Cerberus Sentinel Broadens South American Footprint With M&ADeal Allows Cerberus to Capitalize on Privacy Regs, Cloud Migration in Argentina
Managed security services player Cerberus Sentinel plans to capitalize on cloud migration and strict privacy regulations in South America through its proposed purchase of RAN Security.
The Phoenix-area compliance provider says its intended buy of Buenos Aires-based RAN Security would bolster Cerberus Sentinel's penetration testing, gap analysis and infrastructure management services in South America, says founder and CEO David Jemmett. The deal will further Cerberus Sentinel's push in South America, where the company has expanded from three to 500 employees over the past 30 months (see: Forcepoint, Deloitte and Cerberus Sentinel Make Acquisitions).
"We've woken up," Jemmett tells Information Security Media Group. "South America was really locked down. A lot of people couldn't work from home, and those who did didn't have necessarily the ability or access to professionals. They're very limited down there. And so they had to catch up. Think of America seven years ago. Cybersecurity was a black box. We're just now understanding cybersecurity."
Terms of the acquisition, which is expected to close later this year, weren't disclosed. RAN Security was founded in 1991 and employs 82 people, according to LinkedIn. Over the past 13 months, Cerberus Sentinel has gone all-in on South America through its acquisitions of Chilean security services providers Arkavia, CUATROi and NLT Secure. RAN Security also has offices in Chile, Peru, Bolivia and Paraguay.
Lucky Number 13
Cerberus Sentinel's stock is down $0.09, or 4.3%, to $1.98 per share since the RAN Security acquisition was announced before the market opened Tuesday. The company is in the process of rebranding as CISO Global. Since being founded in 2019, the Cerberus Security deal is Cerberus Sentinel's 13th acquisition. It has made 10 acquisitions since August 2021, according to Crunchbase.
South American companies are typically five to seven years behind their counterparts from the north when it comes to security and often still have servers residing on-site, Jemmett says. At the same time, sites such as Peru and Argentina have rigorous privacy regulations on par with the European Union's General Data Protection Regulation, meaning that personally identifiable information must be kept in country.
Cerberus Sentinel serves some of the largest banks in South America as well as U.S.-based multinationals with a large presence in the region, such as Walmart, Jemmett says. Much of the continent is just starting to move into the cloud, he says. RAN Security's managed security operations center services will roll up into a SOC in Chile that was established through the Arkavia acquisition, according to Jemmett.
Although RAN Security will be rebranded within 72 days and rolled up into Cerberus, Jemmett says the marketing groups are kept within region since cybersecurity technology is marketed differently in the United States than in Mexico or Chile. Cerberus Sentinel consistently has between seven and nine letters of intent out for M&A as it expands geographically and adds skills in areas such as pen testing and SOC services.
Not Limited by NATO
Other cybersecurity companies have focused their geographic expansion efforts on NATO countries, but Jemmett says there's talent and need well beyond the NATO footprint. Cerberus Sentinel's South American employees typically speak English very well and can assist personnel in other geographies in remediating security incidents around the globe, according to Jemmett.
Cerberus Sentinel plans to maintain its pace of acquisitions and even has an M&A board that's tasked with evaluating and reviewing potential acquisition targets, Jemmett says. The company wants to go after organizations with a focus on areas such as compliance, SOC services and pen testing that fit within Cerberus Sentinel's culture and portfolio.
"This company was created specifically to attain, maintain and acquire the talent that's out there to address the shortage," Jemmett says. "Our business plan from the beginning is to grow through M&A and then cross-pollinate the customer base that we bring in through the rest of the organization."