Illustration: Shoshana Gordon/Axios
Popular bug bounty program HackerOne is laying off 12% of its workforce, CEO Mårten Mickos told employees earlier this week.
Why it matters: Unlike in the broader tech sector, layoffs in the cybersecurity industry have been rare this year.
What they're saying: "We did not anticipate the degree to which the overall economic situation is affecting us, with smaller companies running out of money and larger ones taking longer to make purchasing decisions," Mickos wrote in an email Wednesday, which was later published on HackerOne's website.
- "The new products we brought to market didn't perform the way we wanted them to," he added. "Our bets on hiring and new products proved to be too big, and we must now restructure our teams to be successful in the future."
The big picture: HackerOne is known for operating bug bounty programs — where ethical hackers report the software bugs they find to companies — for major corporations and government agencies, including the Department of Defense, Microsoft and Google.
Details: Employees in the U.S. and Canada were affected this week, and HackerOne expects the layoffs will soon affect some employees in the U.K., the Netherlands and other countries, Mickos said.
- HackerOne has more than 450 employees.
- Mickos told employees the company is planning to offer severance packages that include cash and noncash compensation.
- These layoffs should be "a one-time event," Mickos added. "We don't claim to have perfect visibility into our future financial performance or the macroeconomic climate, but we unequivocally wanted to take a single action and move forward with confidence," he wrote.
Zoom out: HackerOne is among a small group of cybersecurity companies that appear to have undergone layoffs this year.
- Cybersecurity firm Bishop Fox laid off 13% of its workforce in May, while Sophos laid off about 10% of its employees at the beginning of the year.
Sign up for Axios' cybersecurity newsletter Codebook here