Startup Diligence
Diligence report Cybersecurity software; cloud-native logging, security data platform, SIEM, SOAR and UEBA Private venture-backed unicorn / growth-stage software company; last public valuation $2B Series F in 2022

Devo, Inc.

Devo, Inc. Startup Diligence Report

Devo merits continued diligence only if management can substantiate durable enterprise/SOC demand, differentiated security-data economics, defensible AI/SIEM outcomes, clean preference/legal/security posture and efficient growth after the 2021-2022 late-stage valuation step-up.

Company profile

Devo, Inc. Startup Diligence Report

Devo is an active private cybersecurity unicorn with strong public financing, product and compliance signals, but its investability cannot be underwritten from public evidence alone because financial quality, customer retention, cap table, security artifacts and legal schedules are private.

Website
www.devo.com
Sector
Cybersecurity software; cloud-native logging, security data platform, SIEM, SOAR and UEBA
Geography
United States / Cambridge, Massachusetts, with North America, Europe and APAC operations indicated by public materials
Stage
Private venture-backed unicorn / growth-stage software company; last public valuation $2B Series F in 2022
Known aliases
Devo, Devo Technology, Devo Technology Inc., Logtrust
Report version
1.0
Timezone
America/New_York

Executive summary

Strengths

  • Series F was publicly announced at $100M and $2B valuation in June 2022.
  • Public product pages support Devo positioning across Data Analytics Cloud, Intelligent SIEM, Data Orchestration and DeepTrace.
  • FedRAMP Moderate and StateRAMP Moderate announcements provide regulated-market signals.

Risks

  • No public financial statements, ARR, burn, cash runway or forecast accuracy.
  • Customer concentration, churn, NRR and references are not public.
  • Crowded SIEM/security-data market creates substantial pricing and displacement risk.
  • Security/privacy artifact gap is material for a security data platform.

Gaps

  • Audited/reviewed financials, management accounts, ARR bridge, burn, cash runway and forecast model.
  • Current cap table, preference stack, option pool, warrants, debt and 409A history.
  • Top-customer ARR, churn/NRR, customer references, partner economics and supplier commitments.
  • Architecture, AI/model evaluation, product adoption, COGS and security/compliance artifacts.
  • Counsel-led litigation/regulatory/IP/contracts/insurance schedules.

Recommended next steps

  • Open financial/cap-table data room first; stop if ARR quality, runway or preferences do not support the 2022 valuation anchor.
  • Run customer and product diligence in parallel: top-customer references, churn/NRR, product demo, architecture review and AI efficacy tests.
  • Have counsel/security review FedRAMP/StateRAMP packages, SOC/pen-test artifacts, material contracts, litigation and IP chain.
  • Interview CEO/executive chair and functional leaders about post-2025 operating plan, retention and GTM execution.

Risk register

high high likelihood

R-001: Private financial statements and operating metrics are unavailable

ARR, revenue growth, gross margin, burn, cash runway, backlog, receivables and forecast accuracy cannot be underwritten from public sources.

Diligence request: Require audited/reviewed financials, monthly management accounts, cohort retention, cash balance, debt and detailed forecast model.

high high likelihood

R-003: Customer concentration, churn and net retention are not public

Public logos do not reveal ARR concentration, renewal status, gross retention, NRR, product adoption or reference quality.

Diligence request: Request top-customer schedule, cohort retention, churn bridge and permission for independent reference calls.

high high likelihood

R-004: Crowded SIEM/security-data market creates price and displacement pressure

Devo competes with Splunk, Elastic, QRadar, LogRhythm, Microsoft, Google Chronicle, Palo Alto/Cortex, CrowdStrike, Exabeam and Securonix.

Diligence request: Request win/loss, pricing benchmarks, displacement proof and pipeline by competitive source.

high medium likelihood

R-002: Preference stack, dilution and financing terms may materially affect returns

Large late-stage rounds at $1.5B and $2B valuations may include liquidation preferences, ratchets or senior rights not visible publicly.

Diligence request: Request full cap table, financing documents, option pool, warrants, debt and 409A/common valuation history.

high unknown likelihood

R-010: Security or privacy incident exposure cannot be ruled out publicly

The trust center is public, but SOC reports, pen tests, DPAs, incident logs and customer security exceptions require private review.

Diligence request: Review SOC 2, ISO/FedRAMP packages, pen-test reports, incident register, DPAs and material customer security commitments.

medium medium likelihood

R-005: AI/SOAR/UEBA efficacy claims may not translate into measurable SOC outcomes

DeepTrace, ThreatLink and autonomous-investigation claims need proof of accuracy, explainability, analyst-time savings and customer adoption.

Diligence request: Run product demo using realistic data, review model governance, false positives, customer case studies and roadmap burn-down.

medium medium likelihood

R-006: Cloud ingestion, hot storage and data routing may pressure gross margin

Ingest-based pricing, 400 days hot storage and data orchestration create infrastructure-cost and architecture-dependency questions.

