What does the future hold for business?

Ask nine experts and you'll get ten answers. It's a bull market. It's a bear market. Rates will rise or fall. Inflation’s up or down. Can someone invent a crystal ball?

Until then, over forty-one thousand businesses have future-proofed their business with NetSuite, by Oracle - the number one cloud E.R.P., bringing accounting, financial management, inventory, andHR, into one fluid platform.

Whether your company is earning millions or even hundreds of millions, NetSuite helps you respond to immediate challenges and seize your biggest opportunities.

Download the CFO’s Guide to AI and Machine Learning for FREE

Second times a charm…

Sailpoint and the Thoma Bravo crew are runnin’ it back.

Originally IPO’d in 2017, then taken private by Thoma Bravo in 2022, the identity security company filed an S-1 for a fresh return to the public markets. Why does this matter? Well, identity security is one of the fastest-growing niches in enterprise cybersecurity, and SailPoint has positioned itself as a leader by evolving from a governance-focused tool into a comprehensive security platform.

With $813M in ARR, 30% YoY growth, and a 114% net retention rate, SailPoint is entering the public markets again at a time when identity-related incidents have become a top priority for CIOs and CISOs (who have big, fat budgets). But can it deliver on its potential, especially with private equity giant Thoma Bravo pulling the strings? Let’s dive in.

What Does Sailpoint Do?

At its core, SailPoint provides a security platform that helps organizations manage and secure digital identities. In simple CJ terms, SailPoint ensures the right people (or machines) have the right access to the right resources at the right time—and that unauthorized access is locked out. Kinda like Terry Tate, Office Linebacker.

Founded in 2005, SailPoint started as a pioneer in identity governance. Back then, it was all about answering “Who has access to what?” But today, the company has evolved into a security-first platform. Its capabilities now span compliance, lifecycle management, privileged access, and advanced analytics, powered by a SaaS-based architecture that uses AI to handle the complexity of modern enterprises.

The company’s mission is bold: to secure access for every identity in a business, including employees, contractors, customers, and even machines.

Key Figures

• Annual Recurring Revenue (ARR): $813M as of October 31, 2024, reflecting 30% YoY growth.

• GAAP Revenue: $700M for the fiscal year ending January 31, 2024 (ok, $699.6M, nearly quadrupling from $186M in fiscal 2016, the stub year when SailPoint first went public.

  • 94% of SailPoint’s total revenue is recurring, reflecting the success of its SaaS transformation and providing high revenue predictability.

  • They began the grueling transitions (multiple) from perpetual to SaaS to cloud during their first public stint, then went to finish their makeover in the privacy of Thoma Bravo’s portfolio

• Gross Margin: 64%, below SaaS peers, driven by ongoing SaaS transition and scaling infrastructure costs​.

• Net Dollar Retention Rate (NDR): 114%, demonstrating solid expansion within their customer base, which is a good sign, since they’ve introduced new products both organically and inorganically in recent years

• Customer Count: 2,895, with 67% growth YoY in the number of customers contributing over $1M in ARR.

• Rule of 40: They state it’s 44. It’s a combined metric of ARR growth and adjusted operating margin, underscoring efficiency and scalability.

  • This number is suspect… as you’ll see below, they are losing money, no matter what you add back, and their ARR growth is 30%…hard to make the math math?

• Net Operating Losses: For the full fiscal year ending January 31, 2024, SailPoint reported a net loss of $395 million

• Free Cash Flow: Negative $250 million over the same period, reflecting ongoing investment in growth initiatives​.

Losses with a Caveat

SailPoint reported a net loss of $395 million for the fiscal year ending January 31, 2024, and a net loss of $236 million for the nine months ending October 31, 2024.

BUT… $373 million of SailPoint’s fiscal year 2024 operating losses stemmed from non-cash amortization of intangible assets related to its Thoma Bravo buyout. Stripping out these accounting charges significantly narrows the operating loss, bringing SailPoint closer to breakeven on a cash flow basis.

HOWEVER… Free cash flow (FCF) paints a similar picture of losses: negative $250 million for the fiscal year and negative $120 million for the nine-month period. These figures underscore the company’s ongoing need for external funding to sustain operations and invest in growth initiatives.

A big chunk of this is related to onerous interest payments on debt.

