Q3 2024 CyberArk Software Ltd Earnings Call
Speaker Change: Thank you for standing by. My name is J.L. and I will be your conference operator today. At this time I would like to welcome everyone to the third quarter 2024 CyberArk Software Limited Earnings Conference Call.
Speaker Change: All lines have been placed on mute to prevent any background noise.
Speaker Change: After the speaker's remarks, there will be a question and answer session.
Speaker Change: If you would like to ask a question during this time simply press star followed by the number one on your telephone keypad
Speaker Change: If you would like to withdraw your question, simply press star 1 again.
Speaker Change: I would now like to turn the conference over to Srinivas Anantha, Vice President, Investor Relations. You may begin.
Srinivas Anantha: Thank you, operator. Good morning. Thank you for joining us today to review CyberArk's strong third quarter 2024 financial results.
Srinivas Anantha: With me on the call today are Matt Cohen, our Chief Executive Officer, Josh Siegel, our Chief Financial Officer, and Erica Smith, our Deputy CFO. After prepared remarks, we will open up the call to a question and answer session.
Srinivas Anantha: Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflect management's best judgment based on currently available information.
Srinivas Anantha: I refer specifically to the discussion of your expectations and beliefs regarding our projected results of operations for the fourth quarter, full year 2024 and beyond. I also refer to our expectations and beliefs regarding the integration of VANIFI into our operations.
Srinivas Anantha: Our actual results might differ materially from those projected in these forward-looking statements.
Srinivas Anantha: I direct your attention to the risk factors contained in the company's annual report on Form 20-F, filed with the U.S. Securities and Exchange Commission, and those referenced in today's press release that are posted to CyberArk's website.
Srinivas Anantha: CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made herein. As a reminder, we closed the acquisition of Venafi on October 1st, so the results we discuss today are CyberArk on a standalone basis.
Srinivas Anantha: We do not have any financial contribution from WANFAR in the third quarter.
Srinivas Anantha: Our guidance for the fourth quarter does include contributions from VENIFI.
Srinivas Anantha: Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release, as well as in an updated investor presentation that outlines the financial discussion in today's call.
Speaker Change: A webcast of today's call is also available on our website in the IR section. With that, I would like to turn the call over to our CEO, Matt Cohen.
Thanks Srin, and thanks everyone for joining the call today.
Matt Cohen: We are very pleased to post strong third quarter results, outperforming our guidance across all metrics.
Matt Cohen: Our results continue to demonstrate that our ability to secure every identity, human and machine, with the right level of privilege controls, is resonating with customers.
Matt Cohen: This is a key motivator for customers to consolidate spend across the full breadth of our identity security platform and create even more strategic relationships with CyberArk, which in turn is driving our ARR growth.
A few financial highlights from the quarter.
Matt Cohen: Subscription ARR was 735 million, growing 46% year-over-year. Net new subscription ARR was 59 million. That's a record outside of our seasonally strong fourth quarter.
Total ARR was 926 million, growing 31% year over year.
And we outperformed our guidance metrics.
across every variable.
Matt Cohen: We delivered a record total revenue of $240.1 million, growing 26% year-over-year.
Matt Cohen: Non-GAAP operating income came in at $35.4 million, or 15% margin. That's up from a 9% margin in the year-ago period, highlighting the operating leverage in our business model as we come out of the subscription transition.
Matt Cohen: And we are pleased to report $51.6 million in free cash flow, or a 21% free cash flow margin for the quarter.
Our results are driven by three main factors.
Matt Cohen: First, the mission-critical nature of our solutions in a world where more than 90% of organizations are victims of an identity-related cyber attack.
Customers recognize that merely managing identities is not enough.
Matt Cohen: Identities both human and machines are the predominant threat vectors in today's attacks and the traditional way of securing identities in siloed often commoditized point solutions is no longer sufficient.
Matt Cohen: Second, the power of our platform. We offer the only integrated platform that can help enterprise
Matt Cohen: enterprises discover with context, secure with intelligent privilege controls, and automate the lifecycle across all identities from workforce to IT to developers and machines.
Matt Cohen: We further strengthened our ability to deliver on this vision with the closing of the acquisition of Ventify on October 1st.
Matt Cohen: And third, the strength of our execution. To us, execution means working hand in hand with our customers to ensure their businesses can move forward and take full advantage of a digital world without fear.
Matt Cohen: By delivering measurable risk reduction in every program, our relentless focus on ensuring customers realize transformative value from our solutions and platform is the foundation of our excellence in execution.
Matt Cohen: We are benefiting from the market shift to consolidation of trust. As you can see in the success we are having selling our platform.
Matt Cohen: In the third quarter, we continue to see momentum build in full platform deals.
Matt Cohen: In one example, a leading healthcare company was driven by a desire to consolidate human and machine identities with one vendor. They replaced a competing secrets vendor and landed with CyberArk everywhere, across four of our solutions.
Matt Cohen: This customer will leverage CyberArk's capabilities across SSO, MFA, PAM, Endpoint Privilege, and Secrets Management by protecting IT users, workforce, endpoints, and machine identities from the get-go.
Speaker Change: Independently, this customer also closed a deal with Venify at the end of Q3. While the Venify team closed with them on their own, we are confident this deal is a strong indication of the top-line synergies we can achieve as a combined company.
Speaker Change: As customers look to modernize their approach to securing IT, they are expanding their PAM programs with our enterprise IT solution.
Speaker Change: This solution provides a unique way to protect a broad set of users, including IT administrators, shadow IT, database and cloud administrators.
Speaker Change: While the need for traditional PAM use cases of vaulting, shared accounts, passive rotation, and session management as foundational layers of security remains, today's PAM programs are so much more.
Speaker Change: Enterprise are looking for a quicker adoption and faster time to value. They need secure access to modern databases, workloads, and cloud services.
Speaker Change: This needs to be done with a just-in-time and zero-standing privilege approach without inhibiting the user's workflow, combining for a healthy marriage of security and productivity.
Speaker Change: What makes CyberArk truly powerful? We deliver all of these comprehensive capabilities from one single seat.
Speaker Change: integrated into our platform and fully enabled with built-in core AI and threat detection and response.
Speaker Change: This is helping to win new logos, and we added nearly 230 in the third quarter. In addition, it's driving our expansion with existing customers as they protect more users across more use cases.