Diligence request: Request COGS by ingestion tier, storage unit economics, cloud commitments, architecture review and supplier concentration data.

medium medium likelihood

R-007: FedRAMP/StateRAMP obligations can create compliance cost and scope risk

Government-market authorizations improve credibility but require continuous controls, boundary management and audit costs.

Diligence request: Verify official authorization status, sponsoring agency, authorization boundary, POA&M, incident history and continuous-monitoring costs.

Chapter 01

01Financial Information

Public sources provide financing and valuation milestones but no audited financial statements, operating KPIs, cash runway, cap table or debt schedules. Devo appears active and private based on public materials, with last public valuation of $2B in 2022.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: high

Income statements, balance sheets, cash flows, backlog, AR aging and management reports are not public; only financing/growth press signals are available.

Evidence gaps

  • Audited/reviewed financial statements, monthly management accounts, ARR bridge, backlog, AR aging and gross margin detail.

Hidden risks

  • R-001 remains material until private diligence closes this public-evidence gap.
  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide monthly financials for the last 36 months, full-year audits/reviews, ARR bridge, backlog and AR aging by customer.
Financial statement disclosure gap matrix
AreaPublic evidenceGapRisk IDs
Income statements, balance sheets and cash flowsNo public statements found; company is privateAudited/reviewed financials and footnotesR-001
Backlog and accounts receivable agingNo schedule found in public materialsBacklog by customer and AR agingR-001, R-003
Sales/gross profit by product/geographyProduct packaging is public but revenue mix is notARR and gross margin by package, region and channelR-001, R-006

I.B Financial Projections

not publicly verifiable confidence: high

Public growth and product-expansion signals do not provide forecast model inputs, pricing assumptions or capital expenditure/working-capital needs.

Evidence gaps

  • Three-year quarterly forecast, pipeline conversion, retention, pricing, capex, cloud COGS and financing assumptions.

Hidden risks

  • R-001 remains material until private diligence closes this public-evidence gap.
  • R-004 remains material until private diligence closes this public-evidence gap.
  • R-009 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide forecast model with actual-vs-plan history, scenario sensitivities and assumptions by product, channel, customer segment and region.
Projection diligence assumption matrix
AreaPublic evidenceGapRisk IDs
Growth driversFunding releases and product launches imply growth ambitionsPipeline conversion, expansion, churn and quota capacityR-001, R-003, R-004
Pricing and market assumptionsPackaging visible; public price book not visibleDiscounting, ACV, renewal uplift and price elasticityR-001, R-004
International assumptionsGlobal positioning and Spain/Logtrust historyFX exposure, local costs, data residency and country-level revenueR-009

I.C Capital Structure

partially verified confidence: high

The public financing timeline is strong enough to verify late-stage venture backing and valuation headlines, but ownership, dilution and preferences are private.

Evidence gaps

  • Shares outstanding, investor ownership, option pool, liquidation preferences, debt, warrants, notes and off-balance-sheet obligations.

Hidden risks

  • R-002 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide current cap table, financing documents, debt schedule, option plan and board/investor consent requirements.
Public financing and valuation timeline
DateRoundAmountValuation or scale claimEvidence
2020-09-15Series D$60MCEO transition; U.S. Air Force contract and growth/headcount claims citedEC-003
2021-10-26Series E$250M$1.5B valuation; more than 400 employees statedEC-002
2022-06-02Series F$100M$2B valuation; total capital raised above $500MEC-001
Eligibility and status screen
ItemPublic evidenceDiligence implication
Public-market exclusionNo IPO/SPAC/public ticker found in reviewed sources; financing releases describe venture fundingTreat as private unless corporate counsel discovers subsequent transaction
Acquisition/shutdown exclusionCompany site, product pages and 2025 CEO release are activeNo public acquisition/shutdown trigger found in this research pass
Corporate aliasesLogtrust rebrand to Devo provides alias trailUse Devo, Devo Technology, Devo Technology Inc. and Logtrust in legal/entity searches
Public financing and corporate-history timeline Timeline of public Logtrust/Devo rebrand, financing and leadership events.
Public valuation and financing step-up chart Chart of public funding amounts and disclosed valuations.

I.D Other financial information

not publicly verifiable confidence: high

Tax positions, revenue recognition, accounting policies, cloud commitments and contingencies are not public.

Evidence gaps

  • Tax/NOL schedule, revenue recognition memo, deferred revenue, contract liability, cloud commitments and contingencies.

