SEC Filing | ZeroFox, Inc.

View:

Filed by L&F Acquisition Corp. pursuant to Rule 425 under the Securities Act of 1933, as amended, and deemed filed pursuant to Rule 14a-12 under the Securities Exchange Act of 1934, as amended.

Subject Company: L&F Acquisition Corp. Commission File No. 001-39722

The following is a transcript of a podcast interview first made available on March 14, 2022.

The Drill Down Ep. 147: ZeroFox CEO James Foster (LNFA)

Cory Johnson: 20:00

Welcome back to the Drill Down Podcast, as promised ZeroFox CEO James Foster who goes by the name Foster that sounds like a remnant of high school where the gym coach always called everyone by their last name.

James Foster: 20:16

More of a public service and the federal government than high school, but yeah.

Cory Johnson: 20:17

OK tell me about that.

James Foster: 20:21

Post college I started my career off at the Department of Defense and the story goes, first time I got yelled at somehow James just got dropped. It was Foster you need to fix this and I think I have been Foster ever since.

Cory Johnson: 20:35

Hopefully you have been fixing things and not breaking things ever since. You can call me Johnson for the duration of this interview if you prefer. So, ZeroFox is a company that is emerging from a SPAC which is really interesting. I couldn’t help but think of, you can fix the fan belt whilst to the engine runs, but it’s not the easy way to do things. You guys are taking a company public, merging with another company and doing it in the form of a SPAC all at once. I’m not terribly interested in the taking the company public part, although I want to talk about it a little, but what will the company be as it emerges from this, as it goes through this metamorphosis and then emerges from this cocoon into a public traded company ZeroFox.

James Foster: 21:29

Yeah, right so the goal here or the catalyst for us is much less about merging with our SPAC partner L&F which we found, chat about them later, the goal was to acquire IDX and we found that there was a supply and demand imbalance in the SPAC market being created and accelerating early last year and into the summer of last year. There were too many SPACs out there without enough high-quality companies working in interesting market sectors with real customers, I mean, I looked at all the presentations – people were talking about putting hotels on Mars and the projections seemed unbelievably lofty. We’ve been a business that’s been around for nine years now and…

Cory Johnson: 22:16

What did I see this week that over 50% of the companies that did SPAC IPOs did not reach their targets by the same year. That the targets that they put into the SPAC were so unbelievable they couldn’t even get them within the 12 months that they predicted them. And sold stock based on those promises.

James Foster: 22:30

Yeah, I think that’s an interesting stat but I would bet you that go pull down 100 pitch decks that get sent to venture capital firms and run the same stat - I bet it’s probably not too far off.

Cory Johnson: 22:43

Agree, so agreed except that those companies aren’t selling to regular investors. And that there are different requirements - through the normal IPO process, as messed up as that is, a company can’t tell you what the revenues are going to be going forward because the SEC long ago deemed that to be too promotional. But with a SPAC, Companies can say, hey this is what we’re gonna do for the next year, the next five years, you can count on it. And of course you can’t count on it.

James Foster: 23:13

Cory, I think you are spot on, I think that is the supply and demand I was talking about. We had a lot of these companies that were highly speculative with very lofty I’ll call them ambitions with their financial goals and I think that they are not achieving them – and so that imbalance created opportunities for good companies that had material revenue streams, that have realistic projections. I think that identifies ZeroFox to a T.

Cory Johnson: 23:43

So what is your company again what is it gonna look like once you’ve completed this merger. I cover this stuff and it’s hard for me to differentiate between one security company to the next. Yours is going to be very big.

James Foster: 24:03

Ours is going to be very big, that’s exactly right. I mean on a combined basis we finished out last year over $150 million in revenue. So I think that’s the first big difference between us and from what I’ve seen most of the SPACS that have attempted to come to market. We have material revenue. Second is the quality of our customer base. I have half of the Fortune 10 already as customers and over 6% of the Global 2000 as customers today and that’s accelerating. And then third is the size of a customer that I’m working with not only do I have just under 2,000 customers today, my six-figure customers have been growing and at a 50% CAGR or more for the last three years. So I think all of these are proof points that we’ve got an interesting business that’s continuing to scale and going after a really big market that’s maturing alongside of us.