Speaker Change: Our innovation and leadership position was once again recognized by industry analysts in the quarter. We were pleased to be named a leader in the 2024 Gartner Magic Quadrant for Privileged Access Management, positioned as the leader for the sixth consecutive time and furthest in completeness of vision.
Speaker Change: We were also recognized as an overall leader in the 2024 Leadership Compass on Privileged Access Management by Kupinger Coal, scoring highest in all three categories of product, innovation, and market leadership.
Speaker Change: Modern PAM though goes beyond just securing IT users. The concept of zero-standing privilege to access modern cloud infrastructure and cloud environments is the key to securing the most privileged human identity group in the enterprise, the developer.
Speaker Change: Often left unattended with always on access, developer identities dramatically increase risk and expand the attack surface.
Speaker Change: By offering zero standing privilege, CyberArk Secure Cloud Access is a game changer for securing this high-risk population. With native workflows and access and automated life cycles and controls, our solution for securing developers offers the best of PAM without needing a behavior change.
Speaker Change: More importantly, with our solution, security is not an impediment to innovation. It is an enabler of the innovation machine within organizations.
Speaker Change: In the third quarter, a leading European bank who is a long-time CyberArk customer and has worked with us closely to protect privilege access for the IT and extended IT teams over many years, now decided to tackle the high-risk developer population.
Speaker Change: We were excited to see the customer expand into this new identity group, buying our enterprise solution in a seven-figure ACV deal.
Speaker Change: In the untamed world of cloud security and developer access, where developers often have always-on and overprivileged entitlements, it is critical we approach security as a team sport.
Speaker Change: We were thrilled to announce our strategic partnership with WIZ, unifying the capabilities of our Ardeni security platform with WIZ's cloud security platform to help enhance customers as they tackle their multi-cloud security posture.
Speaker Change: WIS's best-in-class visibility over risky and misconfigured cloud access and CyberArk's control over privilege with zero standing privilege approach can measurably reduce the risk of unauthorized access.
all without impacting the speed and scale of cloud development.
Speaker Change: Our customers are excited about this partnership and the immediate benefit it can have in getting control of their cloud environments and developer access points.
Speaker Change: Moving on to securing the workforce, we had another strong quarter with our workforce solutions which crossed the threshold of a hundred million in ARR this quarter.
Speaker Change: Workforce identity is transforming from an efficiency tool where SSO and MFA were considered enough to one where every employee needs the right level of privilege controls throughout their workday from the moment they sit down at their end point.
Speaker Change: As a result, there is a substantial and growing cohort of both CIOs and CISOs that not only understand but prioritize security first across all their workforce identities.
Speaker Change: Our workforce solutions implement least privilege on managed and unmanaged devices.
Speaker Change: secure and streamline the browsing experience, substantiate more secure SSO with intelligent privilege controls, and even integrate the ability to protect everyday workforce users' passwords with the security of the CyberArk Vault.
Speaker Change: Our solutions enable a passwordless workflow, seamlessly authenticating into the environment, and reimagines the way enterprises secure their entire workforce.
Speaker Change: This is evidenced by a leading SaaS company who landed with a substantial six-figure workforce deal. As the de facto protection against ransomware, our solution was the tip of the spear in a great showcase of the multiple landing spots of our platform.
Speaker Change: Before I move on to Venafi and our machine identity security vision, I wanted to just highlight another very strong quarter of growth for secrets management.
Speaker Change: We have never been in a better competitive position. The value of secrets management at enterprise scale is resonating. And the combination of Conjure Cloud and SecretSub means SAS is leading the way.
Speaker Change: I want to share a deal with a leading U.S. energy company who recognized the value of secrets and machine identities with CyberArk.
Speaker Change: Expanding with a mid six-figure ACP deal this quarter, they are protecting more of their IT users and tackling secrets and machines for the first time with Conjure Cloud and Secrets Hub.
Thank you for watching!
Speaker Change: We are thrilled to have closed the acquisition of Venify on October 1st.
Speaker Change: I want to take this opportunity to formally welcome the tremendous Venify team to CyberArk. From the onset of our discussions with Venify, it was clear that this acquisition was more than just a strategic fit. It was a powerful convergence of vision, technology, and culture.
Speaker Change: The past months have only reinforced our belief that joining forces will reshape the landscape of machine identity security.
Speaker Change: The feedback from customers and partners further rose our confidence in the tremendous value Venify will bring to our platform.
Speaker Change: In explaining the machine identity security landscape and the problems we have to solve as an industry, I often use the three V's, volume, variety, and velocity.
Starting with volume.
The sheer number of machines.
Speaker Change: whether they are devices or workloads, is exploding. We have talked about the ratio of 45 machine identities for every human identity. In a constantly accelerating world that is only increasing its reliance on cloud-native applications and workloads, IoT devices, and AI agents, this ratio will soon be obsolete.
Speaker Change: With a rapidly growing volume, the ability to discover, secure, and manage machines with an automated lifecycle is critical to keeping this new world secure.
On to Variety.
Speaker Change: Variety refers to not just the various machine types I mentioned, but also the variety in the forms of identity. From certificates to secrets to keys to tokens, there is a large variety of identity types, adding a level of complexity not seen on the human side of identity.
Managing this complexity requires an integrated solution.
Speaker Change: Organizations cannot get away with siloed tools or manual processes anymore. Customers have a clear and urgent need to simplify, reduce complexity, and bring in an enterprise-grade solution to bear across the diverse landscape of machine and machine identity types.
Speaker Change: And finally, velocity. Machines themselves are no longer static devices and applications. They are constantly changing and in some cases, like with ephemeral workloads, they exist only for a brief period of time and then disappear.
Speaker Change: When you put together the pace of change of these identities and the shorter lifespan, all of a sudden the velocity of issuance and management of these identities has also exploded.
Speaker Change: The combination of CyberArk Secrets Management offerings with Venafi's Machine Identity Management offerings will provide organizations with a centralized solution to manage and protect all machine identity types.
Speaker Change: By automating and securing these identities, we'll help prevent misuse and compromise, ultimately reducing risk and enhancing operational efficiency.
Speaker Change: With the Venify acquisition closed, I want to highlight our top priorities over the coming months. First, we will unleash our go-to-market organization around the world to tap into the more than 8,500 CyberArk customers who are not Venify customers yet.
