following criteria are met:
 
 
1.
Identification of the contract, or contracts, with a customer
—A contract with a customer to account for exists when (i) we enter into an enforceable contract with a customer that defines each party’s rights regarding the goods or services to be transferred and identifies the payment terms related to these goods or services, (ii) the contract has commercial substance and the parties are committed to perform, and (iii) we determine that collection of substantially all consideration to which we will be entitled in exchange for goods or services that will be transferred is probable based on the customer’s intent and ability to pay the promised consideration.
 
 
2.
Identification of the performance obligations in the contract
—Performance obligations promised in a contract are identified based on the goods or services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the goods or service either on its own or together with other resources that are readily available from third parties or from us, and are distinct in the context of the contract, whereby the transfer of the goods or services is separately identifiable from other promises in the contract. To the extent a contract includes multiple promised goods or services, we apply judgment to determine whether promised goods or services are capable of being distinct and distinct in the context of the contract. If these criteria are not met the promised goods or services are accounted for as a combined performance obligation.
 
 
3.
Determination of the transaction price
—The transaction price is determined based on the consideration to which we will be entitled in exchange for transferring goods or services to the customer.
 
 
4.
Allocation of the transaction price to the performance obligations in the contract
—We allocate the transaction price to each performance obligation based on the amount of consideration expected to be received in exchange for transferring goods and services to the customer. If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation on a relative standalone selling price based on the observable selling price of our products and services.
 
 
5.
Recognition of revenue when, or as, we satisfy performance obligations
—We satisfy performance obligations either over time or at a point in time as discussed in further detail below. Revenue is recognized at or over the time the related performance obligation is satisfied by transferring a promised good or service to a customer.
Costs to Obtain or Fulfill a Contract
We capitalize incremental costs of obtaining a
non-cancelable
subscription and support revenue contract and on professional services revenue as contract acquisition costs. The capitalized amounts consist primarily of sales commissions paid to our direct sales force. The capitalized amounts are recoverable through future revenue streams under all
non-cancelable
customer contracts. Amortization of capitalized costs, which occurs on a straight line basis, is included in sales and marketing expense in the accompanying consolidated statements of operations. Contract fulfillment costs include appliance hardware and installation costs that are essential in providing the future benefit of the solution, which are also capitalized. We amortize our contract fulfillment costs ratably over the contract term in a manner consistent with the related revenue recognition on that contract and are included in cost of revenue.
 
63

Table of Contents
Stock-based Compensation
Stock compensation expense for stock options is recognized on a straight line basis and with a provision for forfeitures matched to historical experience for matured grant cohorts. Stock compensation expense for RSUs granted under the 2014 Plan, which contain both service and performance conditions, is recognized on a graded-scale basis matched to the length and vesting tranches for each grant. Stock compensation expense for RSUs granted under the 2021 Plan have only service vesting conditions. Expense will be recognized on a straight-line basis for all RSU awards with only service conditions. In the event that a RSU grant holder is terminated before the award is fully vested for RSUs granted under either Plan, the full amount of the unvested portion of the award will be recognized as a forfeiture in the period of termination.
We use the Black-Scholes pricing model to estimate the fair value of options on the date of grant. On August 26, 2021, the Board determined that the Liquidity Event Satisfaction for the restricted stock units will be deemed to have been met as a result of the Merger and authorized that the shares of common stock subject to the awards will be delivered, in accordance with the terms of the Restricted Stock Unit Agreement. The Board’s determination of the Liquidity Event Satisfaction being met as a result of the Merger qualified as a modification of the original terms of the RSU Agreements as of the date of the Merger. All RSUs issued prior to the completion of the Merger were
re-valued
using a fair value of $12.85, which was the closing share price of our common stock on that date. Subsequent to the closing of the Merger, the fair value of RSUs will be based on the fair value of our common stock on the date of the grant.
As a consequence, we recognized
non-cash
expense subsequent to the Merger in an amount of $156.6 million related to 20,127,730 outstanding RSUs. This consists of $155.5 million associated with RSUs on a graded vesting schedule, which were issued under the 2014 Plan and $1.1 million associated with RSUs on a straight-line vesting schedule, issued under the 2021 Plan. 10,638,068 RSUs remain unvested as of January 31, 2022.
The use of a valuation model requires management to make certain assumptions with respect to selected model inputs. We grant stock options at exercise prices determined equal to the fair value of common stock on the date of the grant. The fair value of our common stock at each measurement date is based on a number of factors, including the results of third-party valuations, our historical financial performance, and observable arms-length sales of our capital stock including convertible preferred stock, and the prospects of a liquidity event, among other inputs. We estimate an expected forfeiture rate for stock options, which is factored into the determination of stock-based compensation expense. The volatility assumption is based on the historical and implied volatility of our peer group with similar business models. The risk-free interest rate is based on U.S. Treasury
zero-coupon
issues with a remaining term equal to the expected life assumed at the date of grant. The dividend yield percentage is zero because we do not currently pay dividends nor do we intend to do so in the future.
These estimates involve inherent uncertainties and the use of different assumptions may have resulted in stock-based compensation expense that was different from the amounts recorded.
Recently Issued Accounting Standards
Refer to Note 1 of the notes to our consolidated financial statements included elsewhere in this prospectus for our assessment of recently issued and adopted accounting standards.
Emerging Growth Company (“EGC”) Status
We are an emerging growth company, as defined in the JOBS Act. Under the JOBS Act, emerging growth companies can delay adopting new or revised accounting standards issued subsequent to the enactment of the JOBS Act until those standards apply to private companies. We have elected to use this extended transition
 
