OHMYGOD! OHMYGOD! OHMYGOD! OHMYGOD!

I feel like a giddy schoolgirl because I'm seeing something that many of us haven't seen since 2001. A security IPO. OHMYGOD!!!!

Sourcefire has filed a S-1, which is the first step to going public. You can read the document for yourself here [1]. They propose to raise up to $75 million and Morgan Stanley and Lehman are the leads. Hmmm.

I'm fired up (no pun intended) because you always get lots of juicy stuff in a S-1. Revenues, earnings, senior management salaries, employment agreements, investor positions. Oh the wonder of the S-1.

I don't have time to go through the filing with a fine tooth comb, but here are the highlights.

• Total revenue in 2005: $32.9 million
• 2005 loss of $8.1 million
• Current cash of about $25 million
• Existing shareholders have put about $56 million into the company
• Revenue ramp starting in 2002: $1.9MM, $9.4MM, $16.6MM, $32.9MM
• Services currently running about 36% of total revenues
• Last 4 quarters have been: $11.6MM, $8.5MM, $9.5MM, $10.8MM
• Profitable and cash flow positive for Q3 2006
• Over 80% of revenue from the US
• Marty Roesch owns about 9% of the company
• Sierra Ventures is the biggest venture investor with a 28.8% position
  

So what's the conclusion? I guess I thought they were bigger. TippingPoint is a bulk of 3Com's $25 million in security business last quarter. I had heard the CheckPoint deal kind of hurt momentum for Sourcefire and I guess that's right. They still haven't beat the Q4 2005 number yet in 2006, which is odd for a strongly growing company.

But what should be a bit over $40 million in 2006 is a good number for a deal to get done. I figure other companies (Arbor, IronPort, Postini, MessageLabs, Crossbeam) are roughly that size if not a bit bigger, but haven't filed yet - so we could have the security IPO extravaganza in early 2007. CyberTrust is probably 4x that size, but services shops are valued differently. But the profitability thing is big hurdle to get a deal done, and Sourcefire now has that.

This could also be a ploy to force the hand of potential suitors. Brightmail played that card magnificently by filing the S-1 and then using that as leverage to extract a sweeter deal from Symantec. You figure SourceFire would have a $300-400 million valuation on the IPO (maybe?), so any suitor would need to beat that price. Rumors are swirling that Check Point is sniffing around again and some others as well.

Going public also gives Sourcefire currency to start buying other stuff. So it'll be interesting to see if they can get the deal done and then the long security IPO winter will be over. That would be a good thing, especially for my sell-side analyst friends, who haven't had any exciting security stuff to cover in a long time.

Congrats to Marty, Wayne and the rest of the team. An IPO is a big deal for all of us security folks.