TL;DR: Even though their adjusted operating losses narrow significantly when non-cash expenses like amortization are excluded, they still require additional funding (via IPO proceeds, debt, or other means) to sustain operations and growth. So the IPO proceeds will indeed be used to fund operations and pay down some debt

Origin Story

OK, a ~20 year history in 5 bullets... ready, go!

• Really smart guys (Mark McClain and Kevin Cunningham) leave Tivoli/IBM to start SailPoint in 2005, seeing the need for better identity governance.

• They start with on-premises identity governance, which is game-changing when you consider the manual processes most enterprises were using.

• SailPoint goes public in 2017, riding the wave of cloud adoption and increased focus on cybersecurity.

• They undergo a transition from primarily on-premises to a cloud-first, SaaS delivery model (this was like a five or six year journey, BTW... not easy sledding).

• Thoma Bravo takes them private in 2022 for $6.9 billion, allowing them to accelerate their product transformation and expand into new identity security use cases and do that whole SaaS thing

And now, they're back for round two in the public markets, with a broader product suite and a laser focus on AI-powered identity security.

5 Key Themes

1. From Governance to Security

Sailpoint is showing back up to the party with a larger TAM to conquer. They’ve moved on from just “who has access to what” to actively play free safety around the perimeter.

The cybersecurity world has become alphabet soup. PAM, CIEM, DAST, IAST, SAST, the list goes on and on. As such, it’s ripe for M&A and platform build strategies. You see Palo Alto going Pac Man on every Seed through Series D company that pops up.

Sailpoint is no stranger to this strategy, having acquired companies like SecZetta and Orkus to enhance its product capabilities, particularly in privileged access and cloud infrastructure. They should continue to increase their offerings inorganically, which in turn will increase their stickiness and net dollar retention (seems to be working).

2. SaaS Transformation (mostly) Complete

SailPoint has successfully transitioned from on-premise software to a SaaS model, with the majority of its revenue now coming from recurring subscriptions. This shift has improved customer stickiness and allowed for better scalability, but also required significant upfront investment that impacted margins. It was better to undergo this transition OUT of the public eye.

I covered the story of a similar transition at cybersecurity company Varonis, with their CFO Guy Melamed.

3. High-Dollar Customers Driving Growth

SailPoint is leaning into enterprise customers, with a 67% YoY increase in those generating over $1M in ARR. Large accounts not only provide reliable revenue streams but also showcase the scalability and robustness of SailPoint’s offerings. Sailpoint’s future success lies in the enterprise.

4. Lack of Profits

After nearly 20 years in operation, SailPoint is still not generating free cash flows. Proponents will argue this is by design—a calculated strategy to invest heavily in growth, R&D, and market expansion in a competitive industry. Critics, however, may see it as a red flag, pointing to the company’s significant reliance on debt to fund its operations and growth.

As of October 31, 2024, SailPoint reported $1.565 billion in long-term debt (and just $68 million in cash), with interest expenses amounting to $183 million for the year ending January 31, 2024. The company also drew on its revolving credit facility as recently as November 2024 to cover general corporate expenses. While these moves provided liquidity to fuel strategic initiatives like acquisitions, they also highlight a dependence on external financing to sustain operations (20 years in…).

5. Thoma Bravo: Will They Stick Around or Sell Out?

Thoma Bravo is no stranger to the tech world, and their fingerprints are all over SailPoint’s story. Since taking the company private in 2022 for $6.9 billion, they’ve helped accelerate SailPoint’s SaaS transformation and growth. But now that the company is heading back to the public markets, the question looms: What’s next for Thoma Bravo?

Post-IPO, the private equity firm will retain a 76% stake in SailPoint, ensuring it remains firmly in control. However, private equity ownership often comes with a ticking clock. Investors will be watching closely to see if Thoma Bravo starts unwinding its position after the lock-up periods expire, potentially via secondary offerings.

While their involvement has brought strategic focus and financial resources, critics might argue their long-term interest is in maximizing short-term returns rather than nurturing SailPoint as a sustainable, independent company.

The Product

SailPoint positions itself as a comprehensive identity security platform designed to manage access across all types of enterprise identities—employees, contractors, machines, and beyond. The platform is built to ensure that the right people (or entities) have access to the right resources at the right time while protecting against unauthorized access.

Key Features:

1. Lifecycle Management: Automates the onboarding, offboarding, and access changes for employees and contractors, reducing manual effort and errors.