Cory Johnson: 24:58

Let’s talk about customers a little bit. You guys have a phrase in your SEC filing, your S4 filing which is similar to an S1 filing.

James Foster: 25:05

Yeah that was fun to write.

Cory Johnson: 25:09

Oh my god it was like 700 pages or something. Sorry, it’s 1062 pages. I have it up in front of me.

James Foster: 25:15

It’s over 1,000 pages long, that’s right.

Cory Johnson: 25:18

Even for all those that I have read, this was a big one. And you have a sentence in there that I’ve never seen before which is, except for this one customer, we don’t have a big customer concentration – I’m paraphrasing only slightly. That one customer, let’s talk about that because you’re acquiring a company that has a massive, one of the largest, according to your filing, one of the largest government security contracts ever. Tell me about that.

James Foster: 25:44

That’s right. It’s with office of personnel and management OPM, it’s one of the organizations in the United States federal government. Fully disclosed. What occurred, this is all again, disclosed, the Chinese government attacked the United States government at some point over half a decade ago. In 2015 US OPM released an RFP and they needed help. They needed help understanding the scope of that attack helping with response and breach response capabilities in particular. And then they needed digital protection. They needed world class digital protection as a part of that attack and IDX won that. And three years later, that contract grew meaningfully in size. I think as the time passed the U.S. federal government realized that China was an adversary that was here to stay and that the scope of what they thought the breach grew and the sophistication of the attack also grew through education and research on our side of the house. And that resulted in a half a billion dollar upsell, an order for OPM.

Cory Johnson: 27:02

It started off at $330 million now it’s up over half a billion.

James Foster: 27:03

Half a billion. It’s huge. The bona fides that come with that and the trade craft and experience that come with that are meaningful. You now can standup and say, we’ve helped the U.S. government protect against attacks from China for over a half a decade and they’re happy and the CPAR scores will attest to that. Think of that as the government report card system.

Cory Johnson: 27:23

And yet IDX was so dependent on that singular contract I would imagine it was a tough for them to wanna do any kind of public offering or anything else because they really were beholden to that single customer.

James Foster: 27:40

I think that’s right. I think their plans were slightly different than ours. We have been partners for four years and maybe unlike some of the SPACs out there, we had come together early last year and decided that it made sense for us to merge as organizations. It made sense for us to merge as organizations, create one unified platform and be able to offer digital protection to organizations and public sector clients around the world. And I think that was the real impetus and catalyst for what we’re doing today.

Cory Johnson: 28:17

How did you identify this company somebody might want to acquire and how does that happen and is going public a necessary element of that?

James Foster: 28:23

We’ve been an acquisitive company by definition for about two years.

Cory Johnson: 28:30

True. You’ve done two big acquisitions. I talked about changing the fan belt whilst the engine runs and in addition to acquiring the giant of IDX, you’ve acquired two other companies in the last 18 months or so.

James Foster: 28:37

We have, we had two small strategic tuck ins – one in 2020 and one in 2021 last summer and knock on wood will have one here shortly by IDX. I think that’s representative of maybe two things, one our corporate culture and the way we think about growth. We look for partners that we know and in general have solid brands and respected customers in the industry. I look at this and say is this somebody that’s respected throughout the industry, they have great human capital talent and do they have the right tech vision that would make a lot of sense for us. There’s a lot of other check boxes we look for, but I would say between you and I Cory – we kiss a lot of frogs there’s a lot of things that are out there in the market right now most of them are just not ideal situations. IDX is a great company they have great leadership, great sustainability – they’ve been around since 2003. And we have the privilege and the luxury of knowing them for four years as a customer and a partner. So we were very comfortable with their vision and had the opportunity to see them execute for multiple years before we agreed on this merger.

Cory Johnson: 29:47

So when you look at other companies that do acquisitions and technology there are certainly some famous bad examples of it. Who do you admire in terms of their ability to do it well?

James Foster: 29:53

Microsoft is doing an excellent job at their strategy. I mean an excellent job and they are visionary in the types of companies their looking at, and the acquisitions they are making . . . I think in general they are probably not getting enough press for how they have turned themselves around. They were an operating system company with enterprise productivity software that had not been put into the cloud and they have turned themselves now into a very good next generation company that’s set themselves up for the next 20 years and most people won’t talk about them most people are talking about the Google’s and the Apple’s of the world then and the Amazon; and Microsoft right there along with them and I think has really set themselves up well.

