ANNUAL REPORT 2021 SCHEDULE 14A INFORMATION Proxy Statement Pursuant to Section 14(a) of the Securities Exchange Act of 1934 Filed by the Registrant Filed by a Party other than the Registrant Check the appropriate box: ý ¨ ¨ ¨ ý ¨ ¨ Preliminary Proxy Statement Confidential, for Use of the Commission Only (as permitted by Rule 14a-6(e)(2)) Definitive Proxy Statement Definitive Additional Materials Soliciting Material Pursuant to § 240.14a-12 Tenable Holdings, Inc. (Name of Registrant as Specified In Its Charter) Payment of Filing Fee (Check the appropriate box) ý ¨ ¨ No fee required. Fee paid previously with preliminary materials. Fee computed on table in exhibit required by Item 25(b) per Exchange Act Rules 14a-6(i)(1) and 0-11. 1 2 6100 Merriweather Drive, 12th Floor Columbia, Maryland 21044 NOTICE OF ANNUAL MEETING OF STOCKHOLDERS To Be Held On May 25, 2022 Dear Stockholder: You are cordially invited to attend the Annual Meeting of Stockholders of TENABLE HOLDINGS, INC., a Delaware corporation (the "Company"). The Annual Meeting will be held on Wednesday, May 25, 2022 at 1:00 p.m. Eastern Time and will be a virtual stockholder meeting through which you can listen to the meeting, submit questions and vote online. The meeting can be accessed by visiting https://// www.proxydocs.com/TENB and entering your control number which is included in the proxy materials mailed to you. The meeting will be held for the folff lowing purposes: 1. To elect the Board of Directors’ nominees, Amit Yoran, Linda Zecher Higgins, and Niloofarff Razi until the 2025 Annual Meeting of Stockholders. Howe, to the Board of Directors to hold officeff 2. To ratify the selection by the Audit Committee of the Board of Directors of Ernst & Young LLP as the independent registered public accounting firm of the Company for the year ending December 31, 2022. YY 3. To approve, on a non-binding advisory basis, the compensation of the Company's Named Executive Officers ff as disclosed in this proxy statement. 4. To conduct any other business properly brought beforeff the meeting. These items of business are more fully described in the Proxy Statement accompanying this Notice. The record date forff the Annual Meeting is March 31, 2022. Only stockholders of record at the close of business on that date may vote at the Annual Meeting or any adjournment thereof. By Order of the Board of Directors, Stephen A. Riddick General Counsel and Corporate Secretaryt Columbia, MD April 13, 2022 You are cordially invited to attend the virtual annual meeting. Whether or not you expect to attend the meeting, please vote over the telephone or the Internet as instructed in these materials as promptly as possible in order to ensure your representation at the meeting. Even if you have voted by proxy, you may still vote online if you attend the virtual annual meeting. Please note, however, that if your shares are held of record by a broker, bank or other nominee and you wish to vote at the meeting, you must obtain a proxy issued in your name from that record holder. 3 CONTENTS QUESTIONS AND ANSWERS ABOUT THESE PROXY MATERIALS AND VOTING PROPOSAL 1 ELECTION OF DIRECTORS Information Regarding the Board of Directors and Corporate Governance Independence of the Board of Directors Role of the Board in Risk Oversight Meetings of the Board of Directors Information Regarding Committees of the Board of Directors Audit Committee Compensation Committee Nominating and Corporate Governance Committee Stockholder Communications with the Board of Directors Code of Ethics PROPOSAL 2 RATIFICATION OF SELECTION OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM Fees and Services Pre-Approval Policies and Procedures PROPOSAL 3 ADVISORY VOTE TO APPROVE THE NAMED EXECUTIVE OFFICER COMPENSATION Corporate Social Responsibility Executive Officers Security Ownership of Certain Beneficial Owners and Management Executive Compensation Executive Summary Executive Compensation Philosophy and Objectives Compensation Elements Compensation-Setting Process Employment Arrangements Post-Employment Compensation Other Compensation Policies Tax and Accounting Considerations Summary Compensation Table Grants of Plan-Based Awards Outstanding Equity Awards Options Exercised and Stock Vested Employment Agreements with Our Named Executive Officers Potential Payments Upon Termination or Change in Control CEO Pay Ratio Director Compensation Securities Authorized for Issuance Under Equity Compensation Plans Transactions With Related Persons and Indemnification Related-Person Transactions Policy and Procedures Certain Related Person Transactions Indemnification Householding of Proxy Materials Other Matters Appendix: Reconciliation of Non-GAAP Measures Page 8 15 20 20 21 21 22 22 24 26 27 28 29 29 30 31 32 35 36 39 39 42 44 50 53 53 54 55 56 57 58 59 59 61 62 63 66 67 67 67 68 69 70 71 4 To Our Stockholders, The last year has both highlighted the criticality of cybersecurity in every aspect of modern life and tested the foundational strength of our business. I am particularly proud of the way our employees have risen to the challenge of navigating this complex world where ransomware, breaches and nation-state threats regularly make the news. Tenable has been there, at every step along the way, to help our customers understand and reduce their cybersecurity risk, helping keep their businesses safer while accelerating their ability to innovate. Our commitment to our customers 2021 was a year of milestones on many fronts, including a dramatic rise in high-profile cyber problems. As bad actors evolve from retrieving personal identification to crippling businesses and our communities, we remain completely focused on enabling our customers to answer the one question that is most critical to any digital enterprise: “How Secure Am I?” Our customer base has embraced digital transformation and all that it entails – shifting to the cloud and hyper-distributed modern applications. These same customers increasingly recognize that every new technology investment, every computer and asset type is interconnected and introduces risk. Tenable is working hand-in- glove with more than 40,000 organizations to help them expand their vulnerability management (VM) discipline to other areas of their infrastructure so they can understand and reduce their exposure to risk across software, identity and configurations. During the year we delivered a platform that can provide our customers with the leverage they need by securing their tech investments so they can accelerate innovation. Tenable.ep brings our point solutions together to deliver the holistic insights and analytics modern enterprises require. We’re helping them understand how areas of attack are interconnected with an integrated solution and a complete picture of cyber risks. We are delivering unified visibility into code, configurations, assets and workloads. Because cyber risk is business risk, Tenable.ep helps organizations understand security concerns in the broader context of their business priorities. Tenable.ep combines the best of our past and present, establishing a better together framework that will serve our customers now as well as over the long term. Our commitment to corporr rate socialii responsibilityll In April of 2021, we published our first corporate sustainability report. We outlined our commitment to the environment, to our people and the investments we've made to foster this goal. We know that Tenable is stronger because we bring different ff table. What’s more, we are 100% focuse where people can thrive and succeed with meaningful careers. To that end, we instituted a number of initiatives to enhance the employee experience, including: d on making Tenable a premier employer -- a company and inclusive perspectives to the ff • • • days annually forff TwoTT Enhanced learning opportunities, including diversity, equity and inclusion training, career development, Remote work flexibility, • Offices closed every Friday in August, and • Annual equity grants to all eligible employees in good standing. Nothing has made me more proud than watching the heroic efforts ff of our team throughout the last year. Their dedication to our customers, to our partners and to each other are constant. We will 5 continue to invest in our employees just as surely as we will continue to achieve great results together. Our commitmett nt to finanii rr cial perfor rr man ce Going into 2021 we had great confidence in our ability to execute on our key initiatives even with the great macro uncertainty created by the global pandemic. We are incredibly proud of our results and the financial performance that reflects the team’s hard work. A few highlights: • • • Accelerated growth in each of the four quarters, Achieved Rule of 40 (defined below) for full-year 2021, and Added a record 1,800+ enterprise platform customers, and 250+ net new 6-figure customers. Our commitmett nt to our investo ii rs In December we held our first investor day. We recognize the importance that investors play in our success and appreciate their diverse views. We pride ourselves on our investor relationships and will continue to seek out thoughtful ways to deepen our dialog. And we’re just getting started. Just as we pioneered the vulnerability management market, we are ff ront of innovation where technology investments, devices, risks and once again at the foref opportunities are profoundly ff assess and mitigate risk. We believe foundational cyber can and should accelerate innovation in a cloud-first world. And we believe every organization must be able to answer the question, “How secure are we?” interconnected. We’re helping organizations of all sizes rethink how they Sincerely, Amit Yoran Chairman & CEO 6 Business Overview - 2021 Highlights We are a leading provider of Cyber Exposure solutions. Cyber Exposure is a discipline for managing, measuring and comparing cybersecurity risk in the digital era. We have continued to expand and diversify off ur platform offerings from traditional vulnerability management (VM) solutions, which include Tenable.sc and Nessus, to our cloud exposure solutions, which include Tenable.ep, Tenable.io, Tenable.cs, Tenable Web Scanning, or Tenable.io WAS, Tenable.ad and Tenable.ot. Our platforff m offerings provide broad visibility into security issues such as vulnerabilities, misconfigurations, internal and regulatory compliance violations and other indicators of the state of an organization’s security across IT infrastructure and applications, cloud environments, DevOps environments, Active Directory and Identity environments, and Industrial IoT and OT environments. We also provide deep analytics to help organizations score, trend and compare their cyber exposure over time, and communicate cyber risk in business terms to make better strategic decisions. Our platform offeff asset, vulnerability and threat data from third-party systems and applications to prioritize security issues for remediation and focus an organization’s resources based on risk and business criticality. rings integrate and analyze data from our native collectors alongside IT Our 2021 highlights were as follows: • • • • • • Launched Tenable.ep, our unified, risk-based vulnerability management exposure platform designed to provide visibility across Tenable’s solutions and prioritize vulnerabilities using predictive analytics. Achieved FedRAMP authorization for Tenable.io and Tenable.io Web App Scanning, allowing the U.S. federal government to deploy both products across various departments and agencies. Acquired Alsid SAS and Accurics, Inc. for $98.5 million and $160.0 million, respectively. Closed our new credit facility comprised of a $375 million senior secured term loan and a $50 million senior secured revolving credit facility. Revenue was $541.1 million, a 23% increase year-over-year. Calculated current billings was $617.2 million, a 25% increase year-over-year. • GAAP loss from operations was $41.8 million, compared to a loss of $36.4 million in 2020; Non-GAAP income from operations was $51.0 million, compared to $25.8 million in 2020. • GAAP net loss per share was $0.44, compared to a loss per share of $0.42 in 2020; Non- GAAPAA diluted earnings per share was $0.34, compared to $0.19 in 2020. • • Unlevered free cash flow was $95.2 million, compared to $44.3 million in 2020. Achieved Rule of 40 for full-year 2021, which we define as the sum of percentages for revenue growth and unlevered free cash flow margin. Refer to the appendix for reconciliations of non-GAAP measures to comparable GAAPAA measures. 7 TENABLE HOLDINGS, INC. 6100 Merriweather Drive, 12th Floor Columbia, Maryland 21044 PROXY STATEMENT FOR THE 2022 ANNUAL MEETING OF STOCKHOLDERS May 25, 2022 QUESTIONS AND ANSWERS ABOUT THESE PROXY MATERIALS AND VOTING Why did I receive a notice regarding the availability of proxy materials on the Internet? Pursuant to rules adopted by the Securities and Exchange Commission (the “SEC”), we have elected to provide access to our proxy materials over the Internet. Accordingly, we have sent you a Notice of Internet Availability of Proxy Materials (the “Notice”) because the Board of Directors (the "Board of Directors" or the "Board") of Tenable “Company” or “Tenable”) is soliciting your proxy to vote at the 2022 Annual Meeting of Stockholders, including at any adjournments or postponements of the meeting. All stockholders will have the ability to access the proxy materials on the website referred to in the Notice or request to receive a printed set of the proxy materials. Instructions on how to access the proxy materials over the Internet or to request a printed copy may be found in the Notice. Holdings, Inc. (sometimes referred to as the TT TT ff We intend to mail the Notice on or about April 13, 2022 to all stockholders of record entitled to vote at the Annual Meeting. Will I receive any other proxy materials by mail? We may, in our discretion, elect to send you a proxy card. We may also send you a second Notice on or after April 25, 2022. How do I attend the Annual Meeting? The Annual Meeting will be a virtual stockholder meeting through which you can listen to the meeting and vote online. The Annual Meeting can be accessed by visiting https://// www.proxydocs.com/TENB and entering your control number which is included in the proxy materials mailed to you. Upon completing your registration, you will receive further instructions via email, including a unique link that will allow you access to the Annual Meeting. We recommend that you log in a fewf minutes beforeff the Annual Meeting to ensure that you are logged in when the meeting starts. Online check-in will begin at approximately 12:45 p.m. Eastern time. Information on how to vote online during the Annual Meeting is discussed below. We have decided to hold a virtual stockholder meeting in light of public health concerns regarding the COVID-19 pandemic in order to protect the health and safety of our stockholders, employees and directors and to facilitate stockholder participation in the Annual Meeting. Stockholders attending the virtual meeting will be afford person meeting, however any questions will need to be submitted in advance of the meeting. ed the same rights and opportunities to participate as they would at an in- ff 8 Who can vote at the Annual Meeting? Only stockholders of record at the close of business on March 31, 2022 will be entitled to vote at there were 110,286,675 shares of common stock the Annual Meeting. On this record date, outstanding and entitled to vote. kk Stockholde r of Record: Shares Registered in Your Name If on March 31, 2022 your shares were registered directly in your name with Tenable’ s transfer agent, American Stock Transfer & Trust Company, LLC, then you are a stockholder of record. As a stockholder of record, you may vote online during the meeting or vote by proxy. Whether or not you plan to attend the meeting, we urge you to vote by proxy using a proxy card that you may request or that we may elect to deliver at a later time or vote by proxy over the telephone or Internet as instructed below to ensure your vote is counted. TT Beneficial Owner: Srr hares Registered in the Name of a Broker or Bank If on March 31, 2022 your shares were held, not in your name, but rather in an account at a brokerage firm, bank or other similar organization, then you are the beneficial owner of shares held in “street name” and the Notice is being forwarded to you by that organization. The organization holding your account is considered to be the stockholder of record for purposes of voting at the Annual Meeting. As a beneficial owner, you have the right to direct your broker, bank or other agent regarding how to vote the shares in your account. YouYY will receive instructions from your broker, bank or agent that you must follow in order to submit your voting instructions and have your shares voted at the Annual Meeting. YouYY are also invited to attend the Annual Meeting. However, since you are not the stockholder of record, you may not vote your shares online during the Annual Meeting unless you request and obtain a valid proxy from your broker, bank or other agent. What am I voting on? There are three matters scheduled for a vote: • • • Election of three directors (Proposal 1); Ratification of selection by the Audit Committee of the Board of Directors of Ernst & Young LLP as independent registered public accounting firm of the Company for the year ending December 31, 2022 (Proposal 2); and Advisory approval, on a non-binding basis, of the compensation of our Named Executive Officers as disclosed in this proxy statement (Proposal 3). YY ff What if another matter is properly brought before the meeting? The Board of Directors knows of no other matters that will be presented for consideration at the Annual Meeting. If any other matters are properly brought beforeff persons named in the accompanying proxy to vote on those matters in accordance with their best judgment. the meeting, it is the intention of the How do I vote? You may either vote “For” all the nominees to the Board of Directors or you may “Withhold” your vote for any nominee you specify.ff For Proposals 2 and 3, you may vote “For” or “Against” or "Abstain" from voting. 9 Stockholder of Record: Shares Registered in Yii ourYY Name If you are a stockholder of record, you may vote online during the Annual Meeting, vote by proxy using a proxy card that you may request or that we may elect to deliver at a later time, vote by proxy over the telephone or vote by proxy through the Internet. Whether or not you plan to attend the meeting, we urge you to vote by proxy to ensure your vote is counted. You may still attend the meeting and vote online during the meeting even if you have already voted by proxy. • • • • ote online during the meeting, access the Annual Meeting by visiting To vTT www.proxypush.com/TENB and entering your control number which is included in the proxy materials mailed to you. Please have your Notice in hand when you access the website and follow the instructions. ote using the proxy card, simply complete, sign and date the proxy card that may be To vTT delivered and return it promptly in the envelope provided. If you return your signed proxy card to us beforef the Annual Meeting, we will vote your shares as you direct. ote over the telephone, dial toll-free 866-230-6244 using a touch-tone phone and follow To vTT the recorded instructions. You will be asked to provide the control number from the Notice. To ensure your vote is counted, your telephone vote must be received either prior to the start of the meeting or, if you are attending the meeting, beforeff the polls close during the meeting. To vote through the Internet, go to www.proxypush.com/TENB to complete an electronic proxy card. You will be asked to provide the control number from the Notice. To ensure your vote is counted, your Internet vote must be received either prior to the start of the meeting or, if you are attending the meeting, before the polls close during the meeting. Beneficial Owneww r: Shares Registered in the Name of Broker or Bank If you are a beneficial owner of shares registered in the name of your broker, bank or other agent, you should have received a Notice containing voting instructions from that organization rather than from Tenable. Simply follow the voting instructions in the Notice to ensure that your vote is counted. To vote online during the Annual Meeting, you must obtain a valid proxy from your broker, bank or other agent. Follow the instructions from your broker, bank or other agent included with these proxy materials, or contact that organization to request a proxy form. Internet proxy voting will be provided to allow you to vote your shares online, with procedures designed to ensure the authenticity and correctness of your proxy vote instructions. However, please be aware that you must bear any costs associated with your Internet access, such as usage charges from Internet access providers and telephone companies. How many votes do I have? On each matter to be voted upon, you have one vote for each share of common stock you own as of March 31, 2022. If I am a stockholder of record and I do not vote, or if I return a proxy card or otherwise vote without giving specific voting instructions, what happens? If you are a stockholder of record and do not vote by completing your proxy card, by telephone, through the Internet or online during the Annual Meeting, your shares will not be voted. If you return a signed and dated proxy card or otherwise vote without marking voting selections, your shares will be voted, as applicable, “For” the election of all nominees for director, “For” the ratification of Ernst & Young LLP as independent auditors for the year ending December 31, 2022, YY 10 and "For" the approval of, on a non-binding advisory basis, the compensation of our Named Executive Offff icers. If any other matter is properly presented at the meeting, your proxyholder (one of the individuals named on your proxy card) will vote your shares using his best judgment. If I am a beneficial owner of shares held in street name and I do not provide my broker or bank with voting instructions, what happens? If you are a beneficial owner of shares held in street name and you do not instruct your broker, bank or other agent how to vote your shares, your broker, bank or other agent may still be able to vote your shares in its discretion. In this regard, brokers, banks and other securities intermediaries may use their discretion to vote your “uninstructed” shares with respect to matters considered to be “routine” under applicable rules, but not with respect to “non-routine” matters. Proposals 1 and 3 are considered to be “non-routine” under applicable rules, meaning that your broker may not vote your shares on those proposals in the absence of your voting instructions. However, Proposal 2 is considered to be “routine” under applicable rules, meaning that if you do not return voting instructions to your broker by its deadline, your shares may be voted by your broker in its discretion on Proposal 2. If you are arr beneficial ownerww rr treet ii hett way youyy would prefer, you must provid of shares held in sii rr e vdd are voted in t bank or other agent by the deadlinll e providvv eddd bank or other agent. in the material rr name, in order otvv ingtt rr s yll ouyy to ensure your shares instructions to your ,rr broker yy receive from your broker, rr rr Who is paying for this proxy solicitation? We will pay for the entire cost of soliciting proxies. In addition to these proxy materials, our directors and employees may also solicit proxies in person, by telephone or by other means of communication. Directors and employees will not be paid any additional compensation for soliciting proxies. We may also reimburse brokerage firms, banks and other agents for the cost of forwarding proxy materials to beneficial owners. What does it mean if I receive more than one Notice? If you receive more than one Notice, your shares may be registered in more than one name or in nt accounts. Please follow the voting instructions on the Notice to ensure that all of your shares differe ff are voted. Can I change my vote after submitting my proxy? Stockholder of Record:rr Shares Registered in Your Name Yes. You can revoke your proxy at any time beforeff the final vote at the meeting. If you are the • • • record holder of your shares, you may revoke your proxy in any one of the following ways: YouYY may submit another properly completed proxy card with a later date. YouYY may grant a subsequent proxy by telephone or through the Internet. YouYY may send a timely written notice that you are revoking your proxy to Tenable Holdings, Inc., Attention: Corporate Secretary at 6100 Merriweather Drive, 12th Floor, Columbia, Maryland 21044. YouYY may attend the Annual Meeting and vote online. Simply attending the meeting will not, by itself, revoke your proxy. • 11 Your most current proxy card or telephone or Internet proxy is the one that is counted. Beneficial Owneww r: Shares Registered in the Name of Broker or Bank If your shares are held by your broker, bank or other agent, you should follow the instructions provided by your broker, bank or other agent. When are stockholder proposals and director nominations due for next year’s Annual Meeting? ff the 2023 Annual Meeting of Stockholders, you must deliver your notice to our To be considered for inclusion in next year’s proxy materials, your proposal must be submitted in writing by December 14, 2022, to 6100 Merriweather Drive, 12th Floor, Columbia, Maryland 21044. If election at, or bring business other than through a stockholder you wish to nominate an individual forff proposal before, Corporate Secretary at the address above between January 25, 2023 and February 24, 2023. Your notice to the Corporate Secretary must set forth informat ion specified in our bylaws, including your ff name and address and the class and number of shares of our stock that you beneficially own. In addition to satisfying the foregoing requirements under Tenable's bylaws, to comply with the universal proxy rules (once effect ive), stockholders who intend to solicit proxies in support of director nominees other than Tenable's nominees must provide notice that sets forth the informat 14a-19 under the Securities Exchange Act of 1934, as amended (the "Exchange Act"), no later than March 26, 2023. ion required by Rule ff ff If you propose to bring business beforeff an annual meeting of stockholders other than a director ff : (1) a brief nomination, your notice must also include, as to each matter proposed, the following description of the business desired to be brought before such annual meeting and the reasons for conducting that business at the annual meeting and (2) any material interest you have in that election as a director, your notice must also business. If you propose to nominate an individual forff include, as to each person you propose to nominate forff election as a director, the following: (1) the name, age, business address and residence address of the person, (2) the principal occupation or employment of the person, (3) the class and number of shares of our stock that are owned of record and beneficially owned by the person, (4) the date or dates on which the shares were acquired and the investment intent of the acquisition; (5) a statement whether such person, if elected, intends to tender, promptly following such person’s failure at the next meeting at which such person would face election or re-election, an irrevocable resignation effect informat proxies for the election of that person as a director in an election contest (even if an election contest is not involved), or that is otherwise required to be disclosed pursuant to Section 14 of the Exchange Act, and the rules and regulations promulgated under the Exchange Act, including the person's written consent to being named as a nominee and to serving any proposed nominee to furnish other informff eligibility of the proposed nominee to serve as an independent director or that could be material to a reasonable stockholder's understanding of the independence, or lack of independence, of the proposed nominee. ive upon acceptance of such resignation by the Board of Directors and (6) any other ion concerning the person as would be required to be disclosed in a proxy statement soliciting to receive the required vote for election or re-election ation as we may reasonably require to determine the as a director if elected. We may require rr ff ff ff For more informat ff ion, and forff more detailed requirements, please refer to our Amended and Restated Bylaws, filed as Exhibit 3.4 to our Registration Statement on Form S-1 (File No. 333-226002), filed with the SEC on June 29, 2018. 12 How are votes counted? Votes will be counted by the inspector of election appointed for the meeting, who will separately count, forff Proposal 1, the proposal to elect directors, votes “For,” “Withhold” and broker non-votes (described below); for Proposal 2, the proposal to ratify our independent auditors, votes “For,” “Against” and “Abstain”; and, for Proposal 3, the proposal to approve, on a non-binding advisory basis, the compensation of our Named Executive Officers, broker non-votes. If you “Abstain” it will be counted towards the vote total for Proposals 2 and 3. For Proposal 2 and 3, it will have the same effect and 3 will have no effect ff expect broker non-votes on Proposal 2. and will not be counted towards the vote total for those proposals. We do not as “Against” votes. Broker non-votes on Proposals 1 ”For," "Against" and “Abstain” and ff ff What are “broker non-votes”? As discussed above, when a beneficial owner of shares held in street name does not give voting instructions to his or her broker, bank or other securities intermediary holding his or her shares as to how to vote on matters deemed to be “non-routine” under applicable rules, the broker, bank or other such agent cannot vote the shares. These un-voted shares are counted as “broker non-votes.” Proposal 1 and 3 are considered to be “non-routine” under applicable rules and we thereforeff broker non-votes on these proposals. However, as Proposal 2 is considered “routine” under applicable rules, we do not expect broker non-votes on this proposal. expect As a remrr inder, if you are a b r shares are voted in t rr ouyy ensure yrr instructions to your broker,kk receive from your broker, bank or other bank or other tt tt agent. eneficial ownerww of shares held in sii ii hett way youyy would prefer, you must provid agent by the deadlinll e providvv eddd treet rr rr to name, in order rr e vdd otvv ingtt in the material rr s yll ouyy How many votes are needed to approve each proposal? For Proposal 1, the election of directors, the three nominees receiving the most “For” votes from the holders of shares present online at the meeting or represented by proxy and entitled to vote on the election of directors will be elected. Only votes “For” will affect . have no effect the outcome. Broker non-votes will ff ff To be approved, Proposal 2, ratification of the selection of Ernst & Young YY LLP as the Company’s independent registered public accounting firm for 2022, must receive “For” votes from the holders of a majority of shares present online at the meeting or represented by proxy and entitled to vote on the as an “Against” vote. Since brokers matter. If you “Abstain” from voting, it will have the same effect have authority to vote on your behalf with respect to Proposal 2, we do not expect broker non-votes on this proposal. ff For Proposal 3, advisory approval of the compensation of our Named Executive Offiff cers will be considered to be approved if it receives "For" votes from the holders of a majority of the shares present online at the meeting or represented by proxy and entitled to vote thereon to be approved. If you “Abstain” from voting, it will have the same effect ff . non-votes will have no effect as an “Against” vote on this proposal. Broker ff What is the quorum requirement? A quorum of stockholders is necessary to hold a valid meeting. A quorum will be present if stockholders holding at least a majority of the outstanding shares entitled to vote are present online at the meeting or represented by proxy. On the record date, there were 110,286,675 shares outstanding 13 and entitled to vote. Thus, the holders of 55,143,338 shares must be present online at the meeting or represented by proxy at the meeting to have a quorum. Your shares will be counted towards the quorum only if you submit a valid proxy (or one is submitted on your behalf by your broker, bank or other nominee) or if you vote online during the virtual meeting. Abstentions and broker non-votes will be counted towards the quorum requirement. If there is no quorum, the chairperson of the meeting or the holders of a majority of shares present online at the meeting or represented by proxy may adjourn the meeting to another date. Will a list of record stockholders as of the record date be available? Upon request, a list of our record shareholders as of the close of business on the record date will be made available to stockholders. In addition, for the ten days prior to the Annual Meeting, the list will be available upon request for examination by any stockholder of record for a legally valid purpose. To access the list of record shareholders beginning May 15, 2022 and until the Annual Meeting, stockholders should email David Bartholomew, Associate General Counsel, at dbartholomew@tenable.com. How do I ask a question at the Annual Meeting? Only stockholders of record as of March 31, 2022 may submit questions or comments in advance of the virtual stockholders meeting. If you would like to submit a question or comment, you may do so prior to 5:00 p.m. Eastern Time on May 21, 2022 by following the instructions in your registration documents on https://www .proxydocs.com/TENB. // To help ensure that we have a productive and efficient ff meeting, and in fairness to all stockholders in attendance, you will also find posted our rules of conduct for the Annual Meeting when you log in prior to the start of the Annual Meeting. In accordance with the rules of conduct, we ask that you limit your submission to one brief question or comment that is relevant to the Annual Meeting or our business and that such remarks are respectful of your fellow stockholders and meeting participants. Our management may group submitted questions by topic with a representative question read aloud and answered. In addition, questions may be ruled out of order if they are, among other things, irrelevant to our business, related to pending or threatened litigation, disorderly, repetitious of statements already made, or in furtherance of the speaker's own personal, political or business interests. Questions will be addressed in the "Question and Answer" portion of the Annual Meeting. What do I do if I have technical difficulties in connection with the Annual Meeting? If you encounter any difficult ff ies accessing the virtual meeting during the check-in or meeting time, please call the technical support number that will be posted on the Annual Meeting login page. Technical support will be available beginning at approximately 12:00 p.m. Eastern time on May 25, 2022. How can I find out the results of the voting at the Annual Meeting? Preliminary voting results will be announced at the Annual Meeting. In addition, final voting results will be published in a current report on Form 8-K that we expect to file within four business days after the Annual Meeting. If final voting results are not available to us in time to file a Form 8-K within four business days after the meeting, we intend to file a Form 8-K to publish preliminary results and, within four business days after the final results are known to us, file an additional Form 8-K to publish the final results. 14 PROPOSAL 1 ELECTION OF DIRECTORS Tenable’s Board of Directors is divided into three classes and each class has a three-year term. Vacancies on the Board may be filled only by persons elected by a majority of the remaining directors. A director elected by the Board to fill a vacancy in a class, including vacancies created by an increase in the number of directors, shall serve for the remainder of the full term of that class and until the director’s successor is duly elected and qualified. The Board of Directors currently consists of nine members. There are three directors in the class YY expires in 2022. Mr. Yoran was previously elected by Tenable's stockholders. whose term of officeff Mses. Higgins and Howe were recommended to the Board by a member of senior management and the chief executive officer would serve until the 2025 Annual Meeting of Stockholders and until their successor has been duly elected and qualified, or, if sooner, until the director’s death, resignation or removal. It is the Company’s policy to invite and encourage directors and nominees for director to attend each annual meeting of stockholders. In 2021, eight of our then serving directors attended the Annual Meeting. , respectively. If elected at the Annual Meeting, each of these nominees ff Directors are elected by a plurality of the votes of the holders of shares present online at the meeting or represented by proxy and entitled to vote on the election of directors. Accordingly, the three nominees receiving the highest number of affirmat by executed proxies will be voted, if authority to do so is not withheld, for the election of the three nominees named below. If any nominee becomes unavailable for election as a result of an unexpected occurrence, shares that would have been voted forff for the election of a substitute nominee proposed by the Board. Each person nominated for election has agreed to serve if elected. The Company’s management has no reason to believe that any nominee will be unable to serve. ive votes will be elected. Shares represented that nominee will instead will be voted ff The following table includes diversity information regarding our directors: Board Diversity Matrix (As of March 31, 2022) Total Number of Directors Part I: Gender Identity Directors Part II: Demographic Background African American or Black White Female Male 9 3 0 3 6 1 5 CLASS I NOMINEES FOR ELECTION FOR A THREE-YEAR TERM EXPIRING AT THE 2025 ANNUAL MEETING The following is a brief biography of each nominee for director and a discussion of the specific experience, qualifications, attributes or skills of each nominee that led the Nominating and Corporate Governance Committee of the Board of Directors to recommend that person as a nominee for director, as of the date of this proxy statement. The Nominating and Corporate Governance Committee seeks to assemble a board of directors that, as a whole, possesses the appropriate balance of professional and industry knowledge, financial 15 expertise and high-level management experience necessary to oversee and direct the Company’s business. To that end, the Committee has identified and evaluated nominees in the broader context of the Board’s overall composition, with the goal of recruiting members who complement and strengthen the skills of other members and who also exhibit integrity, collegiality, sound business judgment and ive functioning of the Board. To provide a other qualities that the Committee views as critical to effect mix of experience and perspective on the Board, the Committee also takes into account gender, age, and ethnic diversity. The brief biographies below include informat statement, regarding the specific and particular experience, qualifications, attributes or skills of each director or nominee that led the Committee to believe that that nominee should continue to serve on the Board. ion, as of the date of this proxy ff ff 16 Amit YoraYY n, age 51 Amit Yoran has served as our Chief Executive Officer and Chairman since December 2016 and was appointed as our President, in addition to Chief Executive Offff icer and Chairman, in May 2018. Prior to joining Tenable, Mr. Yoran served as President of RSA Solutions, Inc. from October 2014 to December 2016. Mr. Yoran Academy at West Point and an M.S. in Computer Science from George Washington University. Our Board of Directors believes that Mr. Yoran is qualified to serve as a director based on his role as our Chief Executive Officer and his extensive management experience in the technology and security industries. received a B.S. from the United States Military YY Niloofar Razi Howe, age 53 ff Niloofarff Razi Howe has served as a member of our Board of Directors since May 2021. Since 2019, Ms. Howe has served as a senior operating partner at Energy Impact Partners, a venture capital fund. Ms. Howe previously served as Chief Strategy Officer and Senior Vice President of Strategy and Operations at RSA, a global cybersecurity company, from 2015 to 2018. Ms. Howe has served on the Board of Directors of Composecure, Inc. since December 2021. Ms. Howe also currently serves on the board of directors of a number of private technology companies. Ms. Howe received a B.A. degree from Columbia College and holds a Juris Doctor degree from Harvard Law School. Our Board of Directors believes that Ms. Howe is qualified as a director based on her extensive cybersecurity and management experience and her experience as a director of technology companies. Lindii ZZ a Zdd echer Higgi ins, age 68 ff ff Linda Zecher Higgins has served as a member of our Board of Directors since and Managing Partner August 2019. Ms. Higgins is the Chief Executive Officer ive digital of the Barkley Group, a consulting firm focused on effect transformation, and has held such positions since January 2017. Prior to that time, she served as the President and Chief Executive Officer, and a member of the board of directors, of Houghton Mifflinff Harcourt Company from September 2011 to September 2016. Ms. Higgins has served as a member of the board of directors of Hasbro, Inc. since August 2014. Ms. Higgins received a B.S. in Earth Science from The Ohio State University. Our Board of Directors believes that Ms. Higgins is qualified to serve as a director based on her extensive management experience with technology companies and her experience as a director of public companies. THE BOARD OF DIRECTORS RECOMMENDS A VOTE IN FAVOR OF EACH NAMED NOMINEE. 17 DIRECTORS CONTINUING IN OFFICE UNTIL THE 2023 ANNUAL MEETING John C. Huffard , Jdd r.JJ , age 54 ff ff served as our Chief Operating Officer from May 2018 through John C. Huffard, Jr. has served as a member of our Board of Directors since 2002. Mr. Huffard December 2019. Prior to that, he served as our President and Chief Operating Offiff cer from November 2008 to May 2018, and he co-founded our company in has also served as a member of the board of directors of 2002. Mr. Huffard Norfolkff received a B.S.B.A. from Washington and Lee University and an M.B.A. from Babson College. Our Board of Directors believes that Mr. Huffard a director based on his in-depth knowledge of our company and our products . and prior role as our Chief Operating Officer due to his role as our co-founder Southern Corporation since February 2020. Mr. Huffard is qualified to serve as ff ff ff ff ff ff A. Brooke Seawell, al ge 74 A. Brooke Seawell has served as a member of our Board of Directors since October 2017. Mr. Seawell is a Venture Partner at New Enterprise Associates Inc., a position he has held since January 2005. Mr. Seawell has served on the board of directors of NVIDIA Corporation, a visual computing company, since December 1997 and Eargo, Inc., a medical device company, since September 2020. He previously served on the board of directors of Tableau Software, Inc., a business intelligence software Mr. Seawell received both a B.A. in Economics and an M.B.A. in Finance from Stanford University. Our Board of Directors believes that Mr. Seawell is qualified to serve as a director based on his extensive experience in technology finance and operations, including having served as the chief financial officer public companies and his experience as a director of public technology companies. company, from November 2011 to August 2019. of two ff ff ff Raymond Vicks,kk Jr., age 62 Raymond Vicks, Jr. has served as a member of our Board of Directors since January 2022. Mr. Vicks previously served as Managing Partner at the BMV Group, a position he held from August 2017 until his retirement in 2019. Mr. Vicks also served as the Chief Financial Offiff cer of the HSC Health Care System from 2015 to 2019. Prior to that, Mr. Vicks served in roles of increasing responsibility at PricewaterhouseCoopers LLP from 1995 to 2014, where at the time of his departure, he was a Partner. Mr. Vicks is a Certified Public Accountant and received his B.S. in accounting from Virginia Tech and his M.P.H. from George Washington University. Our Board of Directors believes that Mr. Vicks is qualified to serve as a director based on his based on his extensive public accounting and management experience. 18 DIRECTORS CONTINUING IN OFFICE UNTIL THE 2024 ANNUAL MEETING Arthur W. Coviello, Jr.rr , age 68 VV Partner at Rally Ventures, LLC, a position he has held Arthur W. Coviello, Jr. has served as a member of our Board of Directors since February 2018 and as our Lead Independent Director since February 2022. Mr. Coviello is a Venture since May 2015. Mr. Coviello has served on the boards of directors of Synchrony Financial since November 2015, Mandiant, Inc. (f/k/a FireEye, Inc.) since December 2020, and Epiphany Technology Acquisition Corp. since November 2020. He previously served on the boards of directors of Gigamon, Inc. from April 2017 until its acquisition in December 2017 and EnerNOC, Inc. from June 2009 until its acquisition in August 2017. Mr. Coviello received a B.B.A. in Business Administration from the University of Massachusetts. Our Board of Directors believes that Mr. Coviello is qualified to serve as a director based on his extensive security industry and management experience and his experience as a director of public technology companies. Kimberlyrr L. Hammondsdd , age 54 ff of Deutsche Kimberly L. Hammonds has served as a member of our Board of Directors since June 2018. Ms. Hammonds founded the Mangrove Digital Group, LLC in May 2018. She previously served as Group Chief Operating Officer Bank AG, a global financial services company, from January 2016 to June 2018, and as a member of the management board of Deutsche Bank from August 2016 to June 2018. Ms. Hammonds has served on the boards of directors of Box, Inc. since October 2018, Zoom Video Communications since September 2018, UiPath Inc since October 2020, and previously served on the boards of directors of Red Hat Inc. from August 2015 to July 2019 and Cloudera, Inc. from March 2017 to January 2020. Ms. Hammonds received a B.S. in Mechanical Engineering from the University of Michigan and an M.B.A. from Western Michigan University. Our Board of Directors believes that Ms. Hammonds is qualified to serve as a director based on her extensive management experience and her experience as a director of public technology companies. Jerry M. Kennellyll , ayy ge 71 ff ff of Scandic from May 2002 to April 2018. Mr. Kennelly served on the Jerry M. Kennelly has served as a member of our Board of Directors since May 2018. Mr. Kennelly is the Chairman and Chief Executive Officer Capital, LLC, an investment firm, a position he has held since April 2018. Prior to joining Scandic, Mr. Kennelly co-founded Riverbed Technology, Inc., a network infrastructure company, in 2002, and served as its Chairman and Chief Executive Officer board of directors of Nimble Storage, Inc., a flash storage company, from April 2013 to April 2017 when Nimble Storage was acquired by Hewlett Packard Enterprise Company. Mr. Kennelly received a B.A. in Political Economy from Williams College and an M.S. in Accounting from New YorkYY Board of Directors believes that Mr. Kennelly is qualified to serve as a director based on his extensive operating and executive management experience with technology companies and his experience as a director of public technology companies. University. Our 19 INFORMATION REGARDING THE BOARD OF DIRECTORS AND CORPORATE GOVERNANCE Independence of the Board of Directors As required under the Nasdaq Stock Market (“Nasdaq”) listing standards, a majority of the members of a listed company’s Board of Directors must qualify aff determined by the Board of Directors. The Board consults with the Company’s counsel to ensure that the Board’s determinations are consistent with relevant securities and other laws and regulations regarding the definition of “independent,” including those set forth in pertinent listing standards of Nasdaq, as in effect s “independent,” as affirmat from time to time. ively ff ff Consistent with these considerations, after ff review of all relevant identified transactions or relationships between each director, or any of his or her family members, and the Company, its senior management and its independent registered public accounting firm, the Board has affirmat ively determined that the following seven of our current directors are independent directors within the meaning of the applicable Nasdaq listing standards: Arthur W. Coviello, Jr., Kimberly L. Hammonds, Jerry M. Kennelly, Niloofar Razi Howe, A. Brooke Seawell, Raymond Vicks, Jr., and Linda Zecher Higgins. The Board determined that Messrs. Li and Wells, who resigned from the Board of Directors in May 2021 and January 2022 respectively, were also independent while each served on the Board. In making this determination, the Board fouff nd that none of these directors or nominees for director had a material or other disqualifying relationship with the Company. ff Board Leadership Structure YY Our Board of Directors is currently chaired by Mr. Yoran, believes that combining the positions of Chief Executive Officer the Board and management act with a common purpose and provides a single, clear chain of command to execute Tenable’ s strategic initiatives and business plans. In addition, the Board believes that a combined Chief Executive Officer/B ion. The Board also between management and the Board, facilitating the regular flow of informat believes that it is advantageous to have a Board Chair with significant history with and extensive knowledge of Tenable ff and Board Chair helps to ensure that oard Chair is better positioned to act as a bridge (as is the case with Mr. Yoran). our Chief Executive Officer . The Board TT TT ff ff ff The Board has also appointed Mr. Coviello as lead independent director in order to help reinforce ff ff ff YY tive balance to Mr. Yoran’ s leadership as our combined Chief Executive and Board Chair. The lead independent director is empowered to, among other duties and and Board Chair to develop and approve an ff the independence of the Board as a whole. The position of lead independent director has been structured to serve as an effecff Officer responsibilities, work with the Chief Executive Officer appropriate Board meeting schedule and Board meeting agendas; provide the Chief Executive Officer and Board Chair feedback on the quality, quantity, and timeliness of the information provided to the Board; develop the agenda and moderate executive sessions of the independent members of the Board; preside over Board meetings when the Chief Executive Officer and Board Chair is not present or when Board or Chief Executive Officer performance or compensation is discussed; act as principal liaison between the independent members of the Board and Chief Executive Officer and Board Chair; convene meetings of the independent directors as appropriate; and perform such other duties as may be established or delegated by the Board. As a result, the Company believes that the lead independent director can help ensure the effect oversight responsibilities. ive independent functioning of the Board in its ff ff 20 Role of the Board in Risk Oversight One of the Board’s key functions is inforff med oversight of Tenable’s risk management process. The Board does not have a standing risk management committee, but rather administers this oversight function directly through the Board as a whole, as well as through various Board standing committees that address risks inherent in their respective areas of oversight. In particular, our Board is responsible forff monitoring and assessing strategic risk exposure, including a determination of the nature and level of risk appropriate for the Company. Our Audit Committee has the responsibility to consider and discuss our major financial risk exposures and the steps our management has taken to monitor and control these exposures, including guidelines and policies to govern the process by which risk assessment and management is undertaken. The Audit Committee also monitors compliance with legal and regulatory requirements, in addition to oversight of the performance of our internal audit function. Audit Committee responsibilities also include oversight of information security risk management, including thorough oversight of the Cybersecurity Subcommittee of the Audit Committee, which assists the Audit Committee and the Board in overseeing cybersecurity risk management. Our Nominating and Corporate Governance Committee monitors the effectiveness of our corporate governance guidelines, including whether they are successful in preventing illegal or improper liability-creating conduct. Our Compensation Committee assesses and monitors whether any of our compensation policies and programs has the potential to encourage excessive risk-taking. Typically, the entire Board meets with members of management responsible forff risk management at least annually, and the applicable Board committees meet at least annually with the employees responsible forff risk management in the committees’ respective areas of oversight. Both the Board as a whole and the various standing committees receive periodic reports from members of management responsible forff responsibility of the committee chairs to report findings regarding material risk exposures to the Board as quickly as possible. risk management, as well as incidental reports as matters may arise. It is the Meetings of the Board of Directors The Board of Directors met six times during 2021. Each director attended 75% or more of the aggregate number of meetings of the Board and of each of the committees on which he or she served during the portion of the last year for which he or she was a director or committee member. 21 Information Regarding Committees of the Board of Directors The Board has three committees: an Audit Committee, a Compensation Committee and a Nominating and Corporate Governance Committee. The following table provides meeting informat for 2021 and current membership for each of the Board committees: ff ion Name Arthur W. Coviello, Jr. Kimberly L. Hammonds Jerry M. Kennelly Niloofarff Razi Howe(2) A. Brooke Seawell Linda Zecher Higgins Raymond Vicks, Jr.(3) Total meetings in 2021 Audit X(1) X X* X 8 Compensation Nominating and Corporate Governance X* X X* X X 5 X 4 ___ ____ ________ __ __ * Committee Chairperson (1) Mr. Coviello ceased being a member of the Audit Committee in January 2022 in connection with Mr. Vicks' appointment to the Audit Committee. (2) Ms. Howe joined the Board in May 2021. (3) Mr. Vicks joined the Board in January 2022. Below is a description of each committee of the Board of Directors. Each of the committees has authority to engage legal counsel or other experts or consultants, as it deems appropriate to carry out its responsibilities. The Board of Directors has determined that each member of each committee meets the applicable Nasdaq rules and regulations regarding “independence” and each member is free of any relationship that would impair his or her individual exercise of independent judgment with regard to the Company. Audit Committee The Audit CCommittee fof the Board off Directors was established byy the Board in accordance with 3(a)(58)(A) o) off the Exch gange Act to oversee the CCompa yny’s corporate account ging and SSection 3(a)(58)(A ffinancial report ging processes and audits off its ffinancial statements. For this purpose, the Audit CCommittee pe frforms several ffunctions. The principal duties and responsibilities fof our audit committee include, amo gng other th gings: • • • • • • ff of the independent registered public elping to ensure the independence and performance electing a qualified firm to serve as the independent registered public accounting firm to s audit our financial statements; h accounting firm; discussing the scope and results of the audit with the independent registered public accounting firm, and reviewing, with management and the independent registered public accounting firm, our interim and year-end operating results, including a review of our disclosures under "Management's Discussion and Analysis of Financial Condition and results of Operations"; developing procedures for employees to submit concerns anonymously about questionable accounting or audit matters; reviewing our policies on risk assessment and risk management; overseeing the organization and performance ff of the Company's internal audit function; 22 • meeting in executive session with management and the Company's independent registered • • • public accountants; reviewing related party transactions; obtaining and reviewing a report by the independent registered public accounting firm at least annually, that describes its internal quality-control procedures, any material issues with such procedures, and any steps taken to deal with such issues when required by applicable law; and approving (or, as permitted, pre-approving) all audit and all permissible non-audit services to ff be performed by the independent registered public accounting firm. The Audit Committee is currently composed of three directors: A. Brooke Seawell, Kimberly L. Hammonds, and Raymond Vicks, Jr. Arthur Coviello served as a member of the Audit Committee until January 2022. The Audit Committee met eight times during 2021. The Board has adopted a written Audit Committee charter that is available to stockholders on our website at www.tenable.com. The Board of Directors reviews the Nasdaq listing standards definition of independence for Audit Committee members on an annual basis and has determined that all members of the Company’s Audit Committee are independent (as independence is currently defined in Rule 5605(c)(2)(A)(i) and (ii) of the Nasdaq listing rules). The Board of Directors has also determined that Messrs. Vicks and Seawell each qualifies as an “audit committee financial expert,” as defined in applicable SEC rules. The Board made a qualitative assessment of Messrs. Vicks and Seawell's level of knowledge and experience based on a number of factors, including their formal education, Mr. Seawell's experience as a chief financial officer of public reporting companies and Mr. Vicks' public accounting experience. ff Report of the Audit Committee of the Board of Directors* The Audit Committee has reviewed and discussed the audited financial statements forff the year ended December 31, 2021 with management of the Company. The Audit Committee has discussed with the independent registered public accounting firm the matters required to be discussed by the applicable requirements of the Public Company Accounting Oversight Board (“PCAOB”) and SEC. The Audit Committee has also received the written disclosures and the letter from the independent registered public accounting firm required by applicable requirements of the PCAOB regarding the independent registered public accounting firm's communications with the audit committee concerning independence, and has discussed with the independent registered public accounting firm the accounting firm’s independence. Based on the foregoing, the Audit Committee has recommended to the Board of Directors that the audited financial statements be included in the Company’s Annual Report on Form 10-K for the year ended December 31, 2021. A. Brooke Seawell, Chair Kimberly L. Hammonds Raymond Vicks, Jr. *TheTT material in this report is not "solicit " ingtt material," is nii ot deemed "filed" ii with t tt hett Commission and is not to be incorporated by reference in any filing of the Company under the Securitiestt Exchange Act, wt ctive of any general incorporationtt tt hetww her language in aii made beforeff ii or after the date hereorr ny such filing. f and irresrr pes Act or the 23 Compensation Committee The Compensation Committee of the Board of Directors acts on behalf of the Board to review, modify aff nd oversee the Company’s compensation strategy, policies, plans and programs, including: • • • establishment of corporate and individual performance compensation of our executive officers, evaluation of performance in light of these stated objectives; ff ff ff objectives relevant to the directors and other senior management and review and recommend to the Board for approval of the compensation and other terms of employment or service, including severance and change-in-control arrangements, of our Chief Executive Officer , the other executive officers and directors; and rr ff ff administration of our equity compensation plans, bonus plans, benefit plans and other similar plans and programs. The Compensation Committee is currently composed of three directors: Jerry M. Kennelly, Linda Zecher Higgins, and Niloofarff Razi Howe. All members of the Company’s Compensation Committee are independent (as independence is currently defined in Rule 5605(d)(2) of the Nasdaq listing rules. The Compensation Committee met five times during 2021. The Board has adopted a written Compensation Committee charter that is available to stockholders on our website at www.tenable.com. Compensation Committee Processes and Procedures ff ff ff ff and Compensia, Inc. , Chief People Officer , our Chief People Officer and our General Counsel also regularly attend meetings at the Typically, the Compensation Committee meets quarterly and with greater frequency when necessary. The agenda for each meeting is usually developed by the Chair of the Compensation Committee, in consultation with the Chief Executive Officer ("Compensia"), the compensation consultant engaged by the Compensation Committee. The Compensation Committee meets regularly in executive session. In addition to our Chief Executive Officer invitation of the Compensation Committee and take part in discussions about executive compensation. From time to time, various members of management and other employees as well as outside advisors or consultants may be invited by the Compensation Committee to make presentations, to provide financial or other background information or advice or to otherwise may not participate in, participate in Compensation Committee meetings. The Chief Executive Officer or be present during, any deliberations or determinations of the Compensation Committee regarding his compensation or individual performance objectives. The charter of the Compensation Committee grants the Compensation Committee full access to all books, records, facilities and personnel of the Company. In addition, under its charter, the Compensation Committee has the authority to obtain, at the expense of the Company, advice and assistance from compensation consultants and internal and external legal, accounting or other advisors and other external resources that the Compensation Committee considers necessary or appropriate in the performance of its duties. The Compensation Committee has direct responsibility for the oversight of the work of any consultants or advisers engaged for the purpose of advising the Committee. In particular, the Compensation Committee has the sole authority to retain, in its sole discretion, compensation consultants to assist in its evaluation of executive and director compensation, including the authority to approve the consultant’s reasonable fees and other retention terms. Under the charter, the Compensation Committee may select, or receive advice from, a compensation consultant, legal counsel or other adviser to the compensation committee, other than in-house legal counsel and certain other types of advisers, only after taking into consideration six factors, prescribed by the SEC and Nasdaq, that bear upon the adviser’s independence; however, there is no requirement that any adviser be independent. ff ff 24 During the past calendar year, after taking into consideration the six factors prescribed by the SEC and Nasdaq described above, the Compensation Committee retained Compensia as its compensation consultant. Our Compensation Committee identified Compensia based on Compensia's general reputation in the industry. The Compensation Committee requested that Compensia: • • evaluate the efficacy ff supporting and reinforcing ff of the Company’s existing compensation strategy and practices in the Company’s long-term strategic goals; and assist in refining the Company’s compensation strategy and in developing and implementing an executive compensation program to execute that strategy. As part of its engagement, Compensia was requested by the Compensation Committee to review and update the group of companies that we use for comparative purposes and to perform an analysis of competitive performance the Compensation Committee with respect to executive compensation for the year ended December 31, 2021, as well as the role of the compensation consultant in assisting with those determinations, are described in greater detail in the “Compensation Discussion and Analysis” section of this proxy statement. and compensation levels for that group. The specific determinations of ff Under its charter, the Compensation Committee may forff m, and delegate authority to, ff subcommittees as appropriate. In 2021, the Compensation Committee delegated authority to Mr. and Chairman, to grant, without any further ff Yoran, in his capacity as our Chief Executive Officer action required by the Compensation Committee, stock awards to certain employees who are not officers of the Company, up to and including employees at the senior vice president level. The purpose of this delegation of authority is to enhance the flexibility of equity award administration within the Company and to facilitate the timely grant of stock awards to non-management employees, particularly new employees and promoted employees, within specified limits approved by the Compensation Committee. The number of shares underlying awards approved by Mr. Yoran subject to maximum limits based on a targeted market range of share value and other parameters for each recipient’s classification as set fort from time to time. Typically, as part of its oversight function, the Compensation Committee reviews on a quarterly basis the list of grants made by Mr. Yoran. exercised his authority to grant a total of 566,582 restricted stock units ("RSUs") to qualifying awards were granted pursuant to Mr. Yoran’ h in guidelines approved by the Compensation Committee During 2021, Mr. Yoran ff employees. No other equity s authority during 2021. are YY YY YY YY ff The Compensation Committee typically makes adjustments to annual compensation, approves ff of the Company’s compensation strategy, changes to the key financial metric targets and formulas used to determine annual bonus payments, approves additional equity awards and establishes new