Hidden risks

  • R-001 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.
  • R-009 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide tax returns/positions, revenue-recognition policy, deferred revenue, cloud vendor commitments and off-balance-sheet obligations.
Capital, tax, accounting and off-balance-sheet request list
AreaPublic evidenceGapRisk IDs
Cap table and preferencesSeries D/E/F amounts and valuations publicOwnership, liquidation preferences, warrants, debt and option poolR-002
Revenue recognition and taxNo accounting policies or tax positions publicRevenue policy, deferred revenue, NOLs and transfer pricingR-001, R-009
Cloud commitments/off-balance sheetData platform model implies infrastructure commitments but no contracts publicCloud spend, minimum commitments, leases and contingenciesR-006
Chapter 02

02Products

Devo publicly presents a cloud-native data/security analytics platform, Intelligent SIEM, Data Analytics Cloud, Data Orchestration and DeepTrace. The public evidence supports product-scope existence, not adoption, efficacy, cost or profitability.

II.A Description of each product

partially verified confidence: medium

Product pages and releases verify public packaging and recent launches, while market share, customer adoption, COGS and profitability remain private.

Evidence gaps

  • Product ARR, adoption, usage, gross margin, roadmap delivery, support burden and customer ROI proof.

Hidden risks

  • R-005 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.
  • R-004 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide product-level ARR/margin, roadmap, release quality metrics, demo environment, customer adoption cohorts and cost-to-serve by ingestion tier.
Public product and package map
TopicEvidenceOpen questionRisk IDs
Data Analytics CloudPackaging page and data-orchestration launch point to analytics/log data platform positioningARR, gross margin and usage by packageR-001, R-006
Intelligent SIEMCompany page markets SIEM, SOAR, UEBA and AIDetection efficacy, analyst workflow outcomes and attach rateR-005, R-004
DeepTrace / AI investigationDeepTrace product page markets autonomous investigation and threat huntingFalse positives, explainability, model controls and customer adoptionR-005
Product roadmap and cost diligence map
TopicEvidenceOpen questionRisk IDs
Data OrchestrationJuly 2024 launch; destinations include S3, Databricks and SnowflakeCustomer adoption, routing economics and partner dependenciesR-006
ThreatLink/Behavior AnalyticsReferenced in Intelligent SIEM positioningCoverage, roadmap, integrations and customer outcomesR-005
Storage/ingestion value propositionIDC release mentions ingest-based pricing and 400 days hot storageCOGS and price realization at scaleR-006, R-004
Devo public product architecture map High-level public-product architecture inferred from product and integration pages.
Chapter 03

03Customer Information

Devo shows public customer, partner and integration signals but does not disclose top-customer revenue, concentration, churn, NRR, severed relationships or supplier economics.

III.A Top customers by application

partially verified confidence: medium

Customer logos and stories are visible, but top-15 customer schedules and application-level deployments are not public.

Evidence gaps

  • Top 15 customers for the past two fiscal years and current YTD by application, product, ARR and renewal date.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide top-customer schedule and authorize reference calls with representative large, mid-market, churned and government accounts.
Customer evidence and concentration gap table
TopicEvidenceOpen questionRisk IDs
Public logos/testimonialsCustomer stories and logos marketed by DevoTop-15 customers, ARR, products used, renewal dates and referencesR-003
Revenue by customerNot disclosed publiclyAny customer over 5% of revenue; federal exposure; customer credit riskR-003, R-001
Severed relationshipsNo public severed-customer list foundChurned top accounts and lost partner relationships in past two yearsR-003, R-004
Customer evidence completeness chart Categorical chart separating public customer evidence from unavailable private metrics.

III.B Strategic relationships

partially verified confidence: medium

Partner and integration pages indicate a public ecosystem, but revenue contribution and obligations are not disclosed.

Evidence gaps

  • Strategic partner list, revenue contribution, marketing agreements, SLAs and renewal/change-of-control terms.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide partner agreements, partner-sourced pipeline, integration dependency map and critical SLA obligations.
Strategic relationship, integration and supplier diligence map
TopicEvidenceOpen questionRisk IDs
PartnersPartner ecosystem page is publicSourced ARR, resale/referral obligations and renewal statusR-003, R-004
IntegrationsIntegration directory is publicCritical integrations, maintenance burden, API dependencies and SLAsR-006
Cloud/data destinationsData Orchestration routes to S3, Databricks and SnowflakeCloud supplier concentration and customer data-flow obligationsR-006, R-010

III.C Revenue by customer

not publicly verifiable confidence: high

Revenue by customer, including customers above 5% of revenue, is not publicly available.

Evidence gaps

  • Customer ARR schedule, concentration analysis, government/commercial split, gross margin, churn and expansion history.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-001 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide customer ARR by month with >5% customer flags, cohort churn/NRR and gross margin by account.

III.D Significant relationships severed within the last two years

not publicly verifiable confidence: medium

No public schedule of severed customer, partner or supplier relationships was found.

Evidence gaps

  • Churned top accounts, lost partners, lost government contracts and cause-of-loss analysis for the last two years.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-011 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide churn/lost-account list, reasons, pricing/product objections and any dispute/demand letters.

