CyberArk at Cantor Fitzgerald Conference: Identity Security Insights

On Wednesday, 12 March 2025, CyberArk Software Ltd (NASDAQ: CYBR) participated in the Cantor Fitzgerald Global Technology Conference. The discussion, led by Chief Strategy Officer Clarence Hinton, focused on the evolving landscape of identity security. The strategic overview highlighted both opportunities and challenges in the cybersecurity domain, emphasizing CyberArk’s commitment to securing identities as the new security perimeter.

Key Takeaways

• CyberArk is positioning itself as an identity platform, focusing on both human and machine identities.
• The acquisition of Venafi aims to enhance CyberArk’s capabilities in certificate lifecycle management.
• The company is leveraging AI to address security threats, focusing on protection from, with, and of AI.
• CyberArk’s global Fed business accounts for about 10% of its total operations.

Financial Results

• 80% of new customer engagements last quarter were related to Privileged Access Management (PAM).
• Venafi is experiencing double-digit growth in Annual Recurring Revenue (ARR), with projections to reach mid-teens by year-end.
• The global Fed business represents approximately 10% of CyberArk’s total business, with the U.S. Fed segment contributing less than half of that.

Operational Updates

• Integration of Venafi’s capabilities with CyberArk’s secrets management offering is underway.
• The company is aligning its go-to-market strategies for Venafi and secrets management with the Chief Information Security Officer (CISO) organization.
• CyberArk is building advanced functions into its products by leveraging AI technologies.

Future Outlook

• CyberArk aims to grow its core privilege use case and expand its workforce identity pillar.
• There is a focus on integrating privilege controls and methodologies to enhance identity security.
• The company plans to capitalize on cross-selling opportunities with Zillow’s modern Identity Governance and Administration (IGA) solution.

Q&A Highlights

• CyberArk continues to effectively grow its headcount in line with overall business growth.
• The company reassures customers of its extensive offerings and capabilities.
• There is a significant opportunity for expansion driven by customer expectations.

For a more detailed understanding, readers are encouraged to refer to the full conference call transcript.

Full transcript - Cantor Fitzgerald Global Technology Conference:

Jonathan Redcarver, Analyst, Kantor: Come come up from come down from Boston yesterday?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. Actually, it’s Monday night. Today’s today’s Wednesday. Oh,

Jonathan Redcarver, Analyst, Kantor: that’s right. You did the steeple. Yeah. I’m based in in Charleston. Yeah.

Okay. Okay. Close to the office. Okay. Welcome.

I’m Jonathan Redcarver. I cover the cyber security space at Kantor. Pleased to have CyberArk from the company, the chief strategy officer and head of corp dev, Clarence Hinton. So I’ll get started. If anybody has a question, don’t hesitate to raise your hand.

So I guess to to start off, Clarence, from a high level, just just talk about identity and and and the importance of identity. You know, we we we see all these these, social engineering type of compromises that evade a lot of the traditional perimeter or in, you know, email, whatever the tool is that, you know, was built to to potentially stop that can’t. And so it just it just seems like identity is the next perimeter in terms of where you want to build your security to stop these threats and stop ultimately data exfiltration. Just so just talk about the trends as you see them in 2024 and continuing to 2025.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. Absolutely. So first, pleasure to be here. And am I am I good? Am I coming through?

Can you guys hear me okay?

Jonathan Redcarver, Analyst, Kantor: Yeah. I think that’s better. Awesome.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: So, you said it exactly right. The, in terms of the the security perimeter, when you when you think about the the migration of of workloads and applications outside of the the traditional firewall, which is many years in the making, you think about it still living in in, you know, a hybrid workforce where you don’t even have all the people behind the firewall, remote work with partners and others. You know, the the concept the traditional concept of of network security in the hardened perimeter just doesn’t make any sense, or it’s it’s just much less efficient and effective. I’ll say it that way. And attackers have seen this.

So attackers are no longer spending a great deal of time trying to pierce the the network firewall. Rather, they’re finding individuals. They’re finding identities. They’re finding credentials and and privileges and using that to to and privileges and using that to to execute their their attacks. That’s that’s what we’ve seen.