Speaker Change: Second, we will rapidly integrate our secrets management capabilities and Benefi's capabilities into a streamlined machine identity solution.
Speaker Change: And third, we will work with our partner ecosystem to get them both certified on Ventify and ready to hit the ground running.
as they go after the 10 billion addressable market.
Speaker Change: In summary, I want to leave you with the following takeaways. Identity security is a clear and present need for CISOs, and our solution selling has further aligned how we sell to how the customer wants to buy, and this is resonating with customers.
Speaker Change: Our vision to deliver the right level of privilege controls to every identity, human and machine, is expanding our competitive moat and leadership position in identity security.
Speaker Change: With Vantify, we're setting a new standard for end-to-end machine identity security. And finally, with our strong execution and unique platform, we are well positioned to deliver a stellar next phase of durable, profitable growth and take CyberArk to the next level.
Speaker Change: Before I turn the call over to Josh, I'm sure you've seen the CFO transition we announced this morning.
Speaker Change: Josh will see us through the year-end and will be stepping down from his CFO role in January as part of a planned succession.
Speaker Change: We are grateful he has agreed to stay on in an advisory role through 2025 to ensure a smooth transition.
Speaker Change: I want to take a moment to acknowledge Josh's countless contributions to CyberArk for more than 13 years.
Speaker Change: Josh is an amazing leader. In his time at CyberArk, he guided the finance organization from less than $40 million in revenue in 2011 when he joined. Through our IPO, the transition from a perpetual to subscription model,
Speaker Change: and turn finance into a force multiplier, enabling the scale and results you have seen us deliver.
Speaker Change: We have scaled the company and stayed true to our values of delivering strong growth and profitability. He has been my trusted partner since I joined the company and his contributions are immeasurable.
Speaker Change: I'm also, though, delighted to announce that Erica Smith will be our new CFO, effective January 1st, 2025.
Speaker Change: Erica has been a core member of our finance leadership team and has worked closely with me on the subscription transition and our long-term strategy.
Speaker Change: She is a trusted partner to the board and our executive leadership team, and I couldn't think of anyone better suited to be our next CFO. So Erica, congratulations on your new role. With that, I want to hand it over to Josh.
Thank you Matt for those kind words.
Josh Siegel: I'm indeed proud to have been part of this amazing cyber art journey and I'm grateful to you, our executive team, and the board of directors for many years of partnership.
Josh Siegel: I'm extremely pleased that Erica will assume the role of CFO starting January 1st.
Josh Siegel: I've worked closely with Erica for more than nine years. She has been a core member of our finance leadership team, holding broad responsibilities in the finance organization that include investor relations, FP&A, treasury, ESG, and now the Venafi finance team.
Josh Siegel: It is critical for all of us to have a smooth transition, continuity of leadership, and someone who knows how and will execute so we continue to march forward and scale.
Josh Siegel: Erica is a strong leader and has a deep understanding of our business. She is a great addition to the executive team and given her performance and focus on scale I am extremely confident.
Josh Siegel: that as CFO, she will help ensure CyberArk is positioned to execute on its long-term strategy.
Josh Siegel: With that, I'm going to hand it over to Erica for just a few words from her, and then I'll return to speak about the quarter. Erica? Thanks, Josh.
Erica Smith: It is an honor to be named the next CFO of CyberArk.
Erica Smith: I am grateful for the trust you, Matt, and the leadership team, as well as the board, is placing in me. As Matt said, Josh has played a critical role in setting the company's culture of operational excellence that has supported our strong growth and focus on profitability.
Erica Smith: He has been my mentor, and I am grateful for all of his guidance and support over the years. I am also looking forward to working closely with him as we move into 2025.
Speaker Change: Thank you, Josh, for staying on as an advisor to support the transition.
Speaker Change: I am also excited to work closely with such a talented and dedicated group of finance professionals in our corporate headquarters in Israel, as well as our offices in Asia, Europe and the U.S.
Continuity of our operating rhythm and
Speaker Change: I am committed to building on our strong foundation as CyberArk looks to scale well beyond a billion dollars in ARR.
Josh Siegel: With that, I'll hand it back to Josh to discuss our results in more detail. Josh? Thanks, Erica. And now, on to the quarter results.
Josh Siegel: The third quarter was another strong quarter, beating guidance across all metrics. We reported solid net new ARR, strong top-line growth, and substantial improvement in operating and free cash flow margins.
Josh Siegel: Our execution is a testament to our platform differentiation, the growing criticality of identity security, and our ability to capitalize on these secular trends.
Josh Siegel: Before I provide more details on the quarter, I want to remind everyone that while we are very excited to have closed the acquisition of Venafi on the 1st of October, it did not contribute to our third quarter results. All numbers I'm about to discuss, other than the guidance, are on a stand-alone basis.
Josh Siegel: Moving into the results, total revenue grew 26% year-on-year, reaching $240.1 million and exceeding the top end of our guidance range.
Josh Siegel: Annual recurring revenue reached $926 million. That's growing 31% year-on-year. We added $58 million in total net new ARR from $52 million in the third quarter last year.
Josh Siegel: As expected, the SAS share of our bookings increased compared to the third quarter in the year-ago period and made up more than two-thirds of subscription bookings.
Josh Siegel: Subscription ARR grew 46% year-on-year to $735 million, and is now 79% of our total ARR. We also added $59 million in a net new subscription ARR, an 11% increase from the $53 million in the third quarter last year, and that sets a new record for any non-Q4 quarter.
Josh Siegel: Our maintenance annual recurring revenue was 191 million dollars, a decrease year on year consistent with our move away from perpetual licenses and like for like conversion activity still remains a single digit percent of our year-on-year ARR growth.
Josh Siegel: Our platform selling motion continues to drive land and expand as customers move to secure more users and more personas with CyberArk. In the third quarter we signed nearly 230 new logos and with our expansion engine we also had a healthy mix of upsell and cross-sell into new solutions.
Josh Siegel: In the third quarter, the cohort of customers with more than $100,000 in ARR grew to over 2,000 customers. The cohort with ARR of more than $500,000 is now over 375 customers, and that's growing nearly 40% year on year.