III.E Top suppliers

partially verified confidence: medium

Top suppliers are not public; public integration and data-routing materials imply cloud/data-platform dependencies that require contract review.

Evidence gaps

  • Top suppliers, cloud commitments, data subprocessor terms, supplier spend and concentration by fiscal year.

Hidden risks

  • R-006 remains material until private diligence closes this public-evidence gap.
  • R-010 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide top supplier spend, cloud commitment contracts, subprocessors, data-processing terms and termination/change-of-control provisions.
Chapter 04

04Competition

Devo operates in a crowded SIEM/security-data market with incumbent SIEM, open/cloud analytics, hyperscaler and XDR/SOC workflow alternatives. Public analyst and review-site signals help category placement but not market share or win/loss.

IV.A Competitive landscape by market segment

partially verified confidence: medium

Competitor names and market-category signals are public; market share, win/loss, pricing realization and differentiation proof are not.

Evidence gaps

  • Market share, win/loss, displacement proof, pricing benchmarks, buyer references and objective product benchmarks.

Hidden risks

  • R-004 remains material until private diligence closes this public-evidence gap.
  • R-005 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide competitive win/loss by vendor, discounting, displacement examples, buyer references and analyst report access.
Competitive landscape by segment
SegmentNamed competitorsBasis of competitionRisk IDs
SIEM / security analyticsSplunk, QRadar, LogRhythm, ElasticDetection breadth, search speed, migration cost, price and storage economicsR-004, R-006
Cloud-native security data / hyperscaler analyticsMicrosoft/Azure, Google ChroniclePlatform bundling, cloud commitments, buyer consolidation and data gravityR-004
XDR/SOC workflow and analyticsPalo Alto/Cortex, CrowdStrike, Exabeam, SecuronixWorkflow automation, response orchestration and analyst productivityR-004, R-005
Differentiation and market-position diligence matrix
TopicEvidenceOpen questionRisk IDs
IDC Leader positionCompany release quotes 2024 IDC MarketScape Leader placementObtain full IDC report, methodology and customer substantiationR-004
Ingest pricing / 400 days hot storageIDC release repeats these differentiatorsUnit economics and price realization versus alternativesR-004, R-006
AI-enabled SOC workflowIntelligent SIEM and DeepTrace pagesBenchmark accuracy, time savings and attach rateR-005
SIEM/security-data competitive market map Market map of Devo and named competitors across platform breadth and data/analytics focus.
Chapter 05

05Marketing, Sales, and Distribution

Public materials show Devo positioning, customer marketing, partner pages and product launches, but not quota capacity, pipeline, sales cycle, compensation, CAC, budget or conversion economics.

V.A Strategy and implementation

partially verified confidence: medium

Public positioning is clear around cloud-native security data and Intelligent SIEM, but marketing effectiveness and risk are not quantifiable publicly.

Evidence gaps

  • Marketing plan, campaign ROI, segment mix, channel mix, pipeline source and win/loss by message.

Hidden risks

  • R-004 remains material until private diligence closes this public-evidence gap.
  • R-003 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide GTM plan, campaign ROI, segment-level funnel metrics, competitive battlecards and pricing/discount policy.
Marketing, sales and channel evidence matrix
TopicEvidenceOpen questionRisk IDs
PositioningCloud-native logging/security analytics/SIEM materialsPersona, segment mix, budget owner and sales cycle by segmentR-004
Partner/channelPartner page is publicPartner-sourced pipeline, channel margin and conflict with direct salesR-003, R-004
Customer marketingCustomer page and testimonials are publicReference quality, expansion motion and case-study representativenessR-003
GTM evidence availability chart Bar chart scoring public availability of GTM diligence inputs.

V.B Major Customers

partially verified confidence: medium

Major-customer relationship status, trends and expansion prospects are not public beyond curated stories.

Evidence gaps

  • Customer health scores, renewals, expansion pipeline, product adoption and reference permissions.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide major-customer QBR/health data, renewal calendar, expansion pipeline and reference-call list.

V.C Principal avenues for generating new business

partially verified confidence: medium

Principal new-business avenues appear to include direct enterprise selling, partner ecosystem and regulated-market positioning, but sourced pipeline is not public.

Evidence gaps

  • Pipeline by source, partner conversion, government pipeline and demand-generation budget.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-004 remains material until private diligence closes this public-evidence gap.
  • R-007 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide pipeline by source and segment, government pipeline, partner attribution and marketing budget allocation.

V.D Sales force productivity model

not publicly verifiable confidence: high

Sales-force productivity metrics are not public.

Evidence gaps

  • Quota, attainment, ramp, sales cycle, pipeline conversion, sales comp, CAC and payback.