2. Compliance Management: Simplifies regulatory compliance by tracking who has access to what and ensuring that it aligns with policies.

3. Privileged Access Management (PAM): Protects sensitive systems and data by restricting high-level access to only authorized users.

4. Cloud Infrastructure Entitlement Management (CIEM): Focuses on securing access to cloud resources, a critical need for enterprises with hybrid cloud environments.

5. AI-Powered Analytics: Uses AI and machine learning to detect anomalous behavior, identify risks, and recommend corrective actions, making identity management smarter and faster.

Differentiators:

• SaaS-Based Architecture: Enables scalability and fast deployment for customers across industries.

• AI Integration: Sets SailPoint apart from traditional identity management tools by infusing intelligence into decision-making and access monitoring.

• End-to-End Coverage: While competitors like Okta focus on access management, SailPoint offers a broader suite that includes governance, lifecycle management, and compliance.

SailPoint’s product is tailored for large enterprises, which explains its growing customer base of organizations spending over $1M in ARR. However, the challenge will be balancing innovation with maintaining simplicity for customers navigating complex identity environments. It’s hard (expensive) to be everything to everyone.

How They Make Money

SailPoint's core offering is its Identity Security Cloud, built on the unified Atlas platform. They also offer IdentityIQ, their customer-hosted identity security solution for those not ready to go all-in on the cloud.

From the S-1:

"We generate revenue primarily through the sale of subscriptions to our SaaS offerings and term-based licenses for our on-premises software. We also generate revenue from the sale of hardware appliances, perpetual licenses, and associated maintenance and support."

Their sales strategy combines direct sales, channel partners, and a land-and-expand go-to-market (GTM) motion.

"We utilize a land and expand approach, acquiring new customers and expanding with existing customers. We can land in multiple distinct ways by securing initial contracts in areas such as identity governance, access modeling, or risk insights. After the initial purchase, our customers often expand the adoption of our platform within their organization."

This expansion is driven by:

1. Additional identities secured;

2. New applications and data sources connected; and

3. Additional identity security products adopted.

And they're right - their dollar-based net retention rate was 114% in the last twelve months, which is solid for an enterprise software business.

IDENTITIES be PROLIFERATIN'!

Valuation, Investors, and Ownership

• SailPoint operates in a hot sector—identity security—where high-growth SaaS companies often command forward revenue multiples in the range of 10–15x. With $813M in ARR and 30% YoY growth, this could imply a valuation north of $8 billion if investors are bullish on its market position and growth trajectory.

• However, profitability concerns and reliance on debt may temper market enthusiasm. Investors will likely compare SailPoint’s metrics with peers like Okta and Ping Identity, which trade at multiples closer to 8–10x revenue due to similar growth and margin profiles. Another (perhaps aspirational?) comp would by Cyberark, trading in the 13x forward revenue range.

• SailPoint’s valuation will ultimately hinge on whether the market views it as a high-growth leader in a critical market or a company overly reliant on external capital to scale. Either way, Thoma Bravo’s presence looms large, and their decisions regarding share sales post-IPO will have a direct impact on valuation stability.

Thoma Bravo’s Potential Payoff

Thoma Bravo acquired SailPoint in 2022 for $6.16 billion, using a mix of equity and $1.59 billion in debt. If SailPoint’s IPO valuation lands at $8 billion, their 76% stake would be worth roughly $6 billion.

After subtracting the debt, Thoma Bravo’s effective stake value would be $4.5 billion, netting them an estimated profit of $1.4 billion from this IPO alone.

If you factor in proceeds from SailPoint’s 2017 IPO and any secondary share sales before the company was taken private, their total gains could approach $1.9 billion.

This underscores the financial engineering typical of private equity: amplify returns by leveraging debt, but leave questions about sustainability for the next chapter.

Executive Paydays

SailPoint’s top executives stand to make significant money as the company goes public, thanks to substantial equity awards they were granted to go on this next chapter.

• Mark McClain (CEO): Earned $23.35 million in 2024, with $22.16 million coming from equity.

• Brian Carolan (CFO): Took home $5.95 million, including $5.19 million in equity.

• Matt Mills (President): Received $8.80 million, with $7.76 million tied to equity awards.

These equity packages are designed to align executive incentives with company performance. If SailPoint’s IPO valuation grows, the payouts could be even higher, further boosting the executives’ already considerable compensation.