Cory Johnson: 30:32

Couldn’t agree more. I was having the same conversation with my girlfriend in the car yesterday she was, she was not interested, but I was just saying what a great job Satya Nadella has done. And I’m thrilled you know Oracle’s M&A process is famous for just being fast. If you go over to them with an offer they look at it and they get through it and they give you an answer quickly and, Cisco has done a great job of folding business in to grow that what they have done for a very long time and I just think its you’re right that it’s the companies that do it well don’t get notice cause you don’t notice how well they have done it.

James Foster: 31:01

That’s exactly right. I mean the other ones that I would add to that list you’ve got some of the biggest PE shops in the world out there are now that if you stack them up side by side with some of the biggest software companies that are publicly traded they look similar in size whether that’s a Vista a Toma I mean these guys have playbooks. Yeah making those acquisitions for platforms that are putting tuck ins underneath of them. They have operationalized their playbooks on this is how we do this – it’s the kind of targets we look at and this is what our integration settings look like.

Cory Johnson: 31:30

But are those real companies – I don’t want to go too far down a tangent – but are those, I mean I look at those and think those are a debt laden roll ups of companies that couldn’t make it on their own. That they are waiting to dump on the public markets that will surely collapse three years later.

James Foster: 31:47

Look uh…

Cory Johnson: 31:48

Cause you’re off to sell products you can seem . . .

James Foster: 31:50

We out there selling products that’s right and we have good customers. Look I think that there are some really good companies that are owned by those guys. And then I think there are others strategies that are probably, what would we say, they are probably value strategies, as opposed to growth strategies, right?

Cory Johnson: 32:08

Value for the investors (inaudible) That’s so funny

James Foster: 32:09

There’s a value strategy and there is a PE growth strategy as well. So I’ll probably get some of both.

Cory Johnson: 32:15

So let’s get to markets you bring uh to market. Um. The things that you sell your capabilities are at least according to your documents you know significantly better than they were with all these mergers. What is it that you sell and I how is it differentiated from what the competition is?

James Foster: 32:23

Well I’ll quote you on that. They are significantly better. We are a leader in external cyber security and so concisely what that means is we worry about the types of threats that attacks that are beyond your traditional firewalls so beyond your perimeter. I started my career off on the government side of the house in the late 90s. And for the first 10 year of my career or roughly. Everybody was really worried about insider threats right. Sticking USBs in their laptops, taking out company data, emailing it to your personal account, you know maybe downloading and sending things to people that you shouldn’t have either purposefully or even by accident. And now

Cory Johnson: 33:12

Inside attacks

James Foster: 33:12

That’s exactly right. No one’s worried about that anymore. The fear of the entire world and it couldn’t be more relevant. Unfortunately in what’s happening in the Ukraine and Russia is they are worried about the types of attacks that come from halfway around the world that have either financial or now destructive incentive. And and those external threats, those external attacks, that’s the definition of external cyber security. And we do a very good job of protecting our customers against those types of external attacks.

Cory Johnson: 33:41

How much of that, you know, there was a conversations about that, there have been conversations with that, with the White House in the last week a lot about colonial pipeline as an example of a critical US asset the victim of a year ago, victim of a cyber attack that had really no government interaction because they just their security systems weren’t as up to date, and speaking of private equity ownership it had a unique trust structure in its ownership one of the places they cut costs was cyber security to the detriment of anyone buying gasoline on the east coast for while and/or trying to heat their home. Um how much of that is going in to companies and saying hey its time to get rid of Windows 95 and maybe you need to run the latest update as opposed to constructing new walls around this system.