So that that’s what’s really driven, identity to the to the forefront. But the additional context is, as you’ve seen, you know, companies are just in different forms and and stages of of digital transformation. So they have workloads and applications, different places they’re seeing the tech surface really dramatically increase. It’s not like they have a bunch more people, and there’s a a critical shortage still of security professionals out there, so you you can’t go person for person, body for body. And already, it’s it’s fairly common for an enterprise to have tools from a hundred different discrete security vendors.

So you don’t as a customer, you wouldn’t add want to add another couple of of tools to that mix or a couple of of company stemics, EVP, if you wanted to. It’s like, do you have the manpower to evaluate, onboard, etcetera? So that that’s really coming back to, the combination of a consolidation of trust that customers want to go through a smaller set of vendors that they they really know and trust to, to address a certain set, a larger set of cybersecurity problems at a very high level.

Jonathan Redcarver, Analyst, Kantor: Yep.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: And, and then also you think about identity and how it’s being served up and and and delivered is more increasingly becoming a a meaningful platform.

Jonathan Redcarver, Analyst, Kantor: Yeah. It’s it’s interesting. I mean, I’ve known Oodie for fifteen years. And, I remember when the company went public, and it seemed somewhat of a niche technology, large enterprise focus. That’s where you saw the adoption.

But but, you know, the whole thesis as I see it is privilege is the key to an identity platform. We can we can talk about that more in in detail. But I I think, you know, you guys see that also in terms of how you go to market now. So it it just seems like one of the questions I get is, well, it’s been such a good story. They’ve executed so well.

You know, isn’t the market getting saturated? Clearly, isn’t. I think you landed last quarter, 80 of new logos were PAM. That’s right. That’s right.

But we’ll we’ll get into that. But before we do, let’s talk about machine identity because I think that’s the next frontier. Talk about the acquisition of Vanafi and what what that opportunity means strategically for the company for the next several years.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. So, there there’s so many different different angles here. If you just look at a high level, we we’ve thrown out the the number that others have validated. There are at least, you know, 45 times the number of of machine identities as there are human identities in in a given enterprise. So just and that’s of all types.

So you’re talking about physical and virtual end points and devices. You’re talking about the applications, application infrastructure, Kubernetes containers, etcetera, the workloads running across. So you understand how the number can get, you know, very, very large, and then you start to add on things like like AI agents, etcetera. Yeah. There there’s really no ceiling to to how high that that number can go.

And then we’re in the very, very early innings of really getting to the point where customers are are addressing the security problem associated with with machine identities is what drives that. Again, it comes down to where the attackers are. The attackers are still very, very focused on on humans, but increasingly, we’re seeing breaches that feature specific elements of of machine identity, but the effect of tax attack surface is much, much larger. So I think very, very early stages there. And with with Venafi in particular, you look at what we already have with secrets management, which is focused on the on application, application communication, and, and pulling the secrets out of clear text there.

Then when you move over to to more of the the device and workflow side, obviously, certificate lifecycle management is is front and center there, but also workflow security. Those are things that the Identify has, and and they executed a high level there. But also, they have the capabilities, vision, and roadmap to go beyond that and go to the longer tail of machine identity and security. And that that’s what we where we really saw, the power. And it combined secrets with their current capabilities with their vision and road map.

It’s just a lot of upside there.

Jonathan Redcarver, Analyst, Kantor: Yeah. It’s it’s it’s interesting because Jeff Hudson, the the CEO of he would do these these these non deal roadshows to sell side every year. And the story never really seemed to change. The growth was always okay, but they never seemed to hit that inflection point where it could really go public. And so when I when I saw the deal, I was like, well, you know, I don’t know.

I I so I I think the question I want to under or or the question I wanna ask to understand a little bit better about the the market drivers is is what’s what’s changing the threat environment that really drives, you know, acceleration and growth in the AFI? Because I think, you know, double digit ARR growth, Sri, correct me if I’m wrong. I think that’s the, that that’s what it’s looked like, and the expectation is that goes into the mid teens and potentially higher by the end of the year.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yes. So if you go back to the the threat landscape environment, rewind some number, you apply five plus years. When you think about the core of certificate life cycle management that was very much viewed as operational. Right? So if a certificate expires, you have an outage, that costs you real money.