Josh Siegel: Now moving to the revenue lines, for the third quarter, recurring revenue reached $224.2 million, growing 29% year on year and accounting for 93% of total revenue.
Josh Siegel: Subscription revenue was $175.6 million, growing 43% year-on-year and representing 73% of total revenue.
Josh Siegel: Maintenance and services revenue was 61.6 million dollars and of that recurring maintenance revenue was 48.6 million dollars compared to 51 and a half million in the year-ago period and that's reflecting the year-on-year decreases in our maintenance ARR balance.
Josh Siegel: From a geographic perspective, all regions continue to show healthy growth. Americas grew by 26% to $141.8 million. EMEA revenue was $73.1 million. That's up 22% year-on-year. And APJ revenue was $25.1 million, growing 34% year-on-year.
Josh Siegel: All P&L line items will now be discussed on a non-CAF basis.
Josh Siegel: Please see the full GAAP to non-GAAP reconciliation in the tables of our press release.
Thank you for watching!
Josh Siegel: Third quarter gross profit was $200.3 million or 83.4% gross margin compared to 82.7% in the third quarter last year.
Josh Siegel: In the third quarter, our operating income was $35.4 million, or 14.7% operating margin. That's well ahead of our guidance and a significant increase from an operating income of $16.9 million, or the 8.8% operating margin in the third quarter last year.
Josh Siegel: The outperformance was driven in part by the revenue upside, as well as certain program expenses moving into the fourth quarter.
Josh Siegel: Net income, it came in at $45.1 million or 94 cents per diluted share, also significantly outperforming our guidance and more than doubling from the EPS of 42 cents in the year-ago period.
Josh Siegel: We ended September with 3,300 employees worldwide, including 1,400 in sales and marketing.
Josh Siegel: We are pleased to deliver another strong quarter of free cash flow, with $51.6 million in the third quarter, our margin of 21%, and that's compared to $13.6 million in the third quarter of last year, our margin of 7%.
Josh Siegel: We ended the third quarter with approximately $1.5 billion in cash and marketable securities. As a reminder, our cash balance at the end of the third quarter does not reflect the $1 billion cash portion of the consideration paid for the Venefy acquisition on October 1st.
Josh Siegel: I want to touch on the upcoming settlement of our convertible senior notes maturing on November 15th.
Josh Siegel: We plan to settle these convertible notes with shares as we outlined in our 6K filing with the SEC back in March. The approximately 3.7 million shares associated with the convert have been included in our fully diluted share count as applicable already since the fourth quarter of 2022.
Josh Siegel: Further, we expect a cap call associated with the convertible notes to result in cash proceeds of approximately $260 million. We will receive those proceeds at the maturity of the convertible notes. As you can see, we continue to have a strong balance sheet that supports our growth strategy.
So now, turning to our guidance.
Josh Siegel: For the fourth quarter of 2024, we expect total revenue of $297 to $303 million, which represents 34% year-on-year growth at the midpoint, and that includes approximately $41 million from Benefi.
Josh Siegel: We expect non-GAAP operating income in the range of $43.5 million to $48.5 million for the fourth quarter, and that includes a contribution of approximately $11 million from Benefi.
Josh Siegel: We expect our non-GAAP EPS to be in the range of 65 cents to 75 cents per diluted share and our guidance assumes 51.2 million weighted average diluted shares. Our guidance also assumes about 16.7 million dollars in taxes.
Josh Siegel: Looking at the full year 2024, we expect total revenue in the range of $983 million to $989 million, representing 31% year-on-year at the midpoint.
Josh Siegel: We expect our full year operating income to be in the range of $135 million to $140 million.
Josh Siegel: And as a reminder, our full-year guidance also includes $41 million contribution to revenue and $11 million to non-GAAP operating income from Benefi's fourth quarter that I just said earlier.
Josh Siegel: We expect our non-GAAP EPS to be between $2.85 and $2.96 per diluted share. We expect about 49 million weighted average diluted shares and about $52.2 million in taxes for the full year 2024.
Thank you.
Josh Siegel: We expect our annual recurring revenue to be in the range of $1.153 billion and $1.163 billion at December 31, 2024.
Josh Siegel: That includes an expected contribution of approximately $164 million from Venify at the year end.
Josh Siegel: For the combined company, our guidance represents about a 50% year-on-year growth at the midpoint.
Josh Siegel: I would remind investors that as a result of the largest cohort of customers coming up for renewal in the fourth quarter, we do typically see the largest sequential decrease to our maintenance ARR also in the fourth quarter.
Josh Siegel: We are significantly increasing our cash flow guidance, our free cash flow guidance, for the full year 2024 to a range of 203 to 213 million dollars and that represents 21% free cash flow margin at the midpoint. That includes eight million dollar contribution from Ventify.
Thank you.
Josh Siegel: To sum up, we are pleased to report another strong quarter and are thrilled to welcome the Venify team to CyberArk. While the guidance I just provided includes the contribution from Venify, it is important to note that even on a stand-alone basis, we are increasing our guidance for the year across all metrics.
Josh Siegel: We are well ahead of the playbook we outlined at our Investor Day in 2023, which speaks to how we have expanded our leadership position and delivered consistently strong execution.
with 31% ARR growth.
Josh Siegel: 26% revenue growth, 15% non-GAAP operating margin, and 21% free cash flow margin in the third quarter, we're in an elite group of enterprise software companies that are operating above the Rule of 40 benchmark.
Josh Siegel: Before I hand it over for the QA portion of the call, I want to take this opportunity to express my gratitude to all those at CyberArk, and also a special note of gratitude to our founder and executive chair, Uri Makati.
whose friendship and mentorship I treasure greatly.
Josh Siegel: I also want to thank our investors and the broader investor community for their support, and I'm very excited about the future of CyberArk and believe we are in a position of strength to continue to deliver strong results going forward.
Josh Siegel: With that, I'm now going to turn the call over to the operator for QA. Operator?
Thank you. The floor is now open for questions.
Speaker Change: If you have dialed in and would like to ask a question, please press star 1 on your telephone keypad to raise your hand and join the queue. If you would like to withdraw your question, simply press star 1 again. If you are called upon to ask a question and are listening via loudspeaker on your device, please pick up your handset and ensure that your phone is not on mute when asking your question.