James Foster: 34:32

I think the mindset for CEOs and CFOs around cyber security has to change. If you look at it today and you are satisfied with what I call a bolt on security and compliance offering and it’s not ingrained in everything that you do then its going to always seem expensive and always seem like an overhead expense that’s on top of what a project would cost. If you consider it just a cost of doing business and change your mindset and think about how this could give you a competitive long-term advantage then then its not expensive. And I’ll tell you the stats over the last ten years, I mean this was at our public pitch deck if you just look over the last five years, the number of breaches going up in this industry and around the world is off the charts. I mean they are rapidly growing and last year set records as well to where the number of breaches and records released was over 50 billion. I mean this is 50 billion records getting released in uh in uh in uh single calendar year is just its just unheard of I mean it’s a multiple of the number of people in the world to think about those records. And so I think it’s a um I think the world is in a place where its going to start changing. And you mentioned that it started changing really recently this past Saturday will be one of these milestones in the world that we’ll remember ten years from now. The Ukrainian government, their director of IT and digital transformation went online to Twitter and Telegram and asked the world for help. Basically enlisted the worlds cyber armies and/or think of them as mercenaries to help them and to target Russian assets and to help bolster their defenses. This kind of orchestration has never been done in the world before at this scale on the cyber front so since Saturday – its now Thursday here – since Saturday the end of February there’s been a an all out cyber war happening around the world in open forum. That’s a first for us.

Cory Johnson: 36:31

Yeah its super interesting uh that uh um what do they call it uh vector for or or surface for attacks in in in in a defense they call it a surface.

James Foster: 36:42

That’s right.

Cory Johnson: 36:44

No refence to Microsoft but but that cyber-attacks and and ya know one wonders as you look at at at the this war as it evolves towards attacks on defensed civilians or barely defended civilians that also has a a um mere that makes for for good cable news video. But cyber attacks don’t and yet may have also devasting effects.

James Foster: 37:07

They have devasting effects and it’s going to get worse um and I hate to be the bearer of bad news here but um there’s there’s a new type of attack that is a now gaining prominence its called destructive malware and in general the reason this hasn’t been something that has been around or in vogue here in the last twenty years is that in general it can destroy what it touches so if it hits your laptop or your servers it can wipe out all the data it can destroy it and make it so its inoperable and uh in the past its not been really an attack type of choice by the attackers of the world because they didn’t make any money for that if I just knocked out your server so what I don’t get any money so ransomware has been very very you know in vogue the last handful of years because I lock up your computer then I charge you $30,000 to get access to it again and if it’s a really important server and really important computer you’ll pay that to get it back and there’s no other way around it in general. And with destructive malware I think you’ll start seeing this as a tool of trade by governments uh when they want to go after their attacker and its you know the analogy that is being used right now is like a bomb for digital systems. You blow them up and you destroy them and they are inoperable and the time to fix it no longer is $30,000 and a weeks worth of work, it could be millions of dollars and years worth of effort to potentially bring things back online and build them anew. We haven’t seen that kind of destruction yet. We see evidence of it being used right now in Ukraine and uh if that hits the Western world with connected internet world the cost of cyber security is going to go through the roof.

Cory Johnson: 38:49

Well I think we saw the first of it all the way back in 2008 when Russia invaded you know South Sadia um and and Georgia. It was proceeded by a cyber-attack that destroyed cyber infrastructure and just took down phones and took down connections with the outside world and took down powers and utilities um to and it was, what was interesting to me about that it was that was Russia employed um hackers in places were they basically let hackers run rampant with the promise that they would help out when there was a war and we see that again with Ukraine.

James Foster: 39:24

That’s exactly That’s exactly right. The apparatus that Russia has in particular is very different than the United States uh you know Western Europe or even China for that matter. When they used a decentralized approach between the way that they can create offensive capabilities they have these cyber-criminal groups that are loosely affiliated with the Russian government, could be tapped by the Russian government, either formally or informally to go after a target. And uh and sometimes they’ll provide let’s say information or guidance on a target. They’ll say its ok to go after the United States banking infrastructure - don’t hit the top twenty banks but any kind of mid-market bank is fair game and hit them with things that make you money so ransomware would be you know an opportunity to get in and pull from those banks. That is absolutely uhhh one of those types of guidance tactics and there’s the informal route would be to just turn a blind eye to it and the formal route they do have capabilities to communicate to these groups and provide them you know those types of targets. Very different than how we do this in the United States.

Cory Johnson: 40:32

And we saw that in the election uhhh of when President Trump first got elected the help that he got from Russians Russian backed uh agencies whether it was actual you know KGB or KGB controlled or or or the sorry the current model of KGB but also um freelancers (inaudible) interfere with the U.S. election.