Hidden risks

  • R-001 remains material until private diligence closes this public-evidence gap.
  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-004 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide sales productivity model, quota/attainment reports, pipeline conversion and sales compensation plans.
Sales productivity model request table
MetricPublic statusRequested evidenceRisk IDs
Quota and rampNot disclosed publiclyQuota by role, attainment, ramp time and hiring planR-001, R-003
Pipeline and conversionNo public pipeline schedulePipeline by stage, win rate, sales cycle and sourceR-001, R-004
Compensation and CACNot publicSales comp plans, CAC, payback and channel economicsR-001

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: high

Ability to execute marketing plan with current/projected budgets cannot be verified from public sources.

Evidence gaps

  • GTM budget, headcount plan, CAC payback, pipeline coverage and budget scenario analysis.

Hidden risks

  • R-001 remains material until private diligence closes this public-evidence gap.
  • R-004 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide marketing and sales budget, headcount plan, pipeline coverage and CAC/payback sensitivity by segment.
Chapter 06

06Research and Development

Recent product launches and AI/security analytics claims create meaningful R&D diligence needs around architecture, model governance, integration burden, COGS, roadmap delivery and talent.

VI.A Description of R&D organization

partially verified confidence: medium

Public product claims imply R&D in data platform scale, security analytics, AI investigation and integrations, but org structure and development cost are private.

Evidence gaps

  • R&D org chart, engineering headcount, roadmap capacity, technical debt, incident/SRE metrics and development-cost allocation.

Hidden risks

  • R-005 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.
  • R-008 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide engineering org, roadmap, architecture review, model governance, incident history and R&D spend by product.
R&D organization and technology diligence map
TopicEvidenceOpen questionRisk IDs
Data platform scaleCloud-native logging and 400-day hot-storage positioningArchitecture, scalability, latency, reliability and COGSR-006
AI/analytics personnelDeepTrace and Intelligent SIEM claims imply AI/security research expertiseTeam roster, model ownership, ML governance and roadmap capacityR-005, R-008
Integration engineeringIntegration directory and orchestration launchMaintenance burden, test coverage, integration SLAs and partner roadmapsR-006

VI.B New Product Pipeline

partially verified confidence: medium

New product pipeline evidence includes Data Orchestration and DeepTrace/Intelligent SIEM claims, but adoption, timing, cost and risks are not public.

Evidence gaps

  • Roadmap commitments, release quality, adoption, COGS, critical technology dependencies and customer outcome metrics.

Hidden risks

  • R-005 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide roadmap burn-down, release quality metrics, product adoption, model evaluation, cloud cost profile and customer ROI studies.
New product pipeline and risk table
Product or launchPublic timing/statusCritical technologyDiligence risk
Data OrchestrationLaunched July 2024Routing, policy controls, connectors, cost optimizationR-006
DeepTraceProduct page activeAttack graphing, AI investigation, analyst workflow explainabilityR-005
Intelligent SIEM enhancementsProduct page activeSIEM/SOAR/UEBA integration and automated responseR-005, R-006
Recent R&D and product-launch timeline Timeline of recent product/compliance milestones relevant to roadmap diligence.
Data orchestration dependency diagram Diagram of product dependency surface introduced by data routing and integrations.
Chapter 07

07Management and Personnel

Public evidence confirms recent leadership transition and historical management changes. Headcount by function/location, compensation, stock plans, employee relations and turnover are not public.

VII.A Organization Chart

partially verified confidence: medium

Public leadership evidence supports current CEO/executive-chair mapping but not full org chart.

Evidence gaps

  • Current org chart, board composition, reporting lines, operating cadence and succession plan.

Hidden risks

  • R-008 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide current org chart, board list, executive scorecards and 90/180-day CEO transition plan.
Leadership roster and transition evidence
Person or rolePublic evidenceDiligence questionRisk IDs
Ken Naumann, CEOCEO appointment announced March 2025Strategy reset, priorities, operating cadence and retention planR-008
Walter Scott, Executive Chairman2025 CEO release describes executive-chair roleBoard involvement, delegation and transition planR-008
Marc van Zadelhoff historical CEO2020 Series D release announced appointmentContinuity between 2020-2025 strategies and leadership changesR-008
Public management and governance relationship map Org-style view of public leadership-transition facts.

VII.B Historical and projected headcount by function and location

partially verified confidence: medium

Historical/current headcount by function and location is mostly not public; 2021 release stated more than 400 employees.

Evidence gaps

  • Monthly headcount by function/location/entity, hiring plan and attrition by team.