Speaker Change: Due to high amounts of questions, we do request for today's session that you please limit yourself to one question and one follow-up.
Speaker Change: Your first question comes from the line of Saket Kalia of Barclays. Your line is open.
Thank you for watching!
Speaker Change: Okay, great. Hey guys, good morning and thanks for taking my questions here.
Speaker Change: Josh, let me just start by saying I tip my cap to you, man, on just a heck of a run. And Erica, congrats as well. It's just great to see the continuity and what seems like a very smooth transition.
Thank you, Saket.
Speaker Change: Thanks, Zach. I appreciate it. Absolutely. Matt, maybe on to the business and what was a very strong corridor, maybe for you. You know, you called out the power of the platform in your prepared remarks, and you mentioned some examples of customers that consolidated their identity solutions to CyberArk.
Speaker Change: Can you just maybe talk about that trend as we look forward, and is there anything that you're doing at CyberArk to drive that motion within the sales team of a more consolidated type of sale, if that makes sense?
Speaker Change: It does Saka, thanks for the question. I think what we see out there at the highest level
is that customers...
Speaker Change: are having, for lack of a better phrase, an identity crisis, right, as they try to figure out what are they going to do with the threat landscape that they face and they're trying to figure out who they can trust.
Speaker Change: in that threat landscape to actually provide security across all the types of identities that they need to secure.
Speaker Change: increasingly the conversations with us in the CISOs and the C-Suite, CIOs kind of across the board, is the conversation is not specific to platform to begin with.
Speaker Change: It's specific to the idea of you have this spectrum of identities, you need security across all of them. Only CyberArk can do that for you. Do that across human and machine. Do it across the workforce, and IT, and developers.
Speaker Change: And so, we get engaged in that type of conversation, and then we use our solution-selling approach to make sure that we can provide a quick on-ramp and a quick time-to-value against whatever identity groups are top of mind or top priority.
Speaker Change: Then we bring in the platform selling approach to future-proof them, to tell them, listen, you can get started with one identity group, you can get started with multiple. We will be there for you on an extensible platform that can bring you to value when you're ready.
Speaker Change: So, we're not pushing from that perspective what's happening in the market.
Speaker Change: is that customers more and more are recognizing they want to go faster, they want to go deeper. And so, if they're security-minded, and you heard me call that out, the security-minded buyer, they're sitting there and saying, why not go faster with CyberArk since they have the platform, since we need to tackle this identity security problem, since my board, my rest of the executive team are asking me about this.
Speaker Change: And so it becomes a very organic sales process of conversation and, as I like to point out, trust in the cyber relationship.
Speaker Change: Makes a ton of sense. Josh and Erica, maybe for my follow-up for you folks, really appreciate the detail on Venify. Understanding it's early, how do you sort of think about the growth profile for Venify relative to CyberArk's organic growth in terms of ARR? And as part of that, do you expect any changes in the makeup of Venify's ARR as you go into next year?
Speaker Change: Yeah, thanks, Saket. You know, we absolutely see Venafi's portion really contributing well at CyberArk, so a higher growth rate on ARR.
Speaker Change: We're confident about that. And one of the things that we'll also see is really a lot of movement towards their bookings going towards SAS. And we can easily see next year with a majority of the SAS.
Speaker Change: where the majority of the bookings will be in SAS, and that's a change compared to their history where they've been traditionally more on-prem until this last year where they've started to ratchet that up.
Speaker Change: Yes, I think I'll just jump in. I think when we think about Venify it's a growth play for us. We just see this broad landscape.
of kind of unprotected machine identities.
Speaker Change: And I think as Josh said, we believe in our hands. We've said it since day one, and we've become even more confident in that, that Ventify will grow at or above the CyberArk growth rates once we are fully able to roll it out across the sales team.
Very helpful. Thanks, guys.
Speaker Change: Thank you. Your next question comes from the line of Hamza Fadawalla of Morgan Stanley. Your line is open.
Hamza Fadawalla: Great, thank you for taking my question. First off, congrats, Erica, and congrats to Josh.
A great run, not only for your contributions.
Hamza Fadawalla: to CyberArk, but also to the broader cyber and Israeli startup community. I know you've been a mentor to many CFOs and including a few CEOs. So, thank you for all your contribution.
Speaker Change: Thank you Hamza for those words. It really means a lot. Thank you. And thank you for the well wishes Hamza. I appreciate it.
I wanted to ask a question for Matt.
Speaker Change: You know, a lot of CISOs we talked to are talking more and more about machine identity. I wanted to just maybe drill into a little bit what that looks like. So you talked about a deal, I think, where you were able to cross out your machine identity capability with Venafi. What does that look like? I mean, are you...
Speaker Change: You know, your core product is obviously priced on a fee basis. Was this the upsell based on the number of certificates? Was it other type of machines? And what could the deal multiplier be if Venafi is included with Starbucks?
Speaker Change: Yeah, sure. So I think the foundational answer is the human side of the identity business is based upon humans, so the number of seats.
Speaker Change: On the machine side, it's generally based upon what you're securing. So for our secrets business, especially our SaaS-based, you know, Conjure Cloud and Secrets Hub, we're generally basing it upon applications.
Speaker Change: because you're building in the credential management for applications as part of the secret security process.
Speaker Change: So, on the machine side, on the secrets, it's going to be applications. On the machine side of Benefi or Certificate Lifecycle Management, it's going to be based upon certificates. We call those instances. The reason we call it instances is actually...
Speaker Change: Each certificate can actually be stored in or be leveraged across multiple machines And we we actually charge for each instance of that certificate
Speaker Change: So you're going to see those differences across the board when we kind of bundle it together. We're looking at ways to make it easy for the customer to buy, especially between the secrets, obviously, and the certificate side. I think when you think about what potential there are here, you've heard us talk for a while that the secrets business alone...
Speaker Change: can be a multiple of, for example, the PAM business that you've heard us talk about. We've talked about it actually being a fully deployed Seekers deployment is one and a half times.
Speaker Change: deployed PIMS deployment. I think on the certificate side we see an even bigger multiple opportunity where it could be 2x.
Speaker Change: You know, it's a little bit bigger than even the secret side. So when you start to look at the deal size and really once-deployed footprint that can happen on the machine identity side when you combine secrets with certificates, those are bigger deals and ultimately can be a nice high-growth business for us.