64

Table of Contents
period for complying with certain new or revised accounting standards that have different effective dates for public and private companies until the earlier of the date we (i) are no longer an EGC or (ii) affirmatively and irrevocably opt out of the extended transition period provided in the JOBS Act. As a result, our consolidated financial statements may or may not be comparable to companies that comply with new or revised accounting pronouncements as of public companies’ effective dates.
Internal Control Over Financial Reporting
A company’s internal control over financial reporting is a process designed by, or under the supervision of, that company’s principal executive and principal financial officers, or persons performing similar functions, and influenced by that company’s board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with generally accepted accounting principles. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with policies or procedures may deteriorate.
Prior to the Merger, Legacy IronNet was a private company and historically had limited accounting and financial reporting personnel and other resources with which to address our internal control over financial reporting. In connection with the preparation and audit of our consolidated financial statements for the year ended January 31, 2022, we identified material weaknesses in our internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.
We did not have a sufficient number of personnel with an appropriate degree of accounting and internal controls knowledge, experience, and training to appropriately analyze, record and disclose accounting matters commensurate with our accounting and reporting requirements, which resulted in an inability to consistently establish appropriate authorities and responsibilities in pursuit of our financial reporting objectives, which constitutes a material weakness. This material weakness contributed to the following additional material weaknesses:
 
   
We did not design and maintain effective controls over the accounting for stock-based compensation modifications. This material weakness resulted in the restatement of our unaudited condensed consolidated financial statements as of and for the three months ended October 31, 2021. However, this error was corrected as of the date of the filing of the Annual Report on Form 10-K for the fiscal year ended January 31, 2022 and the consolidated financial statements are correctly stated for the year ended January 31, 2022.
 
   
We did not design and maintain effective controls over the review of journal entries and account reconciliations. Specifically, certain personnel have had the ability to both (i) create and post journal entries within our general ledger system, and (ii) prepare and review account reconciliations. This material weakness did not result in a material misstatement to the consolidated financial statements.
 
   
We did not design and maintain effective controls over information technology (“IT”) general controls for information systems that are relevant to the preparation of our financial statements. Specifically, we did not design and maintain: (i) program change management controls for the financial systems to ensure that information technology program and data changes affecting financial IT applications and underlying accounting records are identified, tested, authorized and implemented appropriately; (ii) appropriate user access controls to ensure appropriate segregation of duties and that adequately restrict user and privileged access to financial applications, programs and data to appropriate personnel; (iii) computer operations controls to ensure data backups are authorized and restorations monitored; and (iv) testing and approval controls for program development to ensure that new software development is
 