And that that was really the view. It wasn’t and and there was a security angle that that was underappreciated because the attackers really hadn’t started focusing there yet.

Jonathan Redcarver, Analyst, Kantor: Yep.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: But in our conversations going a couple years back with with customers, with CISOs, said, yes. This is a security concern for me. And it’s a security concern because the attackers started to take note, and you realize the actual attack surface is massive. So that that’s what’s really changed. It’s this combination of the attackers taking note and therefore and therefore CISOs realizing they have to address it and then understanding how massive the the the problem actually is.

So we’re definitely seeing seeing a swing there. And when you go back to the the solid performance of Vinify for many many years, but not not eye popping, it was very much in that that operational use case. It wasn’t the security use case. So there’s the opportunity the effectively the the TAM really starts to expand when it becomes a security concern, and you’re you’re actually having to address the long tail of machine identities that are out there and identities that are out there and and secure them.

Jonathan Redcarver, Analyst, Kantor: Yeah. Okay. I get it. So can you can you talk about AI and how AI amplifies the problem of securing machine identities. What what does that look like, and what can that mean also for the market opportunity?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. I mean, the the construct we we used, especially when we started to see the, you know, the the explosion of Gen AI, is, you have protection, you know, from, AI focused attacks, protection with AI, and the protection of AI, and the protection from you know, unfortunately, the the adversaries were, of course, the early adopters of Gen AI technology. But what that really manifests itself in was you have phishing attacks that are very, very, very good. And then some of the the classic tells and misspellings, they just start to go away. So that’s it just made them highly effective.

You’re starting to see, Gen AI be be leveraged to to build up better malware. So, again, it’s used to execute ransomware types. So there there are many things like that, but the first phase is you just see everything that that had been done before. It’s amplified because it’s better, it’s faster, It changes more dynamically. So it goes back to you still need everything that we provide.

Just you have to have it’s even more critical that as a customer, you have that the coverage. So that was the first. And for us, in terms of leveraging AI if you from a customer’s perspective. So we’re building more and more of those higher order functions and capabilities into our product. We’ll talk more about that next month at our customer event.

But that’s more of the protection with or security with and, again, with core AI and other things we’ll we’ll talk about. And I think the last part, when you think about, you know, protection of or security of, you have the models themselves, not something we’ve we’ve directly addressed so far, but there there’s definitely a security problem there in terms of those models, you know, an an adversary going in, corrupting the models to their own benefit, pointing users the wrong way. You have that. You have the data ingress and egress, you know, concerns, particularly in prompt sessions. You can have sensitive data from a company perspective going in and sensitive data coming back out, leaving you you know, it leaves you exposed to an external attack and go in and fix it out.

And then, of course, you have AI agents themselves that, and and we can talk about this, you know, later now, but that that have the they can scale like cloud and like machine, but you have to secure them also like humans. So that’s that’s something we’re obviously, we’ve talked a lot about our Investor Day, and and you’ll hear more about next month.

Jonathan Redcarver, Analyst, Kantor: So so, are those opportunities at hand today? And is the company positioned to capitalize on them from a product standpoint? Or is this something you’re building to be able to address over the next, you know, one to two years?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. So so protection from that’s that’s what we do. That’s what we’ve always done. So that that’s there here now. You Protection with, we we started with with the core on what we’re doing.

We’re already building those capabilities into our into our platform, our individual offerings, so that’s that’s in flight. And on the protection of starting with the Agintiq AI, that’s, you know, something we’ll we’ll talk more about next month. So that’s that’s something that when we when we talked about our guidance, our TAM, all this, it it was not it was not included.