Thank you.
Speaker Change: Your next question comes from the line of Matt Hedberg of RBC Capital Markets. Your line is open.
Matt Hedberg: Great, thanks for taking my questions guys and I'll offer my congrats as well to both Josh and Erica.
Matt Hedberg: You know, I wanted to ask a little bit about your workforce business. It's impressive to see it pass the $100 million ARR mark this quarter. I'm wondering if you could provide a little bit more context about how quickly that's actually growing in the base and maybe, you know, what percentage of the base is actually leveraging workforce?
Sure, Matt, and welcome to the call.
Matt Hedberg: When we look at workforce, let's just start again with the strategic ability to be able to go win. Where we're winning is with CISOs, CIOs that have a security-first or security-minded way of buying. Some people still buy workforce SSO MFA as an efficiency tool. In that case, Microsoft or other providers out there are a perfectly good solution to provide what we consider commoditized SSO MFA.
Matt Hedberg: Our solution is based upon the idea that actually that's not enough. It's not enough in this threat environment, in this threat landscape, and we need to use MFASSO as kind of base-level controls where we wrap around it intelligent privilege controls, vaulting of personal passwords, a more secure browsing, and actually a really tight tie-in to least privilege at the end point in our EPM product.
Matt Hedberg: and so that becomes the foundation of how we how we compete, how we differentiate out there.
As you mentioned, we're pretty proud to see that business.
Matt Hedberg: kind of crossed the 100 million ARR threshold, kind of in line with where we actually expected it to be when we actually acquired Adaptive several years ago.
Matt Hedberg: What we see there is that it's a business that's growing, you know, really strongly, faster than our core, for sure, and increasingly becoming a part of more and more deals. Now, you asked the question around our penetration rate. I would tell you the penetration rate is still pretty low.
Matt Hedberg: You know, we've got over 9,000 customers now and, you know, I think we're talking about, you know, a little around 1,000 or so that are using our workforce solutions. And I think that's the opportunity we still have here is to sell into that base.
Matt Hedberg: really bring them onto the platform, as you heard me talk about on Saket's question a little bit earlier, and expand the number of identities that our platform is securing as a whole. It's an exciting opportunity for us, and I do want to just call out the tie-in
Matt Hedberg: between the workforce business, the traditional SSO MFA and our kind of advanced controls, and the EPM business.
Matt Hedberg: which is securing the endpoint of that workforce user because when you combine those two businesses together you start to see a really meaningful portion of our AR coming from securing the workforce population as a whole.
Speaker Change: Thanks, Matt. Great, great comprehensive answer. And then maybe just a quick housekeeping one for Josh or Erica. It looks like Venify is contributing about 160 million of ARR to the four-year. I'm curious, you know, how quickly was Venify ARR growing, exiting kind of the Q3 quarter, and do you have a rough estimate of what that SATs mix was?
Speaker Change: So yeah, they were growing at about the 10% mark if you think about it in the double digits And then the SAS mix was actually roughly 10% of their overall base a little it's ratcheted up in the last few quarters To closer to 12% right now, but it's it's right in that that range
Speaker Change: and it's something we see which is really interesting we talked about even in our core business
which is just a dramatic shift to Sass.
Speaker Change: as the leading motion our sales team is most comfortable with.
Speaker Change: So, while they sat at 10% of ARR and a small percentage of their overall new bookings earlier in the year, even when we look into the pipeline for Q4, we see, as Josh said, it's starting to become more of the majority of the pipeline is SaaS-led for them. And as you've seen with us, it just continues to grow each quarter, the amount of our pipe on our execution that's tied to our SaaS portfolio.
Thanks guys, best of luck.
Thank you.
Speaker Change: Your next question comes from the line of Brian Essex of J.P. Morgan. Your line is open.
Speaker Change: © 2013 University of Georgia College of Agricultural and Environmental Sciences UGA Extension Office of Communications and Creative Services
Speaker Change: Good morning and thank you for taking the question. First of all, Josh, congratulations to you. What a great track record you've built. And Erica, congratulations to you as well. It's great to see.
Thanks, Brian.
Speaker Change: Of course. Maybe for Matt, I know you talked about in your prepared remarks the ability to unleash your go-to-market motion on over 8,500 non-Venafi customers now within your install base.
Speaker Change: Can you talk a little bit about what needs to be done within your direct sales force and then what you're doing within the channel and perhaps how long that will take to have an effect on the trajectory of Venafi's growth rate?
Sure, yeah, great question.
We started training our sales team the minute we could.
Speaker Change: And in fact, we've gone out and really gotten them ready to have the conversation post-closed date. And so we're already seeing pipeline being built here in Q4 for next year that our sales team is able to contribute hand-in-hand with the Venafi team.
Speaker Change: So we feel ready to go. I think at some level we were itching.
Speaker Change: to go, and we wanted to get through, obviously, the regulatory approvals so that we could get started.
Speaker Change: And we really can't wait to start to, as I said, and then you repeated, unleash that sales team to be able to go push this product. It is a
Really?
Speaker Change: conversation. And what I mean by that is it's the CISO who's sponsoring the conversation, it's the same buyer, we know the the parties involved, and ultimately it becomes part of our talk track pretty easily, pretty quickly, and we haven't seen a need to kind of bring in specialists in every conversation.
Speaker Change: I think the partner one side of the fence is probably what surprised us the most.
Speaker Change: to the upside. I think when we first announced it we said
Speaker Change: We were, I think, down at the event and we had our partners in the other room and we said they were so excited and, you know, sometimes that can fade.
Speaker Change: What we found is the exact opposite. We actually were at standing room only in classes and certifications that we were doing for partners around the world throughout the last quarter. We had to actually add in more and more training classes for our partners.
Speaker Change: We're kind of racing to kind of have first mover advantage to be able to bring Venify into the market.
Speaker Change: So I think we've seen even more of an uptake in the partner community than I would have expected, to be honest.
Speaker Change: And I think it speaks to the need to solve the problems of the machine identity security story. Now, I will say that it's a similar sales cycle.
