Cybersecurity Layoffs In 2023: Companies That Cut Jobs In Q3

While cybersecurity spending continues to grow, a number of major vendors in the security industry have recently cut staff amid the economic slowdown.

Job Cuts Come To Cybersecurity

While cybersecurity is widely considered among the tech sectors least likely to see spending cuts, security vendors haven’t been immune to layoffs in 2023. Cybersecurity company layoffs came earlier this year for some of the largest pure-play security vendors, including Sophos and Zscaler, as well as for a number of smaller product makers in the market. As sluggish economic conditions have dragged on, a handful of additional cybersecurity companies have turned to staff cuts during Q3 of 2023.

[Related: 20 Hottest New Cybersecurity Tools At Black Hat 2023]

Notably, these latest cybersecurity company layoffs have impacted employees at some of the best-established names in the industry, including Fortinet and Rapid7. A few of the recent staff reductions have been among the most significant in the cybersecurity industry this year, as in the case of Rapid7 and its roughly 470 layoffs disclosed in early August.

In many cases, however, the cybersecurity vendors that’ve laid off staff have positioned the cutbacks as the right move for the longer-term health of the company, enabling its spending to be targeted where the biggest opportunities are.

Built-In Spending

At the same time, a number of major employers in the sector, such as Palo Alto Networks and CrowdStrike, are not known to have carried out major layoffs in 2023 (or in 2022, for that matter). Apart from company-specific reasons, there are also a number of factors behind why there haven’t been more layoffs in the cybersecurity industry since the economic picture dimmed in mid-2022. Some of the unique factors for why cybersecurity spending is often more resilient than other segments of IT include intensifying cyber threats — particularly data theft and extortion, of late — along with increasing cyber insurance requirements and regulations such as the new SEC incident disclosure rule.

Still, staff at a number of notable cybersecurity companies have recently been impacted by layoffs — a difficult event, but also potentially an opportunity for other companies looking to hire talent.

What follows are details on the cybersecurity companies that’ve instituted layoffs so far in Q3 of 2023. CRN will update this list on an ongoing basis.

Cisco Reportedly Cuts Roles In Security

As part of a round of layoffs in July, tech giant Cisco Systems cut staff in segments including security, according to Blind, a tech career-focused message board. In an email to CRN, Blind cited reports from verified former and current Cisco employees in disclosing the layoffs — though the number of impacted employees in the security unit, and overall, was unclear. A Cisco spokesperson did not confirm which business units were impacted in the layoffs, but told CRN that the cuts were part of a “rebalancing” initiative that the company had previously discussed in November 2022. “As we announced then, this is not about cost savings as we have roughly the same number of employees as we did before the process began,” Cisco said in an email to CRN. “This rebalancing is about prioritizing investments in our transformation to meet and exceed our customers’ expectations in the changing technology landscape.”

Deepwatch Lays Off 30

Deepwatch, a provider of managed detection and response (MDR) that generates all of its sales with the help of partners, disclosed in July that it would be eliminating 30 roles, impacting 7 percent of employees. In a post on the company’s website, CEO Charlie Thomas said the “majority” of the layoffs were in sales and marketing, and called it a “challenging decision” that was necessitated by the difficult economic environment. “While Deepwatch has been experiencing impressive growth, we are seeing macroeconomic conditions extend our sales cycles by an average of two months with some deals pushed entirely. We anticipate continued economic headwinds in the second half of this year,” Thomas wrote in the post. As a result, Deepwatch opted to implement the reductions “to align with our second half projections and longer term goals to ensure we are best positioned for strong growth and profitability in the future,” he wrote.

Deepwatch has been far from the only MDR vendor to cut staff in 2023. Expel cut 60 positions — 10 percent of its staff — in June. Meanwhile, two other major MDR providers, Sophos and Rapid7, have initiated major layoffs this year as well — though the two companies signaled they intended to shift more of their investment into MDR.

“We’ve seen many of our competitors make reductions and numerous companies across the cyber and tech ecosystem have done so,” Thomas wrote. “In spite of the difficult actions we took today, we are in a good position to continue ascending as the Enterprise MDR Category leader. Overall we are optimistic about our future.”

HackerOne Discloses 12-Percent Reduction

HackerOne, a widely used platform for bug bounties and penetration testing, told employees in early August that it would be eliminating 12 percent of positions. In an email to staff, which the company posted on its website, HackerOne CEO Marten Mickos called it a “painful and necessary decision,” which was nonetheless “necessary to be successful long-term.” The company did not disclose the number of impacted employees, but TechCrunch reported that the layoffs likely affected more than 50 HackerOne staff members. The layoffs were a response in part both to the economic environment and the introduction of new products that ultimately “didn’t perform the way we wanted them to,” Mickos wrote. “Our bets on hiring and new products proved to be too big, and we must now restructure our teams to be successful in the future.” The layoff is intended to be a “one-time event,” he added.

HackerOne “remains a category leader. We are one of the most important contributors to cybersecurity worldwide,” Mickos wrote. “We plan to be better, stronger and faster when an improved business climate ultimately emerges.”

