April/May 2001
      Technology, Retail
& Healthcare Companies

Internet infrastructure
and network security

First Analysis Security

9500 Sears Tower
233 S. Wacker Drive
Chicago, IL 60606
Phone: 312.258.1400

Howard Smith
Analyst

Interview conducted by:
Walter Banks, Co-Publisher

CEOCFOinterviews,com
May 2001

Bio of Analyst

Howard Smith

Howard joined First Analysis in 1994 and, as a senior vice president, coordinates the firm’s Internet infrastructure investment and research activities. As a private capital investor focused on growth equity opportunities in the sector, Howard works with entrepreneurs building cutting-edge Internet-based businesses, and evaluates hundreds of business plans annually. As a public equity analyst covering Internet infrastructure and network security companies (such as Exodus Communications and VeriSign), Howard regularly speaks with the senior management teams of the sector’s leading public companies, and he has deep knowledge of the sector’s competitive dynamics and market trends. Howard has also played a key role in several mergers, acquisitions, and public equity underwritings in the sector (such as the IPO of PKI player Zergo, now Baltimore Technologies)

Howard’s understanding of the sector is grounded in his earlier work in the telecom infrastructure and equipment sector, where he established coverage of several prominent public companies (such as Comverse Technology). Prior to joining First Analysis, Howard was a senior tax consultant with Arthur Andersen, where he advised investment partnership clients on tax-related issues.

Background

University of Chicago: MBA (finance)
University of Illinois at Urbana-Champaign: B.S., accountancy, Highest and Bronze Tablet Honors
Certified Public Accountant (1991 Elijah Watt Sells AICPA award winner

About First Analysis

Founded in 1981, First Analysis is an integrated, research-driven investment organization serving:

-       emerging growth companies, with (growth) equity and venture capital investments

-       financial institutions, with public equity research and

-       corporations, with corporate finance and M&A advisory services

First Analysis applies a unique strategy to achieve deep domain expertise in the areas of focus.  Its 40 investment professionals average more than 10 years of relevant experience.

Successful execution of this strategy has yielded results including

-       $500 million in private capital funds invested in over 150 companies since 1985

-       first –quartile private capital performance supported by over 50 IPOs and major M&A transactions

-       research on more than 100 publicly traded companies

CEOCFOinterviews – Mr. Smith, what is your position at First Analysis Security?

Mr. Smith: I coordinate our technology research practice, my area of expertise is network security.

CEOCFOinterviews – Please tell us about the industry which you cover?

Mr. Smith: The network security industry is a very dynamic industry, and a high growth industry.   We’ve been following it here at First Analysis Security since the Internet caused an up-tic in the growth, which happened about 1995. There are several different sectors within this industry. First, there is anti-virus, which has been around since the 1980’s. The other sectors are firewalls, which have been around since the mid 1990’s, virtual private networking equipment, intrusion detection to try and detect when people are coming into a network who shouldn’t be, and strong authentication – that is when you’re logging onto a network or computer, making sure you are who you claim to be. As the world has become more distributed in terms of how it controls data and where that data is placed, and who has access to the data, such as outside partners, vendors, and suppliers, the security issues associated with that data have increased exponentially, so it’s been a phenomenal investment area.

CEOCFOinterviews – What do you see on the horizon for these areas?

Mr. Smith: There will be no shortage of new threats coming about. To date, the incidents which have gotten a great deal of attention have been websites that have been defaced, and it’s more of a PR issue for the companies that have been attacked rather than a real financial loss issue. You are starting to hear of issues of credit cards being taken off servers, and more serious issues just recently with some companies such as Microsoft where  a Russian hacker stole source code. Lucent is another example of a company that got some press because one of its R&D projects was stolen by some engineers. I think that you will start to hear more of those types of incidents. Therefore, the real threats as most data has suggested, is with internal employees, actually stealing or manipulating or causing problems with the systems and the real financial losses will start to get more publicity. All of this will just serve to force more attention on the sector. Chief Security Officers will probably be as common as Chief Information Officers in large corporations a couple of years from now.

CEOCFOinterviews – What effect will that have on investors?

Mr. Smith: I think that it will continue to create opportunities. There are a couple of nice things from an investment perspective. First, the numbers and types of threats keep changing, so that there is always a new area of security emerging to address those newer threats. Therefore, it’s not a static area where you have a leader today, and that’s the leader for all time. Secondly, there are two aspects to security. Number one is prevention or protecting assets and the other is opening up new revenue opportunities or new ways to do businesses. People are not going to conduct business online and have a paperless economy that many of the exchanges, such as the B2B exchanges, and the B2C exchanges have been talking about, unless the security issue is solved, and that is a whole different area of security that’s at a newer stage in its life cycle than the asset protection solutions.  Another interesting area is wireless security, which is not a whole new sector, but there are some unique wireless security angles such as wireless commerce and wireless data which are really going to take off, and security is going to be right along with it and that will provide an opportunity for investors.