Listing and Bankers

• They’ll be listing on the Nasdaq Global under the symbol “SAIL.”

• Morgan Stanley secured lead left, followed by Goldman Sachs.

  • No other banks are listed, making it a one line book. Haven’t seen one of those in a while.

Miscellaneous Stuff of Note

• Founder's Longevity: CEO Mark McClain co-founded SailPoint nearly 20 years ago and remains at the helm, a rarity in the tech space​.

• SailPoint's history of innovation: They pioneered identity governance in 2005 and were among the first to incorporate AI and machine learning into their solutions

• Global Workforce: 41% of SailPoint's workforce is based outside the U.S., highlighting its global reach and ability to attract international talent​.

• FedRAMP authorization: On June 5, 2024, SailPoint achieved FedRAMP Moderate ATO (Authority to Operate) for their SaaS-based solution, SailPoint Identity Cloud, opening up opportunities in the federal government sector

• Fiscal Year End: They changed their Fiscal Year End from Dec 31 to Jan 31 since going private

What’s Next

SailPoint’s IPO is expected in Q1/Q2 2025, but key steps remain:

1. Pricing and Roadshows: Institutional investors’ reception will determine the valuation.

2. SEC Approval: Delays or additional disclosures could push back the timeline.

3. Anchor Investors: Securing large commitments will stabilize the IPO.

My Take

• While far from a beacon of profitability, SailPoint is legit AF. They have a product companies both need and want in today's threat landscape. That's a killer combo.

• They benefit from identity proliferation. As organizations adopt more cloud services, IoT devices, and AI agents, the number of identities that need to be managed explodes, making SailPoint's product more critical.

• While this isn't a "straight down the fairway" type of cybersecurity or SaaS company, they have strong elements of both, and a loyal enterprise customer base.

• The transition to a cloud-first model positions them well for future growth, but it's worth watching how quickly they can migrate their existing on-premises customers.

• Factoring in all of the above, as long as you're comfortable with the controlled company structure and aren't looking for GAAP profitability anytime soon, this is an interesting play on the growing importance of identity in cybersecurity.

Bull Case

SailPoint capitalizes on the growing demand for identity security as enterprises prioritize protecting digital identities in hybrid and cloud-first environments. ARR continues growing at 30%+ annually, and operating efficiencies improve, bringing the company closer to profitability. Investors embrace the narrative, pushing its valuation to $10 billion or more post-IPO.

Key drivers:

• Strong adoption of AI-driven automation.

• Continued upsell success reflected in 114% net retention, which climbs to north of 120%.

• Thoma Bravo exits gracefully, leaving SailPoint well-positioned for independence.

Bear Case

Profitability remains elusive, with operating losses and debt obligations weighing heavily on the company. Growth stalls as competitors like Okta and Microsoft take market share. Public investors lose patience with SailPoint’s reliance on debt, and Thoma Bravo’s eventual exit introduces volatility. The valuation drops below $6 billion as markets focus on profitability over growth.

Key drivers:

• Margins remain compressed, especially in a high-interest-rate environment.

• Customer churn increases amid competition.

• Debt servicing costs erode cash flow, forcing reduced investments in innovation.

Base Case

SailPoint successfully completes its IPO in Q1/Q2 2025, achieving a valuation around $8 billion. Growth stabilizes at 20%-25% annually, with modest improvements in margins. The company uses IPO proceeds to pay down debt and fund strategic initiatives, including AI product enhancements and potential acquisitions. The market views SailPoint as a steady player in a critical niche, but not a hypergrowth story.

Key drivers:

• Consistent growth in enterprise customers, especially high-dollar accounts.

• Measured reduction in debt over the next few years.

• Gradual improvement in operating margins, signaling long-term viability.

And hey, if it doesn’t work this time around, Thoma Bravo can run it back in 2029. See ya then.

Not investment advice. I write this while my dog Walter proofreads over my shoulder. Do your own homework.

Full S-1 can be found here.

TL;DR: Multiples are UP week-over-week.