performance objectives at one or more meetings held during the first quarter of the year. However, the Compensation Committee also considers matters related to individual compensation, such as compensation for new executive hires, as well as high-level strategic issues, such as the efficacy ff potential modifications to that strategy and new trends, plans or approaches to compensation, at various meetings throughout the year. Generally, the Compensation Committee’s process comprises two related elements: the determination of compensation levels and the establishment of performance objectives for the current year. For executives other than the Chief Executive Officer, the Compensation Committee solicits and considers evaluations and recommendations submitted to the , the evaluation of Committee by the Chief Executive Officer his performance is conducted by the Compensation Committee, which determines any adjustments to ff his compensation as well as awards to be granted. For all executives and directors as part of its deliberations, the Compensation Committee may review and consider, as appropriate, materials such ion, tally sheets that as financial reports and projections, operational data, tax and accounting informat set forth the total compensation that may become payable to executives in various hypothetical scenarios, executive and director stock ownership information, company stock performance data, . In the case of the Chief Executive Officer ff ff ff 25 analyses of historical executive compensation levels and current company-wide compensation levels and recommendations of the Compensation Committee’s compensation consultant, including analyses of executive and director compensation paid at other companies identified by the consultant. Compensation Committee Interlocks akk nd Insider Partitt cipaii tion None of the current members of our Compensation Committee has ever been an executive officer ff or employee of ours. None of our executive officers completed year, on the compensation committee or board of directors of any other entity that has one or more executive officers Committee. serving as a member of our Board of Directors or Compensation currently serve, or has served during the last ff ff Report of the Compensation Committee of the Board orr f Directors* The Compensation Committee has reviewed and discussed with management the Compensation Discussion and Analysis (“CD&A”) contained in this proxy statement. Based on this review and discussion, the Compensation Committee has recommended to the Board of Directors that the CD&A be included in this proxy statement and incorporated into the Company’s Annual Report on Form 10-K for the year ended December 31, 2021. Jerry M. Kennelly, Chair Niloofarf Razi Howe Linda Zecher Higgins *TheTT material in this report is not “so“ ii urnished to, but not deemed “filed” with,tt the Commission and is not deemed to be incorporated by reference under the Securitiestt 10‑K, where it shall be deemed to be “furnished,” whetww her irrespectivett tt language in aii of any general incorporationtt EE Act or the Exchange ny such filing. made beforeff in any filing of the Company Act, other than the Company’s Annual Report on Form ff or after the date hereof and licitingtt material,” is f ff ff Nominating and Corporate Governance Committee The Nominating and Corporate Governance Committee of the Board of Directors is responsible for identifying, reviewing and evaluating candidates to serve as directors of the Company (consistent with criteria approved by the Board), reviewing and evaluating incumbent directors, recommending to the Board for selection candidates for election to the Board of Directors, making recommendations to the Board regarding the membership of the committees of the Board, assessing the performance management and the Board, and developing a set of corporate governance principles for the Company. of ff The Nominating and Corporate Governance Committee is currently composed of three directors: Arthur W. Coviello, Jr., Kimberly L. Hammonds, and Linda Zecher Higgins. All members of the Nominating and Corporate Governance Committee are independent (as independence is currently defined in Rule 5605(a)(2) of the Nasdaq listing rules). The Nominating and Corporate Governance Committee met four times during 2021. The Board has adopted a written Nominating and Corporate Governance Committee charter that is available to stockholders on the our website at www.tenable.com. The Nominating and Corporate Governance Committee believes that candidates for director should have certain minimum qualifications, including the ability to read and understand basic financial statements, being over 21 years of age and having the highest personal integrity and ethics. The Nominating and Corporate Governance Committee also intends to consider such factors as 26 ff ff ff advice and guidance to management, rs of the Company, demonstrated excellence in his or her possessing relevant expertise upon which to be able to offer having sufficient time to devote to the affai field, having the ability to exercise sound business judgment and having the commitment to rigorously represent the long-term interests of the Company’s stockholders. However, the Nominating and ff hese qualifications from time to time. Corporate Governance Committee retains the right to modify t Board diversity and inclusion is critical to Tenable’s success. Candidates for director nominees are reviewed in the context of the current composition of the Board, the operating requirements of the Company and the long-term interests of stockholders. In conducting this assessment, the Nominating and Corporate Governance Committee typically considers diversity (including gender, racial and ethnic diversity), age, skills and such other factors as it deems appropriate, given the current needs of the Board and the Company, to maintain a balance of knowledge, experience and capability. The Nominating and Corporate Governance Committee appreciates the value of thoughtful Board refreshment, and regularly identifies and considers qualities, skills and other director attributes that would enhance the composition of the Board. In the case of incumbent directors whose terms of officeff are set to expire, the Nominating and Corporate Governance Committee will review these directors’ overall service to the Company during their terms, including the number of meetings attended, level of participation, quality of perforf mance and any other relationships and transactions that might impair the directors’ independence. The Committee also takes into account the results of the Board’s self-ff evaluation, conducted annually on a group and individual basis. In the case of new director candidates, the Nominating and Corporate Governance Committee also determines whether the nominee is independent for Nasdaq purposes, which determination is based upon applicable Nasdaq listing standards, applicable SEC rules and regulations and the advice of counsel, if necessary. The Nominating and Corporate Governance Committee then uses its network of contacts to compile a list of potential candidates, but also engages professional search firms from time to time to assist in identifying potential candidates. The Nominating and Corporate Governance Committee conducts any appropriate and necessary inquiries into the backgrounds and qualifications of possible candidates after considering the function and needs of the Board. The Nominating and Corporate Governance Committee meets to discuss and consider the candidates’ qualifications and then selects a nominee for recommendation to the Board by majority vote. The Nominating and Corporate Governance Committee will consider director candidates recommended by stockholders. The Nominating and Corporate Governance Committee does not intend to alter the manner in which it evaluates candidates, including the minimum criteria set forth above, based on whether or not the candidate was recommended by a stockholder. Stockholders who wish to recommend individuals for consideration by the Nominating and Corporate Governance Committee to become nominees for election to the Board may do so by delivering a written recommendation to the Nominating and Corporate Governance Committee at the following Tenable Holdings, Inc., Attention: Corporate Secretary, 6100 Merriweather Drive, 12th Floor, Columbia, Maryland 21044, at least 90 days, but not more than 120 days prior to the anniversary date of the preceding year's annual meeting of stockholders. Submissions must include the name and address of the stockholder on whose behalf the submission is made, the number of shares of Tenable stock owned beneficially by such stockholder on the date of the submission, the full name of the proposed nominee, a description of the proposed nominee’s business experience for at least the previous five years, complete biographical informat qualifications as a director. Any submission must be accompanied by the written consent of the proposed nominee to be named as a nominee and to serve as a director if elected. ion and a description of the proposed nominee's address: ff ff Stockholder Communications with the Board of Directors All stockholders and other interested parties are welcome to communicate with our non- management directors through an established process for stockholder communication. For a 27 communication directed to our non-management directors, please contact our Corporate Secretary or Legal Department in writing at the address listed below. Tenable Holdings, Inc. 6100 Merriweather Drive, 12th Floor Columbia, MD 21044 Attn: Corporate Secretary or Legal Department Our Corporate Secretary or Legal Department will review all incoming stockholder communications and determine whether the communication should be presented to the Board or the appropriate director. The purpose of this screening is to allow the Board to avoid having to consider irrelevant or inappropriate communications, such as mass mailings, product complaints or inquiries, job inquiries, business solicitations and patently offenff screening procedures have been approved by a majority of our independent directors. All communications directed to the Audit Committee in accordance with the Company’s whistleblower policy that relate to questionable accounting or auditing matters involving the Company will be promptly and directly forwarded to the Audit Committee. sive or otherwise inappropriate material. The Code of Ethics We have adopted the Tenable Code of Business Conduct and Ethics that applies to all officers, directors and employees. The Code of Business Conduct and Ethics is available on our website at www.tenable.com. If we make any substantive amendments to the Code of Business Conduct and Ethics or grant any waiver from a provision of the Code to any executive officer or director, we will promptly disclose the nature of the amendment or waiver on our website. ff ff Hedging Policy Our Insider Trading Policy prohibits our employees, including our executive officers, and the non- employee members of our Board of Directors from engaging in short sales, transactions in put or call options, hedging transactions, using margin accounts, pledges, or other inherently speculative transactions involving our equity securities. ff 28 PROPOSAL 2 RATIFICATION OF SELECTION OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM The Audit Committee of the Board of Directors has selected Ernst & Young YY LLP as the the year ending December 31, 2022 Company’s independent registered public accounting firm forff and has further directed that management submit the selection of its independent registered public accounting firm forff audited the Company’s financial statements since 2014. Representatives of Ernst & Young expected to be present online at the Annual Meeting. They will have an opportunity to make a statement if they so desire and will be available to respond to appropriate questions. ratification by the stockholders at the Annual Meeting. Ernst & Young LLP has LLP are YY YY Neither the Company’s Bylaws nor other governing documents or law require stockholder YY LLP as the Company’s independent registered public ratification of the selection of Ernst & Young accounting firm. However, the Audit Committee of the Board is submitting the selection of Ernst & Young LLP to the stockholders for ratification as a matter of good corporate practice. If the stockholders fail to ratify t not to retain that firm. Even if the selection is ratified, the Audit Committee of the Board in its discretion may direct the appointment of a differe any time during the year if they determine that such a change would be in the best interests of the Company and its stockholders. ff he selection, the Audit Committee of the Board will reconsider whether or nt independent registered public accounting firm at ff The affiff rmative vote of the holders of a majority of the shares present online at the meeting or represented by proxy and entitled to vote on the matter at the Annual Meeting will be required to ratify the selection of Ernst & Young LLP. YY Fees and Services The following table represents aggregate fees billed to the Company by Ernst & Young YY LLP, tP he Company’s principal accountant. (in thousands) Audit Fees(1) Tax fees(2) All Other Fees(3) Total Fees Year Ended December 31, 2021 2020 $ $ 1,927 $ 8 2 1,937 $ 1,491 — 56 1,547 ____ ___ Audit fees consisted of fees billed for professional services provided in connection with the ________ __ __ (1) audits of our annual consolidated financial statements and our internal control over financial reporting, the review of our quarterly condensed consolidated financial statements, and related procedures and audit services that are normally provided by the independent registered public accounting firm in connection with regulatory filings. Audit fees included fees related to business combinations in 2021 and fees forff in connection with our secondary offering procedures performed in 2020. ff ff (2) Tax fees included fees for permissible tax advisory services. (3) and tax research software. All other fees included fees forff permissible advisory services and access to online accounting All fees and services described above were pre-approved by the Audit Committee. 29 Pre-Approval Policies and Procedures The Audit Committee has adopted a policy and procedures for the pre-approval of audit and non- audit services rendered by the Company’s independent registered public accounting firm, Ernst & Young LLP. The policy generally pre-approves specified services in the defined categories of audit services, audit-related services and tax services up to specified amounts. Pre-approval may also be given as part of the Audit Committee’s approval of the scope of the engagement of the independent registered public accounting firm or on an individual, explicit, case-by-case basis beforeff independent registered public accounting firm is engaged to provide each service. The Chair of the Audit Committee has been delegated authority to pre-approve certain audit and non-audit services, but the decision must be reported to the full Audit Committee at its next scheduled meeting. the The Audit Committee has determined that the rendering of pre-approved services other than audit services by Ernst & Young independence. YY LLP is compatible with maintaining the principal accountant’s THE BOARD OF DIRECTORS RECOMMENDS A VOTE IN FAVOR OF PROPOSAL 2. 30 PROPOSAL 3 ADVISORY VOTE TO APPROVE THE NAMED EXECUTIVE OFFICER COMPENSATION The Dodd-Frank Wall Street Reform and Consumer Protection Act and Section 14A of the Exchange Act enable our stockholders to approve, on an advisory non-binding basis, the compensation of our Named Executive Offiff cers as disclosed in this proxy statement. This proposal, commonly known as a "Say-on-Pay" proposal, gives our stockholders the opportunity to express their views on our Named Executive Offiff cers' compensation as a whole. The vote is not intended to address any specific item of compensation or any specific Named Executive Offiff cer, but rather the overall compensation of all our Named Executive Offff icers and the philosophy, policies and practices described in this proxy statement. At the 2020 Annual Meeting of Stockholders, the stockholders indicated their preference that the Company solicit a Say-on-Pay vote every year. The Board has adopted a policy that is consistent with that preference. In accordance with that policy, this year, we are asking stockholders to approve, on an advisory basis, the compensation of our Named Executive Officers as disclosed in this proxy statement in accordance with SEC rules. ff The Say-on-Pay vote is advisory, and therefore is not binding on us, the Compensation Committee or the Board. The Say-on-Pay vote will, however, provide informat investor sentiment about our executive compensation philosophy, policies and practices, which the Compensation Committee will be able to consider when determining executive compensation for the remainder of the current year and beyond. The Board and our Compensation Committee value the opinions of our stockholders and to the extent there is any significant vote against the Named Executive Officer compensation as disclosed in this proxy statement, we will endeavor to communicate with stockholders to better understand the concerns that influenced the vote, consider our stockholders’ concerns and the Compensation Committee will evaluate whether any actions are necessary to address those concerns. ion to us regarding ff The compensation of our Named Executive Offff icers subject to the vote is disclosed in the Compensation Discussion and Analysis section, the compensation tables and the related narrative disclosure contained in this proxy statement. As discussed in those disclosures, we believe that our compensation policies and decisions are aligned with our stockholders’ interests to support long-term value creation and enable us to attract and retain talented executives. Accordingly, the Board is asking the stockholders to indicate their support for the compensation of as described in this proxy statement by casting a non-binding advisory ff our Named Executive Officers vote “FOR” the folff lowing resolution: “RESOLVED, that the compensation paid to the Company’s named executive officers, disclosed pursuant to Item 402 of Regulation S-K, including the Compensation Discussion and Analysis, compensation tables and narrative discussion is hereby APPROVED.” as ff Advisory approval of this proposal requires the vote of the holders of a majority of the shares present online or represented by proxy and entitled to vote on the matter at the annual meeting. Unless the Board decides to modify i the next scheduled Say-on-Pay vote will be at the 2023 Annual Meeting. ts policy regarding the frequency of soliciting Say-on-Pay votes, ff THE BOARD OF DIRECTORS RECOMMENDS A VOTE IN FAVOR OF PROPOSAL 3. 31 CORPORATE SOCIAL RESPONSIBILITY We believe good governance at all levels is necessary to drive corporate responsibility, which in turn promotes the long-term interests of our stockholders and strengthens Board and management accountability. We focus our effoff rts in the following key areas: • Governance of sustainability; • • Environmental stewardship; and Social responsibility in: cybersecurity, diversity and inclusion, employee engagement, and community involvement. Governance of Sustainability As a part of its primary duty overseeing the Company's corporate strategy, our Board also oversees how environmental and social issues may impact the long-term interests of our stockholders and stakeholders. We stress that corporate responsibility is part of every employee’s job because achieving operational excellence is intrinsically tied to how responsibly we run our business. ff As a part of this endeavor, the Board oversees the management team as it seeks to meet the Company's goals and responsibilities relating to sustainability and corporate social responsibility, particularly those that may affect the stakeholders and stockholders of our company, and the communities in which we operate. In addition to our governance best practices, we consider environmental and social issues in our operations. As part of overseeing our corporate strategy and our enterprise risk management program, our Board has a degree of insight into our environmental and social practices. We believe that socially responsible operating practices go hand in hand with generating value for our stockholders, providing cybersecurity solutions for our clients, being good neighbors within our communities, and being a good employer to our employees. In our view, our corporate governance is more effect our oversight of corporate strategy, key risks, and our operations more generally. ive when we consider environmental and social issues as part of ff In 2020, we pooled internal and external resources to assess environmental, social and f rs that are material to our business. With the assistance of external ESG governance ("ESG") facto consultants, we analyzed our businesses to better understand our material ESG risks and opportunities relevant for our company based on the views held by our stockholders, leading ESG frameworks and ESG rating agencies. We utilized criteria established by the Sustainability Accounting Standard Board and the Task Force on Climate-related Disclosures to perform the assessment. In April 2021, we published our first corporate sustainability report and our efforts ongoing. in this regard are ff Environmental Stewardship Our Board and management team recognize that we have a role to play in environmental stewardship. Given that the Company is a softwff are solutions company, greenhouse gas emissions and water and energy usage are not material factors to the day-to-day operations of our business. We believe, however, that environmentally responsible operating practices are important to generating value for our stockholders, being a good partner with our customers, and being a good employer to our employees. 32 Energy consumption and usage within data centers is an important component of our day-to-day operations of our business. We outsource our data center needs to Amazon Web Services (“AWSAA ”). In 2014, AWS shared its long-term commitment to achieve 100 percent renewable energy usage for the global AWS infrastructure fooff tprint. Our new corporate headquarters is a LEED Certified Gold forff Core Construction. Cybersecurity The Company takes great pride in assisting our customers with enhancing their security posture through the use of our services and products. We understand that customers must trust and have confidence in the security of an organization to use its service offeff vulnerability data. As such, we take the overall security of the Company's products and their supporting infrastructure very seriously. rings for managing their The Company aligns its information security and risk management program to the NIST Cyber ion security management system (“ISMS”) to Security Framework and has implemented an informat protect the confidentiality, integrity, and availability of assets against threats and vulnerabilities. The Company achieved ISO/IEC 27001:2013 certification, recognizing its proven commitment to the highest level of informat ion security management. ff ff Outside of internal improvements to our platform and customer relationship management, we do not use customer data forff any other purposes. Diversity and Inclusion We seek to cultivate a diverse and inclusive workforce ff rences, we drive more innovation and grow business results. When we value and celebrate diffeff closer to our customers, partners, and communities. We strive to be a career destination where employees from all backgrounds are welcome and empowered, treated with fairness and respect, presented with opportunities to make a difference, and provided opportunities to grow. and environment to achieve exceptional ff We undertake numerous efforts ff to increase diversity in our employee population and to foster a culture of fairness and belonging through a number of measures in our recruiting, engagement, retention, and outreach practices. Our dedicated Diversity & Inclusion Council and Employee Resource Groups – along with our committed leaders and managers – strive to attract and hire employees who bring broad diversity of background, thought, and style into the company and foster a sense of inclusion to make them want to stay. To sTT upport these initiatives, we build partnerships within our communities to support organizations and events that strive for greater representation of women and underrepresented minorities in cybersecurity, hold inclusion and bias mitigation training and offer targeted development opportunities to assist with career advancement. In addition, our global talent acquisition team received a diversity sourcing and recruiting certification. ff We, in conjunction with a third party, evaluated our current pay scales, systems and infrastructure to identify any root causes that impact pay equity. From there, we designed a pay equity action plan and, in 2021, we executed on our plan and implemented systemic changes that resulted in a program to drive true and enduring pay equity. We recognize that pay equity requires ongoing analysis and are committed to regularly evaluating our practices for any inconsistencies. 33 Employee Engagement The Company promotes and supports employee development and organizational effecti ff veness by providing high-quality learning and development programs. These programs are designed to meet individual, team, and organizational needs and objectives. We strive to enhance learning and development programs to create a better workplace environment and to build a better Tenable. We aim to incentivize our employees by aligning a portion of their compensation with the overall success of our business. All new hires are given an equity grant and there is broad employee participation in our Employee Stock Purchase Plan. Our employee engagement program helps us understand employee sentiment on a wide range of topics throughout the employee lifecycle, providing insights that informf our decisions about company initiatives, employee programs, talent risks, management opportunities and more. In 2021, 83.2% of our eligible employees participated in our annual employee engagement survey. Community Involvement in We're a company built on our “We Care” core value, and we look to make a positive difference everything that we do – in our work, with our customers and our colleagues, and in our communities. ff • We contribute to cybersecurity awareness, education, and scholarships, and inspire students to pursue cybersecurity careers or a STEM field of study. • Our We Care In Action (“WCIA”) campaign invites employees to submit nominations for charitable organization sponsorship. For each WCIA global cause selected annually by our employees, Tenable makes a donation, and we encourage our employees to contribute either by making a donation, volunteering their time in support of the cause, or learning about and helping to spread awareness for the cause. In 2020, we selected Make-A-Wish foundation as our WCIA global cause. • Each employee is given one day of paid leave per year to participate in volunteer activities for a charitable organization of their choice, including activities for a nonprofit or charitable organization, school events, disaster relief assistance, and peaceful activism. Just as volunteering in our communities is an important aspect of our corporate culture, we encourage our employees to express their voices in local, state, and national public policy. Employees are given a total of one day off pff er year to exercise their right to vote. In addition, we formed a federal ff Political Action Committee ("PAC") which allows eligible employees to pool their resources in order to support elected officials who share our interests on is registered with the public policy matters that impact the future of our business. Tenable’s PACPP Federal Election Commission, and any contributions made by the PACPP are fully funded by voluntary employee contributions, not corporate funds. Like other PACs, the Tenable PAC is a means by which our eligible employees can pool their personal contributions to help provide financial support for elected offici ensure public policies promote growth for our business, our employees, and our customers. als. It does not exist to advance any particular partisan or social agenda, but rather to ff Campaign contributions and similar expenditures are regulated by various federal, state and local laws. A campaign contribution is a donation of something of value to a candidate or a candidate’s committee, to a ballot measure committee, to a political party, or to a PACPP purpose of making contributions to candidates or other political committees. The laws regulating that collects funds for the 34 campaign contributions vary depending on the jurisdiction. The Company’s policy is that it does not make contributions to any candidates or their committees, political action committees or to party committees using Tenable resources. This policy does not apply to or restrict the ability of our employees to participate voluntarily in political activities with their own funds and on their own time; however, we will not reimburse any employee for political contributions made from the employee’s personal funds. Our policy strictly prohibits coercion of our personnel to engage in political activities of any kind. Additional Information For additional informat ff ion and to view our report on corporate social responsibility, you can visit our website at www.inveii stors.tenable.com. EXECUTIVE OFFICERS Our executive officers, and their respective ages as of April 13, 2022, are as follows: Name Executive Officers Amit Yoran Stephen A. Vintz Stephen A. Riddick Age Position(s) 51 Chief Executive Officeff 53 Chief Financial Offiff cer 58 General Counsel and Corporate Secretary r and Chairman The biography of Mr. Yoran YY is set forth in “Proposal 1: Election of Directors” above. Stephe en A. Vintzii Stephen A. Vintz has served as our Chief Financial Offiff cer since October 2014. Mr. Vintz previously served as Executive Vice President and Chief Financial Officeff University Maryland and is a Certified Public Accountant. Mr. Vintz received a B.B.A. in Accounting from Loyola VV r of Vocus. Stephe en A. Riddidd ck Stephen A. Riddick has served as our General Counsel since May 2016 and was appointed as our Corporate Secretary, in addition to General Counsel, in May 2018. Prior to joining Tenable, Mr. Riddick served in a number of roles, including Global Associate General Counsel, at Linde plc (fka Praxair, Inc.), a publicly traded producer and distributor of industrial gases and related technologies, from September 2010 to February 2016. Mr. Riddick has served on the board of directors of Bowman Consulting Group since May 2021. Mr. Riddick received a B.A. in Economics from the University of Virginia and a J.D. from the University of North Carolina School of Law. 35 SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT The folff lowing table sets forth certain information regarding the ownership of the Company’s director; (ii) each of the common stock as of March 4, 2022 by: (i) each director and nominee forff executive officers and directors of the Company as a group; and (iv) all those known by the Company to be beneficial owners of more than five percent of its common stock. named in the Summary Compensation Table; (iii) all executive officers ff ff Beneficial Owner Number of Shares Percent of Total Ownership(1) 5% or greater stockholders: FMR LLC(2) The Vanguard VV BlackRock, Inc.(4) Group(3) and directors: ff officers Named executivett Amit Yoran(5) Stephen A. Vintz(6) Stephen A. Riddick(7) Arthur W. Coviello, Jr.(8) John C. Huffard, Jr.(9) Kimberly L. Hammonds Linda Zecher Higgins(10) Niloofarff Razi Howe Jerry M. Kennelly(11) A. Brooke Seawell(12) Raymond Vicks, Jr. 11,408,981 9,304,960 7,645,642 3,577,403 855,515 56,719 78,423 477,791 — 6,330 — 118,830 260,000 — 10.4 8.4 6.9 3.2 * * * * * * * * * * All current executive officers persons)(13) ff and directors as a group (11 5,431,011 4.8% ____ ________ __ __ * Represents beneficial ownership of less than 1%. ___ ff This table is based upon informat (1) and Schedules 13D and 13G filed with the SEC. Unless otherwise indicated in the footnotes to this table and subject to community property laws where applicable, the Company believes that each of the stockholders named in this table has sole voting and investment power with respect to the shares indicated as beneficially owned. Applicable percentages are based on 110,194,277 shares outstanding on March 4, 2022, adjusted as required by rules promulgated by the SEC. directors and principal stockholders ion supplied by officers, ff (2) As reported in a Schedule 13G/A filed with the Securities and Exchange Commission on March 10, 2022, which states that FMR LLC has sole dispositive power with respect to all of the shares and sole voting power with respect to 11,408,963 of the shares. The principal business address of FMR LLC is 245 Summer Street, Boston, Massachusetts 02210. As reported in a Schedule 13G/A filed with the Securities and Exchange Commission on (3) February 10, 2022, which states that The Vanguard Group, Inc. has sole dispositive power with respect to 9,056,770 of the shares, shared dispositive power with respect to 248,190 of the shares 36 and share voting power with respect to 171,503 of the shares. The Vanguard Group, Inc. is the parent holding company of Vanguard Asset Management, Limited, Vanguard Fiduciary Trust Company, Vanguard Global Advisors, LLC, Vanguard Group (Ireland) Limited, Vanguard Investments Australia Ltd, Vanguard Investments UK, Limited, which act as investment advisers to registered investment companies and separate accounts that own the reported shares. The principal business address of The Vanguard Group, Inc. is 100 Vanguard Boulevard, Malvern, Pennsylvania 19355. Investments Hong Kong Limited and Vanguard Investments Canada Inc., Vanguard VV VV As reported in a Schedule 13G/A filed with the Securities and Exchange Commission on (4) February 3, 2022, which states that BlackRock, Inc. has sole dispositive power with respect to all of the shares and sole voting power with respect to 7,436,658 of the shares. BlackRock, Inc. is the parent holding company of BlackRock Life Limited, BlackRock Advisors, LLC, BlackRock (Netherlands) B.V., BlackRock Institutional Trust Company, National Association, BlackRock Asset Management Ireland Limited, BlackRock Financial Management, Inc., BlackRock Asset Management Schweiz AG, BlackRock Investment Management, LLC, BlackRock Investment Management (UK) Limited, BlackRock Asset Management Canada Limited, BlackRock Investment Management (Australia) Limited, BlackRock Fund Advisors and BlackRock Fund Managers Ltd, which act as investment advisers to registered investment companies and separate accounts that own the reported shares. The principal business address of BlackRock, Inc. is 55 East 52nd Street, New York, New York 10055. Consists of (a) 180,245 shares of common stock held by Mr. Yoran (5) shares of common stock held by the Amit Yoran 2020 Family Trust, (c) 361,738 shares of common stock held by the Amit Yoran Grantor Retained Annuity Trust A and (d) 2,759,473 shares of common stock issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. directly, (b) 275,947 YY Consists of (a) 127,440 shares of common stock and (b) 728,075 shares of common stock (6) issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. Consists of (a) 42,199 shares of common stock and (b) 14,520 shares of common stock (7) issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. (8) Consists of (a) 20,917 shares of common stock and (b) 57,506 shares of common stock issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. Consists of (a) 2,173 shares of common stock held by Mr. Huffaff s spouse in the Mary Kathryn Braden Huffard ff rd directly, (b) 31,847 shares Revocable Trust ated March 2, 2012, (c) 390,183 shares of common stock held by Mary Kathryn Braden and Jonathan M. Forster, as Trustees of The Three Suns 2019 Non-Exempt Irrevocable Trust ated November 15, 2019, and (d) 53,588 shares of common stock held by Mr. Huffard as Trustees of The John Cloyd Huffard and Jr Revocable Trust U/T/A d// ated ff ff ff (9) of common stock held by Mr. Huffard’ U/T/A d// Huffard ff U/T/A d// Mary Kathryn Braden Huffard, March 2, 2012. ff (10) Consists of 6,330 shares of common stock held by Ms. Zecher Higgins directly. Consists of (a) 6,677 shares of common stock held by Mr. Kennelly directly, (b) 14,153 shares (11) of common stock held directly by Kennelly Partners, L.P., an entity controlled by Mr. Kennelly, and (c) 98,000 shares of common stock issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. Consists of (a) 30,000 shares of common stock and (b) 230,000 shares of common stock (12) issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. 37 (13) stock issuable upon the exercise of outstanding options exercisable within 60 days of March 4, 2022. Consists of (a) 1,543,437 shares of common stock and (b) 3,887,574 shares of common 38 EXECUTIVE COMPENSATION COMPENSATION DISCUSSION AND ANALYSIS This Compensation Discussion and Analysis reviews the material elements of our 2021 executive compensation, philosophy, policies and practices, and discusses compensation earned by our named which for 2021 were as follows (our “Named Executive Offiff cers”): executive officers, ff Name Amit Yoran Position Chief Executive Officer ff and Chairman of the Board of Directors Stephen A. Vintz Chief Financial Offiff cer Stephen A. Riddick General Counsel and Corporate Secretary Executive Summary Who We AWW re We are a leading provider of Cyber Exposure solutions. Cyber Exposure is a discipline for managing, measuring and comparing cybersecurity risk in the digital era. 2021 Business Highlight stt i 2021 was a very strong year, marked by increased revenue and calculated current bi gllings ggrowth and attractive levels fof ffree cash fflow. O. ur 2021 highlights were as follows: • • • • • • Launched Tenable.ep, our unified, risk-based vulnerability management exposure platform designed to provide visibility across Tenable’s solutions and prioritize vulnerabilities using predictive analytics. Achieved FedRAMP authorization for Tenable.io and Tenable.io Web App Scanning, allowing the U.S. federal government to deploy both products across various departments and agencies. Acquired Alsid SAS and Accurics, Inc. for $98.5 million and $160.0 million, respectively. Closed our new credit facility comprised of a $375 million senior secured term loan and a $50 million senior secured revolving credit facility. Revenue was $541.1 million, a 23% increase year-over-year. Calculated current billings was $617.2 million, a 25% increase year-over-year. • GAAP loss from operations was $41.8 million, compared to a loss of $36.4 million in 2020; Non-GAAP income from operations was $51.0 million, compared to $25.8 million in 2020. • GAAP net loss per share was $0.44, compared to a loss per share of $0.42 in 2020; Non- • • diluted earnings per share was $0.34, compared to $0.19 in 2020. GAAPAA Unlevered free cash flow was $95.2 million, compared to $44.3 million in 2020. Achieved Rule of 40 for full-year 2021, which we define as the sum of percentages for revenue growth and unlevered free cash flow margin. Refer to the appendix for reconciliations of non-GAAP measures to comparable GAAPAA measures. Executive Compensation Highligll hts We seek to ensure that executive pay is tied to performance ff and long-term stockholder value creation. Based on our success in executing our strategic plan in a challenging environment, including 39 progress by the executive leadership team on our diversity and inclusion and employee engagement and development initiatives, and continuing a safe working environment during the pandemic, the Compensation Committee took the following key actions with respect to the compensation of our Named Executive Offiff cers in 2021: • • • Base Salaries - We approved salary increases in 2021 for our Named Executive Officers light of their and the company’s strong performance relative to our peers. Raises ranged from 4.4% to 9.1%. and to maintain market competitiveness in ff ff Cash Bonuses - Our cash bonus structure mirrored that of prior years and incorporated revenue, unlevered free cash flow and bookings goals. Our target cash bonuses are expressed as a percentage of base salary paid out based on quarterly and annual attainment, and remained comparable with 2020. Given our strong performance bonuses were paid out in accordance with their plan formula above target at 109%. in these areas, cash ff ff Incentive Compensation - We continue to provide a large percentage of our Long-TermTT Named Executive Officers’ compensation program. In 2021, our long-term incentive plan consisted of restricted stock unit (“RSU”) grants subject aggregate dollar value of Messrs. Yoran, Vintz and Riddick’s 2021 grants were increased relative to 2020 by 13.6%, 2.5% and 22.2% respectively. to service-based vesting. In order to remain competitive, the compensation opportunity through our long-term incentive b We believe the increases in our Named Executive Officers' ff consistent with our successful performance and company growth. ff 2021 total direct compensation are 2021 Target Total Direct ii Compensation Overvi vv ew For 2021, 94% of our CEO’s total reported compensation and an average of 89% of our other Named Executive Officers’ bonuses earned and equity incentives awarded, as reported in the Summary Compensation Table. total reported compensation was at-risk through quarterly and annual ff CEO Pay Mix Other Executives Pay Mix Base Salary 6% Actual BB Bonus 6% Base Salary 11% Actual Bonus 7% Equity Awards 88% Equity Awards 82% Listen ii ing to Our Stockhokk ldersdd At our annual meeting of stockholders in 2021, we conducted our first advisory vote on executive compensation, or a say-on-pay vote. Approximately 90.4% of the votes cast on the say-on-pay proposal supported the proposal. In addition to our annual advisory vote on executive compensation, we are committed to ongoing engagement with our stockholders on executive compensation and corporate governance issues. 40 Based on the support for last year’s say-on-pay proposal and our commitment to good governance, we did not adjust our compensation program for 2021, but have incorporated the following changes in our 2022 compensation programs: • Incentive Plan – Incorporate perfor rr mance restricted stock units (“PRSUs”) into our Long-TermTT g long-term incentive plan as a portion of our long-term incentive grants which will be earned based on objective and rigorous performance vesting. We believe the introduction of performance executives’ pay with performance strategy. For 2022, PRSUs make up 25% of the total grant date fair value of the long-term incentive grants forff ff and incentivize the efficient criteria is appropriate to continue to align our our Named Executive Officers. execution on our growth goals, and thereafter service-based rr rr ff ff ff • Good Governance – We implemented pay governance practices including: ◦ We have adopted stock ownership guidelines applicable to our non-employee directors. ◦ We have in place a compensation recoupment policy under which compensation paid to or earned by our executives, including our Named Executive Offff icers, may be recovered in the event of financial restatements and misconduct that contributed to the financial restatements. Executive Compensation Policies and Practi rr ces ff We endeavor to maintain appropriate pay-for-perf ormance ff alignment and sound governance standards as we review and manage executive compensation policies and practices. The Compensation Committee evaluates our executive compensation program on a regular basis to ensure that it is consistent with our short-term and long-term goals given the dynamic nature of our business and the market in which we compete forff convictions with respect to executive compensation and related policies and practices: executive talent. The following summarizes our key 41 What We Do What We Do Not Do • • • No guaranteed bonuses. No tax “gross ups” on payments on future post-employment compensation arrangements. No hedging or pledging of our equity securities. No mid-year adjustments or modifications of our cash or equity incentives in 2021 due to the COVID-19 pandemic and the recent volatile market condition. • Seek to tie pay to perforr stockholder value creation, while retaining top talent. • Maintain an independent rmance and • • • • • • • red to Compensation Committee. Retain an independent compensation advisor. Annual executive compensation strategy review. Multi-year vesting requirements for equity awards. “Double-trigger” change-in-control arrangements. Succession planning by full Board. Executive retirement & perquisite benefits are limited to those offeff employees generally. Annual Say-on-Pay voting. Executive compensation “clawback” policy for our executives, including our Named Executive Offiff cers, and our stock ownership guidelines forff non-employee directors. Stock incentive plans and executive employment agreements that provide for forfeiture of equity awards and severance if an executive is terminated for cause, including due to misconduct that results in reputational harm to the Company. Executive Compensation Philosophy and Objeb ctives Our executive compensation program is guided by our overarching philosophy of paying for ff demonstrable performance. To achieve these objectives, we believe that our executive compensation program should include short-term and long-term elements, including cash and equity compensation, and should reward consistent performance that meets or exceeds expectations. We evaluate both and compensation to make sure that the compensation provided to our executives performance remains competitive relative to compensation paid by companies of similar size operating in our industry, taking into account our relative performance, of the individual executive. our strategic objectives, and the performance ff ff ff Consistent with this philosophy, we have designed our executive compensation program to achieve the following primary objectives: • • Provide market competitive compensation and benefit levels that will attract, motivate, reward, and retain a highly talented team of executives within the context of responsible cost management; Establish a direct link between our financial and operational results and strategic objectives and the compensation of our executives; 42 • Align the interests and objectives of our executives with those of our stockholders by linking our executives’ long-term incentive compensation opportunities to stockholder value creation and their cash incentives to our annual performance; and ff • Offer ff total compensation opportunities to our executives that, while competitive, are internally consistent. Executive Compensation Designi ; Pay for Performance The annual compensation arrangements for our Named Executive Officers ff consist of both fixed and "at risk" compensation elements which have been designed to align pay and performance. ff Our fixed base salaries are designed to retain our executives by providing dependable and competitive annual income. In addition, we emphasize variable compensation through our short-term incentive cash bonus plan based on our Named Executive Offff icers attainment of pre-established short-term financial targets as determined from time to time by the Company and reviewed by our Board of Directors in connection with our annual operating plan, and "at-risk" compensation through our long-term equity incentive plan, which has historically consisted of service-vesting RSUs. Given our brief operating history and status as a public company and as a result of the uncertainty in the macro-economy in 2021 caused by the COVID-19 pandemic, we believe that service-based RSU awards have been an appropriate long-term incentive compensation vehicle in so far as they expose our Named Executive Offiff cers to fluctuations in our stock price, thereby aligning the interests of our Named Executive Offiff cers and stockholders and incentivizing them to build sustainable long-term value for the benefit of our stockholders while satisfying our retention objectives. However, in 2022 we have determined to incorporate PRSUs in our long-term incentive plan as a portion of our long-term incentive grants in order to further tie pay to performance. For 2022, PRSUs make up 25% of the total grant date fair value of the long-term incentive grants forff our Named Executive Offiff cers. These at-risk pay elements ensure that a substantial portion of our Named Executive Officers’ target total direct compensation is contingent (rather than fixed) in nature, with the amounts ultimately payable commensurate with our actual performance. ff 43 Compensation Elements In 2021, the principal elements of our executive compensation program, and the objective and key features of each element, were as follows: Element Type and Form of Element Objecb tive Key Features ff TT • Established initially through arm’s-length negotiation at the time of hire and then reviewed annually at beginning of year. • Factors considered include: executives position, qualifications, experience, pre- hire salary level, the base salaries of our other executives, company and individual performance, retention objectives, a competitive market analysis, and recommendations of the CEO • Target bonus amounts generally are reviewed annually at the beginning of year and determined based on various factors, including company and individual performance, ff competitive market analysis, and recommendations of CEO • Bonus payments earned determined after each quarter and the full-year • Bonus payments are generally dependent upon achievement of pre-established corporate financial objectives selected by our Compensation Committee from our annual operating plan reviewed by our Board of Directors a Base Salary Fixed/Cash Short-TermTT Incentive Variable/Cash Bonus Designed to attract and retain highly talented executives by providing financial stability and security for performing job responsibilities through a fixed amount that is market competitive and rewards performance ff Designed to motivate and reward executives with financial incentives for achieving or exceeding rigorous quarterly and annual financial objectives related to our key business imperatives 44 Long Term Incentive At risk/RSUs ff align interests Designed to motivate and reward executives for successful long-term performance, of executives and stockholders by motivating them to create sustainable long-term stockholder value, and encourage continued employment of executives over the long-term ff • Annual award opportunities generally reviewed and determined annually at beginning of the year or as appropriate during year for new hires, promotions, or other special circumstances • Individual awards determined based on various factors, including company and individual performance, retention value of outstanding equity holdings, and competitive market analysis, and recommendations of our CEO. • Historically granted RSU awards or stock options with four-year vesting requirements, although the Compensation Committee has discretion to grant other equity vehicles and use different ff requirements or performance conditions vesting ff Other Compensation Retirement and health and welfare benefits offeff red to all employees on the same terms Employee benefits that promote employee savings and health and welfare, which assists in attracting and retaining our executives and employees Indirect compensation element consisting of programs such as medical, vision, dental, life aff nd disability insurance, as well as the 401(k) Plan with a company matching contribution and an ESPP, aP nd other plans and programs made available to all eligible employees Base Salary In February 2021, the Compensation Committee reviewed the base salaries of our Named Executive Officers, taking into consideration a competitive market analysis prepared by its compensation consultant and the recommendations of our CEO (except with respect to the CEO's own compensation), as well as the other factors described in “Compensation-Setting Process" below. Following this review, the Compensation Committee determined to adjust the base salaries of our Named Executive Officers to reflect current market positioning. ff 45 The base salaries of our Named Executive Offiff cers were as follows: Named Executive Officer Mr. Yoran YY Mr. Vintz Mr. Riddick $ 2020 Base Salary rr 2 021 Base Salary 450,000 $ 375,000 330,000 470,000 400,000 360,000 Percentage Adjustment 4.4 % 6.7 % 9.1 % The base salaries paid to our Named Executive Offiff cers during 2021 are set forth in the Summary Compensationtt Table below. Cash Bonuses Cash bonuses are based upon a specific percentage of each participant’s annual base salary and are paid, subject and the fifth payment following year-end. b to goal attainment, in five equally weighted installments, one following each quarter We believe that paying bonuses throughout the year is the most effect ff ive way to motivate achievement of our short-term financial goals because quarterly and annual payments align with the time periods for which we provide external guidance to the investment community. 2021 Cash Bonus Structure tt In February 2021, the Compensation Committee reviewed the target short-term cash incentive bonus opportunities of our Named Executive Officers in place for 2021, taking into consideration a competitive market analysis prepared by its compensation consultant and the recommendations of our CEO (except with respect to his own bonus opportunity), as well as the other factors described in “Compensation-Setting" below. Following this review, the Compensation Committee determined to increase the target short-term cash incentive bonus opportunity of Mr. Vintz from 86.7% to 87.5%. ff Accordingly, the target short-term cash incentive bonus opportunities of our Named Executive Officers ff for 2021 were as follows: Named Executive Officer Mr. Yoran YY Mr. Vintz Mr. Riddick 2021 Target Cash Bonus Opportunity 470,000 $ 350,000 180,000 Target Percentage of Base Salary 100.0 % 87.5 % 50.0 % Consistent with the prior year, forff 2021, our Board of Directors established anticipated target rmance metric used in our annual operating plan, with actual bonus payments at goals for each perforr each periodic payment interval calculated by multiplying 20% of a participant’s target cash bonus opportunity by the weighted average percentage attainment level of the applicable goals for each applicable quarter or full year. No payments are made if attainment is below 75%. Accordingly, forff 46 ff 2021, the target performance exceeds prior year actual performance: goals for our Named Executive Offiff cers were as follows, each of which ff Performance Metric Revenue + Unlevered Free Cash Flow (1) Bookings $ Target Performance Level (in thousands) Weighting 604,066 (2) 66.67 % 33.33 % ______ ____ ____ ____ ____ ___ (1) of non-GAAP measures to comparable GAAPAA measures. Unlevered Free Cash Flow is a non-GAAP measure. Refer to the appendix forff reconciliations ff measure as such information is proprietary in nature, the disclosure of which could result We have chosen not to disclose the various target performance levels for our bookings (2) performance in competitive harm to the Company. For 2021, the Board of Directors considered the target performance achievement levels for the Board Metrics to be challenging but achievable with significant effort ff approximate 20% increase over our actual bookings results from 2020. requiring circumstances to align as projeo cted. The bookings target goal reflected an ff For this purpose, each of the above metrics are defined as follows: • • • Revenue - to be calculated in accordance with GAAP and as set fort annual financial statements. ff h in our quarterly and Unlevered Free Cash Flow – to be calculated as free cash flow, defined as GAAPAA net cash flows from operating activities reduced by purchases of property and equipment, plus cash paid for interest and other financing costs. Bookingsg - to be calculated as sales of new and renewal subscription licenses, perpetual licenses and related first-year maintenance, and services and training, which are closed in a period. Bookings is based on annual contract value (ACV), whereby we include only the first- year contract value as booked in cases where a multi-year deal is prepaid or billed upfront. Our Board of Directors believed that, for purposes of the short-term cash incentive bonus plan, these were the most appropriate corporate performance measures to use because, in its view, they would provide meaningful indicators of our successful execution of our annual operating plan and our ability to enhance long-term value creation. In particular, we believe our bookings levels is an effecti ve measure of annual contract value, which management uses to measure the growth of our business. ff 2021 Cash Bonus Attainment ii Our actual performance ff against the aggregate target level for the various corporate performance ff measures for each quarter and for the full year, as applicable, as well as the amounts received by each Named Executive Offiff cer, were reviewed by the Compensation Committee in February 2021. 47 The folff lowing tables provides informat ion regarding the quarterly and full year payout level achieved and the actual quarterly and full year cash bonuses earned by the Named Executive Officers during 2021: ff ff Performance Metric Revenue + Unlevered Free Cash Flow $ Bookings Actual Performance Level (in thousands) Percentage of Target 636,312 (1) 105.3 % (1) ff measure as such information is proprietary in nature, the disclosure of which could result We have chosen not to disclose the various target performance ______ ____ ____ ____ ____ ___ (1) performance in competitive harm to the Company. For 2021, the Board of Directors considered the target achievement levels for the Board Metrics to be challenging but achievable with performance significant effort requiring circumstances to align as projeo cted. The bookings performance ff reflected an approximate 25.1% increase over our actual bookings results from 2020. levels for our bookings attainment ff ff ff Named Executive Officer Performance Period Target Quarterly/ Annual Bonus Aggregate Weighted Average Achievement/ Payment Percentage Actual Quarterly/ Annual Bonus YY Mr. Yoran First Quarter $ Mr. Vintz Mr. Riddick Second Quarter Third Quarter Fourth Quarter Full Year Total 2021 First Quarter Second Quarter Third Quarter Fourth Quarter Full Year Total 2021 First Quarter Second Quarter Third Quarter Fourth Quarter Full Year $ $ $ $ Total 2021 $ 94,000 94,000 94,000 94,000 94,000 470,000 70,000 70,000 70,000 70,000 70,000 350,000 36,000 36,000 36,000 36,000 36,000 180,000 112.8 % $ 108.2 % 107.7 % 110.6 % 107.5 % $ 112.8 % $ 108.2 % 107.7 % 110.6 % 107.5 % 106,032 101,708 101,238 103,964 101,050 513,992 78,960 75,740 75,390 77,420 75,250 $ 382,760 112.8 % $ 108.2 % 107.7 % 110.6 % 107.5 % $ 40,608 38,952 38,772 39,817 38,700 196,849 The cash bonus payments made to our Named Executive Offiff cers for 2021 are set forth in the “Summary Compensationtt Table” below. 48 Long-Term Incentive Compensationtt In February 2021, as part of its annual compensation review the Compensation Committee determined to grant equity awards to our Named Executive Offiff cers in the form of service-based RSU awards consistent with prior years. RSU awards serve as an incentive that is aligned with the long- term interests of our stockholders because their value increases (or decreases) with any change in the value of the underlying shares. Further, RSUs serve our retention objectives because they are subject to a multi-year vesting requirement based on continued service. Based upon a review of competitive market practice and the incentive power of these awards, in February 2021, the Compensation Committee granted RSU awards to our Named Executive Officff ers in amounts that it considered to be consistent with our compensation philosophy and its desired market competitiveness as follows: Named Executive Officer YY Mr. Yoran Mr. Vintz Mr. Riddick Restricted Stock Unit Award (shares) 171,037 93,500 50,171 Restricted Stock Unit Award (grant date fair value) Year-over-Year Change $ 7,500,000 4,100,000 2,200,000 13.6 % 2.5 % 22.2 % The RSU awards granted to our Named Executive Offiff cers vest over a four-year period, with 25% to the award vesting on the first anniversary of February 17, 2021, of the total number of units subject the vesting commencement date, and 1/16th of the total number of units subject in quarterly installments over the following three years, contingent upon the Named Executive Officer ’s continued employment by us through each applicable vesting date. to the award vesting b b ff ff The equity awards granted to our Named Executive Officers in 2021 are set forth in the “Summary Compensationtt Table” and the “Grant rr s ott ased Awards Table” below. ff f Plan-B PP Health and Welfare, Retiremen ii t and ESPP Benefits Our Named Executive Officers ff are eligible to receive the same health and welfare benefits that are generally available to all full-time, salaried employees, subject to the satisfaction of certain eligibility requirements, including medical, dental, and vision insurance, business travel insurance, an employee assistance program, health and dependent care flexible spending accounts, basic life insurance, accidental death and dismemberment insurance, short-term and long-term disability insurance, commuter benefits, and reimbursement forff mobile phone coverage. Our Named Executive Officers ff are also eligible to participate in our 401(k) retirement plan (the “Section 401(k) Plan”) that provides eligible employees with an opportunity to save for retirement on a tax-advantaged basis. For 2021, during each pay period, we made matching contributions to all participating employees for each $1.00 of an employee’s contribution, up to a maximum of 4% of the employee’s eligible earnings, subject to annual limitations. b We provide additional long-term equity incentives through the 2018 Employee Stock Purchase in July 2018. Plan (the “ESPP”), which became effect The ESPP is intended to qualify aff 423 of the Code. Generally, all of our regular employees (including our Named Executive Officers during their employment with us) may participate in the ESPP and may contribute, normally through payroll deductions, up to 15% of their earnings for the purchase of our common stock. The ESPP is implemented through a series of offeri ngs of purchase rights to eligible employees. Each offering s an “employee stock purchase plan” within the meaning of Section ive in connection with our initial public offering will ff ff ff ff ff 49 have one or more purchase dates on which our common stock will be purchased for employees participating in the offeri ng. Unless otherwise determined by our Compensation Committee, shares are purchased for accounts of employees participating in the ESPP at a price per share equal to the lower of (a) 85% of the fair market value of our common stock on the first date of an offering or (b) 85% of the fair market value of our common stock on the date of purchase. ff Perqurr isites and Other tt Personal Benefits Currently, we do not view perquisites or other personal benefits as a significant component of our executive compensation program. Accordingly, we do not offer perquisites or other personal benefits to our Named Executive Offiff cers, apart from those generally made available to our employees or in situations where we believe it is appropriate to assist an individual in the performance of his or her and effective, and for recruitment and retention purposes. duties, to make him or her more efficient During 2021, none of our Named Executive Officers received perquisites or other personal benefits that were, in the aggregate, $10,000 or more for each individual. ff ff ff Compensation-Setting Process Role of Compensation Committee The Compensation Committee discharges the responsibilities of our Board of Directors relating to the compensation of our Named Executive Offiff cers, including by overseeing our compensation and benefits policies generally, and overseeing and evaluating the compensation plans, policies, and practices applicable to our CEO and other Named Executive Offiff cers. In so doing, the Compensation Committee reviews our Named Executive Offiff cers’ base salary levels, cash bonus targets, and long- criteria at term incentive compensation of our Named Executive Officers the beginning of each year, or more frequently as warranted. Compensation adjustments to base salary are generally effective on March 1 and changes to target bonus amounts are generally effecti ve at the beginning of the year. The Compensation Committee also makes compensation recommendations for the non-employee members of our Board of Directors to our full Board of Directors for their review and approval. and all related performance ff ff ff The Compensation Committee retains a compensation consultant (as described below) to provide support in its review and assessment of our executive compensation program. Factors Used in Determini ii ngii Executive Compensation In making decisions about the compensation of our Named Executive Officers, the members of the Compensation Committee do not establish a specific target or benchmark against our peers forff each executive and instead take a holistic approach, relying primarily on their general experience and lowing: consideration of various factors, including the folff ff • • • • against the financial, operational, and strategic objectives established by the our executive compensation program objectives; our performance ff Compensation Committee and our Board of Directors; each individual Named Executive Officer tenure relative to other similarly situated executives at the companies in our compensation peer group; the scope of each Named Executive Officer ff similarly situated executives at the companies in our compensation peer group; ’s role and responsibilities compared to other ’s knowledge, skills, experience, qualifications, and ff 50 • • • • • • ff ability to lead his or her the prior perforff mance of each individual Named Executive Offiff cer, based on a subjective assessment of his or her contributions to our overall performance, business unit or function, and work as part of a team, all of which reflect our core values; the potential of each individual Named Executive Offff icer to contribute to our long-term financial, operational, and strategic objectives; the value of each Named Executive Offiff cer's target total direct compensation opportunity (the sum of base salary, cash bonus opportunity and equity awards); our financial performance the compensation practices of our compensation peer group and the positioning of each Named Executive Offiff cer’s compensation in a ranking of peer company compensation levels based on an analysis of competitive market data; and the recommendations of our CEO with respect to the compensation of our Named Executive Officeff rs (except with respect to his own compensation). relative to our peers; ff The Compensation Committee does not weigh these factors in any predetermined manner or formulaically, nor is any single factor determinative in setting compensation levels or making compensation decisions. In addition, we have not adopted any formal policies or employed guidelines for allocating compensation between current and long-term compensation, between cash and non- cash compensation, or among different forms of non-cash compensation. Instead, the members of the Compensation Committee consider the above and other informat experience, knowledge of the Company, knowledge of the competitive market, knowledge of each Named Executive Offff icer, and business judgment in making their decisions. ion in light of their individual ff ff Role of Management In discharging its responsibilities, the Compensation Committee works with members of our management who provide informat compensation data, and other compensation related matters. ion on corporate and individual performance, ff ff market In addition, our Compensation Committee seeks the CEOs input with respect possible adjustments to annual cash compensation, long-term incentive compensation opportunities and other compensation-related matters for our non-CEO Named Executive Officers based on his evaluation of for the prior year. Our CEO also attends meetings of ff such Named Executive Officers’ our Board of Directors and the Compensation Committee at which executive compensation matters are addressed, but is not present during discussions involving his own compensation. performance ff ff Role of Compensation Consultant The Compensation Committee has retained an independent compensation consultant, ff Compensia, to advise on executive compensation matters, including competitive market pay practices for our Named Executive Officers, compensation peer group. During 2021, Compensia attended the meetings of the Compensation Committee (both with and without management present) as requested and provided various services to assist the committee in carrying out its duties. Under this engagement, Compensia reported directly to the Compensation Committee chair and also coordinated with our management forff and job matching for our executives. In 2021, Compensia did not provide any other services to us. and to assist with the data analysis and development of the data collection In 2021, the Compensation Committee evaluated the independence of Compensia and, based on this review, determined that no conflict of interest was raised as a result of the work performed Compensia. In reaching this conclusion, the Compensation Committee considered applicable SEC rules and regulations and the corresponding Nasdaq independence factors regarding compensation advisor independence. by ff 51 Riskii Management Each year, with the help of our independent compensation consultant, our Compensation Committee reviews whether our compensation policies and practices encourage executives or other employees to take unnecessary or unreasonable risks that could threaten the long-term value of the Company, or that are reasonably likely to have a material adverse effect. Committee believes that our practices adequately manage this risk in so far as it: The Compensation ff • • • • • • b ively selected peer group to support decision-making, adopts an appropriate pay philosophy, uses an appropriate, object reflects risk-mitigating design and governance practices in key areas, incentivizes execution on our business strategy, is appropriately balanced, with potential for reward based on long term company performance, reviews actual pay delivery from performance-based incentives to confirm the rigor of goal setting and the alignment with perfor rr mance. and ff Competitivett Positioningii For purposes of assessing our executive compensation against the competitive market, the Compensation Committee reviews and considers the compensation levels and practices of a select group of peer companies as well as data drawn from the Radfordff Compensation Committee reviews our compensation peer group at least annually with the assistance of Compensia and makes adjustments to its composition if warranted, taking into account changes in both our business and the businesses of the companies in the peer group. Global Technology Survey. The When reviewing the peer group, Compensia and the Compensation Committee use the following criteria to identify companies reasonably similar to us in terms of revenue, market capitalization, and industry focus: • • • • • • publicly traded companies headquartered in the United States and traded on a major United States stock exchange; companies in the information technology sector; companies with similar revenues - within a range of approximately 0.33x to approximately 3.0x of our last fouff r quarters' revenue of approximately $380 million (approximately $130 million to $1.1 billion) companies with similar market capitalizations - within a range of approximately 0.33x to approximately 3.0x of our then-projected market capitalization of approximately $3 billion (approximately $1 billion to approximately $9 billion); companies in the Internet/network security software ff sector; and companies with revenue growth generally greater than 20%. 