James Foster: 40:54

That’s right and the U.S. has uh capabilities we’ve set up some U.S. cyber com think of this as our army capability for cyber warfare. It’s a branch of our military now. A branch of the government and um you should think of our capabilities as centralized capability that looks like the military apparatus we’ve set up over the last couple hundred years. Outside of that there are other unique capabilities we have as a government to uh to collect intelligence and uh and conduct operations capabilities but there all in general centralized. And government owned.

Cory Johnson: 41:33

Decentralized tends to win. Interesting um well I hope that I hope that zero fox can make lot of money in this at least. It looks like you are already.

James Foster: 41:43

Uh I I we are we are we are doing well. I think there the market is growing and its one of these unfortunate pillows that we lay our head on each night is um when the market and the world goes bad and cyber security and attacks are up and uh volatility is high our phone rings. And this is the really tough few years people took advantage of Covid to create digital and cyber opportunities on the maliciousness side of the house and the really nice and interesting things ZeroFox. Cyber war just started. Um um we just started off our fiscal year so we think this is gonna unfortunately set us up for a very very busy year and uh a very turbulent year for ahead for the world.

Corey Johnson: 42:29

James Foster Foster the CEO of Zero Fox, thank you for your time today we really appreciate it.

James Foster: 42:33

Thanks Cory I appreciate it. This was fun. Cheers.

Cory Jonhson: 43:33

Alright we’re back with the Drill Down Byte, that one number that tells us a whole lot. So, ZeroFox and the combined company have a lot customers as we mentioned, the defense department, a lot of big businesses, Uber, SNAP, Salesforce, Moody’s, schools, healthcare Costco whatever that is, Major League Baseball which will be with us again for another year. I thought it was really interesting to see. A lot of these companies talk about how many customers they have, how much of the Fortune 500, Fortune 10 in this case. There’s no such thing as the Fortune 10, but they claim to have 7 of the Fortune 10. There isn’t a Fortune 10. There’s a Fortune 500. They just picked the first 10 in the book. In any case, customers however that spend a lot of money are what really matters for any business, this business included. And for this business, customers spending over $100,000 each. They have 130 of them. That number and that number is your Drill Down Byte. The percentage growth of customers of $100,000 or more in spending is 50% on average over the last three years. The growth is 50%. That’s amazing. 50% in big customers over the last three years. That’s a lot of money. A lot of money a lot of growth for this company, coming from those big customers or growing those customers. And we know, once a $100,000 customer is in the door, they start spending a lot more and that’s certainly what these guys hope. And they’ve showed the ability to grow those as Isaac said over the last two years. A positive sign for them. If not a negative sign for the rest of us fearing cyber-attack. Yeah, you know another thing about those big-ticket customers are, that once they get integrated into your whatever your system is. It doesn’t matter the industry. They’re less likely… its going to take a lot more to get them to go to a different competitor. Because they’re integrated into your system.

Forward-Looking Statements

Certain statements in this communication are “forward-looking statements” within the meaning of the “safe harbor” provisions of the United States Private Securities Litigation Reform Act of 1995. When used in this report, words such as “may”, “should”, “expect”, “intend”, “will”, “estimate”, “anticipate”, “believe”, “predict”, “potential” or “continue”, or variations of these words or similar expressions (or the negative versions of such words or expressions) are intended to identify forward-looking statements.