Jonathan Redcarver, Analyst, Kantor: Okay. So regarding the the integration of Venafi, both in terms of the infrastructure, the operations, and then the go to market. Can you just, level set where the company is today? And then, I’ve got a question just related to police privilege, but I’ll ask that after you address those first questions.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Sure. So first and foremost is, when you think about how we’re aligning strategically, operationally, technologically, we want to combine the capabilities of our secrets management offering that we had, and that includes the actual product itself and the the specialists we are selling that with everything that Venify brings brings to the table. So with those two with those two assets, we have a a second to none machine identity security offering, right, that covers the secrets. It covers certificates, tokens, etcetera. And this really, really un and workloads and and beyond is and is really unmatched in terms of what’s in the market.

So that’s that’s first and foremost. Now we can we’re combining the specialist from each to provide leverage to the our entire sales force. So now we’re able to generate upside and hit the plans and so forth for everything just by building these cape providing the channel and the access that was entirely unavailable, when Vinify was under private equity ownership. We talked about that. There’s really underinvested in terms of go to market feet and also in terms of air cover on on the marketing side.

So that’s that’s super important. And then, you know, making sure we have the the right integration of the of the the technologies, you know, going forward as well. So that’s that’s the approach.

Jonathan Redcarver, Analyst, Kantor: Is there so the notion of least privilege, is is there an opportunity to to to to embed privilege around machine identities, or is that not really what the risk is, so it’s not needed?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Well, it’s it’s absolutely needed. I mean, entitlements, you know, for for me, when I think about least privilege is is really rightsizing, shrinking the entitlements, which is also thereby shrinking the the attack surface.

Jonathan Redcarver, Analyst, Kantor: Okay.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: That’s viable everywhere. It’s important absolutely everywhere. So in addition to just saying, here’s your here’s your certificate as machine go from do do whatever you want, is, you know, being very prescriptive about what access that machine, that application, that workload actually has and for a period of time. Yeah. So that’s a very, very important aspect of of securing machine identities for for sure.

It’s much more than just access.

Jonathan Redcarver, Analyst, Kantor: Okay. Yeah. I I just asked that because getting back to the notion of a platform around identity and being able to share the different technologies across that platform in terms of how you message to the customer is is probably important. Absolutely. Absolutely.

And and just quickly on the the go to market for, Netify and and secrets also, it seems like it’s it’s often the developers as opposed to you traditionally target. Is there any change in the in the sales motion that’s required as a result?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. So the the the very interesting and positive thing about about Venafi is that we found even during our our diligence that it’s all in the CISO organization. That that’s typically where this lives, which is exactly where we we target and sell anyway. And oftentimes, we find it’s the literally the same buyer in an organization. So that makes it very we’re not we’re not going in in finding and learning an entirely new, you know, dialect of of security professional.

It’s someone who who’s there oftentimes, someone we’re already talking to. So that makes it much easier for us to go and execute on the near term cross opportunities and and actually on on the mid to long term land and expand as well.

Jonathan Redcarver, Analyst, Kantor: Yeah. Okay. So getting back to just, you know, CyberArk is an identity platform. I think you, you know, you embarked. You didn’t really market around this this this broader capability until more recently.

But when you look at what you did on endpoint, you know, you expanded into cloud secrets. You know, it seems like it’s been a work in progress for a while. But, you know, talk about that vision, you know, what it currently consists of in terms of the products, and are there additional projects? Bring up IGA because it seems like IGA really rounds out that that messaging.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Absolutely. So I think, you know, it’s it’s really helpful to, you know, to to speak to that in the context of our our solutions framework. So when you think about the the different types of identities that we’re securing, you start with IT. And that’s that’s where traditionally, you know, the traditional PAM user lived. But this is a broader set than that, broader than even the domain and other and database admins.

But that’s that’s the thing we really think about in terms of how do you provide the how do you secure those identities? And I’ll talk about the capabilities in a minute. Then you move over to developer. With developer, you think about this as, you know, really cloud access being the most important thing. So things like secure cloud access, secure infrastructure access, that’s really what we focus on with the developer persona.

And then you have the broader workforce. So that that’s every everybody who’s who’s who’s there and and may not have the, you know, may not need or utilize elevated privileges. And then you move over to the, you know, to the machine side, and you have, you know, devices, workloads, and and then AI. Now for each of those, and you alluded to this earlier, there’s a certain set of of security capabilities that we deliver with our with our platform, even if it’s not the exact same code for each, but we have to provide these capabilities. So it starts with discovery.