Hidden risks

  • R-008 remains material until private diligence closes this public-evidence gap.
  • R-009 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide monthly headcount, hiring plan, location/entity map and attrition by function for the last 24 months.
Personnel, compensation and turnover diligence request table
AreaPublic evidenceRequested evidenceRisk IDs
Headcount by function/location2021 release stated more than 400 employees; current headcount not publicMonthly headcount by function, location and legal entityR-008, R-009
Compensation and benefitsNot disclosed publiclyExecutive agreements, sales comp, benefits, bonus and retention arrangementsR-008
Turnover and employee relationsNo public turnover schedule or employee-relations issues found in this passAttrition by function, regretted losses, ER claims and engagement surveysR-008, R-011

VII.C Senior management biographies

partially verified confidence: medium

Senior-management biographies are partly available from company pages/releases, but ages, tenure details, references and complete employment history require validation.

Evidence gaps

  • Full management bios, references, tenure, employment agreements, background checks and board minutes around transitions.

Hidden risks

  • R-008 remains material until private diligence closes this public-evidence gap.
  • R-012 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide executive bios, employment agreements, references/background checks and board materials for leadership transitions.

VII.D Compensation arrangements

not publicly verifiable confidence: high

Compensation arrangements and benefit plans are not publicly disclosed.

Evidence gaps

  • Employment agreements, severance, bonus plans, sales comp, benefits, retention grants and change-of-control provisions.

Hidden risks

  • R-008 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide executive agreements, compensation plans, severance/change-of-control terms and benefit-plan documents.

VII.E Incentive stock plans

not publicly verifiable confidence: high

Incentive stock plans and option grants are not public.

Evidence gaps

  • Equity incentive plan, option pool, grants, exercise prices, vesting, refresh policy and 409A valuations.

Hidden risks

  • R-002 remains material until private diligence closes this public-evidence gap.
  • R-008 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide stock plan, option ledger, vesting schedule, 409A history and retention analysis after late-stage rounds.

VII.F Significant employee relations problems, past or present

inconclusive confidence: low

No public significant employee-relations issue was found in this pass, but public screening is incomplete.

Evidence gaps

  • Employee relations matters, complaints, settlements, labor claims and cultural survey data.

Hidden risks

  • R-008 remains material until private diligence closes this public-evidence gap.
  • R-011 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide HR claims schedule, settlements, open employee-relations matters and employee engagement/attrition analysis.

VII.G Personnel Turnover

not publicly verifiable confidence: high

Personnel turnover data for the last two years is not public.

Evidence gaps

  • Monthly voluntary/involuntary attrition, regretted losses, function/location cohort data and retention-plan effectiveness.

Hidden risks

  • R-008 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide 24-month attrition by function/location, regretted-loss analysis and retention plans tied to equity/compensation.
Chapter 08

08Legal and Related Matters

Public security and regulated-market signals are meaningful, but legal, regulatory, IP, contract, insurance and security artifacts require counsel/security review. Public docket screening was limited and not dispositive.

VIII.A Pending lawsuits against the Company

inconclusive confidence: low

Public docket screening did not surface a confirmed material lawsuit against Devo in this pass, but the search is incomplete.

Evidence gaps

  • Counsel-prepared litigation schedule across all jurisdictions and aliases.

Hidden risks

  • R-011 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Have counsel provide docket searches, claims schedule, demand letters, settlements and reserves for all Devo/Logtrust entities.
Public litigation and dispute screen
Matter typePublic resultLimitationRisk IDs
Lawsuits against companyNo confirmed material matter surfaced in CourtListener screening passMay miss state, international, arbitration, sealed or alias-related mattersR-011
Lawsuits initiated by companyNo comprehensive public schedule availableCompany/counsel schedule requiredR-011, R-012
Regulatory inquiriesNo public regulatory-problem schedule foundRegulatory correspondence is often non-publicR-007, R-010
Legal, regulatory and security risk heatmap Risk heatmap for legal/regulatory/security diligence.

VIII.B Pending lawsuits initiated by Company

inconclusive confidence: low

Pending lawsuits initiated by the company are not publicly scheduled.

Evidence gaps

  • Company-initiated claims, collection disputes, IP enforcement, customer/supplier disputes and counsel assessment.

Hidden risks

  • R-011 remains material until private diligence closes this public-evidence gap.
  • R-012 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide plaintiff-side litigation schedule, demand letters, IP enforcement matters and recovery/reserve analysis.

VIII.C Environmental and employee safety issues and liabilities

partially verified confidence: medium

Environmental/safety exposure appears primarily office/software-company related publicly; security/privacy and regulated-market controls are more material.

Evidence gaps

  • Security audit packages, incident history, employee safety policies, regulatory correspondence and compliance exceptions.

Hidden risks

  • R-007 remains material until private diligence closes this public-evidence gap.
  • R-010 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide SOC/FedRAMP/StateRAMP packages, incident register, employee safety policies and regulatory correspondence.
Security and regulated-market authorization table
TopicEvidenceOpen questionRisk IDs
Trust centerPublic trust center existsSOC reports, pen tests, DPAs, incident history and customer exceptionsR-010
FedRAMP ModerateAuthorization announced January 2024Official listing, boundary, POA&M and continuous-monitoring costR-007, R-010
StateRAMP ModerateAuthorization announced June 2024Official status, customer use and ongoing obligationsR-007

VIII.D Material patents, copyrights, licenses, and trademarks

not publicly verifiable confidence: medium

Material IP schedules are not public; Logtrust history and AI/security modules make ownership and licensing diligence important.