52 Using this methodology, the Compensation Committee approved a compensation peer group for use in 2021 consisting of the following companies: Anaplan Blackline Box Cloudera Cornerstone onDemand Guidewire Software Hubspot New Relic Paylocity Proofpoint Mandiant (f/k/ ff a FireEye) Q2 Holdings Five9 Qualys Rapid7 Sailpoint Technologies Secureworks Varonis Systems Zendesk For 2022, Compensia recommended the folff lowing changes to our peer group based upon the objective criteria identified above, which changes were approved by our Compensation Committee: Remove: • • • • Proofpoint Cloudera HubSpot SecureWorks Employment Arrangements Add: • • • • Momentive Global Blackbaud Commvault Systems Elastic N.V. In February 2019, we entered into amended and restated written employment agreements with each of our named executive which superseded each offiff cer’s prior employment agreement. These amended and restated employment agreement reflect a standardized approach for the payment of severance and change in control payments and benefits to our Named Executive Officers. approach, the post-employment compensation arrangements of our Named Executive Officers ff established on a uniform basis and at levels that generally align with current market practice. Under this were ff For detailed descriptions of the amended and restated employment agreements with our Named Executive Offff icers, see “Potential ii Payments utt ponu Terminationtt or Change in Cii tt ontrol ” bll elow. Post-Employment Compensation Under their amended and restated employment agreements, our Named Executive Officers ff are eligible forff certain benefits in the event of their termination of employment by virtue of death or disability and in the event of an involuntary termination of employment, including an involuntary termination of employment in connection with a change in control of the Company. We believe that these benefits are representative of market practice and thereforeff retain our Named Executive Offff icers. are necessary to motivate and These arrangements provide reasonable compensation to the Named Executive Officer if he or she leaves our employ under certain circumstances to facilitate his or her transition to new employment. Further, in some instances we seek to mitigate any potential employer liability and avoid future disputes or litigation by requiring a departing Named Executive Offiff cer to execute and deliver an effect ff condition to receiving post-employment compensation payments or benefits. We also believe that these arrangements help maintain the continued focus and dedication of our Named Executive ive general release of claims in favor of the Company in a formff acceptable to us as a 53 Offiff cers to their assigned duties to maximize stockholder value if there is a potential transaction that could involve a change in control of the Company. Under the amended and restated employment agreements, all payments and benefits in the event of a change in control of the Company are payable only if there is a subsequent loss of employment by a Named Executive Offiff cer (a so-called “double-trigger” arrangement). In the case of the acceleration of vesting of outstanding equity awards, we use this double-trigger arrangement to protect against the loss of retention value following a change in control of the Company and to avoid windfalls, both of which could occur if vesting of either equity or cash-based awards accelerated automatically as a result of the transaction. We do not use excise tax payments (or “gross-ups”) relating to a change in control of the Company and have no such obligations in place with respect to any of our Named Executive Officers. ff We believe that having in place reasonable and competitive post-employment compensation arrangements, including in the event of a change in control of the Company, are essential to attracting and retaining highly qualified executives. The Compensation Committee does not consider the specific amounts payable under the post-employment compensation arrangements when determining the annual compensation for our Named Executive Offiff cers. We do believe, however, that these arrangements are necessary to offer compensation packages that are competitive. ff For detailed descriptions of the post-employment compensation arrangements with our Named Executive Offiff cers, as well as an estimate of the potential payments and benefits payable under these arrangements, see “Potential or Change in Control ii Payments utt Terminationtt elow. ponu ” bll tt Other Compensation Policies Hedgidd ngii and Pledgidd ngii ii Prohi bi rr tions Under our Insider Trading Policy, our employees (including officers), members of our Board of Directors, and consultants are prohibited from engaging in short sales, transactions in put or call options, hedging transactions, margin accounts, pledges, or other inherently speculative transactions with respect to our stock. Stock Ownerww shi rr p Gii ii uidelines The Compensation Committee believes that stock ownership guidelines help align the interests of our non-employee directors with those of our stockholders and may act as a risk mitigation device. In February 2022, our Compensation Committee adopted stock ownership guidelines for our non- employee directors. The Compensation Committee believes that stock ownership guidelines help align the interests of our non-employee directors with those of our stockholders and may act as a risk mitigation device. Under these guidelines, the non-employee members of our Board are each required to beneficially own shares of our common stock with a value equal to at least five times their annual cash retainer. Compensation Recoupment Policyll In February 2022, our Board of Directors adopted a compensation recoupment (or “clawback”) policy. This policy permits the Compensation Committee, if it determines appropriate and subject to applicable laws, to seek reimbursement of incentive compensation if we are required to restate incorrect financial statements and the executive’s (including each Named Executive Officer misconduct contributed to the noncompliance that results in the obligation to restate the financial ’s) ff 54 statements. Under this policy, the Compensation Committee may seek recoupment of the followin incentive compensation received during the three years preceding the date we are required to prepare the accounting restatement (but after adoption of the policy): ff ff g • • • the incremental portion of any cash incentive awards paid based on the financial statements that were subsequently restated in excess of the lower cash incentive awards that would have been paid had the financial statements been properly reported; the incremental portion of any equity incentive awards that were received based on the financial statements that were subsequently restated in excess of the portion that would have been earned had the financial statements been property reported; and if the executive sells any shares acquired pursuant to an equity incentive award after the release of earnings for any period with respect to which financial statements are subsequently restated but prior to the announcement of the restatement, the incremental value of the sales proceeds received form the executive’s sale of those shares over the aggregate sales proceeds the executive would have received from the sale at a price per share determined appropriate by the Compensation Committee in its discretion to reflect what our common stock price would have been if the restatement had occurred prior to the date sale. Our stock incentive plans and executive employment agreements also provide for forfeiture of equity awards and severance if an executive is terminated forff misconduct that results in reputational harm to the Company. cause, including Tax and Accounting Considerations The Compensation Committee takes the applicable tax and accounting requirements into consideration in designing and overseeing our executive compensation program. Deductibilityll of Executive Compensation In determining executive compensation, the Compensation Committee also considers, among other factors, the possible tax consequences to the company and to its executives. To maintain maximum flexibility in designing compensation programs, the Compensation Committee, while considering company tax deductibility as one of its factors in determining compensation, will not limit compensation to those levels or types of compensation that are intended to be deductible. Generally, Section 162(m) of the Code as amended by the Tax Cuts and Jobs Act of 2017 (the “TCJA”) disallows public companies a tax deduction for federal income tax purposes of remuneration in excess of $1 million. However, under a transition rule that applies to companies that become subject to Section 162(m) by reason of becoming publicly held, certain compensation is exempt from the deduction limit if it was: granted during a transition period (and, with respect to RSU awards, that are paid out before the end of the transition period), is paid under a compensation arrangement that was in existence beforeff and was disclosed in the company’s public filings at the time of its initial public offeri requirements and limitations. We currently expect our transition period to expire at our 2022 annual meeting. ive date of a company's initial public offering ff ng, subject to certain other ff the effect b ff Accounting forff Stock-Based Compensation The Compensation Committee takes accounting considerations into account in designing compensation plans and arrangements for our executives and other employees. Chief among these is Financial Accounting Standards Board Accounting Standards Codification Topic 718 (“ASC Topic 55 TT 718”), the standard which governs the accounting treatment of certain stock-based compensation. Among other things, ASC Topic 718 requires us to record a compensation expense in our income statement for all equity awards granted to our executives and other employees. This compensation expense is based on the grant date “fair value” of the equity award and, in most cases, will be recognized ratably over the award’s requisite service period (which, generally, will correspond to the award’s vesting schedule). This compensation expense is also reported in the compensation tables below, even though recipients may never realize any value from their equity awards. SUMMARY COMPENSATION TABLE EXECUTIVE COMPENSATION The ffo llowing table sets fforth i fnformation g regarding compensation awarded to, earned yby and g g paid to our Named Executive OfOffficfff ers with respect to the yyears ended December 31, 2019, 2020 and 2021. Name and Principal Position Amit Yoran(3) Chief Executive Officer and Chairman ff Stephen A. Vintz Chief Financial Officer Stephen A. Riddick GenGeneraeral Cl Couounsnselel anandd Corporate Secretary Year Salaryrr Stock Awards(1) Non-Equity Incentive Plan Compensation(2) All Other Compensation(4) Total 2021 $ 466,667 $ 7,499,972 $ 513,992 $ — $ 8,480,631 2020 2019 2021 2020 2019 2021 2020 2019 441,667 6,599,993 400,000 6,199,989 395,833 4,099,975 370,833 3,999,987 350,000 3,999,988 355,000 2,199,998 328,333 1,799,998 320,000 1,399,974 409,008 423,780 382,760 295,394 238,376 196,84 9 149,969 158,918 300 — 7,450,968 7,023,769 11,600 4,890,168 11,742 4,677,956 11,200 4,599,564 1 1,600 2,763,447 11,717 2,290,017 11,200 1,890,092 TT ______ the requisite service forff This column reflects the aggregate grant date fair value of RSUs granted during the year _______ __ __ (1) measured pursuant to ASC Topic performff not reflect the actual economic value that will be realized by the Named Executive Officer vesting of the RSU or the sale of common stock underlying such RSUs. The assumptions we used in valuing RSUs are described in Note 10 to our consolidated financial statements included in our Annual Report on Form 10-K for the year ended December 31, will the award to vest in full as required by SEC rules. These amounts do 718. This calculation assumes that the Named Executive Officer 2021 upon ff ff . ff These amounts reflect the cash awards paid under the short-term cash incentive bonus plan (2) for performance more complete description of how the cash bonuses were determined for the year ended December 31, during the applicable year. See the Compensation Discussion and Analysis for a 2021 . (3) compensation in his capacity as a director. YY Mr. Yoran is also a member of our Board of Directors but does not receive any additional These amounts include company matching contributions under our 401(k) Plan. Additionally, (4) in 2020, all employees were granted a one-time remote work stipend of $300 due to the COVID-19 pandemic. 56 Grants of Plan-Based Awards g Th fe folff lowing table provides infformation on cash-based awards and restricted stock unit awards in 2021 to our Named Executive OfOfffifff cers. There can be no assurance that the GGrant Date VV Fair Value, Value amounts also are included in the “S“Stock Awards” column fof the SSu fof th Se Stock Awards will ever be realized. These GGrant Date Fair mmary CCompensation Table. as listed in this table, fperformance y ff Estimated Future Payouts Under Non-Equity Incentive Plan Awards Grant Date Threshold ($) Target ($) Maximum ($) All Other Stock Awards: Number of Shares of Stock or Units (#)(1) Grant Date Fair Value of Stock Awards ($) Name Amit Yoran (2) $ — $ 470,000 $ 2/17/2021 Stephen A. Vintz (2) 2/17/2021 Stephen A. Riddick (2) 2/17/2021 — — 350,000 180,000 — — — 171,037 $ 7,499,972 93,500 4,099,975 50,17 1 2 ,199,998 ____ ___ RSUs granted under our 2018 Equity Incentive Plan vest 25% on February 17, 2022, and ________ __ __ (1) quarterly thereafter each vesting date, subject to the Named Executive Offiff cer’s continuous service with the company through the applicable vesting date and subject to accelerated vesting in specified circumstances. for the following three years. Each award is settled in shares of common stock on ff These rows represent possible payouts pursuant to the short-term cash incentive bonus plan (2) for 2021 the short-term cash incentive bonus plan included a minimum threshold of 75% of 2021 For . each quarterly short-term cash incentive bonus opportunity and did not include maximum values. For ion about these payments, see the Compensation Discussion & Analysis. ff more informat , 57 OOutstan gding Equityy Awards Th fe folff lowing table sets fforth certain finformff Named Executive OfOffficfff ers that remain outstan ation about outst gding as fof December 31, 2021. g g anding equityy awards ggranted to our Number of Securities Underlying Unexercised Options (#) Exercisable 2,319,524 353,533 — — — 305,500 105,000 317,575 — — — 2 1,780 — — — Name Amit Yoran Stephen A. Vintz Stephen A. Riddick Grant Date 1/18/2017 6/21/2018 2/20/2019 2/19/2020 2/17/2021 12/16/2014(6) 6/30/2016 6/21/2018 2/20/2019 2/19/2020 2/17/2021 6/21/201 8 2/20/2019 2/19/2020 2/17/2021 Option Awards(1) Number of Securities Underlying Unexercised Options (#) Unexercisable — 212,124 (4) — — — — — 105,859 (7) — — — 43,562 (4) — — — Option Exercise Price(2) Option Expiration Date $ 4.25 1/18/2027 16.21 6/21/2028 2.36 4.15 12/16/2024 6/30/2026 16.21 6/21/2028 16.21 6/21/2028 Stock Awards Number of Shares of Stock That Have Not Vested (#) Market Value of Shares of Stock That Have Not Vested(3) 66,219 (5) 130,953 (8) 171,037 (9) $3,646,680 7,211,582 9,419,008 42,721 (5) 79,366 (8) 93,500 (9) 2,352,645 4,370,686 5,149,045 14,955 (5) 35,715 (8) 50,171 (9) 823,572 1,966,825 2,762,917 ____ ___ E ________ __ __ (1(1) ) Incentive Plan. xcept as noted, all of the options listed in the table were granted under our 2016 Stock All of the option awards listed in the table were granted with a per share exercise price equal (2) to or above the fair market value of one share of our common stock on the date of grant, as determined in good faith by our Board of Directors. Represents the market value of the restricted stock award or restricted stock unit based on (3) the closing price of our common stock of $55.07 per share on December 31, 20 .21 25% of the shares subject to the option vested in equal monthly installments over the twelve- (4) month period beginning on June 21, 2020, and ending on the third anniversary of the grant date, and continue to vest monthly over the twelve-month period thereafter , in each case subject to the recipient’s continued service, and subject to accelerated vesting in specified circumstances. ff Granted under our 2018 Equity Incentive Plan. 25% of the shares subject to the RSU award (5) vested on February 20, 2020, and the remainder continue to vest in equal quarterly installments over three years thereafter accelerated vesting in specified circumstances. , in each case subject to the recipient’s continued service, and subject to ff (6) Granted under our 2012 Stock Incentive Plan. 25% of the shares underlying the option vested on June 21, 2019 and continue to vest on (7) each twelve-month anniversary thereafter subject to accelerated vesting in specified circumstances. ff , in each case subject to Mr. Vintz’s continued service, and 58 Granted under our 2018 Equity Incentive Plan. 25% of the shares subject to the RSU award (8) vested on February 19, 2021, and the remainder continue to vest in equal quarterly installments over three years thereafter accelerated vesting in specified circumstances. , in each case subject to the recipient’s continued service, and subject to ff (9) Granted under our 2018 Equity Incentive Plan. 25% of the shares subject to the RSU award vested on February 17, 2022, and the remainder continue to vest in equal quarterly installments over three years thereafter accelerated vesting in specified circumstances. , in each case subject to the recipient’s continued service, and subject to ff Options Exercised and Stock Vested g previously ggranted to our Named Executive OfOfffifff cers llowing table shows The ffo y informat ion g g ff f during 2021. g regarding the exercise fof options and the vesti gng fof stock Name Amit Yoran Stephen A. Vintz Stephen A. Riddick Option Awards Stock Awards Number of Shares Acquired on Exercise (#) Value Realized on Exercise ($)(1) Number of Shares Acquired on Vesting (#) Value Realized on Vesting ($)(2) 255,000 $ 10,613,107 154,823 $ 200,000 216,140 8,383,419 8,717,447 95,903 39,737 6,917,577 4,284,330 1,776,274 The dollar amounts shown are determined by multiplying the number of options that were ______ ____ ____ ____ ____ ___ (1)(1) exercised by the intrinsic value of the options exercised based on the per share closing price of our common stock on the exercise date. (2) the per share closing price of our common stock on the vesting date. The dollar amounts shown are determined by multiplying the number of shares that vested by Empl yoyment gAgreements with OOur Named Executive OfOfffice fff rs Mr. Yoran We entered into an offffer letter with Mr. Yoran in OOctober 2016, an addendum thereto in February y 2017 and an amended and restated emp yloyment gagreement in Februa yry 2019. Pursuant to the terms fof his amended and restated emp yloyment gagreement, Mr. Yoran’s emp yloyment is at will and terminated at base connection with ente gring into his amended and restated emp yloyment gagreement, Mr. Yoran also entered into an intellectual propertyy, non-disclosure and non-solicitation gagreement with us. ymay be employment gagreement provided ffor an initial annual gtarget, each su jbject to increase yby the Board o Cr Compensation CCommittee. In yany time yby us or Mr. Yoran. salary and bonus The YY y y y (each as Under his employment gagreement current yly in fefffect fff fdefined in his amended and restated , iff Mr. Yoran is terminated without cause or y employment gagreement),), or fif dies or his empl yoyment is terminated due to disabili yty (as(as re gsigns ffor ggood reason (each Mr. Yoran fdefined in his amended and YY restated emp yloyment gagreement),), provided he (or(or his estate, as applicable)le) gsigns and does not revoke a separation aggreement that includes a release off claims, Mr. Yoran receive 18 months fof continued base premiums ffor continued ggroup health coveragge ffor up to 12 months ffo cash prorated based on the last previously paid or due ffor the yyear in which the termination occurs, and pro-rated accelerated s t garget annual bonus ffor th ye year in which the termination occurs, yerly bonuses employment and reduced yby the amount salary, p yayment yby the comp yany fof the g YY ypayment equal to Mr. Yoran’ yday fof (or(or his estate)e) is y employer-portion fof llowing termination, a lump sum yany quart vesting g fof YY y y y geligible to 59 g g YY is lowing a changge in control (a(as d fefined in his amended and restated gding unvested equityy awards based on the applicable vest ging schedule. fIf Mr. Yoran resigns ffor ggood reason within the three months prior to or 12 months fof his outstan terminated without cause or ffol provided he gsigns and does not revoke a separation gagreement that includes a release fof claims, Mr. Yoran is eliggible to receive the same base sa ylary severance and ggroup health plan contributions set fforth above (provided ypayment equal to the sum fof (i)(i) 1.5 times Mr. Yoran’ termination occurs, prorated based on the last d yay fof quart times Mr. Yoran’ vesti gng in ffull off a yny outstan is ffurther conditioned upon Mr. Yoran’ gobligations and fof previously paid or due ffor the yyear in which the termination occurs, plus (ii)(ii) 1.5 s t garget annual bonus ffor the yyear in which the termination occurs, and accelerated gding unvested equityy incentive awards held yby Mr. Yoran. (provided that the base sa ylary severance will be paid in a lump sum), YY s compliance with certain non-disclosure and non-solicitation s t garget annual bonus ffor th ye year in which the employment and reduced yby the amount resignation ffrom all positions with us. yerly bonuses YY employment gagreement),), um), a bonus severance yany YY YY g y y y SSuch severance In addition, pursuant to the terms fof Mr. Yoran' YY s outstandingg restricted stock unit awards ggranted y mpany's 2018 Equ yity Incentive Plan, iff Mr. Yoran's emp yloyment is terminated due to under the CCo death or disabilityity, or iff he remains restricted stock units are not continued, assumed or substituted ffor yby the acquiror in connection with the cha gnge in control, the unvested restricted stock units will become fful yly vested. employed thro gugh the date fof a changge in control and his y Mr. Vintii z att nd Mr. Riddidd kck We entered into an offeff r letter with Mr. Vintz in October 2014 and an amended and restated employment agreement in February 2019. Pursuant to the terms of his amended and restated employment agreement, Mr. Vintz’s employment is at will and may be terminated at any time by us or Mr. Vintz. The emp yloyment gagreement provided ffor an initial annual base each his amended and restated employment agreement, Mr. Vintz also entered into an intellectual property, non-disclosure and non-solicitation agreement with us. subject to increase yby the Board o Cr Compensation CCommittee. In connection with entering into salary and bonus gtarget, y j We entered into an offeff r letter with Mr. Riddick in May 2016 and an amended and restated y employment agreement in February 2019. Pursuant to the terms of his employment agreement, Mr. Riddick’s employment is at will and may be terminated at any time by us or Mr. Riddick. The employment gagreement provided ffor an initial annual base increase yby the Board o Cr Compensation CCommittee. In connection with entering into his amended and restated employment agreement, Mr. Riddick also entered into an intellectual property, non-disclosure and non-solicitation agreement with us. salary and bonus gtarget, each subject to j y Under the employment agreements currently in effect with Mr. Vintz and Mr. Riddick, if the Named ff Executive Offff icer is terminated without cause or resigns for good reason (each as defined in the amended and restated employment agreement), provided the Named Executive Offff icer signs and does not revoke a separation agreement that includes a release of claims, the Named Executive Officer is eligible to receive 12 months of continued base salary, payment by the company of the employer-portion of premiums for continued group health coverage for up to 12 months following termination, a lump sum cash payment equal to the Named Executive Offff icer’s target annual bonus for the year in which the termination occurs, prorated based on the last day of employment and reduced by the amount of any quarterly bonuses previously paid or due for the year in which the termination occurs, and pro-rated accelerated vesting of the Named Executive Offiff cer’s outstanding unvested equity awards based on the applicable vesting schedule. If such termination or resignation occurs within the three months prior to or 12 months following a change in control (as defined in his amended and restated employment agreement), provided the Named Executive Officer does not revoke a separation agreement that includes a release of claims, the Named Executive signs and ff 60 Officff er is eligible to receive the same base salary severance and group health plan contributions set forth above (provided that the base salary severance will be paid in a lump sum), a bonus severance payment equal to the sum of (i) one times the Named Executive Offiff cer’s target annual bonus for the year in which the termination occurs, prorated based on the last day of employment and reduced by the amount of any quarterly bonuses previously paid or due for the year in which the termination occurs, plus (ii) one times the Named Executive Offiff cer’s target annual bonus for the year in which the termination occurs, and accelerated vesting in full of any outstanding unvested equity incentive awards held by the Named Executive Offiff cer. In addition, if the Named Executive Officer dies or his employment is terminated due to disability (as defined in his employment agreement), provided the Named Executive Offiff cer’s estate or the Named Executive Offiff cer, as applicable, signs and does not revoke a separation agreement that includes a release of claims, the Named Executive Officer dependents and the Named Executive Offiff cer, as applicable, are eligible to receive payment by the company of the employer-portion of premiums for continued group health coverage for up to 12 months following termination. SSuch severance is ffurther conditioned upon the Named Executive Officer all positions with us. ’s compliance with certain non-disclosure and non-solicitation gobligations and resignation ffrom ’s g ff ff ff In addition, pursuant to the terms fof the outstan gding restricted stock unit awards ggranted under y mpany's 2018 Equ yity Incentive Plan held yby Mr. Vintz and Mr. Riddick, iff his employyment is the CCo terminated due to death or disabili yty, or iff he remains emp yloyed control and his restricted stock units are not continued, assumed or substituted ffor yby the acquiror in connection with the change in control, the unvested restricted stock units will become fully through the date off a ch gange in fully vested. g g Potential Payments Upon Termination or Change in Control The table below sets fforth the values that the conti would derive fof (i)(i) death or disabili yty, (, (ii) t) termination without cause or res gignation ffor ggood reason not (iii) termination without cause or assuming that in the event in connection with a cha gnge fof control (“(“ re gsignation ffor ggood reason in connection with a cha gnge fof control (“(“CCICC Terminat in each case the event occurred on the last business nuing Named Executive OfOffficers Non-CICC TermTT yday fof 2021. ”),”), and (iii) inationtt iontt ”),”), C TT g g fff Death/Disability Non-CIC Termination CIC Termination Name Amit Yoran Cash Severance(1) Equity Severance(2) Cash Severance(3) Equity Severance(2) Cash Severance(4) Equity Severance(2) $ 894,648 $ 16,630,589 $ 894,648 $ 8,243,022 $ 1,834,648 $ 28,520,408 Stephen A. Vintz 17,421 9,519,731 537,331 2,056,821 887,331 15,986,057 Stephen A. Riddick 9,417 4,729,742 431,085 1,692,74 2 6 11,085 7,246,133 y For Mr. Vintz and Mr. Riddick, represents the value fof the payyment yby the c ______ ____ ____ ____ ____ ___ (1)(1) employer-paid portion fof premiums ffor continued ggroup health coveragge ffor 12 months ffo termination. For Mr. Yoran, represents the value fof 18 months fof continued base the company of the employer-paid portion of premiums for continued group health coverage for 12 months following termination, and a lump sum cash payment equal to Mr. Yoran’ reduced by the amount of the quarterly bonuses paid during 2021. ompany fof the y salary, p yayment yby llowing g s target annual bonus YY y Represents the value of accelerated vesting of restricted stock, the value of accelerated (2) vesting of restricted stock units, and the intrinsic value of stock options for which vesting is accelerated, as applicable, in each case based on the closing price of our common stock of $55.07 per share on December 31, 2021. (3) Represents the value of 12 months of continued base salary (18 months for Mr. Yoran), payment by the company of the employer-paid portion of premiums for continued group health 61 coverage for 12 months following termination, and a lump sum cash payment equal to the Named Executive Offff icer’s target annual bonus reduced by the amount of the quarterly bonuses paid during 2021. Represents the value fof a lump sum cash salary (18(18 y ran), payyment yby the comp yany fof the emp yloyer-paid portion fof premiums ffor g (4)(4) months ffor Mr. Yoran), ypayment continued ggroup health cove grage ffor 12 months ffo oran) equal to one times the Named Executive OfOfffifff cer’s ta grget annual bonus ((1.5 times ffor Mr. Yoran) YY ypayment reduced yby the amount YY oran). equal to one times the Named Executive OfOfffifff cer’s ta grget annual bonus ((1.5 times ffor Mr. Yoran). llowing termination, a lump sum cash ypayment equal to 12 months fof base during 2021, and a lump sum cash yerly bonuses paid fof the quart g CCEOO P yay Ratio Under the Dodd-Frank Wall Street Reformff and Consumer Protection Act and SSECC rules, we are required to provide a reasonable estimate off the ratio fof the annual total compensation fof Mr. Yoran, YY y our C fChief Executive OfOffficer employees. fff fof 1933, as 402(u) In accordance with Instruction 2 to Item 402(u) amended, because there has been no c employee compensation hange in our g arrangements in the last yyear that we reasonablyy believe would result in a s gign fificant cha gnge to our ypay ratio disclosure, we elected to utilize the same median employee we had ident fified in 2020 to calculate our 202 C1 C OEO payy ratio. For our last completed yyear, which ended December 31, 2021: , to the median fof the annual total compensation fof our other gRegulation SS-K under the SSecurities Act employee population or fof g y y y • The median fof the annual total compensation fof all includingg employyees fof our consolidated subsidiaries, was approximat yely $$176,067. This annual total compensation is calculated in accordance with Item 402(c)(2)(x) 402(c)(2)(x) aggregat K, and r feflects, amo gng other th gings, sal yary and bonus earned and gg g during 2021. g value” fof SRSU awards ggranted ran), employees (oth(other than Mr. Yoran), “e “ggrant dat fof Reggulation SS- fof our fe fair y • Mr. Yoran' YY Table included in this s annual total compensation ffor 2021, as reported in the SSu Proxy SStatement, was $$8,480,631. y mmary CCompensation y • Based on the above, ffor 2021, the ratio fof Mr. Yoran' median fof the annual total compensation fof all YY employees was approximat yely 48 to 1. s annual total compensation to the y This p yay ratio is a reasonable estimate calculated in a manner consistent with Item 402(u)(u) fof je judggment and assumptions. The SSECC rules do not fof 1933, as amended, and applicabl ge guidance and is based methodologyy g ymay use ypay ratio. rdingly, the payy ratio disclosed yby other companies, even companies within the same indust yry as gRegulation SS-K under the SSecurities Act upon our reasonabl ffor ident fification fof the median assumptions and meth g AAcco g y us, odologies that are difffferent ffrom those used yby us in calculat ging their employee or calculation fof the payy ratio, and other companies ymay not be comparable to our p yay ratio as disclosed above. ff f specifyy a s inggle y The met hodologyy, in g cluding g yany material assumptions, adjjustments and estimates, we used to calculate identifyify the median employee and calculate the 2021 y ypay ratio is described below. • y fof our ffull-time, part- employees ggloballyy as off December 31, 2020. As permitted yby the SSECC For purposes fof the payy ratio calculation, we included substant time and temp orary y rules, we excluded %5% fof our gglobal y empl yoyees in ga given jjurisdiction located outside fof the Unite Sd States, start ging with the jurisdict jurisdiction that had the lowest number off e cont employees as fof such date until %5% fof our total gglobal employees in jjurisdictions with an inc y fof employee population was excluded. ymployees as fof December 31, 2020, and employee population ffrom the calculation yby excludi gng all reasingly ggreater number inuing to exclude all ially all y g y g y y 62 fof ff aining their compensation f informat employees in those jjurisdictions y ion. As fof December 31, fof obt We excluded these employyees ggiven the small number and the estimated cost 2020, our wor fkforce consisted fof 1,301 consolidated subsidiaries), %30% fof our total outside fof the United SStates, via the met hodologyy described above. g g y y (includingg individuals empl yoyed yby our sidiaries), 912 off whom were SU.S. emp yloyees, and 389 (or(or approximat yely employees located employee population as fof December 31, 2020)20) were employees (includin y fafter excludi gng 66 empl yoyees located outside the United SStates • y y g g ff he median using annual base salary as fof December 31, 2020 using a reasonable estimate off hours worked y employee's (s (i)i) annual base employee ffrom the emp yloyee population described above, we To iden ftifyy t determined the sum fof each (calculated as annual base p yay (calculat hourly employees and y y earned annual cash incentive bonus or commission, as applicable, ffor 2020. Permanent empl yoyees who jjoined in 2020 were assumed to have worked ffor the entire yyear, and thus we annualized the payy off such new hires. This compensation measure was consistent yly applied employees included in the calculation and reasonablyy r feflects the annual compensation to all currency was converted to SU.S. dollars fof our fof all using a spot ex termining the median compensated g employee, we did not make y employee outside fof the SU.S. y y employees. CCompensation paid in ffore gign jadjustments to the compensation paid to anyy change rate on December 31, 2020. In de remaining employees), loyees), plus (ii)(ii) during 2020 ffor salary ffor our y yany cost living g fof g g g g y y • OOnce we ident fified our median employee, we calculated the median y this purpose the gagg ggregat ge grant dat compensation in accordance with the requirements fof Item 402(c)(2)(x) (c)(2)(x) including fg forff ymary CCompensation Table)ble) ggranted in 2021, in accordance wit s yielding the median annual total compensation disclosed above. With respect to Mr. Yoran' y annual total compensation, we used the amount reported in the ““Total” column fof our 2021 SSu fe fair value fof equityy awards (a(as determined mmary CCompensation Table. e 1 fof the 2021 SSum fh footnot YY TT g y ff employee’s annual total y gRegulation SS-K, fof Director Compensation DIRECTOR COMPENSATION This section provides regarding the compensation fof our non-employyee directors in 2021 O. Our non-employyee directors are also entitled to reimbursement off direct expenses incurred in connection with attendingg meet gings fof our Board fof Directors or committees t both cash and equity compensation to our independent directors. hereof W. informat e may provide ion g g ff f f 2021 CCash CCompensation Except as described in the ffootnotes to the table below, the cash compensation amounts set fforth ypayable to each non-employyee director ffor their service on the Board fof Directors fof the below were y company ffor the yyear ended December 31, 2021: AAnnual Board SService Retainer $- $35,000 AAnnual Retainer ffor CChairman fof the Audit CCommittee $- $20,000 AAnnual Retainer ffor CChairman fof the CCompensation CCommittee $- $13,500 AAnnual Retainer ffor CChairman fof the Nominat ging an Cd Corporat Ge Governance CCommittee - $$8,000 AAnnual Retainer ffor members fof the Audit CCommittee $- $10,000 • • • • • • AAnnual Retainer ffor members fof the CCompensation CCommittee $- $6,000 63 • AAnnual Retaine fr forff members fof the Nominat ging and CCorporat Ge Governance CCommittee - $$4,000 2021 Equity Compensation On May 25, 2021, each director identified in footnote (3) to the table below who was appointed prior to 2021 was granted 4,962 RSUs, with the shares underlying the RSUs vesting on the earlier of the first anniversary of the date of grant of the company’s next annual stockholder meeting, subject to each director’s continued service as a director through the applicable vesting date and accelerated vesting in specified circumstances. Ms. Howe, who was appointed in May 2021, received 9,925 RSUs, with the shares underlying the RSUs vesting annually over three years, subject to her continued service as a director through the applicable vesting date and accelerated vesting in specified circumstances. 2021 Director CCompensation Table The ffo llowing table provides g informat ff f ion as to the compensation fof our non-employyee directors ffor the yyear ended December 31, 2021. Name(1) Arthur W. Coviello, Jr. Kimberly L. Hammonds Niloofarff Razi Howe John C. Huffard, Jr. Jerry M. Kennelly Ping Li (4) A. Brooke Seawell Richard M. Wells(4) Linda Zecher Higgins Fees Earned or Paid in Cash Stock Awards(2)(3) Total $ 53,000 $ 199,969 $ 49,000 20,500 35,000 48,500 — 55,000 — 45,000 199,969 399,978 199,969 199,969 — 199,969 — 199,969 252,969 248,969 420,478 234,969 248,469 — 254,969 — 244,969 ______ ____ ____ ____ ____ ___ (1)(1) YY Mr. Yoran’ YY Mr. Yoran did not earn compensation during 2021 ffor his service on our Board fof Directors. g s compensation is fful yly freflected in the “Summary “Summary CCompensation Table” above. The amounts in the SStock Awards column fe fair value fof each during the yyear ended December 31, 2021, computed in accordance with ASCSC (2)(2) SRSU award ggranted the award to Topic 718. This calculation assumes that the director will performff vest in full as required by SEC rules. These amounts do not reflect the actual economic value that will be realized by the director upon vesting of the RSUs or the sale of the common stock underlying such RSUs. freflect the gagg ggregat ge grant dat the requisite service forff g As fof December 31, 2021, Messrs. CCoviello, Kennel yly, and SSeawell held options to purchase ((3)3) 76,672 shares, 108,000 shares, and 230,000 shares, respecti yvely, off our common stock. None off our other non-employyee directors held options to purchase shares fof our common stock as fof December 31, 2021. As off December 31, 2021, Ms. Hammonds and Messrs. CCoviello, Huffffard, Ke SSeawell each held 4,962 SRSUs, Ms. Zecher SRSUs. None fof our other non-employyee directors held stock awards as fof December 31, 2021. nnelly and y ggHiggins held 10,740 SRSUs and Ms. Howe held 9,925 (4)(4) former majora Mr. Li and Mr. Wells are affiliaff ted with Accel and Insight Venture Partners, respectively, each stockholders of the Company, and accordingly did not receive cash or equity 64 compensation for their service as directors during 2021. Additionally, Mr. Li resigned from the Board on May 25, 2021 and Mr. Wells resigned from the Board on January 7, 2022. 65 SECURITIES AUTHORIZED FOR ISSUANCE UNDER EQUITY COMPENSATION PLANS Th fe folff ff 2021. I have ff lowing table summarizes our equityy compensation plan f informat g ion as fof December 31, fnformat ion is included ffor equityy compensation plans approved yby our stockholders. We do not yany equityy compensation plans not approved yby our stockholders. Number of Securities to be Issued Upon Exercise of Outstanding Options, Warrants, and Rights (a) Weighted Average Exercise Price of Outstanding Options, Warrants and Rights (b)(1) Number of Securities Remaining Available for Future Issuance Under Equity Compensation Plans (Excluding Securities Reflected in Column (a))(c)(2) 12,693,240 $ — 12,693,240 $ 9.88 — 9.88 25,963,039 — 25,963,039 Plan Category Equity compensation plans approved by stockholders Equity compensation plans not approved by stockholders Total ______ ____ ____ ____ ____ ___ (1)(1) 5,780,841 shares in column (a) that are issuable upon vesting of RSUs, which have no exercise price. The weighted average exercise price of the outstanding stock options and rights excludes Includes our 2018 Equity Incentive Plan (“2018 Plan”) and 2018 ESPP. Stock options or other (2) stock awards granted under our 2002 Stock Incentive Plan, 2012 Stock Incentive Plan and 2016 Stock Incentive Plan that are forfeited, terminated, expired or repurchased become available forff issuance under our 2018 Plan. Our 2018 Plan provides that the total number of shares reserved of common stock reserved for issuance thereunder will be automatically increased, on January 1 of each calendar year, in an amount equal to 5% of the total number of shares of our capital stock outstanding on December 31 of the prior calendar year, or a lesser number of shares determined by our Board. Our 2018 ESPP provides that the number of shares of our common stock reserved for issuance thereunder will automatically increase on January of each calendar year by the lesser of: (1) 1.5% of the total number of shares our capital stock outstanding on December 31st of the preceding year; (2) 8,000,000 shares; or (3) a lesser number of shares determined by our Board. On January 1, 2022, the number of shares reserved for issuance under our 2018 Plan and our 2018 ESPP automatically increased by 5,446,444 shares and 1,633,933 shares, respectively, pursuant to these provisions. These increases are not reflected in the table above. 66 TRANSACTIONS WITH RELATED PERSONS AND INDEMNIFICATION Related-Person Transactions Policy and Procedures We have adopted a related person transaction p yolicy that sets fforth our procedures ffor the policy y yany series fof similar transactions, arr gangements or relationships, in which we and ident fification, review, consideration and approval or ra ftification fof related person transactions. For purposes fof our yonly, a related person transaction is a transaction, or person are, were or will be participants in which the amount involved exceeds $$120,000. Transactions involving compensation ffor services provided to us as an employyee or director are not covered yby this policy. A related person is class fof our voti gng securities, in or controlled yby such persons. , director or ben feficial owner ff fe f amily y fof more than 5%% off a yny yany entityy owned arrangement or relationship, yany fof their immediat yany executive foffficer members and yany related cluding g g g y fff Under the po ylicy, iff a transaction has been ident fified as a related person transaction, includi gng f g g g yany goriginal yly consummated or enefits to us fof the transaction and whether the transaction is on terms that are ially ident fified as a related person transaction prior to consummation, our information yany transaction that was not a related person transaction when y transaction that was not init management must present regarding the related person transaction to our Audit CCommittee, or, fif Audit CCommittee approval would be inappropriate, to another independent body fof y our Board fof Directors, ffor review, consideration and approval or rat fification. The presentation must include a description fof, amo gng other th gings, the material ffacts, the interests, direct and indirect, off the related persons, the b comparable to the terms available to or ffrom, as the case ffrom emp yloyees ggenerallyy. Under the policyy, we will collect infformation that we deem reasonablyy necessary ffrom each director, executive foffficefff y enable us to identifyify fof the po ylicy. In addition, under our CCode fof Business CConduct and Ethics, our directors have an affffirmative responsibilityy to disclose could be expected to ggive rise to a c AAudit CCommittee, or other independent bodyy off our Board fof Directors, will take into account the relevant available ffacts and circumstances includingg, but not limited to: yany exist ging or potential related-person transactions and to fefffect employees and y reasonably y fonflict off interest. In consideringg related person transactions, our r and, to the extent ffeasible, signifgnificant stockholder to uate the terms ymay be, an unrelated third partyy or to or yany transaction or relationship that f fff • • • • the risks, costs and benefits to us; f the impact on a director's independence in the event that the related person is a director, immediat fof a director or an ent yity with which a director is fafffiliat member f fe f amily y ed; fff the availabili yty fof other sources ffor comparable services or products; and the terms available to or ffrom, as the case employees ggenerallyy. y ymay be, unrelated third parties or to or ffrom The policyy requires that, in de termining whether to approve, rat fifyy off g r r jeject a related person transaction, our Audi Ct Committee, or other independent bodyy off our Board fof Directors, must consider, fof known circumstances, whether the transaction is in, or is not inconsistent with, our best in glight interests and those fof our stockholders, as our Audit CCommittee, or other independent body fof our Board fof Directors, determines in the ggood ffaith exercise fof its discretion. y Certain Related Person Transactions The ffo llowing includes a summaryy off transactions since g January 1, 2021 to which we have been a y partyy, in which the amount involved in the transaction exceeded $$120,000, and in which g directors, executive foffficers f fe f amily y securities or direct or indirect material interest O. Other than described below, there have not been, nor are there yany fof our owledge, be fneficial owners fof more than %5% fof our voti gng or, to our kn fof the immediat regoing persons had or will have a yany fof the ffo g yany member fof g fff 67 yany proposed, transactions or series fof similar transactions to which we have been or will be current yly a par yty other than compensation arrangements, which include equityy and other compensation, termination, cha gnge in control and other arranggements, which are described under ““Executive CCompensation” and ““Director CCompensation.” g EE Emplo yyment Arranggements with Messrs. SSchonb gerger and Vintii zztt We have employed Ron Schonberger, the brother of Amit Yoran, our Chief Executive Officer and Chairman, as our Associate General Counsel since October 2017, and Frank Vintz, the brother of Stephen A. Vintz, our Chief Financial Offiff cer, as a Senior Director of Customer Success since March 2017. Each of Mr. Schonberger and Mr. Frank Vintz is paid compensation consisting of salary, bonus and the fair value of options to purchase common stock or RSUs. In 2021, Mr. Schonberger and Mr. Frank Vintz each received total cash and equity compensation of approximately $400,000. Transaction Success Fee to Security Growth rr Partners LLC On February 17, 2022, Security Growth Partners LLC, or SGP, rP eceived a transaction success fee from Cymptom Labs Ltd., or Cymptom, of $690,000 as consideration for services provided to Cymptom to facilitate the sale of Cymptom to Tenable. N. Elad Yoran, the brother of Amit Yoran, our Chief Executive Officer ed with SGP. The success fee was paid by Cymptom out of the proceeds we paid to acquire Cymptom. The Board reviewed and approved the success fee as a related party transaction in connection with its approval of the acquisition of Cymptom. and Chairman, is a member of and affiliat ff ff Indemniffication We provide indemnification for our directors and executive officers so that they will be free from ur directors and executive officers undue concern about personal liability in connection with their service to the Company. Under our Bylaws, we are required to indemnify off under Delaware law. We have also entered into indemnity agreements with our executive officers directors. These agreements provide, among other things, that we will indemnify t director, under the circumstances and to the extent provided forff damages, judgments, fines and settlements he or she may be required to pay in actions or proceedings which he or she is or may be made a party by reason of his or her position as a director, officeff law and our Bylaws. r or other agent of the Company, and otherwise to the fullest extent permitted under Delaware to the extent not prohibited ff expenses, in the agreement, forff ff he officer ff or ff and 68 HOUSEHOLDING OF PROXY MATERIALS The SEC has adopted rules that permit companies and intermediaries, such as brokers, to satisfyff the delivery requirements for Notices of Internet Availability of Proxy Materials or other Annual Meeting materials with respect to two or more stockholders sharing the same address by delivering a single Notice of Internet Availability of Proxy Materials or other Annual Meeting materials addressed to those stockholders. This process, which is commonly referred to as “householding,” potentially means extra convenience for stockholders and cost savings for companies. This year, a number of brokers with account holders who are our stockholders will be “householding” the Company’s proxy materials. A single Notice of Internet Availability of Proxy Materials will be delivered to multiple stockholders sharing an address unless contrary instructions have been received from the affected stockholders. Once you have received notice from your broker that they will be “householding” communications to your address, “householding” will continue until you are notified otherwise or until you revoke your consent. If, at any time, you no longer wish to participate in “householding” and would prefer to receive a separate Notice of Internet Availability of Proxy Materials, please notify your broker or us. Direct your written request to Tenable Holdings, Inc., Attn: Corporate Secretary, 6100 Merriweather Drive, 12th Floor, Columbia, Maryland 21044. Stockholders who currently receive multiple copies of the Notices of Internet Availability of Proxy Materials at their addresses and would like to request “householding” of their communications should contact their brokers. 69 OTHER MATTERS The Board of Directors knows of no other matters that will be presented for consideration at the Annual Meeting. If any other matters are properly brought before the meeting, it is the intention of the persons named in the accompanying proxy to vote on such matters in accordance with their best judgment. By Order of the Board of Directors, Stephen A. Riddick General Counsel and Corporate Secretarytt Dated: April 13, 2022 A copy of the Company’s Annual Report to the Securities and Exchange Commission on Form 10-K for the year ended December 31, 2021 is available without charge upon written request to Tenable Holdings, Inc., Attention: Corporate Secretary, Tenable Holdings, Inc., 6100 Merriweather Drive, 12th Floor, Columbia, Maryland 21044. 70 APPENDIX RECONCILIATION OF NON-GAAP MEASURES In this proxy statement, we discuss certain operating metrics and non-GAAP financial measures, ff These non-GAAP financial measures, which may be different as described below, which we think are important to better understand and evaluate our core operating and financial performance. ff than similarly titled measures used by other companies, are presented to enhance the overall understanding of our financial performance to, the financial informat Report on Form 10-K. We believe that these operating metrics and non-GAAP financial measures provide useful informat ion about our operating and financial performance, understanding of our past performance and future prospects and allow for greater transparency with respect to important metrics used by management for financial and operational decision-making. and should not be considered a substitute for, or superior ion prepared and presented in accordance with GAAP included in our Annual enhance the overall ff ff ff ff Calculated Current Billill ngii s We define calculated current billings, a non-GAAP financial measure, as total revenue recognized in a period plus the change in current deferred revenue in the corresponding period. We believe that calculated current billings is a key metric to measure our periodic performance. customers pay in advance (including multi-year contracts), but we generally recognize the related revenue ratably over time, we use calculated current billings to measure and monitor our ability to provide our business with the working capital generated by upfront payments from our customers. We believe that calculated current billings, which excludes deferred revenue for periods beyond twelve months in a customer’s contractual term, more closely correlates with ACV and that the variability in total billings, depending on the timing of large multi-year contracts and the preference for annual billing versus multi-year upfront billing, may distort growth in one period over another. Given that most of our ff The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated current billings: (in thousands) Revenue Deferred revenue (current), end of period Deferred revenue (current), beginning of period(1) Calculated current billings Year Ended December 31, 2021 2020 $ 541,130 $ 440,221 407,498 328,819 (331,462) (274,348) $ 617,166 $ 494,692 _______ ____ ____ ____ ____ ____ ____ (1)(1) deferred revenue, which is not included in deferred revenue at December 31, 2020. Deferred revenue (current), beginning of period for 2021 includes $2.6 million related to acquired Free Cash Flow, Uww nlU evered Freerr Cash Flow and Unlevered Freerr Cash Flow Margin We define free cash flow, a non-GAAP financial measure, as net cash provided by operating activities less purchases of property and equipment. We believe free cash flow is an important liquidity measure of the cash (if any) that is available, after purchases of property and equipment, for investment in our business and to make acquisitions. We believe that free cash flow is useful as a liquidity measure because it measures our ability to generate or use cash. We also use the non-GAAP measure of unlevered free cash flow, which we define as free cash flow plus cash paid for interest and other financing costs. We believe unlevered free cash flow is useful as a liquidity measure as it measures the cash that is available to invest in our business and 71 meet our current and future financing needs. Unlevered free cash flow margin is defined as unlevered free cash flow as a percentage of revenue. The following table presents a reconciliation of net cash provided by operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow and unlevered free cash flow: (in thousands) Net cash provided by operating activities Purchases of property and equipment Free cash flow(1) Cash paid for interest and other financing costs Unlevered free cash flow(1) Unlevered free cash flow margin Year Ended December 31, 2021 2020 $ 96,765 $ 64,232 (6,561) 90,204 4,978 (20,277) 43,955 335 $ 95,182 $ 44,290 18 % 10 % _______ ____ ____ ____ ____ ____ ____ (1)(1) Free cash fflow and unlevered ffree cash fflow ffor the periods presented were impacted yby: (in millions) Employee stock purchase plan activity Acquisition-related expenses Tax payment on intra-entity transfer Proceeds from lease incentives Capital expenditures related to new headquarters Year Ended December 31, 2021 2020 $ (0.3) $ (6.5) 2.8 — (0.9) 0.9 (0.7) — 14.2 (17.2) Free cash flow and unlevered free cash flow in 2021 were reduced by approximately $8 million due to prepayments of software approximately $15 million from prepayments of similar items made in 2020. The 2020 prepayments reduced free cash flow and unlevered free cash flow by approximately $17 million in 2020. subscription costs, insurance and rent, offset by a benefit of ff ff Non-GAAPGG Income from OperO atiorr ns We use non-GAAP income from operations as a key indicator of our financial performance. ff We define non-GAAP income from operations as loss from operations, excluding the effects based compensation, acquisition-related expenses and amortization of acquired intangible assets. Acquisition-related expenses include transaction expenses and costs related to the intercompany transfer of acquired intellectual property. of stock- ff 72 The folff lowing table presents a reconciliation of loss from operations, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP income from operations: (dollars in thousands) Loss from operations Stock-based compensation Acquisition-related expenses Amortization of acquired intangible assets Non-GAAPAA income from operations Year Ended December 31, 2021 2020 $ (41,768) $ (36,433) 79,405 6,901 6,447 59,573 339 2,314 $ 50,985 $ 25,793 Non-GAAPGG Net Income and Non-GAAP Earnings Per Sharerr We use non-GAAP net income, which excludes the effect ff of stock-based compensation, acquisition-related expenses and amortization of acquired intangible assets, including the applicable tax impacts, and the tax impact of intra-entity asset transfers resulting from the internal restructuring of legal entities as well as deferred income tax benefits recognized in connection with acquisitions, to calculate non-GAAP earnings per share. We believe that these non-GAAP measures provide important information to management and investors because they facilit operating results over multiple periods. ate comparisons of our core ff 73 The folff lowing table presents a reconciliation of net loss and net loss per share, the most comparable financial measures calculated in accordance with GAAP, to non-GAAP net income and non-GAAP earnings per share. (in thousands, except for per share amounts) Net loss Stock-based compensation Tax impact of stock-based compensation(1) Acquisition-related expenses(2) Amortization of acquired intangible assets(3) Tax impact of acquisitions(4) Tax impact of intra-entity asset transfer(5) Non-GAAP net income Net loss per share, diluted Stock-based compensation Tax impact of stock-based compensation(1) Acquisition-related expenses(2) Amortization of acquired intangible assets(3) Tax impact of acquisitions(4) Tax impact of intra-entity asset transfer(5) Adjustment to diluted earnings per share(6) Non-GAAP earnings per share, diluted Year Ended December 31, 2021 2020 $ (46,677) $ (42,731) 79,405 617 6,901 6,447 (10,560) 2,808 59,573 1,299 339 2,314 — — $ $ 38,941 $ 20,794 (0.44) $ (0.42) 0.75 0.01 0.06 0.06 (0.10) 0.03 (0.03) $ 0.34 $ 0.59 0.01 — 0.02 — — (0.01) 0.19 Weighted-average shares used to compute GAAP net loss per share, diluted 106,387 101,009 Weighted-average shares used to compute non-GAAP earnings per share, diluted 114,825 109,962 _____ The tax impact fof stock-based compensation is based on the tax treatment ffor applicable tax The tax impact of acquisitions in 2021 includes a reversal of the $7.9 million income tax The tax impact of acquisition-related expenses is not material. The tax impact of the amortization of acquired intangible assets is included in the tax impact _______ ____ ____ ____ ____ ____ (1)(1) jurisdictions. jurisdict (2) (3)(3) of acquisitions. (4) benefit recognized for GAAPAA associated with the Accurics acquisition and a reversal of $2.6 million of deferred tax benefits related to the Alsid acquisition. (5) Indegy, resulting in a current tax payment based on the applicable Israeli tax rate. (6) shares, to non-GAAP earnings per share, which includes potentially dilutive shares. The tax impact of the intra-entity asset transfer is related to the internal restructuring of purposes related to the partial release of our valuation allowance net loss per share, which excludes potentially dilutive An adjustment to reconcile GAAPAA 74 UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 ______ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ FORM 10-K ______ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ☒ ☐ Annual Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 For the fiscal year ended December 31, 2021 or Transition Report Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 For the transition period from _____ ____ to ______ ___ Commission file number 001-38600 ____ __ ____ __ ________ __ __ ____ __ ____ __ ____ __ ____ __ ____ ____ TENABLE HOLDINGS, INC. (Exact name of registrant as specified in its charter) ______ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ (State or other jurisdiction of incorporation or organization) (I.R.S. Employer Identification Number) Delaware 47-5580846 6100 Merriweather Drive, Columbia, Maryland 21044 (Address of principal executive offiff ces, including zip code) (410) 872-0555 (Registrant’s telephone number, including area code) ______ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ Securities registered pursuant to Section 12(b) of the Act: Title of each class Trading symbol(s) Name of exchange on which registered Common stock, par value $0.01 per share TENB Nasdaq Global Select Market Securities registered pursuant to Section 12(g) of the Act: None Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒ No ☐ Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒ Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subjeb ct to such filing requirements for the past 90 days. Yes ☒ No ☐ Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). YesYY ☒ No ☐ Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company” and "emerging growth company" in Rule 12b-2 of the Exchange Act. Large accelerated filer Non-accelerated filer ☒ ☐ Accelerated filer Smaller reporting company Emerging growth company ☐ ☐ ☐ If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. o Indicate by check mark whether the registrant has filed a report on and attestation to its management's assessment of the effeff ctiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒ Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐ No ☒ As of June 30, 2021, the aggregate market value of the common stock of the registrant held by non-affiliates was approximately $3.9 billion. The number of shares of the Registrant's common stock outstanding as of February 22, 2022 was 109,780,284. Portions of the registrant's definitive Proxy Statement relating to the 2022 Annual Meeting of Stockholders are incorporated herein by reference in Part III of this Annual Report on Form 10-K. The Proxy Statement will be filed with the Securities and Exchange Commission within 120 days after the year ended December 31, 2021. DOCUMENTS INCORPORATED BY REFERENCE TENABLE HOLDINGS, INC. TABLE OF CONTENTS PART I Item 1. Business Item 1A. Risk Factors Item 1B. Unresolved Staff Cff omments Item 2. Item 3. Item 4. PART II Item 5. Item 6. Item 7. Properties Legal Proceedings Mine Safety Disclosures Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities Selected Financial Data Management's Discussion and Analysis of Financial Condition and Results of Operations Item 7A. Quantitative and Qualitative Disclosures about Market Risk Item 8. Item 9. Financial Statements and Supplementary Data Changes in and Disagreements with Accountants on Accounting and Financial Disclosure Item 9A. Controls and Procedures Item 9B. Other Information Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections PART III Item 10. Directors, Executive Officers Item 11. ff and Corporate Governance Item 12. Executive Compensation Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters Item 13. Certain Relationships and Related Transactions and Director Independence Item 14. Principal Accountant Fees and Services PART IV Item 15. Exhibits, Financial Statement Schedules Item 16. Form 10-K Summary Signatures 3 Pageg 5 15 49 49 49 49 50 51 53 77 79 115 115 116 116 117 117 117 117 117 118 118 Forwarr rd-Looking Statements PART I This Annual Report on Form 10-K, including the sections entitled "Business," "Risk Factors," ff nt from the information expressed or implied by these forward-looking statements. and "Management's Discussion and Analysis of Financial Condition and Results of Operations," contains forward-looking statements that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, perforff mance or achievements to be materially differe Statements that are not purely historical are forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. In some cases, you can identify forward-looking statements by the words “anticipate,” “believe,” “continue,” “could,” “estimate,” “expect,” “intend,” “may,” “might,” “objective,” “ongoing,” “plan,” “predict,” “project,” “potential,” “should,” “will,” or “would,” or the negative of these terms, or other comparable terminology intended to identify statements about the future. These forward-looking statements include, but are not limited to, statements concerning the following: • • • • • • • • • • • • • • • • the anticipated impact of the global economic uncertainty and financial market conditions caused by the COVID-19 pandemic on our business, results of operations and financial condition, including on our sales and our revenue growth rate; our market opportunity; ff the effect our market; s of increased competition as well as innovations by new and existing competitors in our ability to adapt to technological change, release new products and product features and effect ively enhance, innovate and scale our enterprise platform and solutions; ff our ability to effectively manage or sustain our growth and to achieve profitability; our ability to maintain and expand our customer base, including by attracting new customers; our relationships with third parties, including channel partners; completed and potential acquisitions and integration of complementary businesses and technologies; our ability to maintain, or strengthen awareness of, our brand; perceived or actual problems with the security, integrity, reliability, compatibility and quality of our platforff m and solutions; future revenue, hiring plans, expenses, capital expenditures, capital requirements and stock performance; ff our ability to attract and retain qualified employees and key personnel and further expand our overall headcount; our ability to stay abreast of new or modified laws and regulations that currently apply or become applicable to our business both in the United States and internationally; our ability to maintain, protect and enhance our intellectual property; costs associated with defending the future trading prices of our common stock and the impact of securities analysts’ reports on these prices. intellectual property infringement and other claims; and f These statements represent the beliefs aff nd assumptions of our management based on ff informat ion currently available to us. Such forward-looking statements are subject to risks, uncertainties and other important factors that could cause actual results and the timing of certain events to diffeff statements. Factors that could cause or contribute to such diffeff r materially from future results expressed or implied by such forward-looking rences include, but are not limited to 4 those discussed in the section titled “Risk Factors” included under Part I, Item 1A. Such risks and uncertainties may be amplified by the COVID-19 pandemic and its potential impact on our business and the global economy. YouYY should not rely upon forff warr rd-looking statements as predictions of future events. Furthermore, such forward-looking statements speak only as of the date of this report. Except as required by law, we undertake no obligation to update any forward-looking events or circumstances that occur after the date of this report. statements to reflect rr Item 1. Business Overview We are a leading provider of Cyber Exposure solutions. Cyber Exposure is a discipline for managing, measuring and comparing cybersecurity risk in the digital era. Digital transformation is driving radical change and is powering the economy and our social infrastructure. A digital-first economy is only sustainable if it is built with a solid cybersecurity foundation. As organizations modernize their IT infrastructures and adopt cloud or hybrid cloud architectures that are no longer housed in the confines of their traditional on-premise IT networks, they have less visibility and control over the security of these assets. Organizations are also increasingly implementing modern solutions, such as Cloud, DevOps, Infrastructure as Code, or IaC, Mobility, Internet of Things, or IoT, dTT evices, digital identity, web applications and application containers, to enable the rapid development and deployment of new products, services and business models, as well as to drive operational efficiencies. Further, safety-critical Operational Technology, or OT, sTT uch as Industrial Control Systems, are now network-connected and must be secured from cybersecurity threats. As organizations implement these modern solutions, they significantly expand their cyber attack surface. ff While other functions in an organization, such as finance and operations, have systems to help them manage and measure risk, cybersecurity risk has not historically been adequately measured or understood. We are building on our deep technology expertise as a pioneer in the vulnerability assessment and management market to provide broad visibility across the modern attack surfacef and deep insights to help security teams, executives and boards of directors prioritize and measure Cyber Exposure. We believe our Cyber Exposure solutions are transforming how cybersecurity risk is managed and measured and will help organizations more rapidly embrace digital transformation. In 2021, 2020 and 2019 our total revenue was $541.1 million, $440.2 million and $354.6 million, respectively, representing year-over-year growth rates of 23% from 2020 to 2021 and 24% from 2019 to 2020. Our net loss was $46.7 million, $42.7 million and $99.0 million in 2021, 2020 and 2019, respectively. Our cash flows from operating activities were $96.8 million, $64.2 million and $(10.7) million in 2021, 2020 and 2019, respectively. Our EntEE erprise Platform Orr fferings Our enterprise platform enables organizations to answer foundational and strategic questions such as: • Where are we exposed? • Where should we prioritize remediation based on risk? • • Are we reducing our exposure over time? How do we compare to our peers? 