And there’s different techniques for discovering human identities versus machine identities. Like, for example, machines aren’t tethered to active directory, so there’s a different different system to go through. Then there’s on onboarding using any metadata you have during the discovery process so that you can protect them with the appropriate privilege controls. And those controls are credential management, could be password, service, whatever it may be, entitlements management, which is where, again, you know, Zillow, comes in comes into play. It’s authentication, for sure, and then session monitoring and control.

Those are the the core privilege controls, and then all of that has to be governed by, you know, automated life cycle management can think about it as a grid where you have those, you know, six personas and three human, three machine against each of those capabilities. And, you know, there are many, many places where we’re bright green, but the places where we need to, you know, continue to to improve and and evolve. But absolutely, everywhere we can, we leverage, you know, the the capabilities and knowledge, the code where possible, for each of those horizontal functions across each of the the identity types.

Jonathan Redcarver, Analyst, Kantor: Yeah. It it seems like a lot, you know, from a, sales rep perspective. There there are so many use cases, so many opportunities. In in what I look at it, I just think CorePAM, you know, machine is exciting, but CorePAM is still under penetrated And then just when you look at identity access management within the workforce, so what is it? It’s single sign on.

It’s two factor authentication, and you have these these integrations with Active Directory. It’s not really security. And I think privilege is really the foundational layer to really building out and delivering a strong, you know, workforce identity pillar. So so just talk to that because I I I think you you have a strategy where you’re able to use elements of your privilege. You go in with a a tool.

It could be a Microsoft or an Okta customer, and you prove out, you know, the better security outcomes. And then that leads to an opportunity potentially convert that, you know, that whole customer to a workforce opportunity over time. So so how does that play?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Well, first, you said extremely well, and and thank and thank you for that. So if if we start with, the the upside opportunity that that still exists in in privileged access management, I mean, there there are a couple of things there. First, as as we as we said, as you alluded to, as things continue to evolve and modernize, and more and more humans are effectively privileged, where you go far enough back, you only really cared about the domain admins and the database admins. Yep. But now now and the entirety of IT is is highly privileged, and then it starts to spill out.

I mean, developers, extremely powerful, in term you know, pre prod and and prod access in many cases. So absolutely, there’s still a very, very long runway in in terms of the the the core privilege use case. But then you said extremely well those things, SSO and MFA. I mean, they’re you know, MFA is somewhat a security control. SSO, not not as much.

But it’s a security problem when you think about the long tail workforce because even even if a a typical worker doesn’t realize that they they they they they have privilege and elevated access, attackers know. So attackers go ahead and that’s why for us, the approach in the workforce side is to add the diff the additional layers of security that apply our our privileged controls that methodologies Privilege

Jonathan Redcarver, Analyst, Kantor: access into control.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Absolutely. But it’s not necessarily the exact same code because as a as a and as a regular user, it won’t be natural to be vaulted and rotated, for example. But still, we have Yeah. Secure web sessions that has a is a form of session management control. We have secure browsing, which as just one example acts as another layer on top MFA because because of this browsing, you can’t have, you know, you can’t have attackers go in and take a cookie that’s been authenticated by MFA and reuse it, which is one way to circumvent it.

We have our endpoint privilege management solution. We have workforce password management. So you do have this kind of entry level of SSO and MFA, this, you know, commoditizing, but we have all these additional layers that we we apply, and that’s how we’re we’re addressing the the workforce. So we’re both you know, we’re landing on top of and surrounding existing deployments, and we’re also, in in cases, completely replacing what’s already there. And we’re we’re flexible.

We can do whatever. This depends on the customer need.

Jonathan Redcarver, Analyst, Kantor: Yeah. We we know some of your competitors have had issues, compromises because of subcontractor access. And I think you’ve already targeted that use case.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Absolutely.