Evidence gaps

  • Patent/trademark schedules, assignments, invention agreements, open-source scan, model/data licenses and inbound/outbound license obligations.

Hidden risks

  • R-012 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide IP schedule, assignments, open-source scans, patent/trademark filings and AI/data/model license review.
IP, contracts and insurance diligence matrix
TopicEvidenceOpen questionRisk IDs
IP ownershipLogtrust-to-Devo rebrand and AI/product claims are publicAssignments, patents, trademarks, open-source scans and invention agreementsR-012
Material contractsCustomer, partner and integration pages imply contracts but terms are not publicTop customer MSAs, partner agreements, cloud commitments and change-of-control termsR-003, R-006, R-010
InsuranceNo public insurance schedule foundCyber, E&O, D&O, general liability limits and claims historyR-010, R-011

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: high

Insurance coverage and material exposures are not public.

Evidence gaps

  • Cyber, E&O, D&O, general liability policies, limits, retentions, exclusions and claims history.

Hidden risks

  • R-010 remains material until private diligence closes this public-evidence gap.
  • R-011 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide insurance schedule, policy documents, claims history and broker assessment of coverage adequacy.

VIII.F Material contracts

not publicly verifiable confidence: high

Material contracts are not public; customer, partner, cloud/supplier and compliance commitments are high-priority requests.

Evidence gaps

  • Top customer MSAs, partner agreements, cloud commitments, DPAs, SLAs, indemnities and change-of-control clauses.

Hidden risks

  • R-003 remains material until private diligence closes this public-evidence gap.
  • R-006 remains material until private diligence closes this public-evidence gap.
  • R-010 remains material until private diligence closes this public-evidence gap.
  • R-012 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Provide material contracts schedule and copies for top customers, partners, cloud suppliers, DPAs, authorization sponsors and IP licenses.
Legal and compliance artifact request list
ArtifactWhy it mattersSource triggerPriority
SOC 2 / ISO / FedRAMP / StateRAMP packagesValidate controls, exceptions and regulated-market obligationsTrust center and authorization releasesHigh
Customer and partner contractsValidate revenue quality, SLAs, indemnities and termination rightsCustomer/partner public pagesHigh
IP schedule and open-source scanValidate ownership and license obligations for product/AI modulesLogtrust rebrand and DeepTrace claimsMedium

VIII.G Regulatory agency problems

partially verified confidence: medium

FedRAMP and StateRAMP announcements are positive regulated-market signals; any regulatory agency problems, POA&Ms or exceptions require private counsel/security review.

Evidence gaps

  • Regulatory correspondence, official authorization listings, POA&M, exceptions, agency sponsor status and incident/regulatory inquiry history.

Hidden risks

  • R-007 remains material until private diligence closes this public-evidence gap.
  • R-010 remains material until private diligence closes this public-evidence gap.
  • R-011 remains material until private diligence closes this public-evidence gap.