65

Table of Contents
 
aligned with business and IT requirements. This material weakness did not result in a material misstatement to the consolidated financial statements.
These material weaknesses could result in a misstatement of substantially all accounts or disclosures that would result in a material misstatement to the annual or interim consolidated financial statements that would not be prevented or detected.
We have continued implementation of a plan to remediate these material weaknesses. These remediation measures are ongoing and include the following:
 
   
we hired and continued to hire additional accounting and finance resources with public company experience, including expertise in technical accounting and complex transactions, in addition to utilizing third-party consultants and specialists, to supplement our internal resources;
 
   
we are revising account reconciliation controls within all business processes to require proper segregation of duties of preparer and reviewer utilizing the additional personnel mentioned above;
 
   
we are implementing comprehensive access control protocols to implement restrictions on user and privileged access to certain applications and establishing additional controls over the preparation and review of journal entries; and
 
   
we are redesigning and strengthening financial system and application change management controls, testing and approval controls for program development, as well as data backup and restoration controls.
The elements of our remediation plan can only be accomplished over time and are subject to continued review, implementation and testing by management, as well as oversight by the audit committee of our board of directors, to determine that it is achieving our objectives. We are in the process of designing and implementing a variety of steps to remediate these weaknesses. The material weaknesses will not be considered remediated until our remediation plan has been fully designed and implemented, the applicable controls operate for a sufficient period of time, and we have concluded, through testing, that the newly implemented and enhanced controls are operating effectively.
Quantitative and Qualitative Disclosures about Market Risk
We have operations in the United States and internationally, and we are exposed to market risk in the ordinary course of our business.
Foreign Currency Risk
The significant majority of our sales contracts are denominated in U.S. dollars, with a small number of contracts denominated in foreign currencies. A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Singapore Dollar, British Pound, Japanese Yen and Australian Dollar. Additionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our consolidated statements of operations. The effect of a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have a material impact on our historical consolidated financial statements for fiscal year 2022 or 2021. As the impact of foreign currency exchange rates has not been material to our historical operating results, we have not entered into derivative or hedging transactions, but we may do so in the future if our exposure to foreign currency becomes more significant.
 
66

Table of Contents
BUSINESS
Overview
We are Transforming Cybersecurity Through Collective Defense using our behavioral analytics technology.
We compete in the Network Detection and Response (“NDR”) category, which is a growing aspect of modern enterprise security, but which does include major competitors. Our value proposition and competitive differentiator is our IronNet Collective Defense platform (“Collective Defense”). Our founder and
Co-CEO,
GEN Keith B. Alexander (Ret.), the longest serving Director of the National Security Agency (“NSA”) and Commander of Cyber Command in U.S. history, serves as a valuable business development resource for establishing relationships with larger enterprise and government buyers. The significant majority of our current revenue comes from our IronDome
and IronDefense
products. IronDefense is an NDR cybersecurity product that uses artificial intelligence (“AI”), machine learning (“ML”), behavioral analytics, and operational tradecraft expertise to quickly identify specific network behaviors or events indicative of malicious threats. Enriched by our cyber tradecraft knowledge, alerts produced by our company help analysts quickly contextualize and prioritize threats that pose the greatest risks. By doing this we are able to provide clients, across a variety of industries, nation-state-level defensive capabilities to reduce cyber risk.
We are a metric-driven organization with a differentiated and potentially transformational approach to the cybersecurity problem facing every organization today. With an ever-increasing cybersecurity threat posed by advanced persistent threat (“APT”) actors, our team of experts has developed a solution that automates and scales knowledge about how APTs operate and their tactics, techniques and procedures in order to defeat them; few individuals and even fewer companies have that knowledge or capability. Our differentiated market offering called IronDome offers users a collective defense model to help mitigate threats posed by an APT enhanced by its IronDefense platform, offering our clients new protections against an APT with its technology.
Cybersecurity has advanced from a niche technical concern to a mainstream consideration for organizations of all sizes and in all sectors. Security protection concerns are most intense where safety or life-critical consequences might arise in response to a cyber threat. Power companies, financial services firms, telecommunications companies, military organizations, and government agencies thus have the greatest need for security protection, and now make considerable investments in cybersecurity.
The primary security challenge in modern organizations is the complexity that has evolved in the typical business or government entity. Applications, networks, systems, endpoints, and data have experienced considerable sprawl as the costs associated with computing have decreased significantly. This is especially true for cloud-based infrastructure and SaaS-based applications, where cheap ubiquitous services are now available
on-demand
and for nearly every purpose imaginable.
Modern organizations must therefore develop security protections that address such growth, often delivered in the context of digital transformation initiatives. An additional complication is that hackers have been augmented by determined, capable adversaries, often funded or otherwise backed by criminal groups or nation-states. Serious consideration must thus be given to the types of protections that are necessary to defend against the threat from such capable threat actors.
An additional dimension is that the velocity associated with computing infrastructure and their associated threats has accelerated. Agile DevOps processes generate new features at increasing rates, sometimes hourly for popular services, and hackers use automated platforms to bombard targeted infrastructure with alarming intensity. Security engineers thus require controls that are automated and that address this challenge of increased speed. Manually controlled point solutions no longer stop threats.
A further complication is the massive and increasing scale associated with the types of systems operated by larger enterprise teams. Large-scale IT and network systems remove the ability for organizations to rely on
 