Top 10 Medians:

• EV / NTM Revenue = 17.6x (UP 0.9x w/w)

• CAC Payback = 27 months

• Rule of 40 = 53%

• Revenue per Employee = $391K

• Figures for each index are measured at the Median

• Median and Top 10 Median are measured across the entire data set, where n = 110

• Population Sizes:

  • Security: 17

  • Database and Infra: 14

  • Backoffice: 16

  • Marcom: 16

  • Marketplace: 15

  • Fintech: 16

  • Vertical SaaS: 16

Revenue Multiples

Revenue multiples are a shortcut to compare valuations across the technology landscape, where companies may not yet be profitable. The most standard timeframe for revenue multiple comparison is on a “Next Twelve Months” (NTM Revenue) basis.

NTM is a generous cut, as it gives a company “credit” for a full “rolling” future year. It also puts all companies on equal footing, regardless of their fiscal year end and quarterly seasonality.

However, not all technology sectors or monetization strategies receive the same “credit” on their forward revenue, which operators should be aware of when they create comp sets for their own companies. That is why I break them out as separate “indexes”.

Reasons may include:

• Recurring mix of revenue

• Stickiness of revenue

• Average contract size

• Cost of revenue delivery

• Criticality of solution

• Total Addressable Market potential

From a macro perspective, multiples trend higher in low interest environments, and vice versa.

Multiples shown are calculated by taking the Enterprise Value / NTM revenue.

Enterprise Value is calculated as: Market Capitalization + Total Debt - Cash

Market Cap fluctuates with share price day to day, while Total Debt and Cash are taken from the most recent quarterly financial statements available. That’s why we share this report each week - to keep up with changes in the stock market, and to update for quarterly earnings reports when they drop.

Historically, a 10x NTM Revenue multiple has been viewed as a “premium” valuation reserved for the best of the best companies.

Efficiency Benchmarks

Companies that can do more with less tend to earn higher valuations.

Three of the most common and consistently publicly available metrics to measure efficiency include:

• CAC Payback Period: How many months does it take to recoup the cost of acquiring a customer?

CAC Payback Period is measured as Sales and Marketing costs divided by Revenue Additions, and adjusted by Gross Margin.

Here’s how I do it:

• Sales and Marketing costs are measured on a TTM basis, but lagged by one quarter (so you skip a quarter, then sum the trailing four quarters of costs). This timeframe smooths for seasonality and recognizes the lead time required to generate pipeline.

• Revenue is measured as the year-on-year change in the most recent quarter’s sales (so for Q2 of 2024 you’d subtract out Q2 of 2023’s revenue to get the increase), and then multiplied by four to arrive at an annualized revenue increase (e.g., ARR Additions).

• Gross margin is taken as a % from the most recent quarter (e.g., 82%) to represent the current cost to serve a customer

• Revenue per Employee: On a per head basis, how much in sales does the company generate each year? The rule of thumb is public companies should be doing north of $450k per employee at scale. This is simple division. And I believe it cuts through all the noise - there’s nowhere to hide.

Revenue per Employee is calculated as: (TTM Revenue / Total Current Employees)

• Rule of 40: How does a company balance topline growth with bottom line efficiency? It’s the sum of the company’s revenue growth rate and EBITDA Margin. Netting the two should get you above 40 to pass the test.

Rule of 40 is calculated as: TTM Revenue Growth % + TTM Adjusted EBITDA Margin %

A few other notes on efficiency metrics:

• Net Dollar Retention is another great measure of efficiency, but many companies have stopped quoting it as an exact number, choosing instead to disclose if it’s above or below a threshold once a year. It’s also uncommon for some types of companies, like marketplaces, to report it at all.

• Most public companies don’t report net new ARR, and not all revenue is “recurring”, so I’m doing my best to approximate using changes in reported GAAP revenue. I admit this is a “stricter” view, as it is measuring change in net revenue.

Operating Expenditures

Decreasing your OPEX relative to revenue demonstrates Operating Leverage, and leaves more dollars to drop to the bottom line, as companies strive to achieve +25% profitability at scale.

The most common buckets companies put their operating costs into are:

• Cost of Goods Sold: Customer Support employees, infrastructure to host your business in the cloud, API tolls, and banking fees if you are a FinTech.

• Sales & Marketing: Sales and Marketing employees, advertising spend, demand gen spend, events, conferences, tools.

• Research & Development: Product and Engineering employees, development expenses, tools.

• General & Administrative: Finance, HR, and IT employees… and everything else. Or as I like to call myself “Strategic Backoffice Overhead.”

All of these are taken on a Gaap basis and therefore INCLUDE stock based comp, a non cash expense.

Please check out our data partner, Koyfin. It’s dope.