Jonathan Redcarver, Analyst, Kantor: But you could see how that could extend to the executive suite, you know, individuals that, you know, have access to certain systems that, you want to lock down more effectively. So I don’t know. It just seems like there’s still a big, big opportunity for No.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: And there is a and and again, this is something something you mentioned. The broader identity access management outside of PAM, it was it was never about it wasn’t originally about security, but then it became about about security for for that exact reason. So you have to you have to take a a different approach, and that’s what we’ve

Jonathan Redcarver, Analyst, Kantor: done. So, you know, when you look at the competitive environment around privilege, there’s some legacy companies beyond trust who actually had a compromise that may have benefited you. But in terms of some of the bigger companies like Microsoft and, the other public company in the I’m space, I mean, even when you look at what SailPoint’s doing and potentially ping with ForgeRock, Talk about privilege as a technology and the challenges of bringing, you know, a competitive product to market because it seems seems like vendors have tried and they really haven’t succeeded. So what is it? What what what is the challenge?

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Well well, first, when you when you go back to the essence of of CyberArk going back to to Odi when when it was when it was founded, I mean, it’s always a security first company and security first approach, before that became what was needed in the industry. And so that that has never changed. That that’s only that’s only amplified. And, you know, there’s a model we have internally, think like an attacker. That’s what informs our our product roadmaps.

It’s what’s what’s informed, in that case, our our M and A approach. It’s like, where are the attackers going next? What are what are they looking for? How can we continue to, to provide security for for our customers? And that’s where a lot of the innovation is as well.

I mean, we’re heavily focused on secure. I think for if you think about how others approach it, even others that are, you know, you think about more direct competitors than PAM, it’s more of, okay, we have to check the box on these security capabilities. Okay. Now now we do whatever other stuff we’re going to do. And if you think about other classic identity players, again, there’s whether it be whether it be more of the the automation, the front end, the back end kind of audit use case.

It’s like, that’s the core. And again, it’s like, okay. Let’s try to build in some security controls, whereas it’s not the first thing. For us, it’s it’s the first thing, and you have to get in the head of the attackers, and you have to innovate with that in mind, which, really, really no one else among those you’ve mentioned is is really committed to and is really executed on.

Jonathan Redcarver, Analyst, Kantor: Yeah. Yeah. Okay. Good point. So let’s just I know you touched on Zillow, but but talk about, you know, it it’s a modern IGA solution.

I I think you’ve described it, that way. What so what is the difference then to some of the more legacy tools around governance that other public companies sell. And and and Ed just touched on the sales strategy. I’m curious, you know, there’s gotta be a huge cross sell opportunity, but that that land and expand motion as well.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. So if you if you think about, IGA, at its core, it’s basically determining who has access to what what systems and applications and ideally, what they can do within those systems and applications. And the the bulk of the of the traditional market is large on prem applications, and deep integrations to determine who has access to what what they can do. And then you wrap around that just the ability to, to say that I’m compliant, to pass audits, etcetera, proving that you have this system in place. So that that’s traditional.

Now the the the concern with that is, you know, the way the just given the nature of the problem, given the way that systems are architected is very, very time consuming and expensive to even deploy. And there’s some pick your multiple anywhere from $4 to $6 of services for every dollar of license to to implement the systems. Easily, you know, takes six to nine months to get the first, you know, critical mass of of applications online and and covered. And and for for many, you know, we we hear things like there’s 5050% completed, yet some unacceptably long long time. But that’s it’s a it’s a challenging problem.

But that’s you think about that, and you think about how the the effective infrastructure is expanding, given, you know, at at the at the top of this, what we covered with SaaS applications, with cloud platforms, with the uses of of Gen a app. When you take that and you think, well, I need to apply I need to govern those as well. You can’t do that. I mean, you can’t throw that expense. Not only you can’t, but you don’t necessarily have to because when you have more modern approach.

And when you have designed for purpose solutions like Zillow has, you start from a different place. But still with the mindset of getting to rapid time to value, instead of it taking, you know, six, nine, twelve months to get up and running, you you take, you know, a couple weeks to get the first applications up and running, if not if not sooner. And so that that’s really the opportunity.