67

Table of Contents
manual maintenance, fixed configurations, and simple asset management. Furthermore, the visibility of assets that might be well-known by smaller organizations can only be approximated in large scale settings. This greatly complicates the challenge of delivering security in a large-scale setting.
In response to these challenges, modern Chief Information Security Officers (“CISOs”) put considerable time and effort into designing and implementing a workable security architecture. Individual
CISO-led
teams—even if they focus their efforts – have come to recognize that they cannot address the cybersecurity challenge on their own. It is well-understood in the cybersecurity community that enterprise security teams need considerable external assistance, coordination and cooperative guidance.
Some of this assistance is obvious: Businesses rarely develop their own security tools, but rather buy from vendors or adjust open-source tools. Similarly, information sharing groups have emerged to support cooperative discussions between experts. It is therefore not controversial to suggest that businesses and agencies need to work together to address cybersecurity threats. The big question, instead, is how this objective can be best achieved. This is one of the challenges addressed by IronNet.
Background of IronNet
We are a global cybersecurity company revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a number of former NSA cybersecurity operators with offensive and defensive cyber experience, we integrate deep tradecraft knowledge into our industry-leading products to solve the most challenging cyber problems facing the world today.
GEN Alexander founded our company in 2014 to solve the major cybersecurity problem he witnessed and defined during his tenure as former head of the NSA and founding Commander of U.S. Cyber Command: You can’t defend against threats you can’t see. Our innovative approach provides the ability for groups of organizations—within an industry sector, supply chain, state or country, for example—to see, detect and defend against sophisticated cyber attacks earlier and faster than ever before.
We have defined a new market category called Collective Defense. As the first mover in this category, we have developed our Collective Defense platform, the first, and to our knowledge, the only solution that can identify anomalous (potentially suspicious or malicious) behaviors on computer networks and share this intelligence anonymously and in real time among Collective Defense community members. Collective Defense communities comprise groups of organizations that have common risks, such as a supply chain, a business ecosystem, or across an industry sector, a state, or a country. This cybersecurity model delivers timely, actionable, and contextual alerts and threat intelligence on attacks targeting enterprise networks, and functions as an early-warning detection system for all community members.
This new platform addresses a large and unwavering compound problem: limited threat visibility for increasingly borderless enterprises across sectors and at the national level, paired with ineffective threat knowledge sharing across companies and sectors and a “go it alone” approach to cybersecurity. These operational gaps, combined with market dynamics like the increased velocity of sophisticated cyber attacks and the deepening scarcity of qualified human capital, have set our mission to transform how cybersecurity is waged.
Understanding Collective Cyber Defense
Ideally the U.S. Government could defend the nation against cyberattacks similar to what was developed for the Intercontinental Ballistic Missile (“ICBM”) missile threat. Unfortunately, the ability to enact such a defense would likely require limiting personal freedoms on the internet that Americans currently enjoy. Legislation limiting personal freedoms would likely be challenging to pass and thus the probability of that happening in the near future is low. A 2020 Cyberspace Solarium Commission report contains over 80 recommendations to address the issue of cybersecurity, with one of them being “Reshaping the Cyber Ecosystem.” That report states:
 