5 We have continued to expand and diversify off ur platform offerings from traditional vulnerability management (VM) solutions, which include Tenable.sc and Nessus, to our cloud exposure solutions, which include Tenable.ep, Tenable.io, Tenable.cs, Tenable Web Scanning, or Tenable.io WAS, Tenable.ad and Tenable.ot. Our platforff m offerings provide broad visibility into security issues such as vulnerabilities, misconfigurations, internal and regulatory compliance violations and other indicators of the state of an organization’s security across IT infrastructure and applications, cloud environments, DevOps environments, Active Directory and Identity environments, and Industrial IoT and OT environments. We also provide deep analytics to help organizations score, trend and compare their cyber exposure over time, and communicate cyber risk in business terms to make better strategic decisions. Our platform offeff asset, vulnerability and threat data from third-party systems and applications to prioritize security issues for remediation and focus an organization’s resources based on risk and business criticality. rings integrate and analyze data from our native collectors alongside IT Tenable.ep is our unified platform that helps organizations identify, assess and accurately prioritize cyber risks across the entire attack surface. In addition to streamlining risk-based vulnerability management, Tenable. calculate, communicate and compare their cyber risk exposure over time with that of their industry peers. These advanced capabilities enable a better understanding of the overall effecti security programs and provide a key guide for strategic decision-making. Tenable.ep includes Tenable.io, Tenable.cs, Tenable.io WAS, Tenable.ad, and Tenable Lumin risk analytics. ep delivers deep business insights that empower organizations to veness of TT ff Tenable.io is our cloud-delivered software as a service, or SaaS, offering that provides organizations with a risk-based view of traditional and modern attack surfaces. Tenable.io is designed with views, workflows and dashboards to deliver a complete and continuous view of all assets, both known and previously unknown, and any associated vulnerabilities, internal and regulatory compliance violations, misconfigurations and other cybersecurity issues, prioritize these issues for remediation based on risk assessment and predictive analytics, and provide insightful remediation guidance. Tenable. io is available as a standalone solution or as part of Tenable.ep. TT Tenable.cs is our cloud-native application platform that enables organizations to programmatically detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of the Software Development Lifecycle to prevent unresolved insecure configuration or exploitable vulnerabilities from reaching production. Tenable.cs secures IaC beforeff deployment, maintains a secure posture in runtime, and controls policy deviations over time by synchronizing configuration between runtime and IaC. Tenable. for cloud workloads as well as Container Security to assess cloud hosts and container images for vulnerabilities without the need to manage scan schedules, credentials or agents. Tenable.cs is available as a standalone solution, as part of Tenable.io or as part of Tenable.ep. cs also includes Frictionless or Nessus Assessment TT Tenable.io WAS provides easy-to-use, comprehensive and automated vulnerability scanning for modern web applications, and allows organizations to quickly configure and manage web app scans, enabling them to identify vulnerabilities and prioritize remediation. Tenable.io WAS is available as part of Tenable.io or Tenable.ep. Tenable.ad is our solution to secure Active Directory environments by enabling users to find and fix existing weaknesses beforeff time without the need to deploy agents or use privileged accounts. Tenable. alone solution and integrates with Tenable.io and Tenable.sc. TT they are exploited and detect and respond to ongoing attacks in real ad is sold as a stand- Tenable.ot is our solution that provides threat detection, asset tracking, vulnerability management, and configuration control capabilities to protect OT environments, including industrial networks. Tenable.ot is sold as a stand-alone solution and integrates with Tenable.io and Tenable.sc. 6 Tenable.sc is our on-premise offeff ring that provides a risk-based view of an organization’s IT, security and compliance posture so organizations can quickly identify, investigate and prioritize their assets and vulnerabilities based on risk assessment and predictive analytics, and provide insightful remediation guidance. Our enterprise platform offerings ff deliver the following capabilities: • • • ii Live asset discovery. We can automatically discover a broad range of traditional and modern IT assets, including on-premises infrastructure, web applications, cloud environments, mobile devices, containers, IoT devices and OT systems. We use a combination of active scanning, passive network monitoring and public cloud monitoring via our connectors to identify known and unknown assets on the network. Automated exposure assessment. With every change in a customer’s computing environment, we can automatically assess and identify where there are vulnerabilities, internal and regulatory compliance violations and misconfigurations across assets and cloud environments, such as missing software patches or outdated software versions. In addition, we can help optimize existing security technology investments to identify indicators of cyber exposure, such as improperly configured anti-virus software. ff rr tt to allow for priorit izat tt We combine our product, vulnerability data and ion. based on the business criticality of the asset and the likelihood Deep analyticstt threat intelligence with third-party data to provide business context and enable organizations to prioritize remediation efforts of exploit. Predictive Prioritization enables organizations to reduce business risk by focusing on the vulnerabilities with the greatest likelihood of imminently being exploited. It combines Tenable vulnerability data with third-party threat and vulnerability data across more than 150 data sources using a proprietary machine learning algorithm developed by Tenable Research ff and data science teams to provide clear guidance on where to focus remediation efforts. Predictive Prioritization provides a threat-based view of vulnerabilities, which is a critical component of modern risk-based vulnerability management. TT • OpenO and extensible platform. Our enterprise platform integrates with industry-leading IT workflow, security information and event management, or SIEM, and systems management tools to accelerate remediation and provide common visibility across security and IT operations teams. • Cyber exposure measurement. Tenable Lumin leverages our expansive knowledge base of assets and vulnerabilities coupled with data science insights to help our customers objectively score, trend and benchmark cyber exposure across their organizations, including by business unit or geography, for comparison and best practices. We believe this capability is critical to ion and communicate tively translate technical informat help security executives effecff cybersecurity risk to a non-technical audience, including the C-suite and the board of directors, to make better strategic decisions on where to focus investment to maximize cybersecurity risk reduction. As we continue to expand our database with more vulnerability and asset intelligence as well as additional third-party data sources, we anticipate that we will be able to leverage these insights in Lumin to measure an organization’s cyber exposure beyond vulnerabilities to overall cybersecurity program effecti veness. ff ff Nessus Nessus is one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry and underpins our enterprise platform. Since the introduction of Nessus in 1998, an extensive community of Nessus users has emerged. We continue to cultivate knowledge and affinff within this user base, which, when combined with our enterprise customers and our Tenable l network effects Research team of cybersecurity and data science experts, creates powerfurr in the ff ity 7 form of a continuous feedback loop of data and insights. We use these learnings to expand our assessment capabilities and coverage, continually optimize our solutions and informff strategy and innovation priorities. We believe these data and insights will also fuel and strengthen our benchmarking capabilities over time. our product Nessus Professional is a vulnerability assessment solution for identifying security vulnerabilities, configuration issues and malware. Nessus Professional serves as both a stand-alone product designed for security consultants and practitioners performing as an on-ramp product to our enterprise platform. With broad vulnerability coverage, accurate analysis and an easy-to-use interface, Nessus Professional offers solution for security consultants and users with ad-hoc assessment needs. ff ff one-time or ad-hoc assessment as well a cost-effective and comprehensive Nessus Essentials is our free version of our Nessus product, which includes vulnerability assessment for a limited number of assets, but does not include access to support and certain features that Nessus Professional customers enjoy. Technology Architecture Our platform is built from the ground up to support the needs of modern IT assets and environments. Our platform’s scalability can meet the requirements of the largest global enterprise customers, which may require assessment for millions of assets. Foundational elements of our technology architecture include: • • • • • tructure for agilitll y.t Our use of the public cloud delivers agility and Public cloud infrasrr market responsiveness without the capital investment or time delay involved with planning, purchasing and deploying hardware. It also provides a flexible cost profile in which capacity can be quickly adjusted up or down in response to new opportunities and market demand, with relatively modest fixed costs. Scalabilitii y.t Our platform scales up and down to continuously meet customer demands, through the use of public cloud infrastructure around the world. This approach provides elastic resources for compute, data transfer and storage, and allows us to meet the needs of even the largest global enterprises and government agencies. Our platform manages and supports millions of assets forff multiple enterprise customers across a variety of industries, with the ability to process millions of application programming interface, or API, calls daily. The platformff IT deployments. can scale to support IoT deployments that are an order of magnitude larger than ll ility. Our modern architecture, leveraging state-of-the-art Availabii high availability and high performance. It provides geographic redundancy, as well as automated backup, without the need for us to build redundant infrastructure. As a result, we offer a service level agreement for Tenable. ff the reliability of operation for our customers. io that promises 99.95% availability to help ensure public cloud services, offers TT ff ff ii liii ty and intii egration. Our open API and softwaff Extensibi import of data from third-party sources and sensors, including competitor products, to augment our native discovery, assessment and analytics. This is essential to providing a unified view of assets, vulnerabilities and exposure across the enterprise. These capabilities also enable flexible export of our data to third party systems. re development kit, or SDK, enables ll rr Our products are built on a unified platform with a unified data model that m. Unified Platfor enables us to share data, assets and vulnerabilities across our applications so our customers can run workflows and have a consistent user experience across our products. 8 • Widely adopted industry srr tandardd d f rr rr ilff e forff mat .tt The “.Nessus” file format forff vulnerability data used in all of our products is openly documented and supported by dozens of products and programming languages, which simplifies integration with our ecosystem partners’ technologies. Our Technology Ecosystem We have partnered and/or integrated with market leading technology companies to pioneer the industry’s first Cyber Exposure ecosystem to help organizations build resilient cybersecurity programs. Our ecosystem consists of a variety of third-party data import sources into our platform offeri ngs, as well as export of our data out to third-party IT systems. Our technology ecosystem ff connects disparate solutions and data to automate processes and accelerate an organization’s ability to understand, manage and reduce its cyber exposure. We integrate a variety of third-party data sources, including ticketing, configuration management databases, or CMDBs, and systems management, into our platforff m to augment our native data collection and help with analysis and remediation prioritization. Furthermore, our data is also exported out to enrich third-party IT management and security systems. Our Growth Strategy b Our object ives are to maintain our market leadership in Cyber Exposure and to capture our large market opportunity. To accomplish these objectives, we intend to: • • • • e to Acquireii New EntEE erprise Platform Customers. We believe there is a Continuii substantial opportunity to increase adoption of our enterprise platform offeff experienced growth in new enterprise platform customers due to improved product capabilities and investments in sales and marketing. We intend to continue to aggressively pursue new domestic and international customers by adding sales capacity and leveraging our network of channel partnerships around the world. rings. We have vv Expand Asset Coverag e WithWW in Our Customer Base. We believe we have a significant opportunity to expand our relationships with our existing customers by targeting additional teams, business units or geographies, pursuing broad enterprise deployments and generally expanding our coverage of their IT assets and cross-selling new applications and solutions. ll mrr nology Platfor . We intend to continue to innovate, develop and Invest in Our TechTT broaden our exposure and traditional vulnerability management solutions, including expanding the coverage of emerging attack surfaces and asset types and the addition of analytical capabilities, to help our customers measure and manage their cyber exposure. As we collect more data and ingest more data from third-party sources, we believe our data set will become even more valuable over time, which will allow us to continue to develop new analytical products and capabilities to our existing product suite over time. Explxx ore Acquisition OppO ortuni or development personnel that will expand and enhance the functionality of our platforff m offeff ties. We intend to acquire other businesses, technology and/ rr rings. ◦ In February 2022, we acquired Cymptom to expand our products' ability to identify,ff understand and disrupt attack paths in enterprise networks. ◦ ◦ In October 2021, we acquired Accurics to expand our cloud strategy and ability to assess IaC. In April 2021, we acquired Alsid to expand our product offerings directory security. ff to include active 9 ◦ In 2019, we acquired Indegy Ltd., or Indegy, to expand our depth of OT expertise and intelligence and our breadth of OT-specific capabilities from vulnerability management to asset inventory, configuration management and threat detection. Customers We sell and market our enterprise platform offeff rings through our field sales force that works closely with our channel partners, which includes a network of distributors and resellers, in developing sales opportunities. We use a two-tiered channel model whereby we sell our enterprise platform offeri ff call customers. ngs to our distributors, which in turn sell to our resellers, which then sell to end users, which we Our customers are located in over 170 countries and include enterprises of all sizes and span a wide range of industries, including manufacturing, energy and industrials; technology, media and telecommunications; banking, insurance and finance; government, education and non-profit; healthcare; and retail and consumer. As of December 31, 2021, we had approximately 40,000 customers. At December 31, 2021 our customers included approximately 60% of the Fortune 500 and approximately 40% of the Global 2000. In 2021, 2020 and 2019, no single customer represented more than 2% of our revenue. Sales and Marketing Our sales strategy employs both a direct-touch approach through our sales forces and a low- touch approach through sales closed by our channel partners and transacted on our e-commerce website. Both direct-touch and channel-originated sales are fulfilled through our channel partnerships. Our sales and customer success renewal teams collaborate closely with our channel partners to prospect, manage and support our customers, developing and maintaining close relationships with all of our enterprise platform customers. We sell to organizations of all sizes across a broad range of industries, with a specific focus on enterprise accounts. Our sales team is divided by customer size and geography, including the Americas; Europe, the Middle East and Africa ("EMEA"); and Asia Pacific and Japan. Our partner ecosystem provides us with a number of advantages, including increased in-bound registered sales leads, broader geographic reach and greater deal velocity. Our channel partners include distributors, value-added resellers, system integrators and managed security service providers. Our marketing efforts ff focus on cultivating brand awareness and leveraging our brand strength with Nessus, building demand across all segments with a specific emphasis on our enterprise customers and delivering tailored marketing programs focused on security executives, functional managers and security practitioners and consultants with Nessus. We also provide educational programs to DevOps teams for our Container Security and Web Application Scanning products. We execute marketing programs targeted at new customer acquisition, customer retention and cross- selling and up-selling of products across our platform. Research and Development We continue to invest substantial resources in research and development to enhance our ngs by developing new features, functionality, and applications. Our engineering platform offeri expertise combines extensive security product development experience with individuals who possess deep cloud and user interface design background. ff 10 Additionally, our Tenable TT Research team includes a team of cybersecurity and data science experts who deliver Cyber Exposure intelligence, data science insights, alerts and security advisories. Frequent updates from Tenable Research ensure the latest vulnerability checks, zero-day research, and configuration benchmarks are available within our Cyber Exposure solutions. We believe ongoing and timely development of new products and features is imperative to maintaining our competitive position. We continue to invest in development of our solutions across our global research and development team. Our research and development expense was $116.4 million, $101.7 million and $87.1 million in 2021, 2020 and 2019, respectively. Backlog We define backlog as contractually committed orders to be invoiced under our existing agreements that are not included in the deferred revenue on our consolidated balance sheets. At December 31, 2021 and 2020, we had backlog of $27.7 million and $8.0 million, respectively. We expect substantially all of the backlog at December 31, 2021 to be invoiced within the following twelve months. Competition The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward. Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software assessment capabilities, including CrowdStrike; public cloud vendors and companies, such as Palo Alto Networks, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in our solutions. We also compete against internally-developed effort and services vendors; endpoint security vendors with nascent vulnerability use open source solutions. s that oftenff ff ff We believe that the principal competitive factors affect ff ing the market for cybersecurity solutions flexibility of delivery models, ease of ff ff We believe that our suite of solutions generally competes favorably with respect to include product functionality, breadth and depth of offerings, deployment and use, integration capabilities such as open APIs and scalability, uptime and performance. these factors and may serve as a complement to the solutions offered cases. Some of our more established actual and potential competitors have greater name recognition, longer operating histories, more established customer relationships, larger marketing budgets and significantly greater resources than we do. In addition, as our market grows and rapidly changes, we expect it will continue to attract new competitors, including companies that are larger and more established than us and smaller emerging companies, which could introduce new products and services. by our competitors in some ff Intellectual Property Our success depends in part upon our ability to protect our core technology and intellectual property. We rely on a combination of trade secrets, copyrights, patents and trademarks, as well as contractual protections, to establish and protect our intellectual property rights and protect our proprietary technology. 11 As of December 31, 2021, we had 23 issued patents and 15 patent applications pending in the United States. Our issued patents expire between 2027 and 2039 and cover our network scanning, monitoring and analysis technologies and additional features of our platform offeff December 31, 2021, we had 15 registered trademarks and 13 trademark applications pending in the United States. We view our copyrights, trade secrets and know-how as a significant component of our intellectual property assets. rings. As of We also license certain software from third parties for integration into our solutions, including open source software and other software available on commercially reasonable terms. We cannot assure you that such third parties will maintain such software or continue to make it available. We control access to and use of our proprietary software and other confidential informat ff ion through the use of internal and external controls, including contractual protections with employees, contractors, customers and partners, and our software is protected by U.S. and international copyright and trade secret laws. Despite our effoff intellectual property rights, licenses and confidentiality and invention assignment agreements, unauthorized parties may still attempt to copy, reverse engineer, misappropriate or otherwise obtain and use our software and technology. In addition, we intend to continue to expand our international operations, and effective patent, copyright, trademark and trade secret protection may not be available or may be limited in foreign countries. rts to protect our trade secrets and proprietary rights through Government Regulation Various federal, state and foreign legislative and regulatory bodies have legislation pending that could affect ff our business. In the ordinary course of our business, we process personal informat ff ion. Accordingly, we are, or to numerous data privacy and security obligations, including federal, state, may become, subject b local, and foreign laws, regulations, guidance, and industry standards related to data privacy and ff security. Such obligations may include, without limitation, the Federal Trade Commission Act, the California ff Data Protection Act, the European Union’s General Data Protection Regulation 2016/679, or EU GDPR, the EU GDPR as it forms European Union (Withdrawal) Act of 2018, or UK GDPR, and the ePrivacy Directive. part of the United Kingdom law by virtue of section 3 of the Consumer Privacy Act of 2018, or the CCPA,PP the Colorado Privacy Act, Virginia’s Consumer ff The CCPA aPP nd EU GDPR are examples of the increasingly stringent and evolving regulatory ff ff ion in connection with the offeff ring of goods or services to individuals in the EEA or ion. The EU GDPR applies to companies established in the individuals, and heavier documentation requirements for data protection compliance frameworks related to personal informat European Economic Area, or EEA, and to companies established outside the EEA that process personal informat the monitoring of the behavior of individuals in the EEA. The EU GDPR includes stringent and complex obligations on entities that receive or process personal informat penalties for non-compliance, more robust obligations on data processors and data controllers, greater rights forff programs. In addition, the EU GDPR increases the scrutiny of transfers of personal informat ion from locations in the EEA to the United States and other jurisdictions that the European Commission does not recognize as having “adequate” data protection laws and imposes substantial fines for breaches and violations (up to the greater of €20 million or 4% of consolidated annual worldwide gross revenue). Similarly, the CCPA iPP mposes many obligations on covered businesses, including to provide specific disclosures related to a business’s collecting, using, and disclosing personal informat ion and to respond to certain requests from California example, requests to know of the business’s personal information processing activities, to delete the individual’s personal information, and to opt out of certain personal informat ff residents related to their personal informat ion, along with significant ion disclosures). The ion (for ff ff ff ff ff 12 rovides for civil penalties (up to $7,500 per violation) and has a private cause of action for CCPA pPP data breaches. Like other U.S.-based IT security products, our products are subject b to U.S. export control laws and regulations, specifically the Export Administration Regulations, or EAR, U.S. economic and trade sanctions regulations and applicable foreign government import, export and use requirements. Certain of our products are subject to encryption controls under the EAR due to the nature of the product and its use or incorporation of encryption functionality. Under the encryption controls in the EAR, applicable products may only be exported outside of the United States with required export authorizations, such as a license, a license exception or other appropriate government authorizations. In addition to the restrictions under the EAR, U.S. export control laws and economic sanctions prohibit the export of products and services to countries, governments, entities or persons subject to U.S. embargoes or trade sanctions. Human Capital As of December 31, 2021, we had 1,617 employees, including 635 employees located outside of the United States. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement. Certain international employees are subject to collective bargaining agreements in connection with local labor laws. We have not experienced any work stoppages, and we consider our relations with our employees to be good. We believe in upholding a core set of values for our entire global workforce: ff • One TenTT able: We are united as one Tenable team. We win together. We are one team internally, with our customers, with our partners and in the market. • We Care: About our work, about our customers, about one another and about our communities. We speak straight and we do the right thing. • Deliver ll that exceed expectations. Results: We set high goals, take bold risks, measure honestly and deliver results • What We Do Matters: The work that we do makes a difference ff in the world. Our key human capital objectives are to attract, retain and develop our highly talented existing and future employees, while cultivating a diverse and inclusive workforce exceptional business results. We strive to be a career destination where employees from all backgrounds are welcome and empowered, are treated with fairness and respect, can make a difference, and have the opportunity to grow. ff ff and environment to achieve Compensation, Benefits and Talent Development We provide robust compensation and benefits packages to attract and retain our talent. We aim to incentivize our employees by aligning a portion of their compensation with the overall success of our business. In addition to base salary, our benefits packages include annual bonuses, equity awards, an employee stock purchase plan, retirement plans, along with health and wellness benefits. Equity awards of restricted stock units that vest over time are granted to new hires and to employees on an annual basis. Employees are eligible to participate in our Employee Stock Purchase Plan, in which employees may contribute a percentage of their compensation to purchase shares of our common stock at a discount. Our health and welfare benefits include health and life insurance, paid time off,ff family leave, and employee assistance programs. We are committed to a hybrid workplace strategy where employees have the flexibility to define the environment where they can do their best work. 13 We promote and support employee development and organizational effect ff iveness by providing high-quality learning and development programs as well as tuition assistance programs. These programs are designed to meet individual, team, and organizational needs and objectives. We strive to enhance learning and development programs to create a better workplace environment and to build a better Tenable. Diversity and Inclusion We seek to cultivate a diverse and inclusive workforce ff business results. When we value and celebrate diffeff rences, we drive more innovation and grow closer to our customers, partners, and communities. We strive to be a career destination where employees from all backgrounds are welcome and empowered, treated with fairness and respect, presented with opportunities to make a diffeff rence, and provided opportunities to grow. and environment to achieve exceptional We undertake numerous efforts ff to increase diversity in our employee population and to foster a culture of fairness and belonging through a number of measures in our recruiting, engagement, retention, and outreach practices. Our dedicated Diversity and Inclusion Council and Employee Resource Groups – along with our committed leaders and managers – strive to attract and hire employees who bring broad diversity of background, thought, and style into the company and foster a sense of inclusion to make them want to stay. To support these initiatives, we build partnerships within our communities to support organizations and events that strive for greater representation of women and underrepresented minorities in cybersecurity, hold inclusion and bias mitigation training and offer targeted development opportunities to assist with career advancement. In addition to our global talent acquisition team receiving a diversity sourcing and recruiting certification, we have hired a team to help spearhead these initiatives. ff Environrr mental Stewardshipii Our Board and management team recognize that we have a role to play in environmental stewardship. We believe that environmentally responsible operating practices are important to generating value for our stockholders, being a good partner with our customers, and being a good employer to our employees. Energy consumption and usage within data centers is an important component of our day-to-day operations of our business. We outsource our data center needs to Amazon Web Services (“AWSAA ”). In 2014, AWS shared its long-term commitment to achieve 100 percent renewable energy usage for the global AWS infrastructure footprint. Additionally, our corporate headquarters is a LEED Certified Gold forff Core Construction and we are pursuing an Energy Star rating. Financial Information and Segments Segment and geographic information required by Part I, Item 1 of Form 10-K can be found in Note 1 and Note 13 of the Notes to our Consolidated Financial Statements included in Part II, Item 8, Financial Statements, of this Form 10-K. Corporate Information Tenable Network Security, Inc., our predecessor, was incorporated under the laws of the State of Delaware in 2002. Tenable Holdings, Inc. was incorporated in Delaware in October 2015, and in November 2015, Tenable Network Security, Inc. was merged into our wholly-owned indirect subsidiary and in 2017 was renamed as Tenable, Inc. 14 ff Our principal executive offices are located at 6100 Merriweather Drive, Columbia, Maryland 21044. Our telephone number is (410) 872-0555. Our website address is www.tenable.com. The informat reference, and you should not consider any informat through, our website as part of this Annual Report on Form 10-K. ion contained on, or that can be accessed through, our website is not incorporated by ion contained on, or that can be accessed ff ff TT TT “Tenable, ” “Nessus,” “Tenable. io," "Lumin" and the Tenable marks of Tenable Holdings, Inc. appearing in this Annual Report on Form 10-K are the property of Tenable Holdings, Inc. This Annual Report on Form 10-K contains additional trade names, trademarks and service marks of others, which are the property of their respective owners. Solely for convenience, trademarks and trade names referred to in this Annual Report on Form 10-K may appear without the ® or TM symbols. logo, and other trademarks or service TT Available Information Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8- K, Proxy Statement, and amendments to reports filed pursuant to Sections 13(a) and 15(d) of the Exchange Act, are available forff investors.tenable.com after we file them with the Securities and Exchange Commission, or the SEC. The SEC’s website https://www and other information regarding issuers that file electronically with the SEC. download free of charge from our investor relations website https://// .sec.gov contains reports, proxy and informat ion statements, // ff The contents of any website referred to in this Form 10-K are not intended to be incorporated into this Annual Report on Form 10-K or in any other report or document we file with the SEC. Item 1A. Risk Factors Our operations tt and financial results att b re subject ff to signif icant i risksii and uncertrr ainii ties including consider the risksii ii t to other information contained those described below. You should carefullyff additiontt consolidated financial not the only ones we face. Additional currentlytt believe are not material, business. If any of the following risksii conditiontt rr may alsoll and results ott statett ments att f operati tt nd related notes. The risksii risks and uncertaint iestt t ant become import or others not specifiedff t ii ties described below, in and uncertrr ainii ii iestt and uncertaint that we aww re unaware of, or that we factors that adversely affect our ii our t below materialize, our business, financial described below are rr ons could be materially and adversely affected. in this Aii nnual Report on Form 10-K, iKK ncluding Selected Risks Affecting Our Business Our business is subject to a number of risks of which you should be aware beforeff making a decision to invest in our common stock. These risks are more fully described in this “Risk Factors” section, including the folff lowing: • Our business, operations and financial performance changes in the evolving COVID-19 pandemic. ff may be negatively affect ff ed by adverse • We have a history of losses and may not achieve or maintain profitability in the future. solutions that intense competition. If we do not continue to innovate and offer • We faceff address the dynamic cybersecurity landscape, we may not remain competitive. ff • We may not be able to sustain our revenue growth rate in the future. • We may not be able to scale our business quickly enough to meet our customers’ growing needs. 15 • Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliability and accuracy of our data, solutions, infrastructure and those of third parties upon which we rely. If our informf parties upon which we rely, are or were compromised, or if our solutions fail to detect vulnerabilities or incorrectly detect vulnerabilities, or if they contain undetected errors or defects, we could experience adverse consequences. ation technology systems or data, or those of third • Our future quarterly results of operations are likely to fluctuate significantly due to a wide range of factors, which makes our future results diffiff cult to predict. • Our business and results of operations depend substantially on our customers renewing their subscriptions with us and expanding the number of IT assets or IP addresses under their subscriptions. Any decline in our customer renewals, terminations or failure to convince our customers to expand their use of subscription offerings would harm our business, results of operations, and financial condition. ff • We rely on third parties to maintain and operate certain elements of our network infrastructure. • We are subject to stringent and changing obligations related to data privacy and security. Our failure or perceived failure to comply with such obligations could lead to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; loss of customers or sales; and other adverse business consequence. • We rely on our third-party channel partner network of distributors and resellers to generate a substantial amount of our revenue. • We rely on the performance of highly skilled personnel, including senior management and our engineering, professional services, sales and technology professionals, and our ability to increase our customer base will depend to a significant extent on our ability to expand our sales and marketing operations. Risks Related to Our Business and Industry Our business, operations and financialii performance may be negatively al ffected by adverse changes in the evolving COVID-19 VV dd pandemi c. As of December 31, 2021, we have not seen a significant adverse impact to our financial position, ff The COVID-19 results of operations, cash flows and liquidity as a result of the COVID-19 pandemic. However, the COVID-19 pandemic is continuing to evolve rapidly, and significant adverse changes in the spread or severity of COVID-19 infections and the resulting societal impact, and response thereto, could have material adverse impacts on our business, operations and financial performance. pandemic resulted in travel and other restrictions, including state and local orders across the United States and in countries in which we operate that, among other things, directed individuals to follow social distancing guidelines and or to shelter at their places of residence, directed businesses and governmental agencies to cease non-essential operations at physical locations, prohibited certain non-essential gatherings and events and ordered cessation of non-essential travel. In response to public health directives and orders, we implemented work-from-home policies for our global workforce, ff evolved and as these restrictions have eased or been reinstated in response to COVID-19 variants such as Delta and Omicron, we have continued to update our employee health and safety policies, including relating to business travel and in-person officeff to allow some activities, including limited business travel and in-person work at the option of the employee at certain of our global officeff offices and could create additional risks and operational challenges that require us to make additional or business travel could expose our employees to health risks, and us to associated liability, including at our headquarters in Columbia, Maryland. As the COVID-19 pandemic has locations, including at our headquarters. In-person work at our work. As conditions permit, we will continue ff 16 of new workplace and travel health and ff investments in the design, implementation and enforcement safety protocols. We expect to continue our hybrid work policies indefinitely and that many employees will choose to continue to work remotely or a hybrid of in-person and remote work, which presents risks, uncertainties and costs that could affect space needs and heightened vulnerability to culture challenges, uncertainty regarding officeff cyberattacks. Further, we anticipate that our revenue growth could be adversely impacted by developments in the COVID-19 pandemic that negatively impact global economic conditions, including, for example, as a result of the tightening of health and safety restrictions in the United States or globally. including operational and workplace ff our performance, ff Adverse developments in the COVID-19 pandemic could also impact our partners, customers and service providers. Health concerns and political or governmental developments in response to COVID-19 has created or contributed to economic, social or labor instability or prolonged contractions in the industries in which our customers or partners operate. As a result, existing and potential customers have and may continue to choose to reduce or delay technology spending in response to the ongoing COVID-19 pandemic, or may attempt to renegotiate contracts and obtain concessions, which could materially and negatively impact our operating results, financial condition and prospects. Because our platform offeri may not be fully reflected in our operating results until future periods, and such effects by temporary decreases in our expenses related to restrictions on the conduct of our business. We expect to incur additional costs as we resume business-related travel and return to the office, the timing and extent of which remains subject to ongoing developments in the COVID-19 pandemic. ngs are primarily sold on a subscription basis, any such adverse effects ff may be offset ff ff ff ff iveness and widespread adoption of vaccines, both domestically and tiveness of the travel restrictions, quarantines, social The full extent to which changes in the COVID-19 pandemic impact our business and operations will depend on future developments that are highly uncertain and cannot be predicted with confidence of business at the time of this Form 10-K, such as the duration of the outbreak, the duration and effect disruptions, the ongoing effect globally, the duration and ultimate effecff distancing requirements and business closures in the United States and other countries to contain and treat the disease, and the impact of new variants or mutations of the coronavirus, such as the Delta or Omicron variants. An increase or extended period of global supply chain and economic disruption as a result of the COVID-19 pandemic could have a material negative impact on our business, results of operations, access to sources of liquidity and financial condition, though the full extent and duration of these impacts is uncertain. Accordingly, we do not yet know the full extent of potential impacts on our business and operations, or those of our partners and customers, or the global economy as a whole. ff In addition, to the extent the ongoing COVID-19 pandemic adversely affect ff s our business and results of operations, it may also have the effect uncertainties described in this “Risk Factors” section. ff of heightening many of the other risks and We have a history of losses and may not achieve ovv r maintain profrr itff abil tt ityll in the future. We have historically incurred net losses, including net losses of $46.7 million, $42.7 million and $99.0 million in 2021, 2020 and 2019, respectively. As of December 31, 2021, we had an accumulated deficit of $654.5 million. Because the market for our offerings rapidly evolving and these solutions have not yet reached widespread adoption, it is difficult predict our future results of operations. Further, although we have not seen a significant adverse impact to our financial position, results of operations, cash flows and liquidity as a result of the COVID-19 pandemic as of December 31, 2021, we do not yet know the full effects pandemic, which increases the difficulty in predicting future results of operations. is highly competitive and for us to ff of the evolving ff ff 17 While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our offerings our growth or achieve or maintain profitability in the future. We also expect our costs to increase in future periods, which could negatively affect increase at a greater rate. In particular, we expect to continue to expend substantial financial and other resources on: our future operating results if our revenue does not to sustain or increase ff ff • • • • • public cloud infrastructure and computing costs; research and development related to our offerings, development team; ff including investments in our research and sales and marketing, including a significant expansion of our sales organization, both domestically and internationally; continued international expansion of our business; and general and administrative expense, including legal and accounting expenses related to being a public company. These investments may not result in increased revenue or growth in our business. If we are unable to increase our revenue at a rate sufficient business, financial position and results of operations will be harmed and we may not be able to achieve or maintain profitability over the long term. Additionally, we may encounter unforeseen ies, complications, delays and other unknown factors that may result in operating expenses, difficult losses in future periods. If our revenue growth does not meet our expectations in future periods, our may be harmed, and we may not achieve or maintain profitability in the future. financial performance to offsff et the expected increase in our costs, our ff ff ff ff We face intense competition. If we do not continue to innovate and offer solutions that addressrr yy the dynami c cybc ersecurity landscap dd e, we may not remai rr n cii ompetitive.vv The market for cybersecurity solutions is fragmented, intensely competitive and constantly evolving. We compete with a range of established and emerging cybersecurity software and services vendors, as well as homegrown solutions. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense going forward. Our competitors include: vulnerability management and assessment vendors, including Qualys and Rapid7; diversified security software assessment capabilities, including CrowdStrike; public cloud vendors and companies, such as Palo Alto Networks, that offer solutions for cloud security (private, public and hybrid cloud); and providers of point solutions that compete with some of the features present in our solutions. We also compete against internally-developed effort and services vendors; endpoint security vendors with nascent vulnerability use open source solutions. s that oftenff ff ff Some of our actual and potential competitors have significant advantages over us, such as longer operating histories, significantly greater financial, technical, marketing or other resources, stronger brand and business user recognition, larger intellectual property portfolios, government certifications and broader global distribution and presence. In addition, our industry is evolving rapidly and is becoming increasingly competitive. Companies that are larger and more established than us are focusing on cybersecurity and could directly compete with us. For example, in 2019 Microsoftff introduced a vulnerability management offeri Smaller companies could also launch new products and services that we do not offer gain market acceptance quickly. ng as part of their existing endpoint security platform. and that could ff ff In addition, some of our larger competitors have substantially broader product offerings and can ngs which customers may choose bundle competing products and services with other software even if individual products have more limited functionality than our solutions. These competitors may and also offer their products at a lower price, which could increase pricing pressure on our offerings ff offeri ff ff ff ff 18 ff ngs to decline. These larger competitors are also often cause the average sales price for our offeri better positioned to withstand any significant reduction in capital spending, and will thereforeff as susceptible to economic downturns. One component of our enterprise platform involves assessing Cyber Exposure in a public cloud environment. We are dependent upon the providers to allow our exclusively solutions to access their cloud offeri their own cloud security product or otherwise eliminate the ability of our solutions to access their cloud on behalf of our customers, our business and financial results could be harmed. ngs. If one or more cloud providers elected to offer not be ff ff Additionally, the cybersecurity market is characterized by very rapid technological advances, changes in customer requirements, frequent new product introductions and enhancements and evolving industry standards. Our success depends on continued innovation to provide features that make our solutions responsive to the cybersecurity landscape, including the shift tff o employees working from home or in hybrid environments and the increasing adoption by organizations of cloud or hybrid cloud architectures during the COVID-19 pandemic. Developing new solutions and product enhancements is uncertain, expensive and time-consuming, and there is no assurance that such activities will result in significant cost savings, revenue or other expected benefits. If we spend on research and development and are unable to generate an adequate significant time and effort return on our investment, our business and results of operations may be materially and adversely affect customer requirements or the dynamic threat landscape on a timely basis, or at all, which would impair our ability to execute on our business strategy. Our competitors may be able to respond more quickly and effect customer requirements or new or evolving attacks by, or indicators of compromise that identify, cyber bad actors. ed. Further, we may not be able to successfully anticipate or adapt to changing technology or ively than we can to new or changing opportunities, technologies, standards or ff ff ff ff Furthermore, our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources and products and services offerings in the markets we address. In addition, current or potential competitors may be acquired by third parties with greater available resources, which may enable them to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings quickly than we do. For all of these reasons, we may not be able to compete successfully against our current or future competitors. more ff We may not be able to sustain our reven rr rr ue growth rate in the futuff re. From 2020 to 2021, our revenue grew from $440.2 million to $541.1 million, representing year- over-year growth of 23%. This growth was primarily from an increase in subscription revenue. Although we have experienced rapid growth historically and currently have high customer renewal rates, we may not continue to grow as rapidly in the future due to a decline in our renewal rates, failure to attract new customers or other factors. Any success that we may experience in the future will depend in large part on our ability to, among other things: • maintain and expand our customer base; • increase revenue from existing customers through increased or broader use of our offerings within their organizations; improve the performance and capabilities of our offeri continue to develop and expand our enterprise platform; • • • maintain the rate at which customers purchase and renew subscriptions to our enterprise ngs through research and development; ff platform offeff rings; 19 • • continue to successfully expand our business domestically and internationally; and successfully compete with other companies. If we are unable to maintain consistent revenue or revenue growth, including as a result of the ongoing COVID-19 pandemic or related macroeconomic conditions, our stock price could be volatile, and it may be difficff ult to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth. We may be unable to rapidly and effiff ciently adjust our cost structure in response to significant revenue declines, which could adversely affect ff our operating results. We recognizeii substantiallyll all of our revrr enue and, to a lesser extent, perpetual licenses ratably over an expected result, downturns in sales may not be immii xx ediately reflected in our operatingii ratably over thett vv period of benefit and, add s a results. term of our subscripti ii ons We recognize substantially all of our revenue ratably over the terms of our subscriptions with customers, which generally occurs over a one-year period and, for our perpetual licenses, over a five- year expected period of benefit. As a result, a substantial portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new sales or renewals in any one period, including as a result of the ongoing COVID-19 pandemic or related macroeconomic conditions, may not be immediately reflected in our revenue results forff negatively affect of significant downturns in sales and market acceptance of our solutions and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. This also makes it difficult for us to rapidly increase our revenue growth through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement. our revenue in future periods. Accordingly, the effect that period. This decline, however, would ff ff We may not be able to scale our busines ii s quickly enough to meet our customers’ growi rr ngii needs.dd ff As usage of our enterprise platform grows, and as customers expand in size or expand the number of IT assets or IP addresses under their subscriptions, we may need to devote additional resources to improving our technology architecture, integrating with third-party systems and maintaining infrastructure performance. In addition, we will need to appropriately scale our sales and marketing headcount, as well as grow our third-party channel partner network, to serve our growing customer base. If we are unable to scale our business appropriately, it could reduce the attractiveness of our solutions to customers, resulting in decreased sales to new customers, lower renewal rates by existing customers or the issuance of service credits or requested refunds, each of which could hurt our revenue growth and our reputation. Even if we are able to upgrade our systems and expand our personnel, any such expansion will be expensive and complex, requiring management time and attention. We could also face inefficiencies our effort ff improving and expanding our informf and improvements to our infrastructure and systems will be fully or effect timely basis, if at all. These efforts financial results. ation technology systems. We cannot be sure that the expansion ff s to scale our infrastructure. Moreover, there are inherent risks associated with upgrading, may reduce revenue and our margins and adversely impact our ively implemented on a or operational failures as a result of ff ff 20 If our enterpriserr security infraff structt servicvv es, our results of operation tt m orr for platll ture, incii ff ffering s do not interope rate with ott luding remote devices, or with t tt tt hir s may be harmed. rr - d-rr par rr ur customers’ network arr tyrr products, websww ites or nd Our enterprise platforff m offerings, Tenable.ep, Tenable.io, Tenable.cs, Tenable.ad, Tenable.ot, and Tenable.sc must interoperate with our customers’ existing network and security infrastructure, including remote devices. These complex systems are developed, delivered and maintained by the customer, their employees and a myriad of vendors and service providers. As a result, the components of our customers’ infrastructure, including remote devices, have different rapidly evolve, utilize multiple protocol standards, include multiple versions and generations of products and may be highly customized. We must be able to interoperate and provide our security offeri ngs to customers with highly complex and customized networks, including remote devices, which ff requires careful planning and execution between our customers, our customer support teams and our channel partners. Further, when new or updated elements of our customers’ infrastructure, new usage trends, such as remote and hybrid work during the COVID-19 pandemic, or new industry standards or protocols are introduced, we may have to update or enhance our cloud platform and our other solutions to allow us to continue to provide service to customers. Our competitors or other vendors may refuse to work with us to allow their products to interoperate with our solutions, which could make it difficult for our cloud platform to function properly in customer networks that include these third-party products. specifications, ff We may not deliver or maintain interoperability quickly or cost-effect ively, or at all. These efforts require capital investment and engineering resources. If we fail to maintain compatibility of our cloud platform and our other solutions with our customers’ network and security infrastructures, including for remote devices, our customers may not be able to fully utilize our solutions, and we may, among other consequences, lose or fail to increase our market share and experience reduced demand for our services, which would materially harm our business, operating results and financial condition. ff ff Our brand, reputation and abilityll ll in part upon the relrr iabi parties upon which we rww elrr y.l thirdii parties upon which we rww elrr y,l are orr thirdii vulnerabiliti rr defects, we could experi ll es or incorrectl ee y dl etect vulnerabiliti ence adverse consequences. to attract, retain aii nd serve our customers are dependentdd liii ty and accuracy of our datdd a,tt solutions, infrastructure and those of If our infoii rmation technology systems yy r wereww compromisedii ll es, or if they contain undetected errors or , odd r if oii ur solutions faiff or data, or those of l tii o detect In the ordinary course of our business, we may collect, store, use, transmit, disclose or otherwise ion, intellectual process proprietary, confidential, and