Speaker Change: to the CyberArk sales cycle. So, you know, we've always talked about, you know, a three, four quarter sales cycle, and sometimes we do better and it's, you know, two quarters or so. So I think we will see the impact of all this enablement and certification happen as we get into next year and into the back half of the year, especially. But it's why we're so confident in our ability to say, we're gonna grow this at or better than the CyberArk overall growth rate is because we see these conversations really taking off.
Thank you for watching!
Speaker Change: Got it, that's super helpful. Maybe one quick housekeeping question if I could for Josh or Erica. Is there any deferred revenue write-down that we have to consider as we tune our models and we add Benefi into the equation?
No, there's none that, nothing material on that side.
Fantastic. Thank you so much.
Great.
Speaker Change: Your next question comes from the line of Jonathan Ho of William Blair. Your line is open.
Speaker Change: Hi, good morning, and let me echo my congratulations to Josh and Erica as well. It has been fantastic to work with you, Josh.
Speaker Change: Just in terms of Venafi, can you talk a little bit about the opportunity to expand the awareness of the machine identity problem and, you know, across your base as you engage with customers, you know, can you give us a sense of where they are in terms of understanding, you know, the challenges as well?
Speaker Change: Sure, Jonathan, and I think I'll use a couple of examples maybe to help here, just in terms of the ability for us to scale, right? We've talked before about more than 10x sales reps and our ability to be able to bring it into the base and educate through a sales-driven process.
Speaker Change: But we've also been able to really attack it already from a marketing event-based process, from a partner landscape, as I was talking about. They did an event prior to close here in Boston called the Machine Identity Security Summit. And there were a couple hundred people there, I think it was about 200 people, and it was a great message.
Speaker Change: We then took the content, combined it in with our Impact on the Road world tour, did an event out in San Jose. We had, you know,
Speaker Change: Well over 300 people there at the event. We had well over 1,000 people register for the event online. And you start to see the scale take off in just amplifying the message out into the base.
Speaker Change: You know, we've obviously gone out and pushed our partners around.
Speaker Change: in this enablement and in this training, also can they turn on their marketing engine around this problem of machine identity. And they've been rallying around our secret story over the last couple of quarters. And I think this just becomes a nice extension of what they've already been doing. So I think you're going to see that the education process, the awareness process,
Speaker Change: has really started to kick into full gear. Our marketing team has a great plan of attack for how they're going to continue pushing it going forward. And I think when you talk with the customer base...
Speaker Change: and I've done, you know, 40 or so calls in the very near recent couple weeks.
Speaker Change: They all understand that they've got to get their arms around this machine identity problem or they're going to get themselves in a lot of trouble. You know, this Google mandate, for example, that brought down certificate lifespans from hundreds of days to a mandate of 90 days. Apple came out with a mandate of 45 days.
Those things are driving, actually, a good degree of uncertainty.
Speaker Change: down into the enterprise on what are they going to do if they're managing certificates, keys in a manual process. And so I really feel strongly that we are at a cusp of where the customer understands it, our marketing engine is going to kick in and ultimately this is an area where where the customers are going to start pulling as much as we're pushing.
Speaker Change: Excellent. And just in terms of a quick follow-up, can you give us a sense of what drove the strong margin outperformance this quarter? It's just exceptional in terms of the profitability. Thank you.
Speaker Change: Yeah, you know, in part it's the revenue beat. As you saw, we ended up beating revenue above the top line. And then there are, and I called this out, there are some expenses that we'll be doing in Q4 that were planned for Q3. And then just, you know, overall good strong efficiency, you know, as we operate the company.
Speaker Change: Your next question comes from Roger Boyd of UBS Securities. Your line is open.
Speaker Change: Great, thanks for taking the questions and I'll add my respective congrats to both Josh and Erica. Happy for you both. Matt, a high-level question around post-quantum. It seems like awareness is raising there. I'm wondering, based off your conversations with customers,
Speaker Change: Do you think that we're getting into the actual adoption curve where customers are looking to pick up post-quantum security tools, some of the stuff you're talking about with being able to gauge exposure and get to a place of certificate agility, and now with identifying the platform, there's any sense of how material you think this could be as a driver in the next year? And then I have a quick follow-up.
Speaker Change: Yeah, no, I think you hit a nail on the head there around the idea that the
Speaker Change: willingness and want to talk about kind of post-quantum plans is a part of every conversation we're having on the Venafi side. Now I still think it's, you know, obviously several years out until the the actual quantum impact is felt and
thankfully for that.
Speaker Change: But what we're able to do now is really talk with the customers about their programs and plans. We have an ability to come in and do workshops.
Speaker Change: around how the Benefy solution and our overall machine identity security solution can help prepare them for a post-quantum world.
Speaker Change: And, you know, it speaks not only to the need for, you know, obviously innovating around the algorithm and making sure that you're able to prepare. It also speaks to this idea of lifecycle management, because in a post-quantum world where an algorithm might be able to be breached or hacked into, we need to be aware of all of the assets, all the identities that are out there, and we need to be able to reissue, maybe with a new algorithm on demand based upon what's happening in the kind of threat landscape or threat environment.
Speaker Change: So, I do think it's a piece of the strategy. I think you're right that customers are starting to talk about it. Still many years out till they have to actually implement, but I think it's a part of what's driving the awareness of what we're doing on the machine identity side.
Speaker Change: Got it. Super helpful. And then just for Josh or Erica, just around 4Q, I know you've talked about moving to shorter contract durations on the maintenance side. Any color you can provide on what you're seeing around renewal rates there and anything to be mindful of relative to your 4Q assumptions for maintenance given the renewal base and seasonally larger quarter. Thanks.
Speaker Change: Yeah, Roger, it's a great question. I think we've seen continued strong renewal rates as it relates to that maintenance space, but as you know, that Q4 is one of the biggest quarters. So, baked into kind of our forward looking our fourth quarter guidance is about an eight to ten million dollar decline in that overall maintenance ARR sequentially. So, just kind of keep that in mind when you're thinking about the ARR build into the fourth quarter and the exit rate there.
Great, thanks again.
Speaker Change: Your next question comes from the line of Adam Bork of Stiefel. Your line is open.
Adam Bork: Awesome, thanks so much for taking the question and of course Josh and Erica, many congrats to you both. Maybe a bigger picture question for you Matt, you talked about that the platform selling approach is
Adam Bork: being great traction, especially with some of the wins you talked about. Now, I'm just curious, maybe from a technology perspective under the hood, especially as we now fold in Vedify, how do we think about how integrated, as they call it, the human side of the portfolio is today? You talked about efforts to integrate Secrets and Vedify, and how should I think about almost a converged?