68

Table of Contents
“Raising the baseline level of security across the cyber ecosystem—the people, processes, data, and technology that constitute and depend on cyberspace—will constrain and limit adversaries’ activities. Over time this will reduce the frequency, scope, and scale of their cyber operations. Because the vast majority of this ecosystem is owned and operated by the private sector, scaling up security means partnering with the private sector and adjusting incentives to produce positive outcomes.”
Our collective defense model, IronDome, is a means for the private sector to “raise the baseline” level of security by partnering amongst themselves to “produce positive outcomes.” This overwatch function is a differentiator for our portfolio of offerings, making us one of the few companies that has the ways, ends and means to enact this transformational concept due to the technical capabilities required to ensure its success.
To understand our platform and solution approach, it is best to begin with an outline of how collective defense can reduce cybersecurity risk for larger organizations. This approach benefits from many years of organizations beginning to share data through various groups such as Information Sharing and Analysis Organizations (“ISAO”). We are the first major commercial vendor to offer an
end-to-end
means to take full advantage of the collective concept.
Toward a Collective Cyber Defense
Businesses and agencies will only cooperate on collective cybersecurity initiatives if they see meaningful benefits with low associated risk. Admittedly, this is how almost all business decisions are made, but large-scale cybersecurity introduces an added benefit for collective defense—namely, that cyber protection schemes work much better when they involve a wider range of intelligence, visibility, and security coverage. Working together on cybersecurity thus introduces clear benefits for participants.
Nevertheless, cooperation between businesses, agencies, and other groups must address two ends of the spectrum: upside benefits and downside risks for each of the entities and groups involved. In both instances, the case can be made that, for large-scale infrastructure, both benefits and risks can cascade, perhaps even accelerating as lateral traversal of an attack occurs. That is, threats to someone else’s system, however remote, might cascade across networks and systems.
Within a large organization, collective protection across business units can have comparable benefit, particularly in companies that evolved through mergers and acquisitions, where a collective defense can help to bring together disparate data sources, defensive perspectives, and protection platforms into a common defense. Such intra-enablement within a large organization is a major focus area for IronNet.
The primary benefits of a collective defense for large-scale cyber defense, whether stretched across a sector, combined between multiple organizations, or combined across the business units of one company, include the following:
Early Warning System—An organization can develop a more effective early warning system if other groups share their indicators in real-time. Not engaging in such sharing limits the ability of a local team to capitalize on early warning that a cascading attack might be underway.
Broader Visibility—By working together with other groups, the local security team benefits from broader visibility, including an improved understanding of how local enterprise changes (e.g., Domain Name System (“DNS”) related) might cascade to other targets.
Strength in Numbers—The fact that cooperation increases visibility into a cyber threat means that organizations who cooperate with external groups are able to leverage
strength-in-numbers
and thereby provide better security support.
 
69

Table of Contents
The corresponding risks that must be managed in the development of any large-scale cooperative arrangement for cybersecurity include the following:
Privacy of Shared Data—The possibility emerges that sharing information with a cooperative might result in leaked data or a serious privacy incident. For highly regulated industries, sharing with governments may also expose businesses to some regulatory risk (although this is partially mitigated by certain provisions of the Cybersecurity Information Security Act of 2014) if the data is not properly anonymized or otherwise does not comply with legal requirements. Controls must be in place to ensure that cooperating teams are not exposed to this risk.
Attribution of Incidents—Public attribution of an embarrassing or problematic cybersecurity incident to a sharing entity may reduce (or even remove) the willingness of that organization (and others) to share further information about something that might reflect poorly on their own actions. This is less an issue for collective defenses implemented across the business units of one organization.
Competitive Relationship—The risk of one company directly assisting its competitor through participation in a collective defense scheme (e.g., AT&T assisting Verizon, or General Motors assisting Toyota) cannot be ignored. The legal and marketing teams from participating organizations would be wise to adopt the airline and energy industry’s observations that a mutual focus on safety helps every participant.
The benefits and risks of cooperation for large-scale cybersecurity across heterogenous groups must be carefully balanced in setting up a collective defense. Too often, collectives are developed that leave participants wondering what’s in it for them, and how potential problems might be avoided. One of our main value propositions is that cooperative cybersecurity will work best when such concerns are carefully curated by a trusted provider with a world-class platform.
Role of Government in Collective Defense
One challenge federal governments have in supporting collective cyber defense is that most large businesses are multi-national. This suggests that while national allegiance might be easily identified (e.g., Verizon is American, Huawei is Chinese), such allegiance must address the interests of the company’s shareholders. This emphasis is often misunderstood by government agencies who are focused exclusively on national interests.
Federal governments also have the additional role of regulating and sometimes punishing organizations not meeting their security requirements. This obligation complicates government cooperation with business on cybersecurity, at least to the extent that governments are permitted to regulate based on voluntarily shared information. Organizations would thus be hesitant to share information with a cooperative involving government if the reported incident might lead to regulatory investigation.
The biggest challenge, however, is that the majority of critical infrastructure is owned and operated by the private sector. This implies that security telemetry, indicators, and early warnings will come from the private sector, even for many military applications and defensive government activities. This fact is often not understood by citizens and politicians who may demand that government step in and fix large-scale cybersecurity threats. This is usually just not practically feasible.
Government must work hard to share the information it uniquely controls, such as classified indicators that might be downgraded for sharing externally or be shared in a more limited context to defend critical infrastructure. Businesses must also recognize that their obligations extend beyond just the shareholder. This recognition that cooperative sharing is in the best interests of the organization and society in general is an important driver behind our platform offering.
 