sensitive informat property, and trade secrets. We rely on third party service providers and technologies to operate critical business systems, including processing this confidential and sensitive informat ion, including personal informat ion. ff ff ff Threats to information systems and data come from a variety of sources. In addition to computer “hackers,” threat actors, personnel (such as through theft or misuse), sophisticated nation-states and nation-state-supported actors now engage in attacks. We and the third parties upon which we rely may be subject to a variety of evolving threats, including but not limited to: social-engineering attacks (including through phishing attacks); malicious code (such as viruses and worms); malware (including attacks (such as credential stuffing); ff as a result of persistent threat intrusions); denial-of-service personnel misconduct or error; ransomware attacks; supply-chain attacks; software bugs; server malfunctions; software or hardware failures; loss of data or other inforff mation technology assets; adware; telecommunications failures, and other similar threats. Ransomware attacks, including those from organized criminal threat actors, nation-states and nation-state supported actors, are becoming increasingly prevalent and severe and can lead to significant interruptions, delays, or outages in our operations, loss of data, loss of income, significant extra expenses to restore data or systems, ff ff 21 reputational loss and the diversion of funds. To alleviate the financial, operational and reputational impact of a ransomware attack, it may be necessary to make extortion payments, but we may be unable to do so if applicable laws prohibit such payments. Any of these or similar threats could cause a security incident or other interruption. These incidents and interruptions can include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive informat ion, corrupting data or causing operational disruption. Because the techniques used to obtain unauthorized access, insert malicious code or otherwise sabotage systems change frequently and may not immediately produce signs of intrusion, we may be unable to implement adequate preventative measures or timely discover these intrusions. ff If we, or a third party upon which we rely, experience a security incident or interruption, or are perceived to have experienced a security incident or interruption, we may experience adverse consequences. These consequences may include: government enforcement actions (for example, investigations, fines, penalties, audits, and inspections); additional reporting obligations and/or oversight; restrictions on processing informat class claims); indemnification obligations; negative publicity; reputational harm; monetary fund diversions; interruptions of our operations (including availability of data); financial loss; and other similar harm. We sell cybersecurity products and, as a result, may be at increased risk of being a target of cyberattacks designed to penetrate our platform or internal systems or to otherwise impede the performance of our products. We may be required to expend additional, significant resources, fundamentally change our business activities or practices, or modify our operations or information technology in an effort to protect against security incidents or other interruptions. ion (including personal informat ion); litigation (including ff ff ff We have experienced, and may in the future experience, disruptions, outages and other ff problems due to a variety of factors, including infrastructure changes, deliberate or performance unintentional human or software errors, capacity constraints and fraud or cybersecurity attacks. Any disruptions or other perforr and may damage our customers’ businesses, including by interrupting their networking trafficff operational technology environments. Interruptions in our service delivery might reduce our revenue, cause us to issue credits to customers, subject us to potential liability and cause customers to not renew their purchases of our solutions. rmance problems with our solutions could harm our reputation and business or In addition, if our solutions fail to detect vulnerabilities in our customers’ cybersecurity remote devices, or if our solutions fail to identify new and increasingly infrastructure, including forff complex methods of cyberattacks, our business and reputation may suffer . There is no guarantee that our solutions will detect all vulnerabilities, especially in light of the rapidly changing security landscape to which we must respond, including as a result of the increased remote work environment during the COVID-19 pandemic. Additionally, our solutions may falsely detect vulnerabilities or threats that do not actually exist. For example, our solutions rely on informat users who contribute new exploits, attacks and vulnerabilities. If the informat parties is inaccurate, the potential for false indications of security vulnerabilities increases. These false positives, while typical in the industry, may impair the perceived reliability of our offerings adversely impact market acceptance of our products and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem. ion provided by an active community of ion from these third and ff ff ff ff We have experienced errors or defects in the past in connection with the release of new solutions and product upgrades, and we expect that these errors or defects the future in new or enhanced solutions after commercial release. In addition, we use third parties to assist in the development of our products and these third parties could be a source of errors or defects. Defects may cause our solutions to be vulnerable to attacks, cause them to fail to detect will be found from time to time in ff 22 vulnerabilities, or temporarily interrupt customers’ networking traffiff c or operational technology environments, any of which may damage our customers’ business and could hurt our reputation. If our solutions fail to detect vulnerabilities for any reason, we may incur significant costs, the attention of our key personnel could be diverted, our customers may delay or withhold payment to us or elect not to renew or other significant customer relations problems may arise. We may also be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our solutions may harm our business and operating results. Additionally, applicable data protection requirements may require us to implement specific ff rent industry-standard measures designed to protect against agencies and others. Such disclosures are costly, and the disclosures or failure to security measures or use new or diffeff security incidents. Data protection requirements may also require us to notify relevant stakeholders of security incidents, including affected individuals, partners, collaborators, customers, regulators, law enforcement comply with such requirements could lead to adverse impacts, including reputational harm or fines and penalties. There can be no assurance that any limitations or exclusions of liabilities in our protect us from liabilities or damages or adequate or would otherwise contracts would be enforceable if we fail to comply with data protection requirements related to informat ion security or security ff incidents. We cannot be sure that our insurance coverage, if any, will be adequate or otherwise protect us from or adequately mitigate liabilities or damages with respect to claims, costs, expenses, litigation, fines, penalties, business loss, data loss, regulatory actions or other impacts arising out of security incidents. rr rr ff l Our futff ure quarterl y r rr range of factors, which makes our futuff re results difficult to predict.dd esrr ults of operations are likely to fluctuate significantly due to a wide Our revenue and results of operations have historically varied from period to period, and we expect that they will continue to do so as a result of a number of factors, many of which are outside of our control, including: • • • • • • • • • • • the potential impact of the evolving COVID-19 pandemic on our business and that of our partners and customers; the level of demand for our enterprise platform; the introduction of new products and product enhancements by existing competitors or new entrants into our market, and changes in pricing for solutions offered competitors; by us or our ff the rate of renewal of subscriptions, and extent of expansion of assets under such subscriptions, with existing customers; the mix of customers licensing our products on a subscription basis as compared to a perpetual license; large customers failing to renew their subscriptions; the size, timing and terms of our subscription agreements with new customers; our ability to interoperate our solutions with our customers’ network and security infrastructure, including remote devices; the timing and growth of our business, in particular through our hiring of new employees and international expansion; network outages, security breaches, technical difficult (including security breaches by our service providers or vendors); changes in the growth rate of the markets in which we compete; ies or interruptions with our solutions ff 23 • • • • • • • • • • • • • • • the length of the license term, amount prepaid and other material terms of subscriptions to our solutions sold during a period; customers delaying purchasing decisions in anticipation of new developments or enhancements by us or our competitors or otherwise; changes in customers’ budgets; seasonal variations related to sales and marketing and other activities, such as expenses related to our customers; our ability to increase, retain and incentivize the channel partners that market and sell our solutions; our ability to integrate our solutions with our ecosystem partners’ technology; our ability to integrate any future acquisitions of businesses; our brand and reputation; the timing of our adoption of new or revised accounting pronouncements applicable to public companies and the impact on our results of operations; our ability to control costs, including our operating expenses, such as third-party cloud infrastructure costs and facilities costs; our ability to hire, train and maintain our direct sales force; unforeseen litigation and intellectual property infringement; fluctuations in our effect ff ive tax rate; general economic and political conditions, both domestically and internationally, as well as economic conditions specifically affect ing industries in which our customers operate; and ff other events or factors, including those resulting from pandemics, war, incidents of terrorism or responses to these events. Any one of these or other factors discussed elsewhere in this Annual Report on Form 10-K, or the ff of some of these factors, may result in fluctuations in our revenue and operating cumulative effect results, meaning that quarter-to-quarter comparisons of our revenue, results of operations and cash flows may not necessarily be indicative of our future performance guidance and analyst expectations and may cause our stock price to decline. and may cause us to miss our ff In addition, we have historically experienced seasonality in entering into agreements with customers. We typically enter into a significantly higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the third and fourth quarters. The increase in customer agreements in the third quarter is primarily attributable to U.S. government and related agencies, and the increase in the fourth quarter is primarily attributable to large enterprise account buying patterns typical in the software industry. We expect that seasonality will continue to affect the timing of our operating expenses. our operating results in the future and may reduce our ability to predict cash flow and optimize ff Our business and results of operations depedd tt nding the number of IT assets or IP addresses lyll on our customers renewing rr nd substantial under their ii ons. Any decline in oii ii ons withww us and expa their subscripti subscripti customers to expand their use of subscripti operations, and financial conditidd on. ee ur customer renewals, terminrr ii on offeri ngii ff ations or failuii re to convinvv ce our s wouww ld harm our business, results of Our subscription offerings ff are term-based and a majority of our subscription contracts are forff one year in duration. In order for us to maintain or improve our results of operations, it is important that a high percentage of our customers renew their subscriptions with us when the existing subscription term expires, and renew on the same or more favorable terms. Our customers have no obligation to 24 ff a variety of reasons, including as a result of changes in their ngs and related services. Historically, some of our customers have elected not to renew their subscriptions, and we may not be able to accurately predict customer renewal rates. In addition, the growth of our business depends in part on our customers expanding their use of subscription offeri renew their subscriptions with us forff strategic IT priorities, budgets, costs and, in some instances, due to competing solutions. Our retention rate may also decline or fluctuate if our existing customers choose to reduce or delay technology spending in response to economic conditions resulting from the ongoing COVID-19 pandemic or other macroeconomic factors that could lead to decreased spending, as well as a result of a number of other factors, including our customers’ satisfaction or dissatisfaction with our software, the increase in the contract value of subscription and support contracts from new customers, the effect services, mergers and acquisitions affect ing our customer base, global economic conditions, and the other risk factors described in this Annual Report on Form 10-K. Additionally, many of our customers, including certain top customers, have the right to terminate their agreements with us for convenience and for other reasons. We cannot assure you that customers will maintain their agreements with us, renew subscriptions or increase their usage of our software. If our customers do not maintain or renew their subscriptions or renew on less favorable terms, or if we are unable to expand our customers’ use of our software, our business, results of operations, and financial condition may be harmed. iveness of our customer support services, our pricing, the prices of competing products or ff ff We must maintain ii and enhance our brand. ff We believe that developing and maintaining widespread awareness of our brand in a cost- ive manner is critical to achieving widespread acceptance of our enterprise platform and effect attracting new customers. Brand promotion activities may not generate customer awareness or increase revenue and, even if they do, any increase in revenue may not offset in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expenses, we may fail ient return on our ff brand-building effort ff customer adoption of our solutions. s, or to achieve the widespread brand awareness that is critical for broad to attract or retain customers necessary to realize a sufficff ff the expenses we incur We rely on third parties to maintain ii and operate certain eii lements of our networkrr infrastructure. We utilize data centers located in North America, Europe and Asia to operate and maintain certain elements of our own network infrastructure. Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. For example, Tenable.io is hosted on Amazon Web Services, or AWS, which provides us with computing and storage capacity. Interruptions in our systems or the third-party systems on which we rely, particularly AWS, whether due to system failures, computer viruses, physical or electronic break-ins or other factors, could affect availability of our solutions, network infrastructure and website. rr ff the security or Our existing data center facilities and third-party hosting providers have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party with notice or access to hosting services may be restricted by the provider at any time, with no or limited notice. For example, our agreement with AWSAA allows AWS, under certain circumstances, to temporarily restrict access to hosting services provided by AWS without prior notice. Although we expect that we could receive similar services from other third parties, if any of our arrangements with third parties, including AWS, are terminated, we could experience interruptions on our platform and in our ability to make our platform available to to terminate the agreement with two years’ written notice and allows AWSAA 25 customers, as well as downtime, delays and additional expenses in arranging alternative cloud infrastructure services. It is possible that our customers and potential customers would hold us accountable forff any breach of security affecting third parties’ infrastructure. We may incur significant liability from those customers and from third parties with respect to any such breach. Because our agreement with AWSAA limits their liability for damages, we may not be able to recover a material portion of our liabilities to our customers and third parties from AWS in the event of any breach affecting AWSAA systems. ii Organizatio ed due to thett dd cloud-bas ns may be reluctant to purchase our enterprise platform ll offerings thatt t are actual or percei rr ved vulnerabilityll of cloud solutions. Some organizations, including those in the defense industry and highly regulated industries such as healthcare and financial services, have historically been reluctant to use cloud-based solutions for cybersecurity because they have concerns regarding the risks associated with the reliability or security of the technology delivery model associated with these solutions. If we or other software ngs experience security incidents, breaches of customer data, companies with cloud-based offeri disruptions in service delivery or other problems, the market for cloud-based solutions as a whole may be negatively impacted, which in turn would negatively impact our revenue and our growth prospects. ff Our sales cycle is long and unpredictable. The timing of sales of our offerings ff ff is difficult to forecast because of the length and unpredictability of our sales cycle, particularly with large enterprises and with respect to certain of our solutions. We sell our solutions primarily to IT departments that are managing a growing set of user and compliance demands, which has increased the complexity of customer requirements to be met and confirmed during the sales cycle and prolonged our sales cycle. Our average sales cycle with an enterprise customer is approximately four months, and to the extent we continue to enter into larger deals, our average sales cycle is likely to increase. Further, the length of time that potential customers devote to their testing and evaluation, contract negotiation and budgeting processes varies significantly, depending on the size of the organization and nature of the product or service under consideration. The ongoing COVID-19 pandemic and related economic uncertainty have also continued to impact the budgets and purchasing decisions and processes of certain of our customers and prospective customers, some of whom have added additional controls on expenditures and require additional internal approvals of expenditures, even if relatively small in dollar amount, all of which could lengthen our sales cycle. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort expenses that are not offset , and as a result, we could lose other sales opportunities or incur by an increase in revenue, which could harm our business. ff ff ff We are srr ff ure or perceived failure to comply with such obligll ations, could lead to regulatory ubject to strinrr gent and changing obligll ations relrr atell d to datadd privacyvv and security. Our fail investigatio i operations; reputational harm; loss of revenue or profi other adverse business consequences. ns or actions; litigation; fines and penalties; disruii rr ll ptiu ons of our business ts; loss of customers or sales; and ff In the ordinary course of our business, we process personal informat ff ion, including proprietary and confidential business informat informat property, and sensitive third-party informat parties upon which we rely, to numerous data privacy and security obligations, such as various laws, rules, regulations, guidance, industry standards, external and internal privacy policies, contracts, and other obligations that govern the processing of personal informat ion, trade secrets, intellectual ion. Our data processing activities subject us, and third ion by us and on our behalf. ion and other sensitive ff ff ff 26 In the United States, federal, state, and local governments have enacted numerous data privacy ff ff ff ff ion privacy laws, and ion. The CCPA aPP ff Consumer Privacy Act, or the CCPA,PP imposes security laws, including data breach notification laws, personal informat consumer protection laws. For example, the California obligations on businesses to which it applies including, but not limited to, providing specific disclosures in privacy notices and affording informat Further, the California CCPA,PP including by expanding certain consumers’ rights. The CPRA also creates a new state agency e the CPRA, which could increase the risk of that will be vested with authority to implement and enforcff an enforcement passed its Consumer Data Protection Act and Colorado recently passed the Colorado Privacy Act, both of which differ respectively. llows for statutory fines for noncompliance (up to $7,500 per violation). Privacy Rights Act, or CPRA, effective on January 1, 2023, will expand the action. Other states have enacted data privacy laws. For example, Virginia recently from the CPRA and go into effect on January 1, 2023 and July 1, 2023 residents certain rights related to their personal ff California ff ff Outside the United States, an increasing number of laws, regulations, and industry standards apply to data privacy and security. For example, the European Union’s General Data Protection Regulation, or EU GDPR, and the United Kingdom’s GDPR, or UK GDPR, impose strict requirements for processing the personal informat ion of individuals. Violations of these obligations carry significant potential consequences. For example, under the EU GDPR, government regulators may impose temporary or definitive bans on processing, as well as fines of up to €20 million or up to 4% of the annual global revenue, whichever is greater. We have an internal data privacy function that oversees and supervises our compliance with European and UK data protection regulations but, despite our ff effort s, we may fail, or be perceived to have failed, to comply. ff ff ion transfer laws, which could make it more difficuff ff Additionally, certain jurisdictions have enacted data localization laws and cross-border personal ion across ff informat ion that originates in the EU or UK). jurisdictions (such as transferring or receiving personal informat Existing mechanisms that may facilitate cross-border personal informat ion transfers may change or ff be invalidated. For example, absent appropriate safeguards or other circumstances, the EU GDPR ion to countries outside of the European Economic generally restricts the transfer of personal informat Area, such as the United States, which the EU does not consider to provide an adequate level of data privacy and security, unless certain safeguards are in place. While we have taken steps to lawfully transfer personal informat ion, the efficacy and longevity of these mechanisms remains uncertain. lt to transfer personal informat ff ff Our obligations related to data privacy and security are quickly changing in an increasingly ff ive future legal framework. Additionally, stringent fashion, creating some uncertainty as to the effect these obligations may be subject to differing applications and interpretations, which may be inconsistent or in conflict among jurisdictions. Existing and proposed laws and regulations can be costly to comply with, can delay or impede the development or adoption of our products and services and require significant management time and attention. Although we endeavor to comply with all data privacy and security obligations, we may at times fail (or be perceived to have failed) to do so. Moreover, despite our effoff with such obligations, which could negatively impact our business operations and compliance posture. If we fail, or are perceived to have failed, to address or comply with applicable data privacy and security obligations, we could face significant consequences. These consequences include, but are not limited to: government enforcement actions (such as investigations, fines, penalties, audits, inspections); litigation (including class-related claims); additional reporting requirements and/or oversight. Any of these events could have a material adverse effect financial condition, including but not limited to: interruptions or stoppages in our business operations, inability to process personal informat ion or operate in certain jurisdictions; limited ability to develop or commercialize our products; expenditure of time and resources to defend any claim or inquiry; rts, our personnel or third parties upon which we rely may fail to comply on our reputation, business, or ff ff 27 reputational harm; loss of customers; reduction in the use of our products; or revision or restricting of our operations. ii We rely on our thitt rd-pa rty channel partner network of distri ii buii tors and resellers ll to generate a substantial amount of our revenue. Our success is dependent in part upon establishing and maintaining relationships with a variety of channel partners that we utilize to extend our geographic reach and market penetration. We use a two-tiered, indirect fulfillment model whereby we sell our products and services to our distributors, which in turn sell to our resellers, which then sell to our end users, which we call customers. We anticipate that we will continue to rely on this two-tiered sales model in order to help facilitate sales of our offeri ngs as part of larger purchases in the United States and to grow our business internationally. ff In 2021, 2020 and 2019, we derived 92%, 91% and 90%, respectively, of our revenue from subscriptions and perpetual licenses sold through channel partners, and the percentage of revenue derived from channel partners may continue to increase in future periods. Ingram Micro, Inc., a distributor, accounted for 39%, 43% and 43% of our revenue in 2021, 2020 and 2019, respectively, and 32% of our accounts receivable as of December 31, 2021 and 41% as of December 31, 2020. Our agreements with our channel partners, including our agreement with Ingram Micro, are non- exclusive and do not prohibit them from working with our competitors or offering and some of our channel partners may have more established relationships with our competitors. Similarly, our channel partners have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party at any time, with no or limited notice. For example, our agreement with Ingram Micro allows Ingram Micro to terminate the agreement in their discretion upon 30 days’ written notice to us. If our channel partners choose to place greater emphasis on products of their own or those offer reasons do not continue to market and sell our solutions in an effect ive manner or at all, our ability to grow our business and sell our solutions, particularly in key international markets, may be adversely affect sales of our solutions and professional services, including as a result of the ongoing COVID-19 pandemic, or conflicts between channel sales and our direct sales and marketing activities may harm our results of operations. Finally, even if we are successful, our relationships with channel partners may not result in greater customer usage of our solutions and professional services or increased revenue. ed by our competitors or a result of an acquisition, competitive factors or other to recruit additional channel partners, or any reduction or delay in their ed. In addition, our failure competing solutions, ff ff f ff ff A portion of our reven rr ue is generated from subscriprr tions and perpetual licenses sold to domestic governmental entities, foreff ii organizatio ns, which are subjecb t to a number of challenges and risks. ii ign governvv mental entities and other heavilyii ll regulated A portion of our revenue is generated from subscriptions and perpetual licenses sold to governmental entities in the United States. Additionally, many of our current and prospective customers, such as those in the financial services, energy, insurance and healthcare industries, are highly regulated and may be required to comply with more stringent regulations in connection with subscribing to and implementing our enterprise platform. Selling licenses to these entities can be highly competitive, expensive and time-consuming, often requiring significant upfront time and expense without any assurance that we will successfully complete a sale. Governmental demand and payment for our enterprise platform may also be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affect ing public sector demand for our enterprise platform. In addition, governmental entities have the authority to terminate contracts at any time for the convenience of the government, which creates risk regarding revenue anticipated under our existing government contracts. ff 28 ff ff from its convenience or if we default by failing to perform in accordance with the Further, governmental and highly regulated entities often require contract terms that differ our standard customer arrangements, including terms that can lead to those customers obtaining broader rights in our solutions than would be expected under a standard commercial contract and terms that can allow for early termination. The U.S. government will be able to terminate any of its contracts with us either forff contract schedule and terms. Termination for convenience provisions would generally enable us to recover only our costs incurred or committed, settlement expenses, and profit on the work completed prior to termination. Termination for default provisions do not permit these recoveries and would make us liable for excess costs incurred by the U.S. government in procuring undelivered items from another source. Contracts with governmental and highly regulated entities may also include preferential pricing terms. In the United States, federal government agencies may promulgate regulations, and the President may issue executive orders, requiring federal contractors to adhere to or additional requirements after a contract is signed. If we do not meet applicable different requirements of law or contract, we could be subject to significant liability from our customers or regulators. Even if we do meet these requirements, the additional costs associated with providing our enterprise platform to government and highly regulated customers could harm our operating results. Moreover, changes in the underlying statutory and regulatory conditions that affect customers could harm our ability to efficiently provide them access to our enterprise platform and to grow or maintain our customer base. In addition, engaging in sales activities to foreign governments introduces additional compliance risks, including risks specific to anti-bribery regulations, including the U.S. Foreign Corrupt Practices Act of 1977, as amended, or the FCPA,PP the U.K. Bribery Act 2010 and other similar statutory requirements prohibiting bribery and corruption in the jurisdictions in which we operate. Further, in some jurisdictions we may be required to obtain government certifications, which may be costly to maintain and, if we lost such certifications in the future or if such certification requirements changed, would restrict our ability to sell to government entities until we have attained such certifications. these types of ff Some of our revenue is derived from contracts with U.S. government entities, as well as subcontracts with higher-tier contractors. As a result, we are subject to federal contracting regulations, including the Federal Acquisition Regulation, or the FAR. require pricing that is based on estimated direct and indirect costs, which are subject to change. Under the FAR, certain types of contracts FF In connection with our U.S. government contracts, we may be subject to government audits and review of our policies, procedures, and internal controls for compliance with contract terms, procurement regulations, and applicable laws. In certain circumstances, if we do not comply with the terms of a contract or with regulations or statutes, we could be subject to contract termination or downward contract price adjustments or refund obligations, could be assessed civil or criminal penalties, or could be debarred or suspended from obtaining future government contracts for a specified period of time. Any such termination, adjustment, sanction, debarment or suspension could have an adverse effect on our business. ff In the course of providing our solutions and professional services to governmental entities, our employees and those of our channel partners may be exposed to sensitive government informat Any failure by us or our channel partners to safeguard and maintain the confidentiality of such ff informat ff affect ion could subject us to liability and reputational harm, which could materially and adversely our results of operations and financial performance. ff ff ion. 29 Our pricing model subjects utt s to varivv ous challenges thatt derive expected value fromrr our pricing model to remain competitive. tt our customers and we mww t could make it difdd fiff cult forff us to ce our prices or change ay need to redurr Subscriptions and perpetual licenses to our enterprise platform are generally priced based on the ff ively internationally. Moreover, mid- to large-size enterprises may demand substantial price number of IP addresses or total IT assets that can be monitored. We expect that we may need to change our pricing from time to time. As competitors introduce new products that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. We also must determine the appropriate price to enable us to compete effect discounts as part of the negotiation of sales contracts and, as the amount of IT assets or IP addresses within our customers' organization grows, we may facef customers regarding our pricing. As a result, we may be required or choose to reduce our prices or change our pricing model, which could adversely affect financial condition. our business, revenue, operating margins and additional pressure from our ff Further, our subscription agreements and perpetual licenses generally provide that we can audit our customers’ use of our offerings to ensure compliance with the terms of such agreement or license and monitor an increase in IT assets and IP addresses being monitored. However, a customer may resist or refuse to allow us to audit their usage, in which case we may have to pursue legal recourse ff to enforce management and potentially adversely affect our rights under the agreement or license, which would require us to spend money, distract our relationship with our customers and users. ff If our enterpri rr seii platform ll offerings do not achieve sufficient market acceptance, our results of operations and competititt ve position wilww l sll uffer. ff We spend substantial amounts of time and money to research and develop and enhance our rings to meet our customers’ rapidly evolving demands. In addition, we invest to continue to add capabilities to our existing products and enable the continued detection of enterprise platform offeff in efforts ff new network vulnerabilities. We typically incur expenses and expend resources upfront to market, when we develop and introduce new or promote and sell our new and enhanced offerings. enhanced offerings, ff he amount of our investment in developing and bringing them to market. For example, if Tenable Lumin does not garner widespread market adoption and implementation, our operating results and competitive . position could suffer ff Therefore, they must achieve high levels of market acceptance in order to justify t ff ff ff Further, we may make enhancements to our offeff rings that our customers do not like, find useful or agree with. We may also discontinue certain features, begin to charge for certain features that are currently free or increase fees forff any of our features or usage of our offerings. ff Our new offerings or enhancements and changes to our existing offerings ff could fail to attain sufficient ff market acceptance for many reasons, including: • • • • • ff that meets this demand in a timely fashion; failure to predict market demand accurately, including changes in demand as a result of the ongoing COVID-19 pandemic or related macroeconomic trends, in terms of functionality and to supply offerings defects, errors or failures; negative publicity about their performance delays in releasing our new offeff introduction or anticipated introduction of competing products by our competitors; iveness; ff rings or enhancements to our existing offerings ff or effect to the market; ff 30 • • poor business conditions for our customers, including as a result of the ongoing COVID-19 pandemic, causing them to delay or forgo IT purchases; and reluctance of customers to purchase cloud-based offerings. ff If our new or enhanced offerings do not achieve adequate acceptance in the market, our competitive position will be impaired, and our revenue will be diminished. The adverse effect operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we will have incurred in connection with the new or enhanced offerings. on our ff ff Our strategy ogg and deploying our solutions in t ii hett cloud, on-premisesii approa pp ch causes us to incur increased expenses and may environrr ments or using a hybrid pose challeng es to our business. ll f offeringii yy ff ff ff ff ff We offer and selling subscriptions to our and we have less operating experience offering We expect that our customers will continue to move to our Although a substantial majority of our revenue has historically been and that it will become more central to our distribution model. We expect our gross and sell our enterprise platform for use in the cloud, on-premises environments or using a hybrid approach using the customer’s own infrastructure. Our cloud offering enables our customers to eliminate the burden of provisioning and maintaining infrastructure and to scale their usage of our solutions quickly, while our on-premises offering allows for the customer’s complete control over data security and software infrastructure. Historically, our solutions were developed in the context of the on-premises offering, ff solutions via our cloud offering. generated from customers using our solutions on an on-premises basis, our customers are increasingly adopting our cloud offering. cloud offering ff profit to increase in absolute dollars and our gross margin to decrease to the extent that revenue from our cloud-based subscriptions increases as a percentage of revenue, although our gross margin could fluctuate from period to period. To support both on-premises environments and cloud instances of our product, our support team must be trained on and learn multiple environments in which our solution is deployed, which is more expensive than supporting only a cloud offering. Moreover, we and hybrid installation, must engineer our software for an on-premises environment, cloud offering which we expect will cause us additional research and development expense that may impact our operating results. As more of our customers transition to the cloud, we may be subject to additional competitive pressures, which may harm our business. We are directing a significant portion of our financial and operating resources to implement a robust and secure cloud offering but even if we continue to make these investments, we may be unsuccessful in growing or implementing our cloud offeri competitors and our business, results of operations and financial condition could be harmed. ng in a way that competes successfully against our current and future for our customers, ff ff ff ff Our customers’ increased usage of our cloud-bdd ased offeri improve rr system performance. ff our computer network and infrastructure to avoid service interruptiu ons or slower ngii s reqrr uiresii us to continuallyl As usage of our cloud-based offerings ff grows and as customers use them for more complicated applications, increased assets and with increased data requirements, we will need to devote additional resources to improving our platform architecture and our infrastructure in order to maintain Any failure or delays in our computer systems could cause the performance of our cloud offering. service interruptions or slower system performance. If sustained or repeated, these performance issues could reduce the attractiveness of our enterprise platform to customers. These performance issues could result in lost customer opportunities and lower renewal rates, any of which could hurt our revenue growth, customer loyalty and reputation. ff ff ff 31 A component of our growth strateg epend omplexity to our operatiorr dd y igg s dii entdd ns. rr expansion, which adds cdd on our continued international We market and sell our solutions and professional services throughout the world and have personnel in many parts of the world. International operations generated 42% and 39% of our revenue in 2021 and 2020, respectively. Our growth strategy is dependent, in part, on our continued international expansion. We expect to conduct a significant amount of our business with organizations that are located outside the United States, particularly in Europe and Asia. We cannot assure that our expansion efforts solutions and professional services outside of the United States or in effeff ctively selling our solutions and professional services in the international markets that we enter. Our current international operations and future initiatives will involve a variety of risks, including: into international markets will be successful in creating further demand for our ff • • • • • • • • • • • • • • • increased management, infrastructure and legal costs associated with having international operations; reliance on channel partners; trade and foreign exchange restrictions, including potential changes in trade relations arising from policy initiatives; economic or political instability in foreign Kingdom’s recent exit from the European Union and the corresponding impact on its ongoing legal, political, and economic relationship with the European Union and heightened levels of inflation; markets, including instability related to the United ff travel restrictions resulting from the COVID-19 pandemic, including restrictions on U.S. travelers entering some foreign countries; greater difficult periods; ff y in enforcing contracts, accounts receivable collection and longer collection changes in regulatory requirements, including, but not limited to data privacy, data protection and data security regulations; ff ff ies and costs of staffing, difficult including increased employee recruitment, training and retention costs related to global employment turnover trends and inflationary pressures in the labor market stemming from the COVID-19 pandemic; managing and potentially reorganizing foreign operations, the uncertainty and limitation of protection for intellectual property rights in some countries; costs of compliance with forff eign laws and regulations and the risks and costs of non- compliance with such laws and regulations; ff labor regulations in foreign jurisdictions where labor laws are generally more differing advantageous to employees, including deemed hourly wage and overtime regulations in these locations; costs of compliance with U.S. laws and regulations for foreign operations, including the FCPA,PP import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell or provide our solutions in certain foreign markets, and the risks and costs of non-compliance; ff ff requirements to comply with foreign and regulations and the risks and costs of noncompliance; privacy, data protection and informat ff ion security laws heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, and irregularities in, financial statements; the potential for political unrest, pandemics, acts of terrorism, hostilities or war; 32 • management communication and integration problems resulting from cultural differences ff and geographic dispersion; • • costs associated with language localization of our solutions; and costs of compliance with multiple and possibly overlapping tax structures and regimes. Our business, including the sales of our solutions and professional services by us and our ff b to foreign governmental regulations, which vary substantially from channel partners, may be subject country to country and change from time to time. Our failure, or the failure by our channel partners, to comply with these regulations could adversely affect our business. Further, in many foreign countries it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we have implemented policies and procedures designed to comply with these laws and policies, there can be no assurance that our employees, contractors, channel partners and agents have complied, or will comply, with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our solutions and could have a material adverse effect manage the challenges of international expansion and operations, our business and operating results could be adversely affect on our business and results of operations. If we are unable to successfully ed. ff ff We rely on the performance of highi ludingii rr inrr g, professional services, sales and technology professi ly skillii ed personrr nel, ill ncii ii senior management and onals, and our abiliii ty to epend to a significant extent on our abilityll to expand our our engineer increase our customer base wilww l dll sales and marketingii operatiorr ns. We believe our success has depended, and continues to depend, on the efforts ff and talents of our senior management team and our highly skilled team members, including our sales personnel, professional services personnel and software engineers. We do not maintain key person insurance on any of our executive officeff employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of any of our senior management or key employees could adversely affect our ability to execute our business plan, and we may not be able to find adequate replacements. We cannot ensure that we will be able to retain the services of any members of our senior management or other key employees. rs or key employees. Our senior management and key employees are ff Our ability to successfully pursue our growth strategy also depends on our ability to attract, motivate and retain our personnel. Competition for well-qualified employees in all aspects of our business is intense. The recent move by companies to offer may increase competition for such employees outside of our traditional officeff employee turnover rates in the broader global economy and inflationary pressures in the labor market have increased during the ongoing COVID-19 pandemic and may continue to be elevated, which has led, and could continue to lead. to increased recruiting, training and retention costs. If we do not succeed in attracting well-qualified employees, retaining and motivating existing employees or maintaining our corporate culture in a hybrid or remote work environment, our business would be adversely affect a remote or hybrid work environment locations. In addition, ed. ff ff In addition, our ability to increase our customer base and achieve broader market acceptance of our Cyber Exposure solutions will depend to a significant extent on our ability to expand our sales force and our third-party channel partner network of distributors and resellers, both domestically and internationally. We may not be successful in attracting and retaining talented sales personnel or strategic partners, and any new sales personnel or strategic partners may not be able to achieve productivity in a reasonable period of time or at all. We also plan to dedicate significant resources to 33 sales and marketing programs, including through electronic marketing campaigns and, when deemed safe to do so, trade event sponsorship and participation. All of these effoff significant financial and other resources and our business will be harmed if our effort a correspondingly significant increase in revenue. rts will require us to invest s do not generate ff We must offer highi -quality support. Our customers rely on our personnel for support of our enterprise platform. High-quality support is important for the renewal of our agreements with existing customers and to our existing customers expanding the number of IP addresses or IT assets under their subscriptions. The importance of high- quality support will increase as we expand our business and pursue new customers. If we do not help our customers quickly resolve issues and provide effect ff software to existing and new customers would suffer customers would be harmed. and our reputation with existing or potential ive ongoing support, our ability to sell new ff Our growth dtt epends idd n pii parties. art on the success of our strategic relationships witww h t tt hitt rdii In order to grow our business, we anticipate that we will continue to depend on relationships with competing solutions. Our competitors may be effecti or to prevent or reduce strategic partners to provide broader customer coverage and solution delivery capabilities. We depend on partnerships with market leading technology companies to maintain and expand our Cyber Exposure ecosystem by integrating third party data into our platforff m. Identifying partners, and negotiating and documenting relationships with them, requires significant time and resources. Our agreements with our strategic partners generally are non-exclusive and do not prohibit them from working with our competitors or offering ve in ff providing incentives to third parties to favor their products or services subscriptions to our services. If our partners choose to place greater emphasis on products of their vely market and sell our product, our ability to own or those offer grow our business and sell software and professional services may be adversely affecte d. In addition, acquisitions of our partners by our competitors could result in a decrease in the number of our current and potential customers, as our partners may no longer facilitate the adoption of our solutions by potential customers. We also license third-party threat data that is used in our solutions in order to deliver our offerings. In the future, this data may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of this data could result in delays in the provisioning of our offeri ngs until equivalent data is either developed by us, or, if available, is identified, obtained and ff integrated, which could harm our business. ed by our competitors or do not effecti rr ff ff ff ff ff If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our revenue could be impaired and our operating results may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our solutions or increased revenue. Catastrophic events may disruii ptu our busines ii s. Our corporate headquarters are located in Columbia, Maryland. The area around Washington, D.C. could be subject to terrorist attacks. Additionally, we rely on our network and third-party infrastructure and enterprise applications, internal technology systems and our website forff development, marketing, operational support, hosted services and sales activities. our While we have begun to initiate hybrid remote and in-person work policies, substantially all of our employees have been working remotely due to the COVID-19 pandemic, which may pose additional security risks. Our business operations are subject to interruption by natural disasters, including those 34 ff s of climate change, and other catastrophic events such as fire, floods, related to the long-term effect power loss, telecommunications failure, cyberattack, war or terrorist attack, or epidemic or pandemic, such as the COVID-19 pandemic. To the extent such events impact our corporate headquarters, other facilities, or off-premises infrastructure, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our software development, lengthy interruptions in our services, breaches of data security and loss of critical data, all of which could have an adverse effect on our future operating results. ff ff Recent and future acquisitio business operations and financialii ii results. ns could disrdd uprr t our business and adversely al ffect our We have in the past acquired products, technologies and businesses from other parties, such as our 2021 acquisitions of Alsid and Accurics, and we expect to expand our current business by acquiring additional businesses or technologies in the future. Acquisitions involve many risks, including the following: • • • • • • • • ff an acquisition may negatively affect charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient return to offsff et additional costs and expenses related to the acquisition; our financial results because it may require us to incur financial ff we may encounter difficult technologies, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us; expenditures in integrating the business, ff ies or unforeseen ff an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management; an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effecff from either company; tiveness of service we may encounter difficult solutions; ff ies in, or may be unable to, successfully sell any acquired an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions; our use of cash to pay for an acquisition would limit other potential uses for our cash; and if we incur debt to fund such acquisition, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants. The occurrence of any of these risks could have a material adverse effect ff on our business operations and financial results. In addition, we may only be able to conduct limited due diligence on an acquired company’s operations. Following an acquisition, we may be subject liabilities arising from an acquired company’s past or present operations and these liabilities may be greater than the warranty and indemnity limitations that we negotiate. Any unforeseen liability that is greater than these warranty and indemnity limitations could have a negative impact on our financial condition. to unforeseen b We may reqrr uire arr dditidd onal capital to suppopp rt business growth, and this capital might not be availvv able ll on acceptable terms, if at all.ll We expect that our existing cash and cash equivalents will be sufficient ff to meet our anticipated cash needs for working capital and capital expenditures for at least the next 12 months. However, we intend to continue to make investments to support our business growth and may require additional 35 ff significant dilution, and any new equity securities we issue could have funds to respond to business challenges, including the need to develop new features or enhance our product, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer rights, preferences and privileges superior to those of holders of our common stock. Our current loan agreement includes, and we expect that any future agreements governing our indebtedness will include, restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more diffiff cult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affect ed. ff If we do not generate sufficient cash flows,ww we may be unable to service all of our indebtedness. To service our indebtedness, we will require a significant amount of cash. Our ability to generate cash, make scheduled payments or to refinance our debt obligations depends on our successful which may be affected financial and operating performance, business factors, many of which are outside of our control and some of which are described elsewhere in the “Risk Factors” section of this report. by a range of economic, competitive and ff ff ff If our cash flows and capital resources are insufficient to fund our debt service obligations, or to repay the term loan when it matures, we may have to undertake alternative financing plans, such as refinancing or restructuring our debt, selling assets or operations, reducing or delaying capital investments, or seeking to raise additional capital. We may not be able to refinance our debt, or any refinancing of our debt could be at higher interest rates and may require us to comply with more restrictive covenants that could further restrict our business operations. Our ability to implement successfully any such alternative financing plans will depend on a range of factors, including general economic conditions, the level of activity in capital markets generally, and the terms of our various . debt instruments then in effect ff Covenants under our Credit Agreement may restri anage our covena ways,yy and if we do not effectively ml of operations could be adversvv ely affecff ted. rr vv ct our business and operations in mii nts, our finff ancialii conditdd iott ns and resurr any lts ii Our Credit Agreement imposes various covenants that limit our ability and/or our restricted subsidiaries’ ability to, among other things: • pay dividends or distributions, repurchase equity, prepay, redeem or repurchase certain debt, and make certain investments; incur liens on assets; incur additional debt and issue certain preferred stock; provide guarantees in respect of obligations of other persons; • • • • • merge, consolidate with, or sell all or substantially all our assets to another person; • engage in certain asset sales, including capital stock of our subsidiaries; enter into transactions with affiliates; 36 • • • enter into agreements that restrict distributions from our subsidiaries; designate subsidiaries as unrestricted subsidiaries; and prohibit certain restrictions on the ability of restricted subsidiaries to pay dividends or make other payments to us. These covenants may: • limit our ability to borrow additional funds for working capital, capital expenditures, acquisitions, or other general business purposes; • • • • • limit our ability to use our cash flow or obtain additional financing for future working capital, capital expenditures, acquisitions, or other general business purposes; require us to use a substantial portion of our cash flow from operations to make debt service payments; limit our flexibility to plan for, or react to, changes in our business and industry; place us at a competitive disadvantage compared to less leveraged competitors; and increase our vulnerability to the impact of adverse economic and industry conditions. If we are unable to successfully manage the limitations and decreased flexibility on our business due to our significant debt obligations, we may not be able to capitalize on strategic opportunities or grow our business to the extent we would be able to without these limitations. Our failure to comply with any of the covenants could result in a default f under the Credit Agreement, which could permit the administrative agent or the lenders to cause the administrative agent to declare all or part of any of our outstanding senior secured term loans or revolving loans to be immediately due and payable or to exercise any remedies provided to the administrative agent, including, proceeding against the collateral granted to secure our obligations under the Credit Agreement. An event of default under the Credit Agreement could also lead to an event of default under the terms of certain of our other agreements. Any such event of default or any exercise of rights and remedies by our creditors could seriously harm our business. The LIBOR calculation method may change, and LIBOR II is expected xx to be phased out after 2021. the calculation of LIBOR after 2021. However, the Loans under the Credit Agreement bear interest at a rate based on the London Interbank Offered Rate, or LIBOR. On July 27, 2017, the U.K. Financial Conduct Authority, or the FCA, announced that it will no longer require banks to submit rates forff cessation date has been deferred to June 30, 2023 for the most commonly used tenors in U.S. dollar LIBOR (i.e., overnight and one, three and six months). This extension to 2023 means that many legacy U.S. dollar LIBOR contracts would terminate beforf e related LIBOR rates cease to be published. In the meantime, actions by the FCA, other regulators, or law enforcement result in changes to the method by which LIBOR is calculated. If changes to LIBOR result in an increase in rates, our interest expense under the Credit Agreement would increase. Further, if LIBOR is no longer available, our Credit Agreement provides a process to determine a substitute rate, and if such substitute rate is higher than LIBOR, our interest expense under the Credit Agreement would increase. agencies may ff ff The nature of our busines regulation ll or interpretations, or if our estimates tt ii s reqrr uiresrr s. If there are significant changes in current principles, financ ial reporting standardsdd the applicat ll iott n of complex accounting rulerr ii s and or judgments relating ll to our critical accounting policll ies 37 provrr results ott e tvv o be incii orrecrr f operations could be adverserr ee t, we may experierr nce unexpe ffected. ly al cted finaff ncialii e repor tirr ngii fluctuations and our The accounting rules and regulations that we must comply with are complex and subject to interpretation by the Financial Accounting Standards Board, the Securities and Exchange Commission, or SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. In addition, many companies’ accounting disclosures are being subjected to heightened scrutiny by regulators and the public. Further, the accounting rules and regulations are continually changing in ways that could impact our financial statements. The preparation of financial statements in conformity with generally accepted accounting principles in the United States, or U.S. GAAP, requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section of this report titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Significant assumptions and estimates used in preparing our consolidated financial statements include the determination of the estimated economic life of perpetual licenses for revenue recognition, the estimated period of benefit for deferred commissions, useful lives of long-lived assets, f the valuation of stock-based compensation, the incremental borrowing rate for operating leases, and the valuation of deferred tax assets. Our results of operations may be adversely affecte assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our common stock. d if our ff ff Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. We might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems, or we may be required to restate our published financial statements, as a result of new standards, changes to existing standards and changes in their interpretation. Such changes to existing standards or changes in their interpretation may have an adverse effect business, financial position and profit, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results. on our reputation, ff Risks Related to Government Regulation, Data Collection and Intellectual Property Our business could be adversel vv security clearances or we cannot establishii ffecff y al ted if our employees cannot obtain and maintain ii faciliii ty security and maintain a requi rr redii requiredii clearance. f Certain U.S. government contracts may require our employees to maintain various levels of y security clearance, to comply with security clearances, and may require us to maintain a facilit Department of Defense, or DoD, requirements. The DoD has strict security clearance requirements for personnel who performff work in support of classified programs. Obtaining and maintaining a facility clearance and security clearances for employees can be a difficff ult, sometimes lengthy process. If we do not have employees with the appropriate security clearances, then a customer requiring classified work could terminate an existing contract or decide not to renew the contract upon its expiration. To the extent we are not able to obtain or maintain a facilit ff on or win new classified contracts, and existing contracts requiring a facility security clearance could be terminated. y security clearance, we may not be able to bid 38 Any failuff rr re to protect substantiallyll harm orr ur busines ii s and operatingtt results. our proprietary technology and intellecll tual property rights could Our success and ability to compete depend in part on our ability to protect our proprietary technology and intellectual property. To safeguard these rights, we rely on a combination of patent, trademark, copyright and trade secret laws and contractual protections in the United States and other jurisdictions, all of which provide only limited protection and may not now or in the future provide us with a competitive advantage. ff ff software patents in the United States is becoming increasingly challenging. Any patents we As of December 31, 2021, we had 23 issued patents and 15 patent applications pending in the United States relating to our technology. We cannot assure you that any patents will issue from any patent applications, that patents that issue from such applications will give us the protection that we seek or that any such patents will not be challenged, invalidated or circumvented. Any patents that may issue in the future from our pending or future patent applications may not provide sufficient ly broad protection and may not be enforceable in actions against alleged infringers. Obtaining and enforcing have obtained or may obtain in the future may be found to be invalid or unenforceable recent and future changes in the law. We have registered the “Tenable, io” and TT "Lumin" trademarks and our Tenable logo in the United States and certain other countries. We have registrations and/or pending applications for additional trademarks in the United States; however, we cannot assure you that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable our proprietary rights. While we have copyrights in our software, we do not typically register such copyrights with the Copyright Offiff ce. This failure to register the copyrights in our software may preclude us from obtaining statutory damages for infringement under certain circumstances. We also license software from third parties for integration into our software, and other software available on commercially reasonable terms. We cannot assure you that such third parties will maintain such software or continue to make it available. or provide adequate protection of including open source software ” “Nessus,” “Tenable. in light of TT ff ff ff ff In order to protect our unpatented proprietary technologies and processes, we rely on trade secret laws and confidentiality and invention assignment agreements with our employees, consultants, strategic partners, vendors and others. Despite our effoff rts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, copy, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights, or develop similar technologies and processes. Further, several agreements may give customers limited rights to access portions of our proprietary source code, and the contractual provisions that we enter into may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. To the extent that we expand our activities outside of the United States, our exposure to unauthorized copying and use of our solutions and proprietary informat ff determine the extent of any unauthorized use or infringement of our solutions, technologies or intellectual property rights. ion may increase. We may be unable to There can be no assurance that the steps that we take will be adequate to protect our proprietary technology and intellectual property, that others will not develop or patent similar or superior technologies, solutions or services, or that our trademarks, patents, and other intellectual property will not be challenged, invalidated or circumvented by others. Furthermore, effect ive trademark, patent, ff 39 copyright, and trade secret protection may not be available in every country in which our software is available or where we have employees or independent contractors. In addition, the legal standards relating to the validity, enforceability, and scope of protection of intellectual property rights in internet and software-related industries are uncertain and still evolving. In order to protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforff intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforcff our intellectual property rights could seriously adversely affect business. eability of our intellectual property rights. Our failure to secure, protect and enforce our brand and adversely impact our ts to enforce our ff ff We may be subjeb ct to intellectual property rights claimll extremely cl abiliii ty to use certain t ii rr echnologies. ostly to defend, could requi reii us to pay signi s by thitt dd ificant damag rdii parties, which are es and could limll it our Companies in the software and technology industries, including some of our current and potential ff claims that may be their intellectual property rights and to defendff competitors, own significant numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce brought against them. The litigation may involve patent holding companies or other adverse patent owners that have no relevant product revenue and against which our patents may thereforeff provide little or no deterrence. In the past, we have been subject to allegations of patent infringement that were unsuccessful, and we expect in the future to be subject to claims that we have misappropriated, misused, or infringed other parties’ intellectual property rights, and, to the extent we gain greater market visibility or faceff risk of being the subject respect to enterprise software companies. We may in the future be subject to claims that employees or contractors, or we, have inadvertently or otherwise used or disclosed trade secrets or other proprietary informat ion of our competitors or other parties. To the extent that intellectual property claims are made against our customers based on their usage of our technology, we have certain obligations to indemnify aff indemnity provisions often survives termination or expiration of the applicable agreement. Large indemnity payments, defense costs or damage claims from contractual breach could harm our business, results of operations and financial condition. increasing competition and as we acquire more companies, we face a higher of intellectual property infringement claims, which is not uncommon with nd defend such customers from those claims. The term of our contractual b ff There may be third-party intellectual property rights, including issued or pending patents that cover significant aspects of our technologies or business methods, including those relating to companies we acquire. Any intellectual property claims, with or without merit, could be very time- consuming, could be expensive to settle or litigate, could divert our management’s attention and other resources and could result in adverse publicity. These claims could also subject us to making substantial payments forff including treble damages if we are found to have willfully infringed patents or copyrights. These claims could also result in our having to stop making, selling, offering for sale, or using technology found to be in violation of a third party’s rights. We might be required to seek a license for the third- party intellectual property rights, which may not be available on reasonable terms or at all. Even if a license is available to us, we may be required to pay significant upfront fees, milestones or royalties, which would increase our operating expenses. Moreover, to the extent we only have a license to any intellectual property used in our solutions, there may be no guarantee of continued access to such legal fees, settlement payments, and other costs or damages, potentially ff 40 intellectual property, including on reasonable terms. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort party is able to obtain an injunction preventing us from accessing such third-party intellectual property rights, or if we cannot license or develop technology for any infringing aspect of our business, we would be forced to limit or stop sales of our software or cease business activities covered by such intellectual property, and may be unable to compete effecti affect our business, results of operations, financial condition and cash flows. vely. Any of these results would adversely and expense. If a third ff ff ff Portions of our solutions utiliii zeii open source software,rr and any faiff terms of one or more of these open source licenses could negatively al luii re to comply with the ffect our business. Our software contains software made available by third parties under so-called “open source” licenses. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants’ intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms. Further, certain open source licenses also include a provision that if we enforce any patents against the software programs that are subject to the license, we would lose the license to such software. If we were to fail to comply with the terms of such open source software licenses, such failures could result in costly litigation, lead to negative public relations or require that we quickly find replacement softwaff manner. re which may be difficff ult to accomplish in a timely programs that are subject to the license be made ff Although we monitor our use of open source software in an effort ff both to comply with the terms of the applicable open source licenses and to avoid subjecting our software to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our product or operate our business. By the terms of certain open source licenses, we could be required to release the source code of our software make our proprietary software available under open source licenses, if we combine or distribute our software with open source software in a certain manner. In the event that portions of our software determined to be subject to an open source license, we could be required to publicly release the affect limited in the licensing of our software, each of which could reduce or eliminate the value of our product. Many of the risks associated with usage of open source software cannot be eliminated, and could negatively affect ed portions of our source code, re-engineer all, or a portion of, that software or otherwise be our business, results of operations and financial condition. and to are ff ff ff ff Risks Related to An Investment in Our Common Stock Our stock price may be volatile, and the value of our common stock may declinll e. The market price of our common stock may fluctuate substantially and depends on a number of factors, including those described in this “Risk Factors” section, many of which are beyond our control and may not be related to our operating performance. market price of our common stock include the following: Factors that could cause fluctuations in the ff • actual or anticipated changes or fluctuations in our operating results; 41 • • • • • • • • • • • • • • • • • the financial projections we may provide to the public, any changes in these projeo ctions or our failure to meet these projections; announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments; industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC; rumors and market speculation involving us or other companies in our industry; price and volume fluctuations in the overall stock market from time to time; changes in operating performance companies generally, or those in our industry in particular; ff and stock market valuations of other technology failure to comply with the terms of the Credit Agreement; sales of shares of our common stock by us or our stockholders; failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors; actual or anticipated developments in our business or our competitors’ businesses or the competitive landscape generally; litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors; developments or disputes concerning our intellectual property rights or our solutions, or third- party proprietary rights; announced or completed acquisitions of businesses or technologies by us or our competitors; new or proposed laws or regulations or new interpretations of existing laws or regulations applicable to our business, including proposed changes to the U.S. corporate income tax rate and capital gains tax rates; any majora changes in our management or our Board of Directors; general economic conditions and slow or negative growth of our markets; and other events or factors, including those resulting from pandemics, war, incidents of terrorism or responses to these events. Recently, the stock markets have experienced extreme price and volume fluctuations that have ff ff ed and continue to affect the market prices of equity securities of many companies, including in affect connection with the COVID-19 pandemic. These fluctuations have often been unrelated or disproportionate to the operating performance fluctuations, as well as general economic, political, regulatory and market conditions, may negatively impact the market price of our common stock. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management’s attention. of those companies. Broad market and industry ff If securities or indii ustry analystsyy do not publishii research or reports about our business, or publishll ii decline. negative reports about our busines ii s, our stock pricerr and tradindd g voluvv me could The trading market for our common stock will depend, in part, on the research and reports that securities or industry analysts publish about us or our business. We do not control these analysts or the content and opinions included in their reports. If our financial performance fails to meet analyst estimates or one or more of the analysts who cover us downgrade our shares or change their opinion 42 of our shares, our share price would likely decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail expectations of analysts or public investors, analysts could downgrade our common stock or publish unfavorable research about us. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline. to meet, or exceed, our announced guidance or the f Future sales of substantt tiatt our stockholders,rr or the perception such sales might occur, could reduce the pricerr common stock might otherwiseww l amounts of our common stock in the public markets by us or that our attain. Sales of a substantial number of shares of our common stock in the public market by us or our stockholders, or the perception that these sales might occur, could depress the market price of our common stock, impair our ability to raise capital through the sale of additional equity securities and make it more diffiff cult for you to sell your common stock at a time and price that you deem appropriate. Further, the number of new shares of our common stock issued by us in connection with raising additional capital in connection with a financing, acquisition, investment or otherwise could result in substantial dilution to our existing stockholders. In addition, we have filed registration statements on Form S-8 under the Securities Act registering the issuance of shares of common stock subject to options and other equity awards issued or reserved for future issuance under our equity incentive plans. Shares registered under these registration statements, and under additional registration statements on Form S-8 that we may file to register additional shares of common stock pursuant to provisions of our equity incentive plans that provide for an automatic increase in the number of shares reserved and available forff issuance each year, are available forff options and the restrictions of Rule 144 under the Securities Act in the case of our affiliates. to vesting arrangements and exercise of sale in the public market subject b We do not intend ii to pay divdd idvv enddd return on your investment wilww l dll s fdd orff the foreseeable future and, as a resurr pricerr epend on appreciatioii ii hett n in t lt, your abiliii ty of our common to achieve avv stock. We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. Any determination to pay dividends in the future will be at the discretion of our Board of Directors. Accordingly, investors must rely on sales of their common stock afteff r price appreciation, which may never occur, as the only way to realize any future gains on their investments. In addition, our Credit Agreement contains restrictive covenants that prohibit us, subject to certain exceptions, from paying dividends on our common stock. b Anti-takeover provisivv ons in oii ur charter documents and under Delaware ii on of us more difficult, limit ll acquisiti ii members of our Board of Directors and our currenrr the market price of our common stock. attempts by our stockholders to replace or remove t management and could negatively i l mpii act law could make an Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficuff lt for stockholders to elect directors that are not nominated by the current members 43 of our Board of Directors or take other corporate actions, including effecting changes in our management. These provisions include: • • • • • • • • a classified Board of Directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our Board of Directors; the ability of our Board of Directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer; the exclusive right of our Board of Directors to elect a director to fill a vacancy created by the expansion of our Board of Directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our Board of Directors; a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders; the requirement that a special meeting of stockholders may be called only by the chairperson of our Board of Directors, Chief Executive Officer or a majority vote of our Board of Directors, which could delay the ability of executive officer) our stockholders to force consideration of a proposal or to take action, including the removal of directors; or president (in the absence of a chief ff ff the affirmative vote of holders of at least 66 2/3% of the voting power of the requirement forff all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the issuance of preferred stock and management of our business or our amended and restated bylaws, which may inhibit the ability of an acquirer to affect unsolicited takeover attempt; such amendments to facilitate an ff the ability of our Board of Directors, by majority vote, to amend our amended and restated bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our amended and restated bylaws to facilitate an unsolicited takeover attempt; and advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer’s own slate of directors or otherwise attempting to obtain control of us. These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us forff a certain period of time. Our amended and restattt ed certiftt icff ate of incorporatiott n providesdd ff of the State of Delawareww substantiallyll all dispii utes between us and our stockholders, rable judicial foruff m forff stockholders’ officers or other employees. to obtain a favoff or the U.S. fede rr ral distr ict ii abilityll dd dd courts willii be the excee lusive forums for that the Court of Chancery which could limll dispii utes with us or our directo it our dd rs, Our amended and restated certificate of incorporation provides that the Court of Chancery of the State of Delaware is the sole and exclusive forum forff under Delaware statutory or common law: the folff lowing types of actions or proceedings • • any derivative action or proceeding brought on our behalf; any action asserting a breach of fiduciary duty owed by any of our directors, officers employees to us or our stockholders; ff or other 44 • • any action asserting a claim against us arising pursuant to any provisions of the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws; or any action asserting a claim against us that is governed by the internal affairs ff doctrine. This provision would not apply to suits brought to enforce a duty or liability created by the Exchange Act. Furthermore, Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all such Securities Act actions. Accordingly, both state and federal courts have jurisdiction to entertain such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by diffeff amended and restated certificate of incorporation further provides that the federal district courts of the United States of America will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. While the Delaware courts have determined that such choice of forum provisions are facially valid, a stockholder may nevertheless seek to bring a claim in a venue other than those designated in the exclusive forum provisions. In such instance, we would expect to vigorously assert the validity and enforcff restated certificate of incorporation. This may require significant additional costs associated with resolving such action in other jurisdictions and there can be no assurance that the provisions will be enforced eability of the exclusive forum provisions of our amended and rent courts, among other considerations, our by a court in those other jurisdictions. ff These exclusive forum provisions may limit a stockholder’s ability to bring a claim in a judicial forff um that it finds favorable for disputes with us or our directors, officers ff may discourage such lawsuits against us and our directors, officers were to find either exclusive forum provision in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur significant additional costs associated with resolving the dispute in other jurisdictions, all of which could seriously harm our business. or other employees. If a court or other employees, which ff General Risks We are subjecb t to anti-cott domestic and internationa criminii al and/odd r civilvv liabilityll tt l operatiorr ii rruptiu on laws, anti-bri ber y arr ii ns, and non-complianll ii lly harm our busines laws with r nd similar ce with such laws can subject tt on. ati s and reput ct to our b esrr pes e and materiarr tt ii us to We are subject to the anti-bribery laws of the jurisdictions in which we operate. These include the ff or FCPA,PP the U.S. domestic bribery statute contained in 18 U.S.C. § 201, the U.S. Travel Act, the U.K. Bribery Act 2010, and other anti-corruption laws in countries in which we conduct activities. Anti- corruption laws are interpreted broadly and prohibit our company from authorizing, offering, providing, directly or indirectly, improper payments or benefits in order to gain or maintain business, including payments to recipients in the public or private sector. We use third-party law firms, accountants, and other representatives for regulatory compliance, sales, and other purposes in several countries. We sell directly and indirectly, via third-party representatives, to both private and government sectors in the United States and in other jurisdictions. Our employees and third-party representatives interact with these customers, which may include government officials. We can be held liable for the corrupt or other illegal activities of these third-party representatives, our employees, contractors, and other agents, even if we do not explicitly authorize such activities. Noncompliance with these laws could subject us to whistleblower complaints, investigations, sanctions, settlements, prosecution, other enforcement and criminal penalties or injunctions, suspension and/or debarment from contracting with certain persons, the loss of export privileges, reputational harm, adverse media coverage, and other collateral consequences. If any subpoenas or investigations are launched, or governmental or other sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our reputation, business, results of operations and financial condition could be materially harmed. In addition, actions, disgorgement of profits, significant fines, damages, other civil ff ff 45 responding to any action will likely result in a materially significant diversion of management’s attention and resources and significant defense costs and other professional actions and sanctions could further harm our business, results of operations, and financial condition. Moreover, as an issuer of securities, we also are subject to the accounting and internal controls provisions of the FCPA.PP These provisions require us to maintain accurate books and records and a system of internal controls sufficient ff provisions may have an adverse effect to detect and prevent corrupt conduct. Failure to abide by these on our business, operations or financial condition. fees. Enforcement ff ff We are srr ubject to governmental expoxx sanctions thatt subject us to liabi t could impair oii ii liii ty if we are nrr ur abilityll ii rt and impo nd economic and tradedd to conduct business in international markets and rt controls all ot in compliance ii with applicab ll le laws and regulation ll s. The United States and other countries maintain and administer export and import laws and regulations. Our products are subject to U.S. export control and import laws and regulations, including the U.S. Export Administration Regulations, U.S. Customs regulations, and various economic and trade sanctions administered by the U.S. Treasury Department’s Officff e of Foreign Assets Control. We are required to comply with these laws and regulations. If we fail to comply with such laws and regulations, we and certain of our employees could be subject to substantial civil or criminal penalties, including the possible loss of export or import privileges; fines, which may be imposed on us and responsible employees or managers; and, in extreme cases, the incarceration of responsible employees or managers. Obtaining the necessary authorizations, including any required license, for a particular sale may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. In addition, changes in our solutions, or changes in applicable export or import laws and regulations may create delays in the introduction and sale of our products in international markets or, in some cases, prevent the export or import of our solutions to certain countries, governments or persons altogether. Any change in export or import laws and regulations or economic or trade sanctions, shift in the enforcement or scope of existing laws and regulations, or change in the countries, governments, persons or technologies targeted by such laws and regulations could also result in decreased use of our products, or in our decreased ability to export or sell our products to existing or potential customers. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect operations. our business, financial condition, and results of ff Furthermore, we incorporate encryption technology into certain of our solutions. Various countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our solutions or could limit our customers’ ability to implement our solutions in those countries. Encrypted products and the underlying technology may also be subject to export control restrictions. Governmental regulation of encryption technology and regulation of imports or exports of encryption solutions, or our failure to obtain required import or export approval for our solutions, could harm our international sales and adversely affect our revenue. Compliance with applicable laws and regulations regarding the export and import of our solutions, including with respect to new solutions or changes in existing solutions, may create delays in the introduction of our solutions in international markets, prevent our customers with international operations from deploying our solutions globally or, in some cases, could prevent the export or import of our solutions to certain countries, governments, entities or persons altogether. ff Moreover, U.S. export control laws and economic sanctions programs prohibit the shipment of certain products and services to countries, governments and persons that are subject to U.S. economic embargoes and trade sanctions. Any violations of such economic embargoes and trade sanction regulations could have negative consequences, including government investigations, penalties and reputational harm. 46 ii es in the interp ii Uncertainti i could materiall ii y al negatively affected if we are r redii rr equi value addedd all or a portion of past or future sales. t our tax obligatio ffecff rr retation and application of existi xx ns and effective tax rate. Our operatingii , ngg ew and proposed tax laws results may be ngii tax, or other transaction taxes, and we could be subjeb ct to liabil to pay additional taxes, includingii sales and use tax, ii ityll with respect to The tax regimes to which we are subject or under which we operate, including income and non- income taxes, are unsettled and may be subject to significant change. For example, the 2017 Tax Cuts and Jobs Act, or the Tax Act, as modified in 2020 by the Coronavirus Aid, Relief, and Economic Security Act, or the CARES Act, made broad and complex changes to the U.S. tax code, including changes to U.S. federal tax rates, additional limitations on the deductibility of interest, both positive and negative changes to the utilization of future net operating loss, or NOL, carryforwards, allowing for the expensing of certain capital expenditures, and adopting a modified territorial system. Many countries in the European Union, as well as a number of other countries and organizations such as the Organization for Economic Cooperation and Development and the European Commission, are actively considering changes to existing tax laws that, if enacted, could increase our tax obligations in countries where we do business. These proposals include changes to the existing framework to calculate income tax, as well as proposals to change or impose new types of non-income taxes, including taxes based on a percentage of revenue. The issuance of additional regulatory or accounting guidance related to existing or future laws, or changes proposed or implemented by the current or a future U.S. presidential administration, Congress, taxing authorities outside of the United States or otherwise, could materially affect our tax obligations and effecti ve tax rate. ff ff In addition, forecasts of our income tax position and effect ff ive tax rate for financial accounting ff of a mix of profits earned and losses incurred by us in purposes are complex and subject to significant judgment and uncertainty because our income tax position for each year combines the effects various tax jurisdictions with a broad range of income tax rates, as well as changes in the valuation of deferred tax assets and liabilities, the impact of various accounting rules and tax laws (and changes to these rules and tax laws), the results of examinations by various tax authorities, and the impact of any acquisition, business combination or other reorganization or financing transaction. To forecast our global tax rate, we estimate our pre-tax profits and losses and tax expense by jurisdiction. If the mix of profits and losses, our ability to use tax assets and attributes, our assessment of the need for valuation allowances, effect than those ff than forecasted, which could have a estimated, our actual tax rate could be materially different material impact on our business, financial condition and results of operations. ive tax rates by jurisdiction or other factors are different ff ff We currently collect and remit sales and use, value added and other transaction taxes in certain of the jurisdictions where we do business based on our assessment of the amount of taxes owed by us in such jurisdictions. However, in some jurisdictions in which we do business, we do not believe that we owe such taxes, and therefore we currently do not collect and remit such taxes in those jurisdictions or record contingent tax liabilities in respect of those jurisdictions. A successful assertion that we are required to pay additional taxes in connection with sales of our solutions, or the imposition of new laws or regulations or the interpretation of existing laws and regulations requiring the payment of additional taxes, would result in increased costs and administrative burdens for us. If we are subject to additional taxes and determine to offseff such taxes from our customers, or otherwise passing those costs through to our customers, companies may be discouraged from using our solutions. Any increased tax burden may decrease our ability or willingness to compete in relatively burdensome tax jurisdictions, result in substantial tax liabilities related to past or future sales or otherwise harm our business and operating results. t such increased costs by collecting and remitting 47 Our ability t imll t o use net operating tt itattt ions rr . certaitt n l ii losses to offset ff future taxabxx le income may be subject to As of December 31, 2021 we had U.S. federal, state and forff eign NOLs, of $398.5 million, $226.1 million, and $289.9 million, respectively, available to offsff et future taxable income, some of which begin to expire in 2030. Federal NOLs incurred in taxable years beginning after December 31, 2017 can be carried forward indefinitely, but the deductibility of federal NOLs in taxable years beginning after December 31, 2021, is subject to certain limitations. A lack of future taxable income would adversely affect our ability to utilize these NOLs before they expire. ff taxable income. Section 382 of the Internal In addition, under the provisions of the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code, substantial changes in our ownership may limit the amount of pre-change ff NOLs that can be utilized annually in the future to offset Revenue Code imposes limitations on a company’s ability to use its NOLs if one or more stockholders or groups of stockholders that own at least 5% of the company’s stock increase their ownership by more than 50 percentage points over their lowest ownership percentage within a rolling three-year period. Similar rules may apply under state tax laws. Based upon an analysis as of December 31, 2020, we determined that we do not expect these limitations to materially impair our ability to use our NOLs prior to expiration. However, if changes in our ownership occurred after such date, or occur in the future, our ability to use our NOLs may be further limited. Subsequent statutory or regulatory changes in respect of the utilization of NOLs for federal or state purposes, such as suspensions on the use of NOLs or limitations on the deductibility of NOLs carried forward, or other unforeseen reasons, may result in our existing NOLs expiring or otherwise being unavailable to offset future income tax liabilities. For these reasons, we may not be able to utilize a material portion of the NOLs, even if we achieve profitability. ff ff We are orr and any failure t tor confideff invesvv bligated to maintain proper and effecff rr o maintii aintt the adequacy of these internal tive internal controlsrr e repor controlsrr may adversely affeff ct ii over financi ii al rr ii tirr ng, nce in our company and, add s a result, the value of our common stock. We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting on an annual basis. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We are also required to disclose significant changes made in our internal control procedures on a quarterly basis. ff During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effecti ve. We cannot assure you that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effecti accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by the Nasdaq, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to maintain other effect ive control systems required of public companies, could also restrict our future access to the capital markets. ve, or if our independent registered public ff ff 48 Item 1B. Unresolved Staff Cff omments None. Item 2. Properties Our corporate headquarters in Columbia, Maryland consist of approximately 160,000 square feet under a lease that expires in February 2032. We maintain additional offices in multiple locations in the United States and internationally in Europe and the Middle East, Asia Pacific and South America. We believe that our current facilities are adequate to meet our ongoing needs and that suitable additional alternative spaces will be available in the future on commercially reasonable terms. ff Item 3. Legal Proceedings b From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not presently a party to any legal proceedings that, if determined adversely to us, would individually or taken together have a material adverse effect operations, financial condition or cash flows. We have received, and may in the future continue to receive, claims from third parties asserting, among other things, infringement of their intellectual property rights. Future litigation may be necessary to defend ourselves, our partners and our ty and validity of third-party proprietary rights, or to customers by determining the scope, enforceabili establish our proprietary rights. The results of any current or future litigation cannot be predicted with certainty, and regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors. on our business, results of ff ff Item 4. Mine Safety Disclosures Not applicable. 49 Item 5. Issuer Purchases of Equity Securities Market for Registrant's Common Equity, Related Stockholder Matters and PART II Market Informati rr on for Common Stock Our common stock trades on the Nasdaq Global Select Market under the ticker symbol "TENB." Holdersdd of Record At December 31, 2021, we had 18 holders of record. Because many of our shares of common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders. Dividenddd Policy We have never declared or paid any dividends on our common stock. In addition, our credit agreement with JPMorgan Chase Bank, N.A., as administrative agent and collateral agent, contains restrictive covenants that limit our ability to pay dividends on our common stock. We currently intend to retain all available funds and any future earnings for the operation and expansion of our business and do not anticipate declaring or paying cash dividends in the foreseeable future. The payment of any future dividends will be at the discretion of our board of directors and will depend on our results of operations, capital requirements, financial condition, prospects, contractual arrangements, any limitations on payment of dividends present in our current and future debt agreements, and other factors that our board of directors may deem relevant. Unregistered Sales of Equity Securities None. Issuer Purchases rr of Equity Securities None. 50 Item 6. Selected Financial Data The following selected consolidated statements of operations data for the years ended December 31, 2021, 2020 and 2019 and the selected consolidated balance sheet data as of December 31, 2021 and 2020 are derived from our audited consolidated financial statements included in this Annual Report on Form 10-K. The consolidated statements of operations data for the years ended December 31, 2018 and 2017 and consolidated balance sheet data as of December 31, 2019, 2018 and 2017 are from our audited financial statements not included in this Annual Report on Form 10-K. You should read the following selected financial data with the historical consolidated financial statements and related notes to those statements, as well as “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” included in this Annual Report on Form 10-K. Data: Statements of Operations Year Ended December 31, (in thousands, except per share data) 2021 2020 2019 2018 2017 Revenue Cost of revenue(1) Gross profit Operating expenses: Sales and marketing(1) Research and development(1) General and administrative(1) $ 541,130 $ 440,221 $ 354,586 $ 267,360 $ 187,727 106,396 434,734 270,158 116,432 89,912 77,554 60,818 43,167 25,588 362,667 293,768 224,193 162,139 224,277 101,687 73,136 228,035 173,344 116,299 87,064 69,468 76,698 46,732 57,673 28,927 Total operating expenses Loss from operations 476,502 399,100 384,567 296,774 202,899 (41,768) (36,433) (90,799) (72,581) (40,760) Interest (expense) income, net Other expense, net (6,896) (1,965) 1,244 (1,885) 5,830 (680) 2,355 (931) (75) (16) Loss beforeff income taxes (50,629) (37,074) (85,649) (71,157) (40,851) (Benefit) provision for income taxes (3,952) 5,657 13,364 2,364 171 Net loss Accretion of Series A and B redeemable convertible preferred stock Net loss attributable to common stockholders Net loss per share attributable to common stockholders, basic and diluted(2) Weighted-average shares used to compute net loss per share attributable to common stockholders, basic and diluted (46,677) (42,731) (99,013) (73,521) (41,022) — — — (434) (763) ) $ (46,677) $ (42,731) $ (99,013) $ (73,955) $ (41,785) ) ( ( ) ) ) ) ) ) ( ( ) ) ( ( ( ( ( ( $ (0.44) $ (0.42) $ (1.03) $ (1.38) $ (1.88) 106,387 101,009 96,014 53,669 22,211 51 _________ __ __ ) (1(1) ____ ______ Includes stock-based compensation expense as ffollows: I (in thousands) Cost of revenue Sales and marketing Research and development General and administrative Total stock-based compensation expense Year Ended December 31, 2021 2020 2019 2018 2017 $ 4,446 $ 3,158 $ 2,817 $ 1,707 $ 29,410 20,593 24,956 19,842 14,794 21,779 16,032 8,911 15,683 6,911 5,804 8,453 281 1,579 1,782 4,118 $ 79,405 $ 59,573 $ 43,443 $ 22,875 $ 7,760 See Note 12 to our consolidated financial statements in this Annual Report on Form 10-K for (2) details on the calculation of basic and diluted net loss per share attributable to common stockholders. Consolidated Balance Sheet Data: December 31, (in thousands) 2021 2020 2019 2018 2017 Cash and cash equivalents Working capital (deficit)(1) Total assets Deferred revenue, current and non- current Term loan, net of issuance costs (net of current portion) Redeemable convertible preferred stock $ 278,000 $ 178,223 $ 74,363 $ 165,116 $ 27,210 265,556 108,891 35,319 142,484 (69,091) 1,248,819 690,589 558,612 460,612 164,337 530,885 434,510 363,127 289,903 225,818 364,728 — — — — — — — — 277,735 Accumulated deficit (654,529) (607,852) (565,121) (466,108) (392,587) Total stockholders' equity (deficit) 215,313 150,665 98,905 121,763 (371,665) _______ ____ ____ ____ ____ ____ ____ (1)(1) consolidated financial statements in this Annual Report on Form 10-K forff current assets and current liabilities. We define working capital (deficit) as total current assets less total current liabilities. See our further details regarding our 52 Item 7. Operations Management's Discussion and Analysis of Financial Condition and Results of ii tt tt tt ii ” “esti itww hintt with ott should “ mate,” ur consolidated financial The following discussion and analysis of our financial conditiontt statet ments att and results ott f operations nd related notes included Form 10-K contains forward- Act of 1933, as amended, or Act and Section 21E of the Securitiestt re ofteff n identified Exchange Act of 1934, as amended, or the by the use of words such as “anticipat e statements att “ ” “could, or plural of these worww dsrr re subject to a number of risks, uncertainties, be read in conjunctiontt elsewhere in this Annual Report on Form 10-K, or this Form 10-K. TKK hisTT looking statements wtt the meaning of Section 27A of the Securitiestt the Securitiestt Exchange Act. ThesTT ii “believe,” “conti nue, “ the negativett statements att tt o diffdd erff materially from future results ett of certain events t cause actual results att tt nd the timing e to such could cause or contribut tt statements.tt Factors t rr hat or implied by the forward-looki se discussed in the section differences herein, and thott tt include, but are not limited to, those identified titled “Risk Factors,” set forth in Part I, Item 1A of this Form 10-K and in oii ur othett Such risksii our business and the global economy. You should not rely ul tt predictions of this r statements t e,” ““ “will,” “wou “ “plan,” “project Such forward-lookingii tt inties may be amplified by thett COVID-19 ponu assumptions and other factors that could xpressed or similar expressions or variations. tt pandemic and its potential impact forward-lookingii of future events.tt Furthermore, such forward-looking statements stt statements att pes ak only as of the date ii eprr ort. Except as required by law, ww e uww ndertaket after the date of such statements.tt to update any forward-lookingii r circumstances “intend,” “may,” rr ect events ott no obligationtt and uncertarr “expect,”t tt o refl ll r filff ings tt hett with t ld” or ngii ,”t VV s rr “ ff ff tt tt ii SEC. on Overview We are a leading provider of Cyber Exposure solutions. Cyber Exposure is a discipline for managing, measuring and comparing cybersecurity risk in the digital era. We have continued to expand and diversify off ur platfof rm offeri ff ngs from traditional vulnerability management (VM) solutions, which include Tenable.sc and Nessus, to our cloud exposure solutions, which include Tenable.ep, Tenable.io, Tenable.cs, Tenable Web Scanning, or Tenable.io WAS, Tenable.ad and Tenable.ot. Our platforff m offerings provide broad visibility into security issues such as vulnerabilities, misconfigurations, internal and regulatory compliance violations and other indicators of the state of an organization’s security across IT infrastructure and applications, cloud environments, DevOps environments, Active Directory and Identity environments, and Industrial IoT and OT environments. We also provide deep analytics to help organizations score, trend and compare their cyber exposure over time, and communicate cyber risk in business terms to make better strategic decisions. Our platform offeff asset, vulnerability and threat data from third-party systems and applications to prioritize security issues for remediation and focus an organization’s resources based on risk and business criticality. rings integrate and analyze data from our native collectors alongside IT Our platforff m offerings are primarily sold on a subscription basis with a one-year term. Our subscription terms are generally not longer than three years. These offerings advance. To a lesser extent, we recognize revenue ratably from perpetual licenses and from the related ongoing maintenance. are typically prepaid in ff We sell and market our products and services through our field sales force that works closely with our channel partners, which includes a network of distributors and resellers, in developing sales opportunities. We use a two-tiered channel model whereby we sell our enterprise platform offeff our distributors, which in turn sell to our resellers, which then sell to end users, which we call customers. rings to Many of our enterprise platform customers initially use either our free or paid version of Nessus, one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry. Nessus, which is sold on a stand-alone basis and is the technology that underpins our enterprise 53 ff ngs, is designed to quickly and accurately identify sff platform offeri issues and malware. Our free version of Nessus, Nessus Essentials, allows for vulnerability assessment over a limited number of IP addresses. We believe many of our Nessus customers begin with Nessus Essentials and subsequently upgrade to Nessus Professional, the paid version of Nessus; however, we expect a significant number of users to continue to use Nessus Essentials. ecurity vulnerabilities, configuration Revenue in 2021, 2020 and 2019 was $541.1 million, $440.2 million and $354.6 million, representing year-over-year growth of 23% and 24%, respectively. Our recurring revenue, which includes revenue from subscription arrangements for software and cloud-based solutions and maintenance associated with perpetual licenses, represented 94.6%, 93.6% and 91.8% of revenue in 2021, 2020 and 2019, respectively. Our net loss in 2021, 2020 and 2019 was $46.7 million, $42.7 million and $99.0 million, respectively, as we continue to invest in our business and market opportunity. Our cash flows from operating activities were $96.8 million, $64.2 million and $(10.7) million in 2021, 2020 and 2019, respectively. VV COVID-19 Update While we have not seen a significant adverse impact on our business from the pandemic as of December 31, 2021, the extent to which it will impact our business and operations will depend on future developments that are uncertain. We continue to monitor the impact of the COVID-19 pandemic on our customers, partners, employees and service providers. We have resumed limited business travel and adopted a hybrid work environment, which we expect will lead to additional costs. For additional informat financial condition and results of operations, see the "Liquidity and Capital Resources" section below and “Risk Factors” in Part I, Item 1A of this Form 10-K. s of the COVID-19 pandemic on our business, ion on the potential effect ff ff Financ ii ial Highligll hts Below are our key financial results: (in thousands, except per share data) 2021 2020 2019 Year Ended December 31, Revenue Loss from operations Net loss Net loss per share, basic and diluted Net cash provided by (used in) operating activities Purchases of property and equipment Factors Affecting Our Performance Prodrr uct Leadership $ 541,130 $ 440,221 $ 354,586 (41,768) (46,677) (0.44) 96,765 (6,561) (36,433) (42,731) (0.42) 64,232 (20,277) (90,799) (99,013) (1.03) (10,744) (20,674) Our enterprise platform offeri ff ngs provide visibility into the broadest range of traditional and modern IT assets across cloud and on-premises environments. We are intensely focused continued innovation and ongoing development of our enterprise platform offeff organizations to understand and reduce their Cyber Exposure. Additionally, we continue to expand the capabilities of our Nessus products, specifically as they relate to the ability to scan for and detect the rapidly expanding volume of vulnerabilities. rings that empower on ff 54 We intend to continue to invest in our engineering capabilities and marketing activities to maintain our position in the highly-competitive market for cybersecurity solutions. Our results of operations may fluctuate as we make these investments to drive increased customer adoption and usage. New Enterpri rr seii Platfor m Crr ll ustomer Acquisiti ii on We believe that our customer base provides a significant opportunity to expand sales of our enterprise platform offeri customers will increase future opportunities for renewals and follow-on sales. We believe that we have significant room to increase our market share. ngs and that our ability to continue to grow the number of enterprise platform ff We expect to grow our enterprise platform customers by continuing to expand our sales organization and leveraging our channel partner network, which we believe will allow us to identify new enterprise customers, enter new markets, including internationally, as well as to convert more of our existing Nessus Professional customers to enterprise platform customers. We will continue to invest in our partner network and sales and marketing capability in order to grow domestically and internationally. Retaini ii ngii and ExpaEE nding Revenue from Existin xx g Customers ff Our enterprise platform offerings utilize IT asset-based or IP address-based pricing models. Once enterprise customers have licensed our platform offff erings, they typically seek broader coverage over their traditional IT assets, including networking infrastructure, desktops and on-premises servers. As customers launch new applications or migrate existing applications to the cloud and deploy web applications, containers, IoT and OT, tTT hey often increase the scope of their subscriptions and/or add additional perpetual licenses to our enterprise platforms. We are also focused ff on upselling customers from Nessus Professional to our enterprise platform ff Nessus Professional customers are typically organizations or independent security offerings. consultants that use Nessus Professional for a single vulnerability assessment at a point in time. We seek to convert these customers to our enterprise platform offerings, visibility and insights into their attack surface, as their needs develop. which provide continuous ff Further, we plan to expand existing platform capabilities and launch new products, which we believe will drive new product purchases and follow-on purchases over time, thereby contributing to customer renewals. We believe that there is a significant opportunity to drive additional sales to existing customers, and we expect to invest in sales and marketing and customer success personnel and activities to achieve additional revenue growth from existing customers. However, our ability to increase sales to existing customers will depend on a number of factors, including satisfaction or dissatisfaction with our products and services, competition, pricing, current economic conditions or overall changes in our and our clients' spending levels. We evaluate our ability to expand sales with existing customers by assessing our dollar-based net expansion rate on a last twelve months, or LTM, basis. We have historically calculated our dollar- based net expansion rate as follows: • Denominator: To calculate our dollar-based net expansion rate as of the end of a reporting period, we first determine the annual recurring revenue, or ARR, from all active subscriptions and maintenance from perpetual licenses as of the last day of the same reporting period in the prior year. This represents recurring payments that we expect to receive in the next 12- 55 month period from the cohort of customers that existed on the last day of the same reporting period in the prior year. • Numerator: We measure the ARR for that same cohort of customers representing all subscriptions and maintenance from perpetual licenses based on customer orders as of the end of the reporting period. We calculate dollar-based net expansion rate by dividing the numerator by the denominator. Our dollar-based net expansion rate for 2021 exceeded 110% on an LTM basis. Our dollar-based net expansion rate may fluctuate from quarter to quarter if our existing customers choose to reduce or delay technology spending in response to economic conditions resulting from the COVID-19 pandemic, or as a result of a number of other factors, including our existing customers' satisfaction with our solutions, the pricing of our solutions and the ability of competing solutions and the pricing thereof. We also utilize an alternative dollar-based net expansion rate to assess our ability to expand ff sales with existing customers and evaluate the performance based net expansion rate is based on the methodology described above, but excludes the annual contract value of prior period multi-year sales from ARR in the numerator and the denominator of the calculation. We believe this methodology more closely aligns with the renewal and expansion goals established for our sales team because it measures net expansion by customers with contracts up for renewal during the period. Applying this methodology would have increased the dollar-based net expansion rate by two to five percentage points in 2020 and 2021. of our sales team. This alternative dollar- Investingii in Business Growth Since our founding, we have invested significantly in growing our business. We intend to continue to invest in sales and marketing to grow our sales team, expand brand and Cyber Exposure awareness and optimize our channel partner network. We also intend to continue to invest in our research and development team to further our technological leadership position in Cyber Exposure and enhance the functionality of our solutions. Any investments we make in our sales and marketing and research and development teams will occur in advance of experiencing the benefits from such investments, so it may be diffiff cult for us to determine if we are efficff areas. We expect to acquire businesses, technology and/or development personnel that will expand and enhance the functionality of our platfoff rm offer net losses over the short term if our revenue growth does not increase at higher rates. However, we expect that these investments will ultimately benefit our results of operations. ings. These investment activities could increase our iently allocating resources in those ff Key Operating and Financial Metrics To supplement our consolidated financial statements, which are prepared and presented in accordance with GAAP, we use certain operating metrics and non-GAAP financial measures, as described below, to understand and evaluate our core operating and financial performance. These non-GAAP financial measures, which may be differe nt than similarly titled measures used by ff other companies, are presented to enhance the overall understanding of our financial performance and should not be considered a substitute forff ion prepared and presented in accordance with GAAP. , or superior to, the financial informat ff ff ff We believe that these operating metrics and non-GAAP financial measures provide useful ff informat past performance and future prospects and allow for greater transparency with respect to important ion about our operating and financial performance, enhance the overall understanding of our ff 56 metrics used by management for financial and operational decision-making. We include these operating metrics and non-GAAP financial measures to present our operating and financial performance additional comparison of our core operating and financial performance other companies in our industry. using a management view and because we believe that these measures provide an over multiple periods with ff ff ll Calculated Currenrr t Billill ngii s We use the non-GAAP measure of calculated current billings, which we believe is a key metric to measure our periodic performance. Given that most of our customers pay in advance, we typically recognize a majority of the related revenue ratably over time. We use calculated current billings to measure and monitor our ability to provide our business with the working capital generated by upfront payments from our customers. ff Calculated current billings consists of revenue recognized in a period plus the change in current deferred revenue in the corresponding period. We believe that calculated current billings, which excludes deferred revenue for periods beyond twelve months in a customer’s contractual term, more closely correlates with annual contract value. Variability in total billings, depending on the timing of large multi-year contracts and the preference for annual billing versus multi-year upfront billing, may distort growth in one period over another. has a number of limitations as a quarter-to-quarter or year-over-year While we believe that calculated current billings provides valuable insight into the cash that will be generated from sales of our subscriptions, this metric may vary from period-to-period for a number of reasons, and thereforeff comparative measure. Calculated current billings in any one period may be impacted by the overall timing of sales, including early renewals, as well as the timing and amount of multi-year prepaid contracts, which could favorably or unfavorably impact year-over-year comparisons. For example, an increasing number of large sales transactions, for which the timing has and will continue to vary, may occur in quarters subsequent to or in advance of those that we anticipate. Our calculation of from other companies that report similar financial calculated current billings may be different measures. Because of these and other limitations, you should consider calculated current billings financial results. along with revenue and our other GAAPAA ff The following table presents a reconciliation of revenue, the most directly comparable financial measure calculated in accordance with GAAP, to calculated current billings: (in thousands) Revenue Deferred revenue (current), end of period Deferred revenue (current), beginning of period(1) Calculated current billings Year Ended December 31, 2021 2020 541,130 $ 407,498 440,221 $ 328,819 2019 354,586 274,348 (331,462) 617,166 $ (274,348) 494,692 $ (214,069) 414,865 $ $ _______ ____ ____ ____ ____ ____ ____ (1)(1) million, respectively, related to acquired deferred revenue. Deferred revenue (current), beginning of period for 2021 and 2019 includes $2.6 million and $0.4 Free Cash Flow and Unlevered vv Freerr Cash Flow We use the non-GAAP measure of free cash flow, which we define as GAAPAA net cash flows from operating activities reduced by purchases of property and equipment. We believe free cash flow is an important liquidity measure of the cash (if any) that is available, after purchases of property and 57 equipment, for investment in our business and to make acquisitions. We believe that free cash flow is useful as a liquidity measure because it measures our ability to generate or use cash. We also use the non-GAAP measure of unlevered free cash flow, which we define as free cash flow plus cash paid for interest and other financing costs. We believe unlevered free cash flow is useful as a liquidity measure as it measures the cash that is available to invest in our business and meet our current and future financing needs. Our use of free cash flow and unlevered free cash flow has limitations as an analytical tool and you should not consider them in isolation or as a substitute for an analysis of our results under GAAPAA . First, free cash flow and unlevered free cash flow are not substitutes for net cash flows from operating activities. Second, other companies may calculate free cash flow, unlevered free cash flow or similarly titled non-GAAP financial measures differe performance, as tools for comparison. Additionally, the utility of free cash flow and unlevered free cash flow is further limited as it does not reflect our future contractual commitments and does not represent the total increase or decrease in our cash balance for a given period. Because of these and other limitations, you should consider free cash flow and unlevered free cash flow along with net cash provided by (used in) operating activities and our other GAAPAA all of which could reduce the usefulness of free cash flow and unlevered free cash flow ntly or may use other measures to evaluate their financial measures. ff ff The following table presents a reconciliation of net cash provided by (used in) operating activities, the most directly comparable financial measure calculated in accordance with GAAP, to free cash flow and unlevered cash flow: (in thousands) Year Ended December 31, 2021 2020 2019 Net cash provided by (used in) operating activities $ 96,765 $ 64,232 $ Purchases of property and equipment Free cash flow(1) Cash paid for interest and other financing costs (6,561) 90,204 4,978 (20,277) 43,955 335 (10,744) (20,674) (31,418) 96 Unlevered free cash flow(1) $ 95,182 $ 44,290 $ ) (31,322) ( ) ( _______ ____ ____ ____ ____ ____ ____ (1) Free cash fflow and unlevered ffree cash fflow ffor the periods presented were impacted yby: (in millions) Year Ended December 31, 2021 2020 2019 Employee stock purchase plan activity $ (0.3) $ 0.9 $ Acquisition-related expenses Tax payment on intra-entity asset transfer Proceeds from lease incentives Capital expenditures related to new headquarters (6.5) 2.8 — (0.9) (0.7) — 14.2 (17.2) (0.9) (13.1) — — (11.4) Free cash flow and unlevered free cash flow in 2021 were reduced by approximately $8 million due to by a benefit of approximately $15 million prepayments of software subscription costs, insurance and rent, offset from prepayments of similar items made in 2020. The 2020 prepayments reduced free cash flow and unlevered free cash flow by approximately $17 million in 2020. ff 58 rr Enterpri seii Platformff Customers We believe that our customer base provides a significant opportunity to expand sales of our enterprise platform offeri ff ngs. The following tables summarize key components of our customer base: Number of new enterprise platform customers added in period(1)(2) Year Ended December 31, 2021 1,882 2020 1,455 2019 1,511 ____ ______ W _________ __ __ (1(1) e define an enterprise platform customer as a customer that has licensed Tenable.ep, Tenable.io, ) Tenable.cs, Tenable.ad, Tenable.ot or Tenable.sc for an annual amount of $5,000 or greater. New enterprise platform customers represent new customer logos during the periods presented and do not include customer conversions from Nessus Professional to enterprise platforms. (2) acquisitions. The number of new enterprise platform customers added in 2021 includes 95 legacy customers of our Number of customers with $100,000 and greater in annual contract value at end of period At December 31, 2021 1,095 2020 837 2019 641 Non-GAAPGG Income (Loss) from OperO atiorr ns and Non-GAAPGG Operatinrr g MargMM in We use non-GAAP income (loss) from operations along with non-GAAP operating margin as key indicators of our financial performance. respective GAAPAA measures, excluding the effect expenses and amortization of acquired intangible assets. Acquisition-related expenses include transaction expenses and costs related to the intercompany transfer of acquired intellectual property. We define these non-GAAP financial measures as their s of stock-based compensation, acquisition-related ff ff We believe that these non-GAAP financial measures provide useful informat ff ion about our core operating results over multiple periods. There are a number of limitations related to the use of the non-GAAP financial measures as compared to GAAPAA loss from operations and operating margin, income (loss) from operations and non-GAAP operating margin exclude including that non-GAAPAA stock-based compensation expense, which has been, and will continue to be, a significant recurring expense in our business and an important part of our compensation strategy. The following table presents a reconciliation of loss from operations, the most directly comparable financial measure calculated in accordance with GAAP, to non-GAAP income (loss) from operations, 59 and operating margin, the most directly comparable financial measure calculated in accordance with GAAPAA , tPP o non-GAAP operating margin: (dollars in thousands) Loss from operations Stock-based compensation Acquisition-related expenses Amortization of acquired intangible assets Year Ended December 31, 2021 2020 2019 $ (41,768) $ (36,433) $ (90,799) 79,405 6,901 6,447 59,573 339 2,314 43,443 3,970 620 Non-GAAPAA income (loss) from operations $ 50,985 $ 25,793 ) $ (42,766) ) ( ( Operating margin Non-GAAP operating margin (8)% 9 % (8)% 6 % (26)% (12)% Non-GAAPGG Net Income (Loss) and Non-GAAP Earnings (Loss) Per Sharerr We use non-GAAP net income (loss), which excludes stock-based compensation, acquisition- related expenses and amortization of acquired intangible assets, as well as the related tax impacts, and the tax impact of intra-entity asset transfers resulting from the internal restructuring of legal entities as well as deferred income tax benefits recognized in connection with acquisitions, to calculate non-GAAP earnings (loss) per share. We believe that these non-GAAP measures provide important information because they facilit ate comparisons of our core operating results over multiple periods. ff 60 The folff lowing table presents a reconciliation of net loss and net loss per share, the most comparable financial measures calculated in accordance with GAAP, to non-GAAP net income (loss) and non-GAAP earnings (loss) per share: (in thousands, except for per share amounts) 2021 2020 2019 Net loss $ (46,677) $ (42,731) $ (99,013) Year Ended December 31, Stock-based compensation Tax impact of stock-based compensation(1) Acquisition-related expenses(2) Amortization of acquired intangible assets(3) Tax impact of acquisitions(4) Tax impact of intra-entity asset transfer(5) Non-GAAP net income (loss) Net loss per share, diluted Stock-based compensation Tax impact of stock-based compensation(1) Acquisition-related expenses(2) Amortization of acquired intangible assets(3) Tax impact of acquisitions(4) Tax impact of intra-entity asset transfer(5) Adjustment to diluted earnings per share(6) 79,405 617 6,901 6,447 (10,560) 2,808 59,573 1,299 339 2,314 — — 43,443 (95) 3,970 620 10,582 — 38,941 $ 20,794 $ ) (40,493) ( ) ( (0.44) $ (0.42) $ (1.03) $ $ 0.75 0.01 0.06 0.06 (0.10) 0.03 (0.03) 0.59 0.01 — 0.02 — — (0.01) 0.45 — 0.04 0.01 0.11 — — Non-GAAP earnings (loss) per share, diluted $ 0.34 $ 0.19 $ ) (0.42) ( ) ( Weighted-average shares used to compute GAAP net loss per share, diluted 106,387 101,009 96,014 Weighted-average shares used to compute non-GAAP earnings (loss) per share, diluted(7) 114,825 109,962 96,014 _____ _______ ____ ____ ____ ____ ____ (1) jurisdictions. The tax impact of stock-based compensation is based on the tax treatment for applicable tax (2) The tax impact of acquisition-related expenses is not material. (3)(3) acquisitions. The tax impact of the amortization of acquired intangible assets is included in the tax impact of The tax impact of acquisitions in 2021 includes a reversal of the $7.9 million income tax benefit (4)(4) recognized for GAAP purposes related to the partial release of our valuation allowance associated with the Accurics acquisition and a reversal of $2.6 million of deferred tax benefits related to the Alsid acquisition. The tax impact Indegy acquisition in 2019 includes $$6.3 million fof current tax expense an $d $4.2 million fof deferred tax expense related to the transfer of acquired intellectual property. fof the gy (5)(5) in a current tax payment based on the applicable Israeli tax rate. The tax impact of the intra-entity asset transfer is related to the internal restructuring of Indegy, resulting (6) GAAP earnings per share, which includes potentially dilutive shares. An adjustment to reconcile GAAP net loss per share, which excludes potentially dilutive shares, to non- (7) outstanding are the same, as potentially dilutive shares would be antidilutive. In periods in which there is a non-GAAP net loss, basic and diluted weighted average shares 61 Components of Our Results of Operations Revenue We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services. Our subscription arrangements generally have annual or multi-year contractual terms to use our software or cloud-based solutions, including ongoing software updates during the contractual period. For software subscriptions that are dependent on ongoing software updates and the ability to identify the latest cybersecurity vulnerabilities, revenue is recognized ratably over the subscription term given the critical utility provided by the ongoing updates that are released through the contract period. When the critical utility of our software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period. ff Our perpetual licenses are generally sold with one or more years of maintenance, which includes ff obligation. Perpetual license arrangements ongoing software updates. Given the critical utility provided by the ongoing software updates and updated ability to identify network vulnerabilities included in maintenance, we combine the perpetual license and the maintenance into a single performance generally contain a material right related to the customer’s ability to renew maintenance at a price that is less than the initial license fee. We apply a practical alternative to allocating a portion of the transaction price to the material right performance obligation and estimate a hypothetical transaction price which includes fees forff expected maintenance renewals based on the estimated economic life of perpetual license contracts. We allocate the transaction price between the cybersecurity subscription provided in the initial contract and the material right related to expected contract renewals based on the hypothetical transaction price. We recognize the amount allocated to the combined license and maintenance performance generally one year. We recognize the amount allocated to the material right over the expected maintenance renewal period, which begins at the end of the initial contractual term and is generally four years. We have estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of our technology and other factors. This estimate may change over time. obligation over the initial contractual period, which is ff Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services ff are performed. We have historically experienced, and expect in the future to experience, seasonality in entering into agreements with customers. We typically enter into a significantly higher percentage of agreements with new customers, as well as renewal agreements with existing customers, in the third and fourth quarters of the year. The increase in customer agreements in the third quarter is primarily attributable to U.S. government and related agencies, and the increase in the fourth quarter is primarily attributable to large enterprise account buying patterns typical in the software industry. The ratable nature of our subscription revenue makes this seasonality less apparent in our overall financial results. 