Adam Bork: Human slash non-human identity portfolio on the back end in coming years. Thanks so much
Speaker Change: Sure Adam, so I think as you as you highlighted our first priority is let's get Venafi and Secrys integrated into what we're calling this machine identity security solution and let's hit the ground running as fast as possible with that so we can take advantage of the increased awareness and the the need to really lock down those machine identities themselves.
Speaker Change: I think what we what we look for is two things. One is the shared experience across human and machine so that organizations and customers can partake of, you know, shared dashboard, shared discovery. And I think those types of things start to come online more towards the end of the year into 2026.
Speaker Change: And then we're always looking to look, how can we leverage the shared services of our platform? For example, things like Unified Audit and Unified Identity Management.
Speaker Change: and that's an area where we can be building up over time.
Speaker Change: also as part of a shared platform approach. So I think 2025 is really about integrating the machine identity solution itself.
Speaker Change: In 2026, you start to see the technologies come together and we have a road map and an idea of what that would look like. Independent of the technology...
Speaker Change: there's a conversation with customers that we're having all the time which is machines and humans need to be integrated and managed under one platform, one ability to understand what is going on. We need to make sure that we can provide a future proof for the years to come across human and machines because that's needed for a comprehensive view of what identity security is. And so I think that that starts from day one and frankly I've received.
Speaker Change: multiple comments from customers, customers I trust you know implicitly actually that help advise that say this is this is like one of the things that they would have hoped happened in the industry is bringing human machine more together for where they need to go for the future.
Thank you for watching!
Awesome. Thanks so much.
Speaker Change: Your next question comes from Don DeFucci of Guggenheim Securities. Your line is open.
Don DeFucci: Thanks for taking my question. I have been called Don before, but anyway.
Don DeFucci: I don't mean to beat a dead horse on this but
Really, I think, I'm curious, like, why
Don DeFucci: the go-to-market push, and that makes some sense. And you talked about a bunch of things here, but we've heard about this for a while, and Benefi's been around for a while, and it was a good company, a decent company, but it never...
team to fulfill its promise.
Don DeFucci: Right machine identities always made sense, but they never fulfilled its purpose
Speaker Change: and and I just I just wonder if we're getting a little bit too far ahead of ourselves here and you guys have executed really well and and that's part of it too right that's positive but I don't know if you could speak a little bit to that I'm sure there's a question in there somewhere
Speaker Change: There is, and I think it's a good one, which is why now? And, you know, I think I've hit on, as you mentioned, you know, all right, did Ben, if I ever invest in the go-to-market scale and breadth to be able to truly go out there and penetrate the market? You know, they were mainly focused in the U.S. They didn't have much presence in EMEA and APJ. You know, they had a relatively limited spending on marketing and on sales. They had a very, very, very small channel program, so they were not able to actually bring in the SIs and the bigger channel partners that we bring to the table. So, for sure, one part of it is what cyber art brings to the story. But I think there is a second part, which is an inflection in the market.
Speaker Change: of, as I said, volume, variety, and velocity. And that's a change. Like if we go back five, six years ago, the volume was not where it was.
Speaker Change: and the variety actually was not as complex and ultimately the very nature of these modern work will and identities were much different in terms of the velocity of change that was happening.
Speaker Change: When you go out and look at the market factors around the Google mandate, the actually regulations that are coming in that actually speak to the machine identity landscape, there wasn't the pressure to get your arms around
Speaker Change: what was a very basic problem to begin with of Certificate Life Cycle Management. What's happening now, and by the way, that's what drove them up into only the upper echelon of big banks, big financial institutions.
Speaker Change: where the problem was really tough and they weren't actually penetrating down into the mainstream enterprise because it wasn't really part of a big problem statement.
Speaker Change: given the volume, given the variety, given the velocity, what we find now is actually manual processes, spreadsheets, kind of point solutions, can't manage the problem. And that's what our enterprise customers were telling us before we acquired Venafi, and that's what they're telling us even more now.
Speaker Change: post-acquire and ventify. So I think when you combine those factors together, that's what gives us the excitement and the confidence in what we're out there describing. And ultimately, you'll see that materialize as we move throughout 2025.
Speaker Change: Okay, okay, and I just want to make sure that Josh wasn't putting a high bar for Erica, just leaving that for her because I know, well, she's been by his side for a long time. I don't know that Josh has ever found a high bar. I think he always is putting the right bar out there prudently. That's why I love Josh.
Speaker Change: That all makes sense, and you guys, like I said, have executed well. But I guess ARR was strong this quarter, my follow-up here, and it was in the range of what we thought you could do, and that's great. But just curious if you saw any influence on this last quarter due to the U.S. election, and if you did, how do you see this influencing business going forward, if at all?
Speaker Change: Yeah, so we definitely didn't see anything materially different than what we've seen in other quarters You know, I think we continue to see like we say, you know a tough macro out there one in which though We've continued to perform well Security being at the top of the list our security identity security being at the top of that list You've heard me say that before. I don't think we saw anything measurable or change there I think as we look towards q4, we're not anticipating some large budget flush out there You know as people kind of figure out maybe what the implications of of the macros in the environment is So our guide doesn't assume that but no, I don't think we're seeing anything different in the environment as a whole and we're kind of in a wait-and-see approach as It relates to the election itself
Great, thank you and congrats to the team.
Thank you.
Speaker Change: That concludes our Q&A session. I will now turn the conference back over to Matt Cohen, CEO, for closing remarks.
Speaker Change: Thank you. And we are excited to deliver another strong quarter that showcases our leadership in identity security and that our vision of delivering the right level of privilege controls for every identity is working.
Speaker Change: We're thrilled to welcome the exceptional Ventify team to CyberArk. I want to congratulate Erica on joining the leadership team and I want to say my heartfelt thanks to Josh for being such a strong partner to me as I came into the CEO role and for helping to guide CyberArk for all these years to our success.
Thank you, everybody.
This concludes today's conference call. You may now disconnect.
Speaker Change: Please wait. The conference will begin shortly. Please wait. The conference will begin shortly.