CEOCFOinterviews – What companies do you like in this sector?

Mr. Smith: We have two strong buys in that sector right now. One of our long-term favorites has been Check Point Technologies (NASD: CHKP), which is an Israeli based company, and they are the leader in the firewall and VPN markets, which are two of the most dynamic markets. The company is well managed, and has one of the highest margins of any publicly traded company. Their net after tax margin has been running over 50% for the last several quarters. We have a strong buy on that stock.

Our other strong buy is a very different type of company, called ValiCert Inc.  (NASD: VLCT). This is an emerging opportunity, a very small company with much greater risk, but is in an interesting emerging market, and given it’s market capitalization and the opportunity in front of it, we think that it provides, for a risk tolerant investor, a good opportunity.

CEOCFOinterviews – What is your evaluation of their management team?

Mr. Smith: I think their management team has proven to be very adept at changing with the market, and that is one of the things that we look for and one of the things that we like about the company. We’ve know this company for quite some time, pre-dating it’s IPO in July of 2000, when the company was really a pure play on certificate validation.  A certificate is a little esoteric term in security. It’s basically an identifier that could be issued to a person, much like a passport, and once it’s issued it has an expiration date but there is really no mechanism to find out if, for some reason, it was revoked before its stated expiration, by the person who issued it. For example, a company might issue certificates to its employees.  Once a person is no longer an employee of the company and they want the world to know that it has revoked that credential.  However that credential is still out there, with an expiration date that hasn’t come up yet. Therefore, ValiCert Inc. has some very unique technology for solving that problem of letting the world know when a certificate is no longer valid, and that is a pure play on derivatives of digital certificate adoption, which hasn’t been as fast as a lot of people have thought. So they were very quick to go out and expand their offering and their value proposition to customers by acquiring some digital receipt technology and some secure file transfer technology and putting it all together. More recently, with the down turn of the tech market, what I’ve been impressed with is that they’ve remarketed or repackaged this technology to target vertical applications. They have a cash management application, and an insurance claims application, an e-government application and they are not selling the core technology to the customer. They are selling a way to bring your business on line and save money, a good ROI sale. Therefore, what I would highlight about management is their ability to adapt to the economic conditions and environment that they are facing, and they’ve managed to do it without missing a beat or missing numbers at any point.

CEOCFOinterviews – Can you give us a picture of their market?

Mr. Smith: The core original business of validating certificates is a small market today. It may be less than 10 to 15 million dollars on an annual basis, but as this whole infrastructure builds out over the next 5 to 10 years it could grow into a multi-billion dollar market, and they are positioned to be the leader there, which is one of the things that has us excited about the stock.  But there’s a question of how quickly that happens and how quickly the market expands. If you look at the market more broadly, as the market for providing solutions to move processes online, that is a much bigger market today.

CEOCFOinterviews – What would you like to see them accomplish over the next year to reach that next level?

Mr. Smith: The key for ValiCert Inc. is to reach cash flow positive. This was one of the last companies that came out under the Internet model of IPOs and public offerings, where the company could still be burning a lot of cash and not have that much revenue. They are currently burning about 8 million dollars a quarter of cash, and the management believes and we do as well, as long as they hit their plans, that they have enough cash in the bank to take them to profitability without accessing the capital markets. However, clearly, that is the issue on investors minds, and that is what they have to execute and prove the next year. We would expect them to be profitable at the very end of 2002. What I think also highlights some of the quality of their management, is their recognizing the economic environment that we’re in today. They took the proactive step of reducing their expenses through a head count reduction of about 10%, to help enable them to meet that profitability objective.

CEOCFOinterviews – Are there any other companies that you would like to highlight?

Mr. Smith: There are two other companies that I would highlight as being long-term leaders in the space. One is VeriSign, Inc. (NASD: VRSN), a large cap company which is very well managed, and the other would be RSA Security Inc. (NASD: RSAS), which is in the strong authentication space, and it has some pretty core technology in encryption as well as their main business, which is the authentication. They are also a player in the emerging area of digital certificates. Therefore, it has been one of the longer term, steady performers, and we thing that is an interesting long-term play as well.

CEOCFOinterviews – Thank you for your very insight on this Industry.