62 Cost of Revenue, Gross rr rr Profit and Gross rr Marginii Cost of revenue includes personnel costs related to our technical support group that provides assistance to customers, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and any severance. Cost of revenue also includes cloud infrastructure costs, the costs related to professional services and training, depreciation, amortization of acquired and developed technology, hardware costs and allocated overhead costs, which consist of informat ion technology and facilities. ff We intend to continue to invest additional resources in our cloud-based platforff m and customer support team as we grow our business. The level and timing of investment in these areas could affect ff our cost of revenue in the future. Gross profit, or revenue less cost of revenue, and gross margin, or gross profit as a percentage of revenue, have been and will continue to be affect acquisition of new customers and our renewals of and follow-on sales to existing customers, the costs associated with operating our cloud-based platforff m, the extent to which we expand our customer support team and the extent to which we can increase the efficiency infrastructure through technological improvements. ed by various factors, including the timing of our of our technology and ff ff We expect our gross profit to increase in absolute dollars but our gross margin to decrease over time, as we expect revenue from our cloud-based subscriptions to increase as a percentage of revenue. However, our gross margin could fluctuate from period to period depending on the interplay of all of these factors, particularly as it relates to cloud infrastructure costs. Operatingii Expense xx s Our operating expenses consist of sales and marketing, research and development and general and administrative expenses. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, payroll taxes, stock-based compensation and any severance. Operating expenses also include depreciation and amortization as well as allocated overhead costs, including IT and facilities costs. Sales and Marketingtt Sales and marketing expense consists of personnel costs, sales commissions, marketing programs, travel and entertainment, expenses for conferences, meetings and events and allocated overhead costs. We capitalize sales commissions, including related fringe benefit costs, and recognize the expense over an estimated period of benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements. Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred. Sales commissions on professional services arrangements are expensed as incurred as the contractual periods of these arrangements are generally less than one year. We intend to continue to make investments in our sales and marketing teams to increase revenue, further penetrate the market and expand our global customer base. We expect our sales and marketing expense to increase in absolute dollars annually and to be our largest operating expense category for the foreseeable future. However, as our revenue increases, we expect our sales and marketing expense to decrease as a percentage of our revenue over the long term. Our sales and marketing expense may fluctuate from period to period due to the timing and extent of these 63 expenses, including sales commissions, which may fluctuate depending on the mix of sales and related expense recognition. Research and Development Research and development expense consists of personnel costs, software used to develop our products, travel and entertainment, consulting and professional fees forff third-party development resources as well as allocated overhead. Our research and development expense supports our ff effort new network vulnerabilities. s to continue to add capabilities to our existing products and enable the continued detection of We expect our research and development expense to continue to increase annually in absolute seeable future as we continue to invest in research and development effoff However, we expect our research and dollars for the foreff enhance the functionality of our cloud-based platform. ff development expense to decrease as a percentage of our revenue over the long term, although our research and development expense may fluctuate from period to period due to the timing and extent of these expenses. rts to General and Administrative tt General and administrative expense consists of personnel costs for our executive, finance, legal, human resources and administrative departments. Additional expenses include travel and entertainment, professional fees, insurance, allocated overhead, and acquisition-related costs. We expect our general and administrative expense to continue to increase annually in absolute dollars for the foreseeable future due to additional costs associated with accounting, compliance, insurance and investor relations as a public company. However, we expect our general and administrative expense to decrease as a percentage of our revenue over the long term, although our general and administrative expense may fluctuate from period to period due to the timing and extent of these expenses. Interest (Expense) Income, Net Interest (expense) income, net consists primarily of interest expense in connection with our senior secured term loan facility, or Term Loan, unused commitment fees on our senior secured revolving credit facility, or Revolving Credit Facility, and letter of credit fees. Interest (expense) income, net also includes interest income earned on cash and cash equivalents and short-term investments. Other Expense, Net Other expense, net consists primarily of foreign currency remeasurement and transaction gains and losses. ii (Benefit) Provi sion rr for IncII ome Taxes (Benefit) provision for income taxes has historically consisted of income taxes in certain foreign jurisdictions in which we conduct business and the related withholding taxes on sales to foreign customers. We typically maintain a valuation allowance on our deferred tax assets, including net operating loss carryforwards and tax credits, and expect this to continue for the foreseeable it is more likely than not that some or all of those deferred tax assets may not be realized based on our history of losses. ff future as 64 In 2021, the income tax benefit resulted from a partial release of our valuation allowance associated with the Accurics acquisition and a deferred tax benefit related to post-acquisition activities of Alsid, which were partially offset development operations in Israel as well as income taxes in certain foreign jurisdictions in which we conduct business and the related withholding taxes on sales to foreign customers. by tax expense from the restructuring of our research and ff In 2019, the provision for income taxes also included the tax impact related to the intercompany transfer of acquired intellectual property. Results of Operations The following tables set forth our consolidated results of operations forff the periods presented: (in thousands) Revenue Cost of revenue(1) Gross profit Operating expenses: Sales and marketing(1) Research and development(1) General and administrative(1) Total operating expenses Loss from operations Interest (expense) income, net Other expense, net Loss beforeff income taxes (Benefit) provision for income taxes Net loss Year Ended December 31, 2021 2020 2019 $ 541,130 $ 440,221 $ 354,586 106,396 434,734 270,158 116,432 89,912 476,502 77,554 362,667 224,277 101,687 73,136 399,100 (41,768) (36,433) (6,896) (1,965) (50,629) (3,952) 1,244 (1,885) (37,074) 5,657 60,818 293,768 228,035 87,064 69,468 384,567 (90,799) 5,830 (680) (85,649) 13,364 $ ( (46,677) $ ( ) ) ( (42,731) $ ( ) ) ) (99,013) ( ) ( _______ ____ ____ ____ ____ ____ ____ (1)(1) Includes stock-based compensation expense as ffollows: (in thousands) Cost of revenue Sales and marketing Research and development General and administrative Total stock-based compensation expense Year Ended December 31, 2021 2020 2019 $ $ 4,446 $ 29,410 20,593 24,956 79,405 $ 3,158 $ 19,842 14,794 21,779 59,573 $ 2,817 16,032 8,911 15,683 43,443 65 Comparison of 2021 and 2020 Revenue The following table presents the increase in revenue: Year Ended December 31, Change (dollars in thousands) 2021 2020 ($) (%) Subscription revenue Perpetual license and maintenance revenue Professional services and other revenue $ 476,023 $ 377,354 $ 98,669 50,333 50,594 (261) 14,774 12,273 2,501 Revenue $ 541,130 $ 440,221 $ 100,909 26 % (1)% 20 % 23 % U.S. revenue increased $46.3 million, or 17%. International revenue increased $54.6 million, or 32%. Cost of Revenue, Gross rr rr Profi t and Gross Margin Year Ended December 31, Change (dollars in thousands) 2021 2020 Cost of revenue Gross profit Gross margin $ 106,396 $ 77,554 $ 434,734 362,667 80 % 82 % ($) 28,842 72,067 (%) 37 % 20 % The increase in cost of revenue of $28.8 million was primarily due to: • • • • • • a $17.8 million increase in third-party cloud infrastructure costs; a $4.1 million increase in the amortization of acquired intangible assets; a $4.0 million increase in personnel costs, primarily due to support for cloud-based products and an increase in headcount, including a $1.3 million increase in stock-based compensation; a $1.2 million increase in professional fees; and a $1.1 million increase in hardware costs; partially offset ff by a $0.6 million decrease in allocated overhead expenses. Operatingii Expenxx Sales and Marketingtt ses (dollars in thousands) Sales and marketing Year Ended December 31, Change 2021 2020 ($) (%) $ 270,158 $ 224,277 $ 45,881 20 % The increase in sales and marketing expense of $45.9 million was primarily due to: • • • a $23.3 million increase in personnel costs, related to an increase in headcount, including a $9.6 million increase in stock-based compensation; a $10.5 million increase in expenses for demand generation programs, including advertising, sponsorships, and brand awareness efforts; ff a $10.0 million increase in sales commissions; and 66 • • a $3.8 million increase in selling expenses, including softwff are subscriptions and training programs; partially offset by ff a $1.9 million decrease in meeting and travel costs. Research and Development (dollars in thousands) 2021 2020 ($) (%) Research and development $ 116,432 $ 101,687 $ 14,745 15 % Year Ended December 31, Change The increase in research and development expense of $14.7 million was primarily due to: • • • • • • a $13.5 million increase in personnel costs, largely associated with an increase in headcount, including a $5.8 million increase in stock-based compensation; a $2.1 million increase in third-party cloud infrastructure costs; and a $0.6 million increase in software subscriptions; partially offset ff by a $1.0 million decrease in travel and meeting costs; a $0.5 million decrease in allocated overhead; and a $0.5 million decrease in depreciation. General and Administrative tt (dollars in thousands) 2021 2020 ($) (%) General and administrative $ 89,912 $ 73,136 $ 16,776 23 % Year Ended December 31, Change The increase in general and administrative expense of $16.8 million was primarily due to: • • • • a $7.5 million increase in personnel costs, largely associated with an increase in headcount, including a $3.2 million increase in stock-based compensation; a $6.3 million increase in acquisition-related expenses; a $2.0 million increase in professional fees; and a $1.0 million increase in depreciation and amortization. 67 Comparison of 2020 and 2019 Revenue The following table presents the increase in revenue: Year Ended December 31, Change (dollars in thousands) 2020 2019 ($) (%) Subscription revenue Perpetual license and maintenance revenue Professional services and other revenue Revenue $ 377,354 $ 290,549 $ 86,805 50,594 54,173 (3,579) 12,273 9,864 $ 440,221 $ 354,586 $ 2,409 85,635 30 % (7)% 24 % 24 % U.S. revenue increased $43.0 million, or 19%. International revenue increased $42.6 million, or 33%. Cost of Revenue, Gross rr rr Profi t and Gross Margin Year Ended December 31, Change (dollars in thousands) 2020 2019 Cost of revenue Gross profit Gross margin $ 77,554 $ 60,818 $ 362,667 293,768 82 % 83 % ($) 16,736 68,899 (%) 28 % 23 % The increase in cost of revenue of $16.7 million was primarily due to: • • • • • • a $7.0 million increase in personnel costs, primarily due to support for cloud-based products, including a $0.3 million increase in stock-based compensation; a $6.7 million increase in third-party cloud infrastructure costs; a $1.7 million increase in the amortization of acquired intangible assets; a $1.0 million increase in the amortization of internal use software; and a $0.7 million increase in allocated overhead costs driven by both the increase in average headcount and the overall increase in such costs on a year-over-year basis; partially offset ff by a $1.1 million decrease in travel and meeting expenses. Operatingii Expense xx s Sales and Marketingtt (dollars in thousands) Sales and marketing Year Ended December 31, Change 2020 2019 ($) (%) $ 224,277 $ 228,035 $ (3,758) (2)% The decrease in sales and marketing expense of $3.8 million was primarily due to: • a $7.7 million decrease in selling expenses, including travel and meeting costs and software subscriptions; and 68 • • • • a $6.4 million decrease in expenses for demand generation programs, including advertising, sponsorships, and brand awareness effort s; partially offset by ff ff a $8.9 million increase in personnel costs, primarily due to an increase in average headcount, including a $3.8 million increase in stock-based compensation; a $1.0 million increase in allocated overhead costs; and a $0.7 million increase in depreciation. Research and Development (dollars in thousands) 2020 2019 ($) (%) Research and development $ 101,687 $ 87,064 $ 14,623 17 % Year Ended December 31, Change The increase in research and development expense of $14.6 million was primarily due to: • • • • • a $14.8 million increase in personnel costs, largely associated with an increase in average headcount, including a $5.9 million increase in stock-based compensation and a decrease of $2.6 million of development costs and stock-based compensation capitalized related to internal use software; a $2.0 million increase in allocated overhead; and a $0.5 million increase in software subscriptions; partially offset ff by a $1.6 million decrease in travel and meeting costs; and a $0.9 million decrease in third-party cloud infrastructure costs. General and Administrative tt (dollars in thousands) 2020 2019 ($) (%) General and administrative $ 73,136 $ 69,468 $ 3,668 5 % Year Ended December 31, Change The increase in general and administrative expense of $3.7 million was primarily due to: • • • • • an $8.7 million increase in personnel costs, including a $6.1 million increase in stock-based compensation; and a $1.3 million increase in allocated overhead; partially offset ff by a $3.6 million decrease in acquisition-related expenses; a $2.3 million decrease in professional fees; and a $1.5 million decrease in travel and meeting costs. Liquidity and Capital Resources At December 31, 2021, we had $278.0 million of cash and cash equivalents, which consisted of bank deposits and money market funds, and $234.3 million short-term investments, which consisted of commercial paper, asset backed securities, certificates of deposit, U.S. Treasury and agency obligations, and corporate and supranational bonds. Since our inception, we have primarily financed our operations through cash provided by operations, including payments received from customers using our software products and services. Prior to our IPO, we did not raise any primary institutional capital, and the proceeds of our Series A 69 and Series B redeemable convertible preferred stock financings were used to repurchase shares of capital stock from former stockholders. We have generated significant operating losses, as reflected by our accumulated deficit of $654.5 million at December 31, 2021. We typically invoice our customers annually in advance and, to a lesser extent, multi-year in ff a substantial source of our cash is from such prepayments, which are included in advance. Therefore, deferred revenue on our consolidated balance sheets. Deferred revenue consists primarily of the unearned portion of billed fees for our subscriptions and perpetual licenses, which is subsequently recognized as revenue in accordance with our revenue recognition policy. At December 31, 2021, we had deferred revenue of $530.9 million, of which $407.5 million was recorded as a current liability and is expected to be recognized as revenue in the next 12 months, provided all other revenue recognition criteria are met. Our principal uses of cash in recent periods have been funding our operations, expansion of our sales and marketing and research and development activities, investments in infrastructure, including the build-out of our new headquarters, and acquiring complementary businesses and technology. In April 2021, we paid $98.5 million in cash to acquire Alsid, and in October 2021, we acquired Accurics for $160.0 million in cash. In February 2022, we acquired Cymptom for approximately $23 million in cash. We may in the future enter into arrangements to acquire or invest in other complementary businesses, services and technologies, including intellectual property rights. We expect to continue incurring operating losses in the near term. Even though we generated ff to fund our operating and capital needs for at least the next 12 positive cash flows from operations and unlevered free cash flow in 2021 and 2020, we may not be able to sustain these cash flows. We believe that our existing cash and cash equivalents and short- term investments will be sufficient months. Our future capital requirements will depend on many factors, including our revenue growth rate, subscription renewal activity, the timing and extent of spending to support further infrastructure and research and development effort invest in new and existing officeff operating activities, any acquisitions of complementary businesses and technologies, the timing of our introduction of new product capabilities and enhancements of our platform and the continuing market acceptance of our platform. It may be necessary to seek additional equity or debt financing to fund our operating and capital needs. In the event that financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affecte ff s, the timing and extent of additional capital expenditures to spaces, the expansion of sales and marketing and international d. ff ff While we have not seen a significant adverse impact on our business from the pandemic as of December 31, 2021, the extent to which it will impact our business and operations will depend on future developments that are uncertain. Accordingly, the current results and financial conditions discussed herein may not be indicative of our future operating results and trends. See the section titled “Risk Factors” in Part I, Item 1A of this Form 10-K. Term Loan and Revolvingii Creditdd Facilityll In July 2021, we entered into a credit agreement, or the Credit Agreement, which is comprised of a $375.0 million Term Loan and a $50.0 million Revolving Credit Facility, with a $15.0 million letter of credit sublimit. The Term Loan bears interest at a rate of 2.75% per annum over LIBOR, subject to a 0.50% floor. The Term Loan will amortize at 1% per annum in equal quarterly installments, starting in March 2022 until the final maturity date on July 7, 2028. We may be subject to mandatory Term Loan prepayments related to the excess cash provisions in the Credit Agreement beginning in 2023. The 70 Revolving Credit Facility bears interest at a rate, depending on first lien net leverage, ranging from 2.00% to 2.50% over LIBOR and matures on July 7, 2026. We will pay a commitment fee during the term ranging from 0.25% to 0.375% per annum of the average daily undrawn portion of the revolving commitments based on the first lien net leverage ratio. The Credit Agreement contains customary ive and negative covenants. Additionally, if at least 35% of representations and warranties and affirmat the Revolving Credit Facility is drawn on the last day of the quarter, the total net leverage ratio cannot be greater than 5.50 to 1.00. ff At December 31, 2021, we were in compliance with the covenants and there have been no amounts outstanding under the Revolving Credit Facility. In connection with the Credit Agreement, we terminated our $45.0 million senior secured credit facility, or the 2020 Credit Facility, with Silicon Valley Bank, including the release of all related guarantees and liens. Prior to its termination, there were no amounts outstanding under our 2020 Credit Facility. Cash Flowsww The following table summarizes our cash flows for the periods presented: (in thousands) Year Ended December 31, 2021 2020 2019 Net cash provided by (used in) operating activities $ 96,765 $ 64,232 $ (10,744) Net cash (used in) provided by investing activities of exchange rate changes on cash and cash Net cash provided by financing activities Effect ff equivalents and restricted cash Net increase (decrease) in cash and cash equivalents and restricted cash (391,590) 397,646 4,079 36,403 (113,050) 34,161 (3,013) (916) (1,080) $ 99,808 $ 103,798 $ ) (90,713) ( ) ( Operatingii tt Activit iestt Our largest source of cash provided by operating activities is cash collections from sales of our products and services, as we typically invoice our customers in advance. Our primary uses of cash are employee compensation costs, third-party cloud infrastructure and other software subscription costs, demand generation expenditures and general corporate costs. Investing Activit tt iestt From 2020 to 2021, net cash used in investing activities increased by $395.7 million, primarily due to an increase of cash paid for acquisitions of $258.2 million, a net increase in short-term investments of $146.2 million, and a $5.0 million simple agreement for future equity investment in 2021, partially offset by a decrease in purchases of property and equipment of $13.7 million. ff From 2019 to 2020, cash flows from investing activities increased by $117.1 million, primarily due to a decrease in cash paid for acquisitions of $74.6 million and an increase in our sales, net of purchases, of investments of $42.1 million. Financing ii tt Activit iestt From 2020 to 2021, net cash provided by financing activities increased by $361.2 million, primarily due to net proceeds from our Credit Facility of $365.7 million. This increase was partially 71 ff by a decrease of $3.4 million in the proceeds from the exercise of stock options and $2.0 million offset of loan proceeds that we received from the state of Maryland in 2020. From 2019 to 2020, net cash provided by financing activities increased by $2.2 million, primarily due to $2.0 million of proceeds from a loan agreement from the state of Maryland and an increase in proceeds from the exercise of stock options of $2.7 million, which was partially offset ff stock issued in connection with the employee stock purchase plan of $2.1 million. by a decrease in Contractual Obligations We have certain contractual obligations for future payments. Refer to Note 7 to our consolidated financial statements in this Annual Report on Form 10-K for our required operating lease payments and Note 9 for our required payments to Amazon Web Services, Inc. for cloud services. At December 31, 2021, we had other non-cancellable purchase obligations of $8.1 million due in ff the next twelve months and $11.3 million due thereafter unrecognized tax benefits and $1.2 million of asset retirement obligations, the timing of payments forff which is uncertain. . Additionally, we had $7.6 million of Critical Accounting Policies and Estimates Our financial statements are prepared in accordance with U.S. GAAP. The preparation of these financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue and expenses, as well as related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our estimates are based on historical experience and various other assumptions that we believe to be reasonable under the circumstances. Our actual results could differ from these estimates. ff The critical accounting estimates, assumptions and judgments that we believe have the most significant impact on our consolidated financial statements are described below. Revenue Recognition We recognize revenue to depict the transferf of promised goods or services to customers in an amount that reflects the consideration to which we expect to be entitled to in exchange for those goods or services. In recognizing revenue, we apply the following steps: • • • • • Identify the contract with a customer Identify the performance obligations in the contract Determine the transaction price Allocate the transaction price to the performance obligations in the contract Recognize revenue when or as performance obligations are satisfied In situations where we enter into a contractual arrangement that includes non-standard terms and conditions, such as acceptance provisions and options to purchase additional products and services, as well as contract modifications, we apply judgment in identifying and assessing the impact on revenue recognition. We generate revenue from subscription arrangements for our software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses and professional services and other revenue. 72 Subscriptiontt Revenue ff Our subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions. For our software subscriptions that are dependent on ongoing software is recognized ratably over the subscription term given the critical utility provided by the ongoing updates that are released throughout the contract period. When the critical utility of our software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period. updates and the ability to identify the latest cybersecurity vulnerabilities, revenue Perpetual License and Maintenance Revenue Our perpetual licenses are generally sold with one or more years of maintenance, which include ff ff ff updates and updated ability to identifyff updates and the ongoing ability to identify the latest cybersecurity vulnerabilities. expected maintenance renewals based on the estimated economic life of the perpetual ongoing software Given the critical utility provided by the ongoing software network vulnerabilities included in maintenance, we combine the perpetual license and the obligation. Perpetual license arrangements generally contain maintenance into a single performance a material right related to the customer’s ability to renew maintenance at a price that is less than the initial license fee. We apply a practical alternative to allocating a portion of the transaction price to the material right performance obligation and estimate a hypothetical transaction price which includes fees forff license contracts. We allocate the transaction price between the cybersecurity subscription provided in the initial contract and the material right related to expected contract renewals based on the hypothetical transaction price. We recognize the amount allocated to the combined license and maintenance performance We recognize the amount allocated to the material right over the expected maintenance renewal period, which begins at the end of the initial contractual term and is generally four estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of the our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different estimates could materially impact our reported financial results. obligation over the initial contractual period, which is generally one year. assumptions and years. We have ff ff ff Professional Services and Other tt Revenue Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant customization of our products. Professional services and other revenue is recognized as the services ff are performed. tt Contracts with Multiplett Performance ff Obligations tt In cases where our contracts with customers contain multiple performance obligations, the contract transaction price is allocated on a relative standalone selling price basis. We typically determine standalone selling price based on observable selling prices of our products and services. ff Variable Consideration We record revenue from sales at the net sales price, which is the transaction price, including estimates of variable consideration when applicable. Certain of our customers may be entitled to receive credits and in certain circumstances, refunds, if service level commitments are not met. We have not historically experienced significant incidents affecting the ability to meet these service level commitments and any estimated refunds related to these agreements have not been material. rr 73 Sales through our channel partner network of distributors and resellers are generally discounted as compared to the price that we would sell to an end user. Revenue for sales through our channel network, which is fixed, is recorded net of any distributor or reseller margin. Deferred Commissions Sales commissions, including related incremental fringe benefit costs, are considered to be are deferred over an estimated period of incremental costs of obtaining a contract, and thereforeff benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements. We have estimated the period of benefit based on the expected contract term including renewal periods, the lifecycle of our technology and other factors. Sales commissions on contract renewals are capitalized and amortized ratably over the contract term, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred. While we believe that the estimates we have made are reasonable and appropriate, different assumptions and estimates could materially impact our reported financial results. Stock-Based kk Compensation Stock-based compensation expense related to stock options, restricted stock, restricted stock units, or RSUs, and purchase rights issued under our 2018 Employee Stock Purchase Plan, or the 2018 ESPP, iP s calculated based on the fair value of the awards granted and is recognized on a straight-line basis over the requisite service period, which is generally two to four years. RSUs that d vesting conditions are expensed using the accelerated attribution include performance-base rr feit method. We account for forff ures as they occur. ff Estimating the fair value of stock options and purchase rights under the 2018 ESPP using the Black-Scholes option-pricing model requires assumptions as to the fair value of our underlying common stock, the estimated term of the option, the risk free interest rates, the expected volatility of the price of our common stock and the expected dividend yield. The assumptions used to estimate the fair value of the option awards reflect our best estimates. If any of the assumptions change significantly, stock-based compensation for future awards may differ awards granted previously. significantly compared with the ff The assumptions and estimates are as follows: • • • • • Fair Value of Common Stock. See “Valuat VV ions” discussion below. Expected Term. This is the period of time that the options granted are expected to remain unexercised. We employ the simplified method to calculate the average expected term. VolatVV tt y.t This is a measure of the amount by which a financial variable, such as a share ilit price, has fluctuated (historical volatility) or is expected to fluctuate (expected volatility) during a period. In 2021, we began using the volatility of our common stock to calculate expected volatility. Prior to 2021, we identified several public entities of similar size, complexity and stage of development and estimated our volatility based on the volatility of the common stock of these companies. Risk-FreeFF resembles the expected life of the stock option. Dividend Yield. We have not and do not expect to pay dividends on our common stock. Interest Rate. This is the U.S. Treasury rate, having a term that most closely Valuations Following our IPO, we use the market price of our common stock at the date of grant as the fair 74 value. Prior to our IPO, the lack of an active public market for our common stock required our board of directors to exercise reasonable judgment and consider a number of factors in order to make the best estimate of fair value of our common stock, in accordance with the technical practice-aid issued by the American Institute of Certified Public Accountants Practice Aid entitled Valuation of Privarr . Factors considered in connection with Company Equity St estimating the fair value of our common stock underlying our award of restricted stock and stock option awards when performing included: the fair value calculations with the Black Scholes option-pricing model Issued as Compensationtt tely-Held ecuritiestt ff • • • The results of independent third-party valuations of our common stock Recent arm’s length transactions involving the sale or transfer of our common stock The rights, preferences and privileges of our Series A and Series B redeemable convertible preferred stock relative to those of our common stock • Our historical financial results and future financial projections • • • • The market value of equity interests in substantially similar businesses, which equity interests can be valued through nondiscretionary, objective means The lack of marketability of our common stock The likelihood of achieving a liquidity event, such as an IPO given prevailing market conditions Industry outlook • General economic outlook including economic growth, inflation and unemployment, interest rate environment and global economic trends As described above, the exercise price of our stock option awards was determined by our board of directors, with input from management, taking into account the factors described above, using a combination of valuation methodologies with varying weighting applied to each methodology as of the grant date. Application of these approaches involved the use of estimates, judgment and assumptions that were highly complex and subjective, such as those regarding our expected future revenue, expenses and future cash flows, discount rates, market multiples, the selection of comparable companies and the probability of possible future events. Changes in any or all of these estimates and assumptions or the relationships between those assumptions would have impacted our valuations as of each valuation date and may have had a material impact on the valuation of our common stock. The fair value of the 2018 ESPP purchase rights were estimated on the offering ff or modification dates based on the following assumptions: Year Ended December 31, 2021 2020 2019 Expected term (in years) Expected volatility Risk-free interest rate Expected dividend yield 0.5 — 2.0 0.5 — 2.0 37.2% — 59.4% 41.6% — 60.1% 34.4% — 44.6% 0.1% — 0.9% — 1.5% — 2.5% — 0.1% — 0.2% — 0.5 — 2.0 Business Combinati ii ons We account for business combinations by recognizing the fair value of acquired assets and liabilities. The excess purchase consideration over the fair value of acquired assets and liabilities is 75 recorded as goodwill. When determining the fair value of assets acquired and liabilities assumed, a non-recurring Level 3 fair value measurement, we make estimates and assumptions, especially with respect to intangible assets such as identified acquired technology and trade names. We determine the fair value of acquired technology using the multi-period excess earnings method, a formff of the income approach. Estimates in valuing identifiable intangible assets include, but are not limited to, projected revenue growth rates, future expected operating expenses, obsolescence projections and an appropriate discount rate. Our estimate of fair value is based upon assumptions we believe to be ff reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates. During the measurement period, we may make adjustments to the fair value of assets acquired and liabilities assumed, with offseff the measurement period will be reflected in the consolidated statements of operations. Acquisition- related transaction costs are expensed as incurred. tting adjustments to goodwill. Any adjustments made after Goodwillii The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. We perform our annual impairment assessment on October 1, or more frequently, when events or circumstances indicate impairment may have occurred. We operate as one reporting unit and have elected to first assess qualitative factors to determine whether it is more likely than not that the fair value of the Company as a whole is less than its carrying amount, including goodwill. The qualitative assessment includes an evaluation of relevant events and circumstances, including macroeconomic, industry and market conditions, our overall financial performance, trends in the value of our common stock. During the periods presented, there were no indications of impairment and it was not more likely than not that goodwill was impaired. and ff Income Taxes We are subject to federal, state and local taxes in the United States as well as numerous international jurisdictions. These foreign jurisdictions have different statutory tax rates than the United States. Earnings generated by our international entities are related to transfer pricing requirements as applicable under local jurisdiction tax laws. ff We record a provision for income taxes under the asset and liability method, which requires ff nces between the financial statement carrying amounts and the tax basis of existing recognition of deferred tax assets and liabilities for the expected future tax consequences of temporary differe assets and liabilities, net operating loss carryforwards and tax credit carryforwards. Deferred tax assets and liabilities are measured using the tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled. A valuation allowance is provided if it is more likely than not that some or all of the deferred tax assets will not be realized. We have valuation allowances in all jurisdictions against deferred tax assets net of deferred tax liabilities that will reverse and provide a source of taxable income. Our evaluation of valuation allowances could change in the future and the impact could have a material impact on our financial statements. ff We recognize tax benefits from an uncertain tax position if it is more likely than not to be sustained upon audit by the relevant taxing authority. Interest and penalties associated with such uncertain tax positions are classified as a component of income tax expense. In connection with the 2021 acquisition of Accurics, we elected to first offsff et our existing deferred tax assets with acquired deferred tax liabilities. This resulted in releasing $7.9 million of the federal and state valuation allowance, which was recorded as a component of our deferred tax benefit. 76 In December 2019, subsequent to our acquisition of Indegy, we transferred the acquired intellectual property from Israel to the U.S. and Ireland through an intercompany transaction. The sale of Indegy’s intellectual property forff $4.2 million of deferred tax expense in Israel. In January 2021, we transferred Indegy’s R&D business to another wholly owned Israeli entity through an intercompany transaction. The sale of Indegy’s R&D business resulted in $2.8 million of current tax expense in Israel. The valuation of the intellectual property and R&D business for tax purposes required significant judgment and assumptions with respect to forecasted operating results and discount rates. tax purposes resulted in $6.3 million of current tax expense and Depending on the jurisdiction, distributions of earnings could be subject to withholding taxes at rates applicable to the distributing jurisdiction. As we intend to continue to reinvest the earnings of foreign subsidiaries indefinitely, we have not provided for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of foreign subsidiaries. Recently Issued Accounting Pronouncements Refer to Note 1 to our consolidated financial statements in this Annual Report on Form 10-K for ff more informat ion regarding recently issued accounting pronouncements. Item 7A. Quantitative and Qualitative Disclosures about Market Risk We are exposed to market risks in the ordinary course of our business, including interest rate, foreign currency exchange and inflation risks. Interest Rate Risk At December 31, 2021, we had $278.0 million of cash and cash equivalents, which consisted of cash deposits and money market funds. We also had $234.3 million of short-term investments, which consisted of commercial paper, asset backed securities, certificates of deposit, U.S. treasury and agency securities and corporate and supranational bonds. Our investments are carried at their fair market values with cumulative unrealized gains or losses recorded as a component of accumulated other comprehensive (loss) income within stockholders' equity. The primary objectives of our investment activities are the preservation of capital, the fulfillment of liquidity needs and the fiduciary control of cash and investments. We do not enter into investments for trading or speculative purposes. Interest-earning instruments carry a degree of interest rate risk; however, a hypothetical 10% change in interest rates during any of the periods presented would not have had a material impact on our financial statements. In July 2021, we entered into the Credit Agreement comprised of a $375.0 million Term Loan and Loan a $50.0 million Revolving Credit Facility. Prior to January 31, 2022, the interest rate on the TermTT was 3.25% (2.75% plus 0.50% LIBOR floor). Effeff ctive January 31, 2022 through July 29, 2022, the Term Loan has a variable interest rate of 3.27%. A one-half percentage point increase in the rate would increase 2022 interest expense by $0.8 million. No amounts are outstanding under the Revolving Credit Facility. Because the United Kingdom Financial Conduct Authority, which regulates LIBOR, announced the desire to phase out the use of LIBOR by the middle of 2023, future borrowings under our Term Loan and Revolving Credit Facility could be subject to reference rates other than LIBOR. 77 Foreirr gni Currenrr cy Exchange Risk Substantially all of our sales contracts are denominated in U.S. dollars, with a limited number of contracts denominated in foreign currencies, including foreign denominated leases. A portion of our operating expenses are incurred outside the United States, denominated in foreign currencies and subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Euro, British Pound, Australian dollar, Israeli New Shekel and Indian Rupee. Additionally, fluctuations in foreign currency exchange rates may cause us to recognize remeasurement and transaction gains (losses) in our consolidated statements of operations. As the impact of foreign currency exchange rates has not been material to our historical operating results, we have not entered into derivative or hedging transactions, but we may do so in the future if our exposure to foreign currency becomes more significant. Inflation Risk We do not believe that inflation has had a material effect ff on our business, results of operations, or financial condition. Nonetheless, if our costs, specifically employee-related and third-party cloud infrastructure costs, were to become subject to significant inflationary pressures, we may not be able to fully offset operations, or financial condition. such higher costs. Our inability or failure to do so could harm our business, results of ff 78 Item 8. Financial Statements and Supplementary Data INDEX TO CONSOLIDATED FINANCIAL STATEMENTS Reports of Independent Registered Public Accounting Firm Financial Statements Consolidated Balance Sheets Consolidated Statements of Operations Consolidated Statements of Comprehensive Loss Consolidated Statements of Stockholders' Equity Consolidated Statements of Cash Flows Notes to Consolidated Financial Statements 1. Business and Summary of Significant Accounting Policies 2. Revenue 3. Cash Equivalents and Short-TermTT Investments 4. Fair Value Measurements 5. Property and Equipment, Net 6. Acquisitions, Goodwill and Intangible Assets 7. Leases 8. Debt 9. Commitments and Contingencies 10. Stock-Based Compensation 11. Income Taxes 12. Net Loss Per Share 13. Geographic Information 14. Benefit Plans 15. Subsequent Events Pageg 80 85 86 87 88 89 90 90 97 98 99 101 101 103 104 106 106 110 113 114 114 114 79 REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM To the Stockholders and the Board of Directors of Tenable Holdings, Inc. Opinion on the Financial Statements We have audited the accompanying consolidated balance sheets of Tenable Holdings, Inc. (the Company) as of December 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, stockholders' equity and cash flows for each of the three years in the period ended December 31, 2021, and the related notes and the financial statement schedule listed in the Index at item 15(a)(2) (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at December 31, 2021 and 2020, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2021, in conforff mity with U.S. generally accepted accounting principles. TT We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of December 31, 2021, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated February 25, 2022 expressed an unqualified opinion thereon. Basis for Opinion These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. ff We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and performff the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included procedures to assess the risks of material misstatement of the financial statements, performing whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion. ff Critical Audit Matters The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective or complex judgments. The communication of a critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate. Revenue Recognition – Identification and Evaluation of Contracts Non-Standard Terms and Conditidd ons. rr with 80 Descriptiontt the Matter of As described in Note 1 to the consolidated financial statements, management enters into certain contracts with customers, including software subscription arrangements and perpetual licenses with related maintenance, with non- standard terms and conditions. How We dd Addressed Matter in Oii Auditdd the ur Descriptiontt the Matter of Performing procedures relating to the identification and evaluation of non- standard terms and conditions in contracts is a critical audit matter because there is a significant amount of judgment required by management in identifying and evaluating non-standard terms and conditions and determining the impact of such terms and conditions on the amount and timing of revenue recognition. Accordingly, there is significant auditor judgment and significant audit effort in performing our audit procedures to evaluate whether non- standard terms and conditions in contracts were appropriately identified and evaluated by management. ff We obtained an understanding, evaluated the design and tested the operating effect iveness of controls over the Company’s process for identifying and evaluating contracts with non-standard terms and conditions. These procedures also included, among others, on a sample basis (i) testing the completeness and accuracy of management’s identification of contracts with non-standard terms and conditions and (ii) testing management’s determination of the impact of non-standard terms and conditions on the amount and timing of revenue recognition. II gibl ii e Assetstt Developed Technology Igg ntan Valuation of Acquiredii As described in Note 6 to the consolidated financial statements, during the year ended December 31, 2021, the Company completed the acquisitions of Alsid SAS (“Alsid”) and Accurics, Inc. (“Accurics”) for $98.5 million and $160.0 million in cash, respectively. The Company’s accounting for the acquisitions included determining the fair value of the acquired intangible assets including developed technology of $31.3 million for Alsid and a preliminary value of $33.3 million for Accurics. Auditing the accounting for the acquired developed technology intangible assets involved complex auditor judgment due to the estimation required in management’s determination of fair value. The estimation was significant primarily due to the sensitivity of the fair value of the developed technology to the underlying assumptions, including the discount rate, projected revenue growth rates, future expected operating expenses, and the obsolescence projections. These significant assumptions are forward-looking and could be affecte d by future economic and market conditions. ff 81 How We Addressed the Matter in Our Audit ff iveness of controls over the Company’s process for accounting for the We obtained an understanding, evaluated the design and tested the operating effect acquired developed technology intangible assets. For example, we tested controls over management’s review of the valuation model and significant assumptions used in the valuation as well as controls over the completeness and accuracy of the data used in the model and assumptions. ff To test the fair value of the acquired developed technology, our audit procedures included, among others, evaluating the Company's use of valuation methodologies, evaluating the significant assumptions, evaluating the prospective financial informat accuracy of underlying data. We involved our valuation specialist to assist in testing certain significant assumptions used to value the acquired intangible assets. For example, we compared the significant assumptions to current industry and market trends, to assumptions used to value similar assets in other acquisitions and to other relevant factors. We also perforr analyses of the significant assumptions to evaluate the change in the fair value resulting from changes in the assumptions. ion and testing the completeness and rmed sensitivity /s/ Ernst & Young YY LLP We have served as the Company’s auditor since 2014 Baltimore, Maryland February 25, 2022 82 REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM To the Stockholders and Board of Directors of Tenable Holdings, Inc. inion on Internal Control Over Financial Reporting TT Holdings, Inc.’s internal control over financial reporting as of December 31, We have audited Tenable 2021, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Tenable effect criteria. ive internal control over financial reporting as of December 31, 2021, based on the COSO Holdings, Inc. (the Company) maintained, in all material respects, TT ff As indicated in the accompanying Management's Report on Internal Control Over Financial Reporting, management's assessment of and conclusion on the effectiveness of internal control over financial reporting did not include the internal controls of Accurics, Inc. acquired on October 1, 2021, which is included in the 2021 consolidated financial statements of Tenable constituted less than 3% of total assets as of December 31, 2021 and less than 1% of total revenue and operating expenses for the year then ended. Our audit of internal control over financial reporting of Tenable Holdings, Inc. also did not include an evaluation of the internal control over financial reporting of Accurics, Inc. Holdings, Inc. and TT We also have audited, in accordance with the standards of the Public Company Accounting Oversight Holdings, Inc. as of Board (United States) (PCAOB), the consolidated balance sheets of Tenable December 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, stockholders' equity and cash flows for each of the three years in the period ended December 31, 2021, and the related notes and the financial statement schedule listed in the Index at item 15(a)(2) (collectively referred to as the “consolidated financial statements”) and our report dated February 25, 2022 expressed an unqualified opinion thereon. TT Basis for Opinion The Company’s management is responsible for maintaining effecti reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management's Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB. ve internal control over financial ff We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and performff ve internal control over financial reporting was maintained in all material respects. the audit to obtain reasonable assurance about whether effecti ff Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effect iveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion. ff Definition and Limitations of Internal Control Over Financial Reporting A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements forff external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are 83 recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements. ff Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effecti risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. veness to future periods are subject to the ff /s/ Ernst & Young YY LLP Baltimore, Maryland February 25, 2022 84 TENABLE HOLDINGS, INC. CONSOLIDATED BALANCE SHEETS (in thousands, except per share data) Assets Current assets: Cash and cash equivalents Short-term investments Accounts receivable (net of allowance for doubtful accounts of $524 $ and $261 at December 31, 2021 and 2020, respectively) Deferred commissions Prepaid expenses and other current assets Total current assets Property and equipment, net Deferred commissions (net of current portion) Operating lease right-of-use assets Acquired intangible assets, net Goodwill Other assets Total assets Liabilities and Stockholders’ Equity Current liabilities: Accounts payable and accrued expenses Accrued compensation Deferred revenue Operating lease liabilities Other current liabilities Total current liabilities Deferred revenue (net of current portion) Term loan, net of issuance costs (net of current portion) Operating lease liabilities (net of current portion) Other liabilities Total liabilities $ $ December 31, 2021 2020 278,000 $ 234,292 178,223 113,623 136,601 40,311 60,234 749,438 36,833 59,638 38,530 71,536 261,614 31,230 1,248,819 $ 16,254 $ 54,051 407,498 2,320 3,759 483,882 123,387 364,728 55,046 6,463 1,033,506 115,342 32,143 44,462 483,793 38,920 46,733 39,426 13,193 54,414 14,110 690,589 5,731 35,509 328,819 3,815 1,028 374,902 105,691 — 54,529 4,802 539,924 Stockholders’ equity: Common stock (par value: $0.01; 500,000 shares authorized, 108,929 and 103,715 shares issued and outstanding at December 31, 2021 and 2020, respectively) Additional paid-in capital Accumulated other comprehensive (loss) income Accumulated deficit Total stockholders’ equity Total liabilities and stockholders’ equity 1,089 869,059 (306) (654,529) 215,313 1,248,819 $ 1,037 757,470 10 (607,852) 150,665 690,589 $ The accompanying notes are an integral part of these consolidated financial statements. 85 TENABLE HOLDINGS, INC. CONSOLIDATED STATEMENTS OF OPERATIONS (in thousands, except per share data) 2021 2020 2019 Year Ended December 31, Revenue Cost of revenue Gross profit Operating expenses: Sales and marketing Research and development General and administrative Total operating expenses Loss from operations Interest (expense) income, net Other expense, net Loss beforeff income taxes (Benefit) provision for income taxes Net loss Net loss per share, basic and diluted Weighted-average shares used to compute net loss per share, basic and diluted $ 541,130 $ 440,221 $ 354,586 106,396 434,734 270,158 116,432 89,912 476,502 77,554 362,667 224,277 101,687 73,136 399,100 (41,768) (36,433) (6,896) (1,965) (50,629) (3,952) 1,244 (1,885) (37,074) 5,657 60,818 293,768 228,035 87,064 69,468 384,567 (90,799) 5,830 (680) (85,649) 13,364 $ $ ( (46,677) $ ( ) ) ( (42,731) $ ( ) ) ) (99,013) ( ) ( ( (0.44) $ ( ) ) ( (0.42) $ ( ) ) ) (1.03) ( ) ( 106,387 101,009 96,014 The accompanying notes are an integral part of these consolidated financial statements. 86 TENABLE HOLDINGS, INC. CONSOLIDATED STATEMENTS OF COMPREHENSIVE LOSS (in thousands) Net loss Other comprehensive (loss) income, net of tax: Unrealized (loss) gain on available-for-sale securities Other comprehensive (loss) income Comprehensive loss Year Ended December 31, 2021 2020 2019 $ (46,677) $ (42,731) $ (99,013) (316) (316) (40) (40) 50 50 $ ( (46,993) $ ( ) ) ( (42,771) $ ( ) ) ) (98,963) ( ) ( The accompanying notes are an integral part of these consolidated financial statements. 87 TENABLE HOLDINGS, INC. CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY Common Stock Shares Amount Additional Paid-in Capital Accumulated Other Total Comprehensive Accumulated Stockholders' Deficit (Loss) Income Equity 93,126 $ 931 $ 586,940 $ — $ (466,108) $ 121,763 (in thousands) Balance at December 31, 2018 Exercise of stock options Vesting of restricted stock units Issuance of common stock under employee stock purchase plan Stock-based compensation Other comprehensive income Net loss Balance at December 31, 2019 Exercise of stock options Vesting of restricted stock units Issuance of common stock under employee stock purchase plan Stock-based compensation Other comprehensive loss Net loss Balance at December 31, 2020 Exercise of stock options Vesting of restricted stock units Issuance of common stock under employee stock purchase plan Stock-based compensation Other comprehensive loss Net loss Balance at December 31, 2021 4,205 479 777 — — — 42 5 8 — — — 19,006 (5) 15,121 41,928 — — 98,587 986 662,990 2,956 1,504 668 — — — 29 15 7 — — — 21,680 (15) 13,033 59,782 — — 103,715 1,037 757,470 2,671 1,872 671 — — — 26 19 7 — — — 18,242 (19) 13,729 79,637 — — — — — — 50 — 50 — — — — 10 — — — — — — — — — (99,013) 19,048 — 15,129 41,928 50 (99,013) (565,121) 98,905 — — — — — — — — 21,709 — 13,040 59,782 (40) (42,731) 18,268 — 13,736 79,637 (316) (46,677) (40) — — (42,731) (607,852) 150,665 108,929 $ 1,089 $ 869,059 $ ) (306) $ ( ) ( ( (654,529) $ ( ) ) 215,313 (316) — — (46,677) The accompanying notes are an integral part of these consolidated financial statements. 88 TENABLE HOLDINGS, INC. CONSOLIDATED STATEMENTS OF CASH FLOWS Year Ended December 31, 2020 2019 2021 $ (46,677) $ (42,731) $ (99,013) (in thousands) Cash flows from operating activities: Net loss Adjustments to reconcile net loss to net cash provided by (used in) operating activities: Deferred income taxes Depreciation and amortization Stock-based compensation Other Changes in operating assets and liabilities: Accounts receivable Prepaid expenses and other assets Accounts payable, accrued expenses and accrued compensation Deferred revenue Other current and noncurrent liabilities Net cash provided by (used in) operating activities Cash flows from investing activities: Purchases of property and equipment Purchases of short-term investments Sales and maturities of short-term investments Purchase of other investments Business combinations, net of cash acquired Net cash (used in) provided by investing activities Cash flows from financing activities: Proceeds from term loan Credit facility issuance costs Proceeds from loan agreement Proceeds from stock issued in connection with the employee stock purchase plan Proceeds from the exercise of stock options Other financing activities Net cash provided by financing activities of exchange rate changes on cash and cash Effect ff equivalents and restricted cash Net increase (decrease) in cash and cash equivalents and restricted cash Cash and cash equivalents and restricted cash at beginning of year Cash and cash equivalents and restricted cash at end of year Supplemental disclosure of cash flow information: Cash paid for interest Cash paid for income taxes, net of refunds Supplemental cash flow information related to leases: Cash payments for operating leases $ $ $ (10,468) 16,170 79,405 3,915 (17,228) (46,207) 24,330 92,486 1,039 96,765 (6,561) (282,438) 160,874 (5,000) (258,465) (391,590) 375,000 (9,348) — 13,736 18,268 (10) 397,646 161 10,633 59,573 1,071 (20,012) (19,372) (5,282) 71,383 8,808 64,232 (20,277) (184,516) 209,148 — (276) 4,079 — (333) 2,000 13,040 21,709 (13) 36,403 4,243 6,880 41,610 (784) (25,941) (16,954) 10,513 72,799 (4,097) (10,744) (20,674) (242,059) 224,594 — (74,911) (113,050) — — — 15,129 19,048 (16) 34,161 (3,013) (916) (1,080) 99,808 103,798 (90,713) 178,463 74,665 165,378 278,271 $ 178,463 $ 74,665 $ 4,978 6,481 $ 335 5,729 96 8,530 7,657 $ 8,807 $ 4,452 The accompanying notes are an integral part of these consolidated financial statements. 