70

Table of Contents
Overview of our Platform Offering
The Collective Defense platform comprises two flagship products:
IronDefense
is an advanced NDR solution that uses
AI-driven
behavioral analytics to detect and prioritize anomalous activity inside individual enterprises. We leverage advanced Artificial Intelligence/Machine-Learning (“AI/ML”) algorithms to detect previously unknown threats that have not been identified and “fingerprinted” by industry researchers, in addition to screening any known threats, and apply our Expert System to prioritize the severity of the behaviors—all at machine speed and cloud scale.
IronDome
is a threat-sharing solution that facilitates a crowdsource-like environment in which the IronDefense threat detections from an individual company are shared among members of a Collective Defense community, consisting of our customers who have elected to permit their information to be anonymously shared and cross-correlated by our IronDome systems. IronDome analyzes threat detections across the community to identify broad attack patterns and provides anonymized intelligence back to all community members in real time, giving all members early insight into potential incoming attacks. Automated sharing across the Collective Defense community enables faster detection of attacks at earlier stages.
Our Collective Defense platform is designed to deliver strong network effects. Every customer contributing its threat data (anonymously) into the community is able to reap benefits from the shared intelligence of the other organizations. The collaborative aspect of Collective Defense, and the resulting prioritization of alerts based on their potential severity, helps address the known problem of “alert fatigue” that plagues overwhelmed security analysts.
Our Collective Defense platform is largely cloud-deployed (public or private), though it is also available in on-premise and hybrid environments, and is scalable to include
small-to-medium
businesses and public-sector agencies as well as multinational corporations. We provide professional cybersecurity services such as incident response and threat hunting, as well as programs to help customers assess cybersecurity governance, maturity, and readiness. Our Customer Success (“CS”) services are designed to create shared long-term success measures with our customers, differentiating us from other cybersecurity vendors by working alongside customers as partners and offering consultative and service capabilities beyond implementation.
Our Collective Defense platform is a subscription-based pricing and flexible delivery model, with 63% of our revenue for the year ended January 31, 2022 related to deployments involving our key public cloud providers Amazon Web Services and Microsoft Azure. We also support private cloud, or Hyper Converged Infrastructure (“HCI”) such as Nutanix as well as
on-premise
environments through hardware and virtual options. To make it as easy as possible for customers to add Collective Defense into their existing security stack, we built a rich set of Application Programming Interfaces (“APIs”) that enable integrations with standard security products, including security information and event management (“SIEM”); security orchestration, automation, and response (“SOAR”); endpoint detection and response (“EDR”); next-generation firewall (“NGFW”) tools; and cloud-native logs from the major public cloud providers.
We describe our
go-to-market
strategy as “land and expand with network effects.” Our approach is to initially secure influential “cornerstone” customers and then expand into their respective Collective Defense communities with additional “community members” from organizations of similar industry sector, state, country, supply chain, or tailored business ecosystem. As each Collective Defense community grows, so does the volume of shared data, and the value of our platform for each of those members thereby expands both technically and commercially.
We sell into both public and private organizations and the business ecosystems that support them. We have identified tens of thousands of prospective cornerstone customers and more than 100,000 potential community customers.
 
71

Table of Contents
Some of the world’s largest enterprises, government organizations, high-profile brands, and governments trust us to protect their networks. Our customers include a top global hedge fund, eight of the top 10 U.S. energy companies (based on revenue), a leading Asian mobile phone carrier, two U.S. Department of Defense (“DoD”) branches, a
mid-sized
bank in the Europe, Middle East and Africa (“EMEA”) region, four U.S. stat