Rapid7 Lays Off 470

In August, Rapid7 disclosed it will lay off about 18 percent of its workforce – about 470 employees, with significant cuts to sales and engineering – as well as permanently close some office locations while also adding investment into managed detection and response (MDR). The layoffs are a “difficult decision” and “may be surprising” to employees “when we are meeting performance expectations,” Rapid7 CEO Corey Thomas said in a blog post. But “making decisions from a place of strength allows us the opportunity to restructure intentionally.”

Rapid7 will focus on expanding its MDR offering, Thomas said in the blog post. “At this inflection point, we will be strategically refocusing and realigning our business toward expanding our MDR leadership across all of security operations, accelerating our investments to build the most adoptable cloud capabilities, and continuing our focus on aligning our operations to deliver the best engagement and support for our customers,” he wrote.

Employees in sales, engineering, customer success and support, recruitment and other areas of the company were impacted by layoffs, according to LinkedIn posts by the employees.

Secureworks Cuts 15 Percent Of Staff

Secureworks disclosed layoffs in August that impact 15 percent of its staff, marking the second round of job cuts at the cybersecurity vendor in six months. The company — which is majority-owned by Dell Technologies — had reduced its workforce by 9 percent in early February. In a memo to staff that was filed with the U.S. Securities and Exchange Commission, Secureworks President and CEO Wendy Thomas wrote that the latest cuts are intended to help the company “deliver profitable growth.” The vendor continues to heighten its focus on growth areas including its Taegis extended detection and response (XDR) platform, Thomas wrote. “Taegis is growing, making up 86 percent of our total ARR at the end of Q1 … And we are continuing to invest in the growth of our business, aligned to our strategic priorities,” she wrote.

Secureworks did not disclose the total number of workers affected by the latest layoffs in the filing with the SEC. The company last disclosed its employee headcount in a regulatory filing in March, when it said that it had 2,149 employees as of Feb. 3. The company expects to “substantially complete” the layoffs during the third quarter of its fiscal 2024, which runs through the end of October.

Fortinet Makes Cuts To Sales, Channel Groups

Network security giant Fortinet recently made cuts to employees in roles related to sales, channel and business development, according to LinkedIn posts by the employees in August. “Fortinet is assessing business operations and is making thoughtful and strategic decisions to best position the company for continued leadership and growth,” the company said in a statement provided to CRN on Sept. 1. Fortinet declined to disclose how many positions were impacted or provide further details in response to inquiries from CRN.

One former employee, who’d been a channel development specialist with Fortinet for less than a year, took to LinkedIn to report cuts to the channel development and business development representative groups at the vendor. According to LinkedIn posts, Fortinet’s cuts also included the manager of SMB development for U.S. sales, a partner development specialist, a business development representative and a channel marketing manager for national accounts.

In early August, Fortinet disclosed financial results for the second quarter, ended June 30, which fell short of revenue expectations and included a cut in guidance. CFO Keith Jensen reported during the company’s quarterly call with analysts that the vendor’s quarterly revenue was affected as an “unusually large volume of deals that we expected to close in June instead pushed to future periods.” There were also indicators that formerly hot growth areas, such as SD-WAN, have been cooling off for Fortinet.

Malwarebytes Cuts At Least 100 Jobs

Malwarebytes laid off at least 100 employees in August, according to multiple reports. In response to an inquiry by CRN, Malwarebytes provided a statement attributed to Co-Founder and CEO Marcin Kleczynski confirming that there have been cutbacks. “In continuing our shift to a channel-first approach and streamlining our corporate business, we’ve parted ways with a number of very talented individuals,” the statement attributed to Kleczynski reads. “While an undeniably difficult decision, we are building for the future.”

The layoffs, impacting as many as 110 employees, were first reported by TechCrunch. The cuts reportedly came after three top executives at the vendor — its chief product officer, chief information officer and chief technology officer — were recently let go. In August 2022, Malwarebytes had eliminated 125 positions, or 14 percent of its staff.

The TechCrunch report indicated that the new layoffs are part of a restructuring that will split the company’s corporate-focused security business from its consumer unit. The move will be announced in coming weeks, according to the report.

Malwarebytes “continues to be healthy and profitable,” according to the statement provided to CRN. “We’ve added significant partner relationships across the regions, we launched a managed detection and response service that is bringing a ton of value to IT constrained organizations, we recently acquired an online privacy leader for our consumer portfolio and hired a general manager of that business. We are now set up for a future that accelerates our growth and best serves our customers, both consumers and organizations.”

IronNet Furloughs Bulk Of Its Employees

IronNet disclosed that it will furlough “almost all” of its employees and will “substantially curtail” its business operations, the company said in an SEC filing Sept. 5. The moves come “as a result of the liquidity position” of the company, IronNet said. IronNet’s founder, Keith Alexander (pictured), resigned as CEO in July as part of a take-private deal with investment firm C5 Capital.

“Several” employees have been retained by IronNet “to ensure there were no service interruptions,” the filing said. As of the end of January, IronNet had employed 104 full-time workers, according to the company’s latest annual report.

The vendor’s board is also “continuing to evaluate strategic alternatives, including potentially seeking bankruptcy protection,” IronNet said in the SEC filing.

IronNet had previously gone through two rounds of layoffs since mid-2022. Most recently, IronNet disclosed last September that it would lay off 90 employees, or 35 percent of its staff at the time, while warning that it might not have enough cash to support operations for the next year.