Follow-up questions

  • Confirm official FedRAMP/StateRAMP listings, review authorization packages and request all regulatory correspondence or inquiries.
Cross-functional risk and gap coverage matrix
Risk clusterPrimary evidenceClosure requestPriority
Financial and financingEC-001, EC-002, EC-020, EC-021Financial model, statements, cap table and financing documentsHigh
Market, customer and GTMEC-006, EC-011, EC-012, EC-013Customer schedule, references, pipeline and win/loss evidenceHigh
Product, security, legal and teamEC-008, EC-014 to EC-019, EC-022Product demo, architecture, security package, legal schedule and management interviewsHigh
Regulated-market compliance milestone chart Chart/timeline-style visualization of public security authorization milestones.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 Devo publicly announced a $100M Series F financing at a $2B valuation on June 2, 2022, bringing total capital raised to more than $500M. verified high SRC-001SRC-012
EC-002 Devo publicly announced a $250M Series E financing at a $1.5B valuation in October 2021 and stated it had more than 400 employees. verified high SRC-002
EC-003 Devo publicly announced a $60M Series D in September 2020, named Marc van Zadelhoff CEO, referenced a U.S. Air Force contract and cited strong 2020 growth/headcount momentum. verified medium SRC-003
EC-004 Devo presents itself as an active private cybersecurity software company focused on cloud-native logging and security analytics. verified high SRC-004
EC-005 Devo publicly presents packaging around Data Analytics Cloud, Intelligent SIEM Starter and Intelligent SIEM, with pricing requiring contact rather than a transparent public price book. partially verified medium SRC-005
EC-006 Devo publicly markets customer logos, customer stories and testimonials, but does not disclose top-15 customers, ARR by customer or churn. partially verified medium SRC-006
EC-007 Devo publishes partner and integration pages that indicate a go-to-market and technical ecosystem, while partner economics remain undisclosed. partially verified medium SRC-007SRC-008
EC-008 Devo maintains a public trust center, but underlying SOC reports, penetration tests, security exceptions and DPAs require private review. partially verified medium SRC-009
EC-009 Devo appointed Ken Naumann as CEO in March 2025 and described Walter Scott as Executive Chairman, indicating a recent leadership transition. verified high SRC-010SRC-011
EC-010 Devo traces corporate/product history to Logtrust, which announced a rebrand to Devo in 2018. verified medium SRC-013
EC-011 Gartner Peer Insights lists Devo in the Security Information and Event Management market category, corroborating category placement. verified medium SRC-014
EC-012 Devo identifies competitive alternatives including Splunk, Elastic, QRadar, LogRhythm, Microsoft/Azure, Google Chronicle, Palo Alto Networks/Cortex, CrowdStrike, Exabeam and Securonix. verified medium SRC-015
EC-013 A Devo release quoting IDC states the SIEM market was $6.2B, grew 21.7% from 2022 to 2023 and named Devo a Leader in the 2024 IDC MarketScape. partially verified medium SRC-016
EC-014 Devo publicly markets Intelligent SIEM as combining SIEM, SOAR, UEBA and AI capabilities, including ThreatLink, DeepTrace and Behavior Analytics. partially verified medium SRC-017
EC-015 Devo launched Data Orchestration in July 2024 with routing to destinations such as Amazon S3, Databricks and Snowflake. verified medium SRC-018
EC-016 Devo publicly markets DeepTrace as autonomous investigation and threat-hunting functionality for tracing attacks. partially verified medium SRC-019
EC-017 Devo announced FedRAMP Moderate authorization in January 2024. verified medium SRC-020
EC-018 Devo announced StateRAMP Moderate authorization in June 2024. verified medium SRC-021
EC-019 A public CourtListener screening search did not surface a confirmed material Devo litigation matter in this research pass, but the search is not exhaustive. inconclusive low SRC-022
EC-020 Devo annual/quarterly financial statements, backlog, accounts receivable aging, revenue by customer and management financial reports are not publicly available. not publicly verifiable high SRC-001SRC-002SRC-003SRC-004
EC-021 Devo current cap table, share counts, option pool, liquidation preferences, debt and off-balance-sheet obligations are not publicly available. not publicly verifiable high SRC-001SRC-002SRC-003
EC-022 Devo has had multiple public CEO transitions since 2020, including Marc van Zadelhoff in 2020 and Ken Naumann in 2025. verified high SRC-003SRC-011
Sources
IDPublisherTitleAccessed
SRC-001 Devo Devo Technology Raises $100 Million in Series F Funding at $2 Billion Valuation 2026-05-17
SRC-002 Devo Devo Technology Announces $250 Million Series E Funding to Accelerate Global Growth 2026-05-17
SRC-003 Devo Devo Announces $60 Million Series D Funding and Appoints Marc van Zadelhoff CEO 2026-05-17
SRC-004 Devo Company overview and platform description 2026-05-17
SRC-005 Devo Devo packaging and pricing overview 2026-05-17
SRC-006 Devo Devo customer stories and logos 2026-05-17
SRC-007 Devo Devo partner ecosystem 2026-05-17
SRC-008 Devo Devo integrations directory 2026-05-17
SRC-009 Devo Devo Trust Center 2026-05-17
SRC-010 Devo Devo leadership team page 2026-05-17
SRC-011 Devo Devo Appoints Ken Naumann as Chief Executive Officer 2026-05-17
SRC-012 ISAI ISAI announces participation in Devo Series F 2026-05-17
SRC-013 PR Newswire Logtrust Announces Rebrand to Devo 2026-05-17
SRC-014 Gartner Peer Insights Gartner Peer Insights listing for Devo SIEM 2026-05-17
SRC-015 Devo Devo SIEM vendor comparison guide 2026-05-17
SRC-016 Devo Devo Named a Leader in the 2024 IDC MarketScape for SIEM 2026-05-17
SRC-017 Devo Devo Intelligent SIEM 2026-05-17
SRC-018 Devo Devo Launches Data Orchestration and Data Analytics Cloud Enhancements 2026-05-17
SRC-019 Devo Devo DeepTrace product page 2026-05-17
SRC-020 Devo Devo Achieves FedRAMP Moderate Authorization 2026-05-17
SRC-021 Devo Devo Achieves StateRAMP Moderate Authorization 2026-05-17
SRC-022 CourtListener CourtListener search results for Devo Technology and related aliases 2026-05-17

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.