89 TENABLE HOLDINGS, INC. NOTES TO CONSOLIDATED FINANCIAL STATEMENTS 1. Business and Summary of Significant Accounting Policies ii Business Descript rr iontt Tenable Holdings, Inc. (the “Company,” “we,” "us," or “our”) is a provider of Cyber Exposure solutions, which is a discipline for managing, measuring and comparing cybersecurity risk in the digital era. Our platforff m offerings provide broad visibility into security issues such as vulnerabilities, misconfigurations, internal and regulatory compliance violations and other indicators of the state of an organization’s security across IT infrastructure and applications, cloud environments, Active Directory and industrial internet of things and operational technology environments. Basis oii f Presen PP tation The accompanying consolidated financial statements include the accounts of Tenable TT Holdings, Inc. and our wholly owned subsidiaries and have been prepared in conformit generally accepted accounting principles (“GAAP”). All intercompany accounts and transactions have been eliminated in consolidation. y with United States ff Use of Estimates The preparation of consolidated financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. These estimates include, but are not limited to, the determination of the estimated economic life of perpetual licenses for revenue recognition, the estimated period of benefit for deferred commissions, the useful lives of long-lived assets, the fair value of acquired intangible assets and deferred revenue, the valuation of stock-based value of our common stock prior to our IPO, the ff compensation, including the estimated underlying fair incremental borrowing rate forff these estimates on historical experience and on various other assumptions that we believe to be reasonable. Actual results could differ operating leases, and the valuation of deferred tax assets. We base significantly from these estimates. ff Foreigni Currenrr cy The functional currency for all of our foreign subsidiaries is the U.S. dollar. Assets and liabilities denominated in other currencies are remeasured into U.S. dollars at current exchange rates for monetary assets and liabilities and at historical exchange rates for non-monetary assets and liabilities. We bill our customers in U.S. dollars. Expenses incurred in non U.S. dollar currencies are remeasured into U.S. dollars when incurred. Remeasurement losses in currencies other than the functional currency were $1.9 million, $1.7 million and $1.1 million in 2021, 2020 and 2019, respectively, and are included as a component of other expense, net in the consolidated statements of operations. Revenue Recognition We recognize revenue in order to depict the transfer of promised goods or services to customers in an amount that reflects the consideration we expect to be entitled in exchange for those goods or services. To achieve this, we apply the following steps: • • Identify the contract with a customer Identify the performance obligations in the contract 90 • • • Determine the transaction price Allocate the transaction price to the performance obligations in the contract Recognize revenue when or as performance rr obligations are satisfied In situations where we enter into a contractual arrangement that includes non-standard terms and conditions, such as acceptance provisions or options to purchase additional products and services, as well as contract modifications, we apply judgment in identifying and assessing the impact on revenue recognition. We generate revenue from subscription arrangements for software and cloud-based solutions, perpetual licenses, maintenance associated with perpetual licenses, and professional services and other revenue. We begin to recognize revenue when control of our software to the customer, which for sales made through distributors is concurrent with the transfer to the end user. or services is transferred ff Subscriptiontt Revenue ff Subscription arrangements generally have annual or multi-year contractual terms and allow customers to use our software or cloud solutions. For our software subscriptions that are dependent on ongoing software is recognized ratably over the subscription term given the critical utility provided by the ongoing updates that are released throughout the contract period. When the critical utility of our software does not depend on ongoing updates, we recognize revenue attributable to the license at the time of delivery and the revenue attributable to the maintenance and support ratably over the contract period. updates and the ability to identify the latest cybersecurity vulnerabilities, revenue Perpetual License and Maintenance Revenue Our perpetual licenses are generally sold with one or more years of maintenance, which include ff ff ff updates and updated ability to identifyff updates and the ongoing ability to identify the latest cybersecurity vulnerabilities. expected maintenance renewals based on the estimated economic life of the perpetual ongoing software Given the critical utility provided by the ongoing software network vulnerabilities included in maintenance, we combine the perpetual license and the maintenance into a single performance obligation. Perpetual license arrangements generally contain a material right related to the customer’s ability to renew maintenance at a price that is less than the initial license fee. We apply a practical alternative to allocating a portion of the transaction price to the material right performance obligation and estimate a hypothetical transaction price which includes fees forff license contracts. We allocate the transaction price between the cybersecurity subscription provided in the initial contract and the material right related to expected contract renewals based on the hypothetical transaction price. We recognize the amount allocated to the combined license and maintenance performance We recognize the amount allocated to the material right over the expected maintenance renewal period, which begins at the end of the initial contractual term and is generally four estimated the five-year economic life of perpetual license contracts based on historical contract attrition, expected renewal periods, the lifecycle of the our technology and other factors. While we believe that the estimates we have made are reasonable and appropriate, different estimates could materially impact our reported financial results. obligation over the initial contractual period, which is generally one year. assumptions and years. We have ff ff ff Professional Services and Other tt Revenue Professional services and other revenue is primarily comprised of advisory services and training related to the deployment and optimization of our products. These services do not result in significant 91 customization of our products. Professional services and other revenue is recognized as the services ff are performed. tt Contracts with Mtt ultiptt rr le Perforff mance tt Obligat ions ll In cases where our contracts with customers contain multiple performance obligations, the contract transaction price is allocated on a relative standalone selling price basis. We typically determine standalone selling price based on observable selling prices of our products and services. ff Variable Consideration We record revenue from sales at the net sales price, which is the transaction price, including estimates of variable consideration when applicable. Certain of our customers may be entitled to receive credits and in limited circumstances, refunds, if service have not historically experienced significant incidents affecting the ability to meet these service level commitments and any estimated refunds related to these agreements have not been material. level commitments are not met. We rr Sales through our channel network of distributors and resellers are generally discounted as compared to the price that we would sell to an end user. Revenue for sales through our channel network is recorded net of any distributor or reseller margin. Cash and Cash Equivalents We consider all highly liquid financial instruments with an original maturity of three months or less when purchased to be cash equivalents. At December 31, 2021, cash and cash equivalents included $5.8 million of restricted cash primarily related to collateral for our outstanding letters of credit. At December 31, 2020, cash and cash equivalents included $0.4 million of restricted cash primarily related to collateral for a lease and credit card deposits. At December 31, 2021 and 2020, cash and cash equivalents excluded $0.3 million and $0.2 million, respectively, of restricted cash, which is related to an account established as collateral for a lease arrangement and is included in other assets on the consolidated balance sheets. Fair Vii aluVV e of FinFF ancial Instruments Fair value is defined as the price that would be received from selling an asset, or paid to transfer a liability, in an orderly transaction between market participants at the measurement date. We apply fair value accounting for all financial assets and liabilities that are recognized or disclosed at fair value in the financial statements on a recurring basis. We measure cash and cash equivalents and short- term investments at fair using the carrying amounts forff their short-term nature. accounts receivable, accounts payable and accrued expenses due to value hierarchy of inputs. We approximate fair value by value using a fair f ff Investments We currently invest in asset backed securities, certificates of deposit, commercial paper, corporate and supranational bonds, and U.S. treasury and agency obligations. Our investments are classified as available-forff accumulated other comprehensive (loss) income within stockholders’ equity. -sale and recorded at fair value, with unrealized gains and losses reported in We classify investments with original maturities of less than 90 days as cash and cash equivalents. Investments with original maturities greater than 90 days, including those we do not 92 currently intend on selling within the next twelve months, are classified as short-term investments as they are available for use in our operations. We evaluate potential impairments of available-for-sale ff debt securities due to credit-related and non-credit-related factors, including market risk, and if it is more-likely-than-not that we would have to sell the security before the recovery of the amortized cost basis. Identified credit-related impairments would be recognized as a charge in the statement of operations. In November 2021, we entered into a simple agreement for future equity ("SAFE") agreement for $5.0 million in exchange for a right to participate in a future equity financing. Alternatively, upon a change in control or an initial public offering, we have the option to redeem the SAFE for $5.0 million, or convert the SAFE into shares of common stock. The number of shares of common stock would be determined by dividing the SAFE purchase amount by the liquidity price in the SAFE agreement. The $5.0 million value of the SAFE is included in other assets on our consolidated balance sheet at December 31, 2021. ff Accounts Receivable Accounts receivable are recorded at the invoiced amount, less an allowance for doubtful accounts, and do not bear interest. We maintain an allowance for doubtful accounts at an amount ient to cover the risk of collecting less than full payment of the receivables. At estimated to be sufficff each balance sheet date, we evaluate our receivables and assess the allowance for doubtful accounts based on specific customer collection issues and historical write-off tff rends. Our allowance for doubtful accounts reflects our best estimate of expected future credit losses. We consider various factors that may impact our ability to collect on accounts receivable, including our historical collection experience, age of accounts receivable balances, current conditions, reasonable and supportable forecasts of future economic conditions, as well as other factors, however, these estimates may change and future credit losses may differ from our estimates. Expected credit losses from accounts receivable are recognized as expense in our statement of operations. ff Deferred Commissions Sales commissions, including related fringe benefit costs, are considered to be incremental costs of obtaining a contract. Sales commissions on initial sales are not commensurate with sales commissions on contract renewals and therefore are recognized over an estimated period of benefit, which ranges between three and four years for subscription arrangements and five years for perpetual license arrangements. We estimated the period of benefit based on the expected contract term including renewal periods, the lifecycle of our technology, and other factors. Sales commissions on contract renewals are capitalized and amortized ratably over the contract term as part of sales and marketing expense, with the exception of contracts with renewal periods that are one year or less, in which case the incremental costs are expensed as incurred. Property at nd Equipment, ntt et Property and equipment, net is stated at historical cost less accumulated depreciation. Depreciation is computed using the straight-line method over the estimated useful lives of the assets: three years forff computer software and equipment and five years for furniture and fixtures. Leasehold improvements are amortized using the straight-line method over the shorter of the estimated useful lives of the assets or the terms of the respective leases. Property and equipment, net includes right- of-use assets acquired under finance leases. Amortization of assets acquired under finance leases is 93 included in depreciation expense. Repairs and maintenance costs are expensed as incurred. Leases We determine if an arrangement contains a lease and the classification of that lease, if applicable, at inception. We have elected to not recognize a lease liability or right-of-use ("ROU") asset for short- term leases (leases with a term of twelve months or less). For contracts with lease and non-lease components, we have elected to not allocate the contract consideration, and account for the lease and non-lease components as a single lease component. Additionally, we enter into arrangements to use shared officeff contain leases as we do not have the right to use an identified asset. Operating leases are included in operating lease ROU assets, operating lease liabilities and operating lease liabilities (net of current portion) in our consolidated balance sheets. Finance leases are included in property and equipment, other current liabilities and other liabilities in our consolidated balance sheets. spaces and other facilities, and have determined that these arrangements do not ROU assets represent our right to use an underlying asset for the lease term and lease liabilities represent our obligation to make lease payments under the lease. Operating lease ROU assets and liabilities are recognized at the lease commencement date based on the present value of lease payments over the lease term. The implicit rate within our operating leases are generally not determinable and we use our incremental borrowing rate at the lease commencement date to determine the present value of lease payments. The determination of our incremental borrowing rate requires judgment. We determine our incremental borrowing rate forff borrowing rate, adjusted for various factors including level of collateralization, term and currency to align with the terms of the lease. The operating lease ROU asset also includes any lease prepayments, offset by lease incentives. Certain of our leases include options to extend or terminate the lease. An option to extend the lease is considered in connection with determining the ROU asset and lease liability when it is reasonably certain we will exercise that option. An option to terminate is considered unless it is reasonably certain we will not exercise the option. each lease using our current ff Lease expense for lease payments is recognized on a straight-line basis over the term of the lease. rr Impairmen t of Long-Lived Assets We evaluate our long-lived assets for impairment whenever events or changes in circumstance indicate that the carrying amount may not be fully recoverable. Recoverability of the long-lived assets is measured by a comparison of the carrying amount of the assets to future undiscounted net cash flows expected to be generated by the assets. If such assets are considered to be impaired, the impairment to be recognized is measured as the excess of the carrying amount over the fair value. There was no impairment of long-lived assets in 2021, 2020 or 2019. ii Business Combinations We account for business combinations by recognizing the fair value of acquired assets and liabilities. The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. When determining the fair value of assets acquired and liabilities assumed, a non-recurring Level 3 fair value measurement, we make estimates and assumptions, especially with respect to intangible assets such as identified acquired technology and trade names. We determine the fair value of acquired technology using the multi-period excess earnings method, a formff of the income approach. Estimates in valuing identifiable intangible assets include, but are not limited to, projected revenue growth rates, future expected operating expenses, obsolescence projections and value is based upon assumptions we believe to be an appropriate discount rate. Our estimate of fair ff 94 reasonable, but which are inherently uncertain and, as a result, actual results may differ from estimates. During the measurement period, we may make adjustments to the fair value of assets acquired and liabilities assumed, with offset the measurement period will be reflected in the consolidated statements of operations. Acquisition- related transaction costs are expensed as incurred. ting adjustments to goodwill. Any adjustments made after ff Goodwillii The excess of the purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. We perform our annual impairment assessment on October 1, or more frequently, when events or circumstances indicate impairment may have occurred. We operate as one reporting unit and have elected to first assess qualitative factors to determine whether it is more likely than not that the fair value of the Company as a whole is less than its carrying amount, including goodwill. The qualitative assessment includes an evaluation of relevant events and circumstances, including macroeconomic, industry and market conditions, our overall financial performance, trends in the value of our common stock. During the periods presented, there were no indications of impairment and it was not more likely than not that goodwill was impaired. and ff Common Stock Our Amended and Restated Certificate of Incorporation authorized 500,000,000 shares of common stock and 10,000,000 shares of preferred stock. There were no shares of preferred stock issued or outstanding at December 31, 2021 or 2020. The voting, dividend, and liquidation rights of common stockholders are subject to, and qualified by, the rights of preferred stockholders. The common stockholders are entitled to receive dividends when, as and if, declared by the Board of Directors, subject to preferential dividend rights of preferred stockholders. Upon dissolution or liquidation, our common stockholders will be entitled to receive all assets available for distribution to stockholders, subject to any preferential rights of preferred stockholders. b Advertisinii g Advertising costs are expensed as they are incurred. We incurred advertising costs of $13.6 million, $8.2 million and $5.3 million in 2021, 2020 and 2019, respectively, which are included in sales and marketing expense in the consolidated statements of operations. Softwareww Development Costs Research and development costs to develop software to be sold, leased or marketed are expensed as incurred up to the point of technological feasibility forff have not capitalized development costs for software ff software development process is essentially completed concurrent with the establishment of technological feasibility. As such, these costs are expensed as incurred and recognized in research and development costs in the consolidated statements of operations. to be sold, leased or marketed to date, as the the related software product. We ff Softwar e developed forff internal use, with no substantive plans to market such software at the time of development, are capitalized and included in property and equipment, net in the consolidated balance sheets. Costs incurred during the preliminary planning and evaluation and post implementation stages of the projeo ct are expensed as incurred. Costs incurred during the application development stage of the project are capitalized. In 2021, 2020 and 2019, we capitalized $2.9 million, $1.6 million and $4.2 million, respectively, of development costs related to internal use software. 95 Stock-Based Compensationtt Stock-based compensation expense related to restricted stock units ("RSUs"), purchase rights issued under our 2018 Employee Stock Purchase Plan ("2018 ESPP"), stock options and restricted stock is calculated based on the fair value of the awards granted and is recognized on a straight-line basis over the requisite service period, which is generally two to four years. RSUs that include performance-base account for forfe d vesting conditions are expensed using the accelerated attribution method. We itures as they occur. ff ff The fair value of RSUs is based on the market price of our common stock on the date of grant. The fair value of stock options and 2018 ESPP purchase rights is estimated on the grant date using the Black-Scholes option pricing model, which requires us to make assumptions and judgments, including the expected term, expected volatility, and risk-free interest rates. Following our IPO, we use the market price of our common stock at the date of grant. Prior to our IPO, we estimated the fair value of our common stock at the date of grant. Net Loss per Sharerr We calculate basic net loss per share by dividing the net loss by the weighted-average number of shares of common stock outstanding during the period. Diluted earnings per share is computed by giving effect to all potentially dilutive common stock equivalents in the period, including unvested RSUs, stock options, unvested restricted shares and shares to be issued under our 2018 ESPP. As we have reported losses for all periods presented, all potentially dilutive securities have been excluded from the calculation of diluted net loss per share as their effect would be antidilutive. ff ff Segment Information We operate as one operating segment as our chief executive officer ff ion on a consolidated basis for purposes of making , who is our chief operating decision maker, reviews financial informat operating decisions, allocating resources, and evaluating financial performance. ff ff Income Taxes Income taxes are accounted for under the asset and liability method. This method requires ff recognition of deferred tax assets and liabilities for the expected future tax consequences of temporary differences assets and liabilities, net operating loss carryforwards, and tax credit carryforwards. A valuation allowance is provided if it is more likely than not that some or all of the deferred tax assets will not be realized. between the financial statement carrying amounts and the tax basis of existing We recognize tax benefits from an uncertain tax position if it is more likely than not to be sustained upon audit by the relevant taxing authority. Interest and penalties associated with such uncertain tax positions are classified as a component of income tax expense. Recently Adopted Accounting ProPP nouncements inyy g thett We adopted Accounting Standards Update ("ASU") No. 2019-12 - Income Taxes (Topic Simplifyll ive January 1, 2021. The adoption of this ff effect guidance did not have a material impact on our condensed consolidated financial statements. This ASU eliminated previously allowed exceptions and clarified existing guidance in the accounting for for Income Taxes, Accountingii 740): TT TT 96 income taxes, including in the areas of franchise taxes, the tax basis of goodwill and interim period effect s of changes in tax laws. ff Recently Issued Accounting Prono PP uncements In March 2020, the Financial Accounting Standards Board ("FASFF B") issued ASU No. 2020-04 - ff TT 848): Facilitati Rate Reform (Topic Rate Reform on Financial . This ASU provides optional expedients and exceptions to contract modification guidance to Reference Reportingtt ease the financial reporting burden of the transition from the London Interbank Offered ("LIBOR") to alternative reference rates. The ASU was effect be adopted prospectively through December 31, 2022. We are currently evaluating the impact of this accounting standard on our consolidated financial statements. ff ive beginning on March 12, 2020 and can t on of the Effeff cts of Reference Rate ff ff ii In October 2021, the FASBFF issued ASU No. 2021-08 - Business Combinations tt (Topic 805): tt for Contract Assets and Contract Accountingtt Liabilit requires companies to measure contract assets and contract liabilities from contracts acquired in a business combination in accordance with Accounting Standards Codification Topic 606 on the acquisition date. We early adopted the ASU as of January 1, 2022 and will apply it prospectively to future acquisitions. The impact of this accounting standard will depend on the contract assets and liabilities acquired in future business combinations. from Contracts with Customers. This ASU iestt ii 2. Revenue Disaggregation of Revenue The following table presents a summary of revenue: (in thousands) Subscription revenue Perpetual license and maintenance revenue Professional services and other revenue Revenue Concentratiorr ns Year Ended December 31, 2021 2020 2019 $ 476,023 $ 377,354 $ 290,549 50,333 14,774 50,594 12,273 54,173 9,864 $ 541,130 $ 440,221 $ 354,586 We sell and market our products and services through our field sales force that works closely with our channel partners, which includes a network of distributors and resellers, in developing sales opportunities. We use a two-tiered channel model whereby we sell our products and services to our distributors, which in turn sell to resellers, which then sell to end users. We derived 92%, 91% and 90% of revenue through our channel network in 2021, 2020 and 2019, respectively. One of our distributors accounted for 39%, 43% and 43% of revenue in 2021, 2020 and 2019, respectively. That same distributor accounted for 32% and 41% of accounts receivable at December 31, 2021 and 2020, respectively. rr Contract Balances ll We generally bill our customers in advance and accounts receivable are recorded when we have the right to invoice the customer. Contract liabilities consist of deferred revenue and include customer billings and payments received in advance of performance under the contract. In 2021, 2020 and ff 97 2019, we recognized revenue of $329.0 million, $274.3 million and $214.0 million, respectively, that was included in the deferred revenue balance at the beginning of each of the respective periods. Remaini ii ngii Performance Obligatio i ns At December 31, 2021, the future estimated revenue related to unsatisfied performance ff obligations was $559.0 million, of which approximately 76% is expected to be recognized as revenue over the succeeding twelve months, and the remainder expected to be recognized over the four years . thereafter ff Deferred Commissions The following summarizes the activity of deferred incremental costs of obtaining a contract: (in thousands) Beginning balance Capitalization of contract acquisition costs Amortization of deferred contract acquisition costs Ending balance 3. Cash Equivalents and Short-Term Investments Year Ended December 31, 2021 2020 $ $ 78,876 $ 58,196 (37,123) 99,949 $ 72,265 38,756 (32,145) 78,876 The following tables summarize the amortized cost, unrealized gain and loss and estimated fair value of cash equivalents and short-term investments: (in thousands) Cash equivalents: Money market funds Total cash equivalents Short-term investments: Commercial paper Corporate bonds Asset backed securities Certificates of deposit Supranational bonds U.S. Treasury and agency obligations December 31, 2021 Amortized Cost Unrealized Gain Unrealized Loss Estimated Fair Value $ $ 178,518 $ 178,518 $ — $ — $ — $ — $ 178,518 178,518 $ 134,165 $ — $ (47) $ 134,118 27,169 27,464 10,000 8,632 27,168 — — — — — (41) (53) (8) (33) (124) 27,128 27,411 9,992 8,599 27,044 Total short-term investments $ 234,598 $ — $ ) (306) $ ( ) ( 234,292 98 (in thousands) Cash equivalents: Money market funds Commercial paper Total cash equivalents Short-term investments: Commercial paper Corporate bonds U.S. Treasury and agency obligations $ $ $ December 31, 2020 Amortized Cost Unrealized Gain Unrealized Loss Estimated Fair Value 44,153 $ 4,500 48,653 $ — $ — — $ — $ — — $ 44,153 4,500 48,653 71,425 $ — $ — $ 4,502 37,686 3 7 — — 71,425 4,505 37,693 Total short-term investments $ 113,613 $ 10 $ — $ 113,623 Gross unrealized losses were not material at December 31, 2021. We considered the extent to which any unrealized losses on our short-term investments were driven by credit risk and other factors, including market risk, and if it is more-likely-than-not that we would have to sell the security beforeff unrealized losses represent credit losses at December 31, 2021. the recovery of the amortized cost basis. Based on our assessment, we do not believe any The contractual maturities of our short-term investments are as follows: (in thousands) Due within one year Due between one and four years Total short-term investments 4. Fair Value Measurements December 31, 2021 December 31, 2020 Amortized Cost Estimated Fair Value Amortized Cost Estimated Fair Value $ $ 195,579 $ 195,453 $ 113,613 $ 113,623 39,019 38,839 — — 234,598 $ 234,292 $ 113,613 $ 113,623 We measure certain financial instruments at fair f hierarchy, assets are classified based on the lowest level inputs used in valuation into the following categories: value hierarchy. In the value using a fair ff • • • Level 1 — Quoted prices in active markets for identical assets and liabilities; Level 2 — Observable inputs including quoted market prices for similar assets and liabilities in active markets, quoted prices for identical assets and liabilities in inactive markets, or inputs that are corroborated by observable Level 3 — Unobservable inputs. market data; and r 99 The folff lowing tables summarize assets that are measured at fair value on a recurring basis: (in thousands) Cash equivalents Money market funds Total cash equivalents Short-term investments Commercial paper Corporate bonds Asset backed securities Certificates of deposit Supranational bonds U.S. Treasury and agency obligations Total short-term investments (in thousands) Cash equivalents Money market funds Commercial paper Total cash equivalents Short-term investments Commercial paper Corporate bonds U.S. Treasury and agency obligations Total short-term investments $ $ $ $ $ $ $ $ December 31, 2021 Level 1 Level 2 Level 3 Total 178,518 $ 178,518 $ — $ — $ — $ — $ 178,518 178,518 — $ 134,118 $ — $ 134,118 — — — — — 27,128 27,411 9,992 8,599 27,044 — — — — — 27,128 27,411 9,992 8,599 27,044 — $ 234,292 $ — $ 234,292 December 31, 2020 Level 1 Level 2 Level 3 Total 44,153 $ — $ — 4,500 44,153 $ 4,500 $ — $ — — $ 44,153 4,500 48,653 — $ 71,425 $ — $ — — 4,505 37,693 — — 71,425 4,505 37,693 — $ 113,623 $ — $ 113,623 We did not have any liabilities measured and recorded at fair value on a recurring basis at December 31, 2021 and 2020. 100 5. Property and Equipment, Net Property and equipment, net consisted of the following: (in thousands) December 31, 2021 2020 Computer software and equipment $ 29,203 $ Furniture and fixtures Leasehold improvements Right-of-use assets under finance leases Total Less: accumulated depreciation and amortization 5,944 26,713 1,343 63,203 (26,370) Property and equipment, net $ 36,833 $ 22,930 6,011 26,210 1,571 56,722 (17,802) 38,920 Depreciation and amortization related to property and equipment was $9.5 million, $8.1 million and $6.3 million in 2021, 2020 and 2019, respectively. 6. Acquisitions, Goodwill and Intangible Assets Business Combinati ii ons In October 2021, we acquired Accurics. Accurics delivers cloud-native security forff DevOps and security teams. This acquisition expanded our broader cloud strategy to include the holistic assessment and automated remediation of policy violations and breach paths beforef infrastructure is provisioned and throughout its lifecycle. We acquired 100% of the equity in exchange for cash consideration of $160.0 million, net of cash acquired of $9.6 million. the In April 2021, we acquired Alsid, which expanded our product offerings ff to include active directory security. Active directory is the basis for managing user permissions across on-premises and hybrid cloud deployments and is foundational to the security of cloud workloads, security remote work, and adopting zero trust architectures. Through a share purchase agreement, we acquired 100% of Alsid's equity in exchange for cash consideration of $98.5 million, net of cash acquired of $3.3 million. Cash consideration, net of cash acquired, was preliminarily allocated as follows: (in thousands) Accounts receivable Prepaid expenses and other assets Intangible assets Goodwill Accounts payable, accrued expenses and accrued compensation Deferred revenue Deferred tax liabilities, net Total purchase price allocation Accurics Alsid $ 180 $ 341 33,390 134,909 (719) (188) (7,937) 4,105 2,304 31,400 72,291 (3,794) (3,699) (4,118) $ 159,976 $ 98,489 We are still finalizing the allocations of the purchase price, which may change as additional information becomes available related to acquired intangible assets, working capital and income taxes forff Accurics and income taxes forff Alsid. 101 Acquired intangible assets and their estimated useful lives at the date of acquisition are as follows: Accurics Alsid (dollars in thousands) Acquired technology Trade name Acquired intangible assets Cost Estimated Useful Life 33,300 10 years 90 2 years 33,390 $ $ Cost 31,300 100 31,400 $ $ Estimated Useful Life 7 years 1 year The results of operations of Accurics and Alsid are included in our consolidated statements of operations from the acquisition date and were not material. Pro forff ma results of operations are not presented as they are not material to the consolidated statements of operations. In 2021 and 2020, we recognized acquisition-related transaction costs, primarily in general and administrative expense, of $6.9 million and $0.3 million, respectively. In 2019, we recognized acquisition-related transaction costs of $4.0 million, including $2.1 million of expense related to the intercompany transfer of intellectual property. Goodwill all nd Acquired IntII antt gible Assets The changes in the carrying amount of goodwill are as follows: (in thousands) Balance at December 31, 2020 Acquired goodwill Balance at December 31, 2021 $ $ 54,414 207,200 261,614 The excess purchase consideration over the fair value of acquired assets and liabilities is recorded as goodwill. The acquired goodwill reflects the synergies we expect from marketing and selling these new capabilities from Accurics and Alsid to our customers. The acquired goodwill is not tax deductible. Acquired intangible assets subject to amortization are as follows: December 31, 2021 December 31, 2020 Gross Carrying Amount Accumulated Amortization Net Carrying Amount Gross Carrying Amount Accumulated Amortization Net Carrying Amount Acquired technology Trade name $ $ 81,924 $ (10,499) $ 71,425 $ 17,325 $ (4,224) $ 13,101 390 (279) 111 200 (108) 92 82,314 $ ( (10,778) $ ( ) ) 71,536 $ 17,525 $ ( (4,332) $ ( ) ) 13,193 Amortization of acquired intangible assets was $6.4 million, $2.3 million, and $0.6 million in 2021, 2020 and 2019, respectively. At December 31, 2021, our acquired intangible assets are expected to be amortized over an estimated weighted average period of 7.7 years. 102 At December 31, 2021, estimated future amortization of intangible assets is as follows: (in thousands) Year ending December 31, 2022 2023 2024 2025 2026 Thereafter Total 7. Leases $ $ 9,907 10,049 10,016 10,016 9,831 21,717 71,536 We have operating leases forff equipment. Our leases have remaining terms of less than one year to just over ten years, some of which include one or more options to renew, with renewal terms up to five years and some of which include options to terminate the leases within the next one to four years. The ROU assets and liabilities at December 31, 2021 assume we exercise the option to early terminate one of our leases in 2025. officff e facilities and finance leases for officeff The components of lease expense were as follows: (in thousands) Operating lease cost Finance lease cost Amortization of ROU assets Interest on lease liabilities Total finance lease cost Year Ended December 31, 2021 2020 2019 7,634 $ 9,870 $ 6,045 7 $ 5 12 $ 242 $ 6 248 $ 607 7 614 $ $ $ Rent expense for short-term leases in 2021, 2020 and 2019 was not material. Supplemental informat ff ion related to leases was as follows: Operating leases Weighted average remaining lease term Weighted average discount rate December 31, 2021 December 31, 2020 9.2 years 5.5% 10.0 years 5.6% (in thousands) ROU assets obtained in exchange for lease obligations Year Ended December 31, 2021 2020 2019 Operating leases Finance leases $ 3,137 $ — 3,188 $ — 39,170 11 103 In 2020, we received proceeds from lease incentives of $14.2 million. The proceeds from lease incentives received are included with the change in the lease liabilities under the other current and noncurrent liabilities caption in the operating activities section of the statement of cash flows. Maturities of operating lease liabilities at December 31, 2021 were as follows: (in thousands) Year ending December 31, 2022 2023 2024 2025 2026 Thereafter Total lease payments Less: Imputed interest Total 8. Debt Creditdd Agreement $ $ 5,446 8,260 8,396 8,221 7,421 37,423 75,167 (17,801) 57,366 In July 2021, we entered into a credit agreement ("Credit Agreement") which is comprised of: • • a $375.0 million senior secured term loan facility ("TermTT Loan"); and a $50.0 million senior secured revolving credit facility ("Revolving Credit Facility"). The table below summarizes the carrying value of the Term Loan: (in thousands) Term loan Less: Unamortized debt discount and issuance costs Term loan, net of issuance costs Less: Term loan, net, current (1) December 31, 2021 $ 375,000 (7,616) 367,384 (2,656) Term loan, net of issuance costs (net of current portion) $ 364,728 _______ ____ ____ ____ ____ ____ ____ (1)(1) Term loan, net, current is included in other current liabilities on our consolidated balance sheets. The Term Loan bears interest at a rate of 2.75% per annum over LIBOR, subject to a 0.50% floor. The Term Loan will amortize at 1% per annum in equal quarterly installments, starting in March 2022 until the final maturity date on July 7, 2028. Our Term Loan is recorded at its carrying value. At December 31, 2021, the carrying value of our Term Loan approximated the fair value of our Term Loan as the terms and interest rate approximate market rates. In the fair value hierarchy, our Term Loan is classified as Level 2 as it is traded in less active markets. 104 The maturities of the TermTT Loan at December 31, 2021 were as follows: (in thousands) Year ending December 31, 2022 2023 2024 2025 2026 Thereafter Total $ $ 3,750 3,750 3,750 3,750 3,750 356,250 375,000 We may be subject to mandatory Term Loan prepayments related to the excess cash flow provisions beginning in 2023. The Revolving Credit Facility bears interest at a rate, depending on first lien net leverage, ranging from 2.00% to 2.50% over LIBOR and matures on July 7, 2026. Additionally, we will pay a commitment fee during the term ranging from 0.25% to 0.375% per annum of the average daily undrawn portion of the revolving commitments based on the first lien net leverage ratio. The Revolving Credit Facility contains a $15.0 million letter of credit sublimit. The Credit Agreement contains certain customary events of default, which include failure to make certain covenants, cross-defaults, bankruptcy and insolvency-related events, certain payments when due, the material inaccuracy of representations or warranties, failure to observe or performff judgments, certain ERISA-related events, failure of any lien created under the Security Documents (as defined in the Credit Agreement) to be valid and perfected (subject to certain exceptions), failure of any material guarantee of the Loan Document Obligations (as defined in the Credit Agreement) to be in full force and effect and a Change of Control (as defined in the Credit Agreement). ff The Credit Agreement is guaranteed by the Company and Tenable Public Sector LLC, a subsidiary of the Company, as guarantors, and is supported by a security interest in substantially all of the assets of Tenable, Inc. and the guarantors. The Credit Agreement contains certain customary representations and warranties and affirmat ff and negative covenants, including certain restrictions on incurring additional indebtedness or guaranteeing indebtedness of others, creating liens on properties or assets, making certain investments, loans, advances and guarantees, selling assets, making certain restricted payments and entering into certain sale and leaseback transactions, affiliat e transactions, restrictive agreements and asset and stock-based transactions. Additionally, if at least 35% of the Revolving Credit Facility is drawn on the last day of the quarter, the total net leverage ratio cannot be greater than 5.50 to 1.00. At December 31, 2021, we were in compliance with the covenants and there have been no amounts outstanding under the Revolving Credit Facility. ive ff 2020 Creditdd Facilityll In connection with the Credit Agreement, we terminated our $45.0 million senior secured credit facility ("2020 Credit Facility") with Silicon Valley Bank, including the release of all related guarantees and liens. Prior to its termination, there were no amounts outstanding under our 2020 Credit Facility. 105 9. Commitments and Contingencies Commitments In July 2021, we entered into a contract with Amazon Web Services, Inc. ("AWSAA ") for cloud services from August 2021 through July 2024. Under the terms of the contract, we committed to spend $43.7 million, $46.8 million and $50.1 million in contract years one, two and three, respectively, for a total of $140.6 million. If we do not meet the minimum purchase obligation during any of those years, we will be required to pay the difference. At December 31, 2021, we have spent $37.8 million under our contract with AWS. AA Letters orr f Credit At December 31, 2021, we had $5.7 million of standby letters of credit related to our grant agreements with the State of Maryland and our operating leases. Collateral for our letters of credit was classified as restricted cash in cash and cash equivalents. 10. Stock-Based Compensation In 2018, our Board of Directors adopted, and our stockholders approved, our 2018 Equity Incentive Plan ("2018 Plan"). Under the evergreen provision in the 2018 Plan, in January 2021 we reserved an additional 5,185,762 shares of our common stock. At December 31, 2021, there were 19,828,070 shares available for grant. Stock-based compensation expense included in the consolidated statements of operations was as follows: (in thousands) Cost of revenue Sales and marketing Research and development General and administrative Year Ended December 31, 2020 2019 2021 $ 4,446 $ 3,158 $ 29,410 20,593 24,956 19,842 14,794 21,779 2,817 16,032 8,911 15,683 43,443 Total stock-based compensation expense $ 79,405 $ 59,573 $ At December 31, 2021, the unrecognized stock-based compensation expense related to unvested RSUs was $186.3 million, which is expected to be recognized over an estimated weighted average remaining period of 2.8 years. At December 31, 2021, the unrecognized stock-based compensation expense related to outstanding stock options was $2.5 million, which is expected to be recognized over an estimated remaining weighted average period of 0.5 years. At December 31, 2021, the unrecognized stock-based compensation expense related to our 2018 ESPP was $8.1 million, which is expected to be recognized over an estimated weighted average period of 0.9 years. 106 Restricted Stock and RSUs A summary of our restricted stock and RSU activity is presented below: Restricted Stock RSUs (in thousands, except for per share data) Unvested balance at December 31, 2018 Granted Vested Forfeited Unvested balance at December 31, 2019 Granted Vested Forfeited Unvested balance at December 31, 2020 Granted Vested Forfeited Unvested balance at December 31, 2021 Number of Shares Weighted Average Grant Date Fair Value 4.25 — 4.25 — 4.25 — 4.25 — 4.25 — 4.25 — — 890 $ — (395) — 495 — (396) — 99 — (99) — — Number of Shares Weighted Average Grant Date Fair Value 18.90 27.81 18.28 25.21 26.34 28.23 25.37 26.68 28.13 43.57 28.14 33.64 37.74 1,129 $ 2,715 (479) (471) 2,894 3,570 (1,504) (470) 4,490 3,842 (1,872) (679) 5,781 RSUs granted under our stock incentive plans generally vest over a period of two to fouff r years. Our outstanding RSUs vest upon the satisfaction of a service-based vesting condition. 107 Stock OptO ions tt A summary of our stock option activity is below: (in thousands, except for per share data and years) Number of Shares Outstanding at December 31, 2018 19,219 $ Granted Exercised Forfeited/canceled Outstanding at December 31, 2019 Granted Exercised Forfeited/canceled Outstanding at December 31, 2020 Granted Exercised Forfeited/canceled Outstanding at December 31, 2021 Exercisable at December 31, 2021 — (4,205) (2,075) 12,939 — (2,956) (542) 9,441 — (2,671) (39) 6,731 5,851 Weighted Average Exercise Price Weighted- Average Remaining Contractual Term (in years) Aggregate Intrinsic Value 7.78 — 4.53 10.63 8.38 — 7.34 10.80 8.56 — 6.84 14.96 9.21 8.30 8.0 $ 277,114 98,378 201,608 73,277 412,547 111,256 308,677 273,642 7.1 6.4 5.5 5.4 At December 31, 2021, there were 6.7 million stock options outstanding that were vested and expected to vest. Stock options granted under our stock incentive plans have a maximum term of ten years, generally vest over a period of three to four market value on the date of grant. ff years, and the exercise price cannot be less than the fair Estimating the fair value of stock options and ESPP purchase rights using the Black-Scholes option-pricing model requires assumptions as to the fair value of common stock, expected term, expected volatility, the risk-free interest rate and the expected dividend yield. Fair Value of Common Stock. Following our IPO, we use the market price of our common stock at the date of grant. Prior to our IPO, the lack of an active public market for our common stock required an estimate of the fair value of the common stock for granting stock options and restricted shares, and for determining stock-based compensation expense. Contemporaneous third-party valuations were obtained to assist in determining the fair value of our common stock. The contemporaneous valuations were performed assumptions of the technical practice-aid issued by the American Institute of Certified Public Accountants Practice Aid entitled Valuation of Privatvv ely-Held Compensation. in accordance with applicable methodologies, approaches and Company Equity St Issued as ecuritiestt ff tt l Expected Term. TT This is the period of time that the options granted are expected to remain unexercised. We employ the simplified method to calculate the average expected term. 108 Expexx cted Volatilit tt y.t Volatility is a measure of the amount by which a financial variable, such as a share price, has fluctuated (historical volatility) or is expected to fluctuate (expected volatility) during a period. In 2021, we began using the volatility of our common stock to calculate expected volatility. Prior to 2021, we identified several public entities of similar size, complexity, and stage of development and estimated our volatility based on the volatility of the common stock of these companies. Risk-FreeFF Interest Rate. This is the U.S. Treasury rate, having a term that most closely resembles the expected life of the stock option. xx Expec ted Divivv dend Yield. We have never declared or paid dividends and have no plans to do so in the foreseeable future. 2018 Empl yoye Se Stock Purchase Planll In 2018, our board of directors adopted, and our stockholders approved, our 2018 ESPP. Under an additional 1,555,728 shares of our common the evergreen provision, in January 2021 we reservedr stock for issuance. At December 31, 2021, there were 6,316,370 shares reserved for issuance under the 2018 ESPP. Under our 2018 ESPP, eP mployees may set aside up to 15% of their gross earnings, on an after- tax basis, to purchase our common stock at a discounted price, which is calculated at 85% of the lower of the fair market value of our common stock on the first day of an offering or on the date of purchase. The 2018 ESPP permits offerings up to 27 months in duration, with one or more purchase periods in each offering. Additionally, in cases where the fair market value of a share of our common stock on the first day of a new purchase period within an offering market value of a share of our common stock at the beginning of the offering, that offering terminated and participants will be automatically enrolled in a new offeri duration and purchase periods every six months. will be ff ng with a new 24-month is less than or equal to the fair ff ff ff ff In 2021, employees purchased 670,534 shares of our common stock at a weighted average price of $20.48 per share, resulting in $13.7 million of cash proceeds. In 2020, employees purchased 667,719 shares of our common stock at a weighted average price of $19.53 per share resulting in $13.0 million of cash proceeds. In 2019, employees purchased 776,809 shares of our common stock at a weighted average price of $19.48 per share resulting in $15.1 million of cash proceeds. At December 31, 2021 and 2020 there was $6.0 million and $6.5 million, respectively, of employee contributions to the 2018 ESPP included in accrued compensation. The fair value of the 2018 ESPP purchase rights was estimated on the offering ff or modification dates using a Black-Scholes option-pricing model and the following assumptions: Expected term (in years) Expected volatility Risk-free interest rate Expected dividend yield Year Ended December 31, 2021 2020 2019 0.5 — 2.0 37.2% — 59.4% 0.1% — 0.2% 0.5 — 2.0 41.6% — 60.1% 0.1% — 0.9% 0.5 — 2.0 34.4% — 44.6% 1.5% — 2.5% — — — 109 11. Income Taxes U.S. and foreign ff components of the loss beforeff income taxes were as follows: (in thousands) U.S. loss Foreign loss Total loss beforff e income taxes Year Ended December 31, 2020 2019 2021 $ $ (3,319) $ (6,719) $ (47,310) (30,355) ( (50,629) $ ( ) ) ( (37,074) $ ( ) ) (21,644) (64,005) ) (85,649) ( ) ( The components of the provision for income taxes were as follows: (in thousands) Current Federal State Foreign Total current tax expense Deferred Federal State Foreign Total deferred tax (benefit) expense Year Ended December 31, 2020 2019 2021 $ 3 $ 3 $ 100 6,413 6,516 (7,016) (827) (2,625) (10,468) 17 5,476 5,496 102 59 — 161 (224) 100 9,245 9,121 — — 4,243 4,243 Total (benefit) provision forff income taxes $ ( (3,952) $ ( ) ) 5,657 $ 13,364 In connection with the 2021 acquisition of Accurics, we elected to first offset ff our existing deferred tax assets with acquired deferred tax liabilities. This resulted in releasing $7.9 million of the federal and state valuation allowance, which was recorded as a component of our deferred tax benefit. In December 2019, we sold acquired intellectual property through an intercompany transaction, which resulted in $6.3 million of current tax expense and $4.2 million of deferred tax expense in Israel. In January 2021, we restructured the research and development operations in Israel through an intercompany transaction, which resulted in $2.8 million of current tax expense. 110 The items accounting for the difference between income taxes computed at the federal statutory rate and our effeff ctive tax rate were as follows: U.S. federal statutory tax rate State and local taxes Research and development tax credit Stock-based compensation Uncertain tax positions Foreign tax rate differential Change in valuation allowance Gain on intercompany sale Foreign withholding tax Transaction costs Other Effective ff tax rate Year Ended December 31, 2020 2019 2021 21.0 % 21.0 % 21.0 % 2.6 4.5 49.5 (0.1) (1.2) (55.7) (5.1) (2.0) (1.6) (4.1) 10.8 11.1 34.4 0.1 (10.6) (81.2) — (3.3) — 2.4 4.8 3.1 19.0 (0.5) (7.9) (40.8) (12.3) (1.4) — (0.6) 7.8 % ( (15.3)% ( ) ) ( (15.6)% ( ) ) We maintain a valuation allowance on U.S. federal, state and foreign ff f net deferred tax assets as the realization of our deferred tax assets is dependent upon future earnings, if any, the timing and amount of which are uncertain. 111 The components of the deferred tax assets and liabilities were as follows: (in thousands) Deferred tax assets: Net operating losses Deferred revenue Stock-based compensation Tax credits Leases Accrued compensation Interest expense Other Total deferred tax assets Valuation allowance Net deferred tax assets Deferred tax liabilities: Deferred commissions Property and equipment Intangible assets Other Total deferred tax liabilities Net deferred tax liabilities 2021 31, 2020 $ 134,503 $ 13,598 14,157 15,142 12,929 1,600 2,013 231 89,053 13,454 11,846 11,565 15,238 1,271 — 379 194,173 142,806 (147,040) (112,363) 47,133 30,443 (19,423) (13,720) (15,253) (486) (15,987) (13,257) (962) (398) (48,882) (30,604) $ ( (1,749) $ ( ) ) ) (161) ( ) ( At December 31, 2021, we had net operating loss (“NOL”) carryforwards for federal, state and foreign tax purposes of $398.5 million, $226.1 million, and $289.9 million, respectively, which will begin to expire in 2030, as well as $17.9 million of federal, state and forff eign research and development tax credits, foreign tax credits, minimum tax credits and certain states’ job creation tax credits. The federal research and development and foreign the state job creation tax credits will begin to expire in 2022. tax credits will begin to expire in 2032 and ff We are currently subject to the annual limitation under Sections 382 and 383 of the Internal Revenue Code. We will not be precluded from realizing the NOL carryforward be limited in the amount we could utilize in any given tax year in the event that the federal and state taxable income will exceed the limitation imposed by Section 382. The amount of the annual limitation is determined based on our value immediately prior to the ownership change. Subsequent ownership changes may further affect the limitation in future years. and tax credits but may ff At December 31, 2021 and 2020, the total amount of gross unrecognized tax benefits was $7.6 million and $7.1 million, respectively, which, if recognized, would impact our effective tax rate by less than $0.1 million in each year. Interest and penalties associated with uncertain tax positions recognized as a component of income tax expense were immaterial in 2021, 2020 and 2019. 112 The change in gross unrecognized tax benefits, excluding accrued interest, were as follows: (in thousands) Unrecognized tax benefits at the beginning of the period Additions for tax positions in the current year Increase in prior year positions Decrease in prior year positions Acquisitions Year Ended December 31, 2020 2019 2021 $ 7,123 $ 7,163 $ 194 64 (48) 242 232 62 (334) — 4,814 2,306 90 (89) 42 Unrecognized tax benefits at the end of the period $ 7,575 $ 7,123 $ 7,163 We file income tax returns in the United States, including various state jurisdictions. Our subsidiaries file income tax returns in various foreign jurisdictions. Tax years after 2014 remain open to examination by the major taxing jurisdictions in which we are subject to tax. At December 31, 2021, we were not under examination for income tax audits by the Internal Revenue Service or any state or foreign tax jurisdiction. Depending on the jurisdiction, distributions of earnings could be subject to withholding taxes at rates applicable to the distributing jurisdiction. As we intend to continue to reinvest the earnings of foreign subsidiaries indefinitely, we have not provided for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of foreign subsidiaries. It is not practicable for us to determine the amount of unrecognized tax expense on these reinvested foreign earnings. 12. Net Loss Per Share The following table sets forth the computation of basic and diluted net loss per share: (in thousands, except per share data) 2021 2020 2019 Net loss $ ( (46,677) $ ( ) ) ( (42,731) $ ( ) ) ) (99,013) ( ) ( Year Ended December 31, Weighted-average shares used to compute net loss per share, basic and diluted 106,387 101,009 Net loss per share, basic and diluted $ ( (0.44) $ ( ) ) ( (0.42) $ ( ) ) 96,014 ) (1.03) ( ) ( The following potentially dilutive securities have been excluded from the diluted per share calculations because they would have been antidilutive: (in thousands) Stock options RSUs Shares to be issued under the 2018 ESPP Restricted stock Total Year Ended December 31, 2021 2020 2019 6,731 5,781 181 — 12,693 9,441 4,490 321 99 14,351 12,939 2,894 278 495 16,606 113 13. Geographic Information We operate as one operating segment. Our Chief Executive Officeff r, who is our chief operating decision maker, reviews financial informat operating decisions, allocating resources, and evaluating financial performance. ion on a consolidated basis for purposes of making ff ff Revenue by region, based on the address of the end user as specified in our subscription, license or service agreements, was as follows: (in thousands) The Americas Europe, Middle East and Africa Asia Pacific Revenue Year Ended December 31, 2020 2019 2021 $ 347,724 $ 293,734 $ 243,616 135,176 58,230 102,155 44,332 77,676 33,294 $ 541,130 $ 440,221 $ 354,586 Customers located in the United States accounted for 58%, 61% and 63% of revenue in 2021, 2020 and 2019, respectively. No other country accounted for 10% or more of revenue in the periods presented. Our property and equipment, net by geographic area is summarized as follows: (in thousands) United States International Property and equipment, net 14. Benefit Plans December 31, 2021 2020 $ $ 33,579 $ 3,254 36,833 $ 35,406 3,514 38,920 We maintain a contributory defined contribution 401(k) plan for our U.S. employees, where company-matched contributions are fully vested. Additional contributory plans are in effect internationally, including in the U.K. and Ireland. Our contribution expense forff million, $6.5 million and $6.2 million in 2021, 2020 and 2019, respectively. such plans was $7.6 15. Subsequent Events In February 2022, we acquired Cymptom, a platform that proactively measures, maps and prioritizes probable attack paths. When added to our products, this acquisition will enable security teams to preemptively focus response ahead of and during breaches. We acquired Cymptom for a total purchase price of approximately $23 million in cash. 114 Changes in and Disagreements with Accountants on Accounting and Financial Item 9. Disclosure None. Item 9A. Controls and Procedures Evaluation of Disclosure Control tt s all nd Procedures We maintain “disclosure controls and procedures,” as defined in Rule 13a-15(e) and Rule ion required to be 15d-15(e) under the Exchange Act, that are designed to ensure that informat disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to our management, including our principal executive and principal financial officers, required disclosure. as appropriate to allow timely decisions regarding ff ff Our management, with the participation of our Chief Executive Officer ff and Chief Financial Offiff cer, ff iveness of our disclosure controls and procedures (as defined in Rules has evaluated the effect 13a-15(e) and 15d-15(e) under the Exchange Act ), as of the end of the period covered by this Form 10-K. Based on such evaluation, our Chief Executive Officer and Chief Financial Offiff cer have concluded that as of December 31, 2021, our disclosure controls and procedures were effecti ve to provide reasonable assurance that the information required to be disclosed by us in this Form 10-K was (a) reported within the time periods specified by SEC rules and regulations and (b) communicated to our management, including our Chief Executive Officeff to allow timely decisions regarding any required disclosure. r and Chief Financial Offiff cer, ff Management's R' eport on Interntt al Control Overvv Finanii cial Reportintt g Our management is responsible forff establishing and maintaining adequate internal control over ff financial reporting, as defined in Rule 13a-15(f) of the Exchange Act. Our management evaluated the iveness of our internal control over financial reporting based on the framework in Internal effect ntegrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Control—I tt Treadway Commission, and concluded that our internal control over financial reporting was effecti ve at December 31, 2021. We completed our acquisition of Accurics on October 1, 2021. Since we have not yet fully incorporated the internal controls and procedures of Accurics into our internal control over financial reporting, management excluded Accurics from its assessment of the effecti internal controls at December 31, 2021. Accurics represented approximately 3% of our total assets at December 31, 2021 and less than 1% of our revenue and operating expenses in 2021. veness of our ff ff Our independent registered public accounting firm, Ernst & Young YY LLP (PCAOB ID: 42), has issued an audit report with respect to our internal control over financial reporting as of December 31, 2021, which is included in Part II, Item 8 of this Annual Report on Form 10-K. Changes in Internal Controlrr Overvv Financ ii ial Reporting There were no changes in our internal control over financial reporting identified in management’s evaluation pursuant to Rules 13a-15(d) or 15d-15(d) of the Exchange Act during the three months our ended December 31, 2021 that materially affecte internal control over financial reporting. d, or are reasonably likely to materially affect, ff ff 115 tt Inherent Limitattt ions on Effeff ctivtt envv ess of IntII ernarr l Control tt sll In designing and evaluating the disclosure controls and procedures, management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable, not absolute, assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply judgment in evaluating the benefits of possible controls and procedures relative to their costs. Our management, including our Chief Executive Officer Financial Officer financial reporting are designed to provide reasonable assurance of achieving their objectives and are effect ive at the reasonable assurance level. However, our management does not expect that our disclosure controls and procedures or our internal control over financial reporting will prevent all errors and all fraud. , believes that our disclosure controls and procedures and internal control over and Chief ff ff ff Item 9B. Other Information None. Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections None. 116 PART III Item 10. Directors, Executive Officers and Corporate Governance Executive Offiff cers and Directors The information required by this item will be contained in our definitive proxy statement to be filed with the SEC in connection with our 2022 annual meeting of stockholders, or the Proxy Statement, which is expected to be filed not later than 120 days after the end of our fiscal year ended December 31, 2021, under the captions "Information Regarding the Board of Directors and Corporate Governance," "Election of Directors" and "Executive Officers" reference. and is incorporated in this report by ff Item 11. Executive Compensation The information required by this item will be set forth in the Proxy Statement under the captions "Executive Compensation" and "Director Compensation" and is incorporated herein by reference. ff Item 12. Stockholder Matters Security Ownership of Certain Beneficial Owners and Management and Related ff The informat ion required by this item will be set forth in the Proxy Statement under the captions "Security Ownership of Certain Beneficial Owners and Management" and "Securities Authorized for Issuance under Equity Compensation Plans" and is incorporated herein by reference. ff Item 13. Certain Relationships and Related Transactions and Director Independence ff The informat ion required by this item will be set forth in the Proxy Statement under the captions "Transactions with Related Persons and Indemnification" and "Independence of the Board of Directors" and is incorporated herein by reference. f Item 14. Principal Accountant Fees and Services ff The informat ion required by this item will be set forth in the Proxy Statement under the caption "Ratification of Selection of Independent Registered Public Accounting Firm" and is incorporated herein by reference. 117 PART IV Item 15. Exhibits, Financial Statement Schedules (a)(1) Financial Statements See the Index to Consolidated Financial Statements in Item 8 of this Annual Report on Form 10- K. (a)(2) Financial Statement Schedules SCHEDULE II SUPPLEMENTARY CONSOLIDATED FINANCIAL STATEMENT SCHEDULE VALUATION AND QUALIFYING ACCOUNTS (in thousands) Allowance for Doubtful Accounts Balance at Beginning of Year Additions Charged to Costs and Expenses Deductions(1) Balance at End of Year Year Ended December 31, 2021 $ 261 $ 349 $ (86) $ Year Ended December 31, 2020 Year Ended December 31, 2019 764 188 336 967 (839) (391) 524 261 764 _______ ____ ____ ____ ____ ____ ____ (1)(1) CConsists fof write-offfsfff f fof uncollectible accounts, net fof recoveries. All other schedules have been omitted because they are not required, not applicable, or the required informat ff ion is included in the financial statements or the notes to the financial statements. Item 16. Form 10-K Summary None. 118 Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized. SIGNATURES Date: February 25, 2022 TENABLE HOLDINGS, INC. By: /s/ Amit Yoran Amit Yoran Chairman and Chief Executive Officer ff Date: February 25, 2022 By: /s/ Stephen A. Vintz Stephen A. Vintz Chief Financial Offiff cer 119 POWER OF ATTORNEY KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Amit Yoran, Stephen A. Vintz and Stephen A. Riddick, jointly and and agents, with full power of substitution and ff severally, as his or her true and lawful attorneys-in-fact resubstitution, for him or her and in his or her name, place and stead, in any and all capacities, to sign this Annual Report on Form 10-K of Tenable Holdings, Inc., and any or all amendments thereto, and to file the same, with all exhibits thereto, and other documents in connection therewith, with the Securities and Exchange Commission, granting unto said attorneys-in-fact and agents full power and authority to do and performff about the premises hereby ratifying and confirming all that said attorneys-in-fact her or their substitute or substitutes, may lawfully do or cause to be done by virtue hereof. Pursuant to each and every act and thing requisite or necessary to be done in and and agents, or his, ff 120 the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated. Signature Title Date /s/ Amit Yoran YY Amit Yoran /s/ Stephen A. Vintz Stephen A. Vintz r Chairman and Chief Executive Officeff February 25, 2022 (Principal rr Executive Offiff cer) Chief Financial Offiff cer (Principal ii rr Princrr ipii al Accountingtt Financial Officeff Officeff r and r) February 25, 2022 /s/ Arthur W. Coviello, Jr. Director February 25, 2022 Arthur W. Coviello, Jr. /s/ Kimberly L. Hammonds Director February 25, 2022 Kimberly L. Hammonds /s/ Linda Zecher Higgins Director February 25, 2022 Linda Zecher Higgins /s/ Niloofar Razi Howe Niloofarff Razi Howe /s/ John C. Huffard ff , Jr. John C. Huffard ff , Jr. /s/ Jerry M. Kennelly Jerry M. Kennelly /s/ A. Brooke Seawell A. Brooke Seawell /s/ Raymond Vicks, Jr. Raymond Vicks, Jr. February 25, 2022 February 25, 2022 February 25, 2022 February 25, 2022 February 25, 2022 Director Director Director Director Director 121 Stock Perforr rmance Graph We have presented below the cumulative total return to our stockholders between July 26, 2018 (the date our common stock began trading on the Nasdaq Global Select Market) through December 31, 2021 in comparison to the Standard & Poor’s, or the S&P, 500 Index and the Nasdaq Computer Index. All values assume a $100 initial investment, and data forff Computer Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance the S&P 500 Index and Nasdaq of our common stock. ff Comparison of Cumulative Total Return $280 $240 $200 $160 $120 $80 $40 7/26/18 12/31/18 6/30/19 12/31/19 6/30/20 12/31/20 6/30/21 12/31/21 Tenable Holdings, Inc. S&P 500 NASDAQ Computer Company/Index 7/26/2018(1) 12/31/2018 6/30/2019 12/31/2019 6/30/2020 12/31/2020 6/30/2021 12/31/2021 Tenable Holdings, Inc. $ 100.00 $ 73.36 $ 94.35 $ 79.21 $ 98.55 $ 172.76 $ 136.69 $ 182.05 S&P 500 Index 100.00 88.35 103.68 113.86 109.26 132.38 151.46 167.97 NASDAQ Computer Index _______ ____ ____ ____ ____ ____ ____ (1)(1) Base period 100.00 83.01 102.35 124.80 146.62 187.18 220.44 258.04 CORPOR(cid:2)TE EXECU(cid:3)IVES Amit Voran Chief Executive Officer and Chairman of the Board of Directors Nico Popp Chief Product Officer Stephen A. (cid:2)intz Chief F(cid:3)nancial Officer BOARD OF DIREC(cid:3)ORS Amit Voran Chief Executive Officer and Chairman of the Board of Directors John C. Huffard, Jr. Co-Founde(cid:4), Tenable A. Brooke Seawell Venture Partne(cid:4), New Enterprise Associates Raymond (cid:2)ick(cid:4), J(cid:5). Certified Public Accountant Arthur W. Coviello, J(cid:5). Venture Partne(cid:4), Rally Ventures CORPOR(cid:2)TE INFORMA(cid:3)ION Common Stock Listing Listed: Nasdaq Global Select Market Symbol: TENB Annual Meeting Wednesday, May 25, 2022 at 1:00 p.m. local time Registrar and Transfer (cid:6)gent American Stock (cid:6)ransfer & Trust Company, LLC 6201 15th Avenue Brooklyn, NY 11219 (cid:6): (800) 937-5449 Mark Thurmond Chief Operating Officer Bridgett (cid:8). Paradise Chief People Officer Stephen A. Riddick General Counsel and Corporate Secretary Linda Zecher Hi(cid:9)(cid:9)ins Chief Executive Officer, Barkley Group Jerry M. Kennel(cid:10)y Chief Executive Office(cid:4), Scandic Capital Kimberl(cid:11) L. Hammonds Founde(cid:4), Mangrove Digital Group Ni(cid:12)oofar Razi Howe S(cid:4). Operating Partne(cid:4), Energy Impact Partners Legal Counsel Cooley LLP 1299 Pennsylvania Ave NW, Suite 700 Washington, D.C. 20004 Independent Registered Public Accounting Firm Ernst & Young LLP 1201 Wills Street, Suite 310 Baltimore, Maryland 21231 Investor Relations investors@tenable.com
Continue reading text version or see original annual report in PDF format above