These forward-looking statements and factors that may cause actual results to differ materially from current expectations include, but are not limited to: the inability of the parties to complete the transactions contemplated by the definitive agreement relating to the business combination and other transactions that will result in ZeroFox, Inc. (“ZeroFox”) becoming a publicly traded company as ZeroFox Holdings, Inc. (the “Business Combination”); the outcome of any legal proceedings that may be instituted against L&F Acquisition Corp. (“LNFA”), the combined company or others following the announcement of the Business Combination and any definitive agreements with respect thereto; the inability to complete the Business Combination due to the failure to obtain approval of the shareholders of LNFA, to obtain financing to complete the Business Combination or to satisfy other conditions to closing; changes to the proposed structure of the Business Combination that may be required or appropriate as a result of applicable laws or regulations or as a condition to obtaining regulatory approval of the Business Combination; the ability to meet stock exchange listing standards following the consummation of the Business Combination; the risk that the Business Combination disrupts current plans and operations of LNFA, ZeroFox, ID Experts Holdings, Inc. (“IDX”) or the combined company as a result of the announcement and consummation of the Business Combination; the ability to recognize the anticipated benefits of the Business Combination, which may be affected by, among other things, competition, the ability of the combined company to grow and manage growth profitably, maintain relationships with customers and suppliers and retain its management and key employees; costs related to the Business Combination; changes in applicable laws or regulations; the possibility that LNFA, ZeroFox, IDX or the combined company may be adversely affected by other economic, business, and/or competitive factors; LNFA’s, ZeroFox’s or IDX’s estimates of expenses and profitability; expectations with respect to future operating and financial performance and growth, including the timing of the completion of the proposed Business Combination; ZeroFox’s and IDX’s ability to execute on their business plans and strategy; the ability to meet the listing standards of the listing exchange on which the combined company will be listed following the consummation of the transactions completed by the Business Combination; and other risks and uncertainties described from time to time in filings with the U.S. Securities and Exchange Commission (the “SEC”).

You should carefully consider the foregoing factors and the other risks and uncertainties described in the “Risk Factors” section of LNFA’s registration statement on Form S-4 (File No. 333-262570) filed in connection with the Business Combination, and other documents filed by LNFA from time to time with the SEC.

Readers are cautioned not to place undue reliance upon any forward-looking statements, which only speak as of the date made. LNFA, ZeroFox and IDX expressly disclaim any obligations or undertaking to release publicly any updates or revisions to any forward-looking statements contained herein to reflect any change in the expectations of LNFA, ZeroFox or IDX with respect thereto or any change in events, conditions or circumstances on which any statement is based.

Additional Information about the Business Combination and Where to Find It

LNFA has filed with the SEC a Registration Statement on Form S-4 (as amended, the “Registration Statement”), which includes a preliminary proxy statement/prospectus of LNFA, which will be both the proxy statement to be distributed to holders of LNFA's ordinary shares in connection with the solicitation of proxies for the vote by LNFA's shareholders with respect to the proposed Business Combination and related matters as may be described in the Registration Statement, as well as the prospectus relating to the offer and sale of the securities to be issued in the Business Combination. After the Registration Statement is declared effective, LNFA will mail a definitive proxy statement/prospectus and other relevant documents to its shareholders. LNFA’s shareholders and other interested persons are advised to read, when available, the preliminary proxy statement/prospectus, and amendments thereto, and definitive proxy statement/prospectus in connection with LNFA’s solicitation of proxies for its shareholders’ meeting to be held to approve the Business Combination and related matters, because the proxy statement/prospectus will contain important information about LNFA, ZeroFox and IDX and the proposed Business Combination.

The definitive proxy statement/prospectus will be mailed to shareholders of LNFA as of a record date to be established for voting on the proposed Business Combination and related matters. Shareholders may obtain copies of the proxy statement/prospectus, when available, without charge, at the SEC’s website at sec.report or by directing a request to: L&F Acquisition Corp., 150 North Riverside Plaza, Suite 5200, Chicago, Illinois 60606.

No Offer or Solicitation

This communication is for informational purposes only, and is not intended to and shall not constitute an offer to sell or the solicitation of an offer to sell or the solicitation of an offer to buy or subscribe for any securities or a solicitation of any vote of approval, nor shall there be any sale, issuance or transfer of securities in any jurisdiction in which such offer, solicitation or sale would be unlawful prior to registration or qualification under the securities laws of any such jurisdiction. No offer of securities shall be made except by means of a prospectus meeting the requirements of Section 10 of the Securities Act of 1933, as amended, and otherwise in accordance with applicable law.

Participants in Solicitation

This communication is not a solicitation of a proxy from any investor or securityholder. However, LNFA, ZeroFox, IDX, JAR Sponsor, LLC and certain of their respective directors and executive officers may be deemed to be participants in the solicitation of proxies from LNFA’s stockholders in connection with the Business Combination under the rules of the SEC. Information regarding LNFA directors and executive officers may be found in the Registration Statement, including amendments thereto, and other reports which are filed with the SEC. These documents can be obtained free of charge from the sources indicated above.