Security News

KKR Invests Another $410M In Fast-Growing Security Firm NetSPI

Jay Fitzgerald

‘One of the things that we‘re most excited about for this investment is the ability to take our plans for growing the [channel] team in 2023,’ says Lauren Gimmillaro, NetSPI’s VP of business development.

NetSPI chief executive Aaron Shilts

Private equity powerhouse KKR obviously likes what it’s seen since it first invested in cybersecurity firm NetSPI last year.

The New York-based KKR, which led a $90 million funding round for NetSPI in 2021, is now investing an additional $410 million in the penetration testing and attack surface management firm, NetSPI said on Wednesday.

The massive growth investment will be used to support NetSPI’s product development, talent hirings, possible company acquisitions and aggressive expansion of the firm’s channel program, said NetSPI chief executive Aaron Shilts.

Much of the money will also be used to effectively buy out previous majority owner Sunstone Partners, Shilts told CRN.

As for the channel, Shilts said less than 10 percent of the private company’s current revenues come from the channel. But NetSPI, which recently hired a new channel chief and launched a new partner program in August, is determined to boost its sales via various players within the channel, he said.

“It was the right time for us to double down on channel investment,” said Shilts, whose company was founded in 2001 but only received its first outside investment in 2017, led by Sunstone Partners.

Shilts said the firm decided to wait a bit after its first equity investment five years ago before moving from mostly direct sales to channel sales.

“We wanted to ensure that we had the maturity and the growth,” he said. “I think the worst thing that we could do is not have that [initial sales] mastery in place. It was just a matter of maturing over several years before we were ready.”

The near-term goal is to grow NetSPI’s channel business from less than 10 percent of revenue to 15 to 20 percent. Meanwhile, the channel staff at NetSPI could expand from just a few employees today to 10 to 12 employees next year, Shilts said.

Lauren Gimmillaro, the firm’s new vice president of business development and strategic alliances, said the big KKR investment will help NetSPI expand its sales in general.

“One of the things that we‘re most excited about for this investment is the ability to take our plans for growing the team in 2023 and really accelerate those plans,” she told CRN, adding NetSPI plans to work closely with consulting firms, MSPs and MSSPs, and others moving forward.

“I think the amount of expansion or growth is truly limitless,” she said, adding she’s “excited to see what 2023 brings and then what we can do beyond that.”

Though the company didn’t disclose revenue numbers, NetSPI said in a statement that the firm has “consistently outpaced growth forecasts,” growing five-fold in five years, recording to 50 percent organic revenue growth in 2021 and currently seeing 61 percent growth in 2022.

Key growth drivers include NetSPI’s Penetration Testing as a Service (PTasS) model and its acquisition last year of Silent Break Security and its offensive-security technologies, according to the press release.

Shilts told CRN that he sees more acquisitions in the future but provided no other details, other than to say they had to be “good fits.”

In a statement, Ben Pederson, a director on KKR’s technology growth team, said KKR has indeed been impressed with NetSPI’s performance over the past year.

“NetSPI continues its trajectory of strong, and accelerating, organic growth and profitability and we are excited about the opportunity to continue this momentum with further investments in technology, people, geographical expansion and strategic acquisitions,” he said.

 Penetration testing is an increasingly important and strategic aspect to any enterprise’s security posture and we believe NetSPI is a category-defining player in the space through their best-in-class technology and PTaaS delivery model.”

Among NetSPI’s customers are top financial institutions, large cloud providers, leading healthcare organizations, and many of the Fortune 500, the company said in its announcement.

Jay Fitzgerald

Jay Fitzgerald is a senior editor covering cybersecurity for CRN. Jay previously freelanced for the Boston Globe, Boston Business Journal, Boston magazine, Banker & Tradesman,, Harvard Business School’s Working Knowledge, the National Bureau of Economic Research and other entities. He can be reached at

Sponsored Post