Jonathan Redcarver, Analyst, Kantor: And and it’s it’s a SaaS delivered solution. So you mentioned how a lot of legacy products are built for on premise. So all those natural benefits you see, ease of use or cost of deployment. In in in terms of the go to market, is it initially, I would assume, going to be targeted at the install base? I think you’ve got 8,500 customers to go after.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. That that’s very fair, but we we think about it really in terms of two different customer situations. One is a customer that’s you know, think about it larger, more traditional customer at some stage of of digital transformation. So they may have a legacy deployment of IGA, but still they have this issue of, well, modernizing. So I have SaaS.

I have cloud. I have gen AI. So I need to to govern that as well. So, typically, though, you look for a different solution there. So we see an opportunity there.

Of course, a number of customers fitting that profile in our existing install base, very ripe opportunity. Then you have more digital native born in the cloud companies that they don’t have any they don’t have a traditional IGA solution because they don’t have those those assets. So that’s a net new force where we can we can go on the land and be aggressive. And that there’s some of that in our install base, but there you know, there’s new local opportunity there as well.

Jonathan Redcarver, Analyst, Kantor: Right. Okay. Let me see if any question from the audience. We’re good? Maybe maybe just touch on the the the federal exposure in in Doge.

You know, is is that a risk in terms of personnel that you’re dealing directly with related to the procurement cycle, if bodies are no longer there that we’re handling that responsibility. You know, it’s kind of a mixed message. You know, it’s a lot of companies in security are saying that the contract vehicles are intact. There is some risk in, you know, that maybe the funding gets pushed out, but ultimately, those deals are expected to close. So maybe just touch on what you’re seeing.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. So first, obviously, something we’re we’re watching closely. And and on the contract side, that’s that’s similar to what we’re what we’re seeing as well. But, again, watching it closely. But for context, it’s important to note that our global Fed business is roughly 10% of the entirety of it.

And within U. S, Fed is less than half of that. So the exposure is much more limited than than it is for others. So not see not seeing anything in terms of the the dynamics. You know, some of that’s given the the contract structure you talked about, but also the overall exposure for us is is fairly contained.

Jonathan Redcarver, Analyst, Kantor: Yeah. It seems like the the the federal the calls we do, one federal reseller in particular, Pete, continues to highlight, you know, growing pipeline with CyberArk and no no no no deal push out at this point. So cross our fingers. Right. The other thing I just wanted to touch on oh, go ahead.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: Yeah. And I don’t know if you can hear in the room, but the question is do we have enough talent to meet the needs of our growth? And we continue to grow our headcount excellent question. We continue to grow our headcount effectively in conjunction with our overall growth, largely organically but also inorganically, we’re bringing in very, very talented individuals from Venafi and then also from Zillow. So we feel like we’re in a good place.

We are cognizant of the fact that there, as I mentioned, there is a global cybersecurity professional shortage, but we continue to be a, a landing spot of choice for for many of those professionals. So we feel good about that. But we will continue to be smart about how we how we grow when we scale talent and, and look to not not necessarily grow as we as as clear in our guidance, not grow that linearly with the with the top line, be more more efficient and effective. But but so so far, so good. We’ve been able to to add what we’ve needed.

Jonathan Redcarver, Analyst, Kantor: The I think one of the final questions I have is just we’ve we’ve seen the success of this platform strategy in terms of large deals. I think the company has commented that they’re seeing a greater frequency of deals closing with a broader number of products. Can can you just speak to that from a go to market perspective? It’s is is you have so many use cases you can address. Our company is looking to solve a specific problem with a specific tool that was how security operated historically.

What were you hearing from c level executives that they’re, you know, truly looking at, more cohesive, you know, product portfolio that works together? I think that’s one of the big changes in the industry I’ve observed over the last ten years. So I’d

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: love to hear what you’re saying. Absolutely. And, and in terms of what the CISOs want, need, etcetera, I mean, it’s it’s kind of this both in terms of their specific needs, but there’s this holistic vision and approach. So what we’re really gaining traction is with our our AEs, our customer facing, you know, sales resources, being able to deliver the whole the whole vision of what we can do. You go persona by persona, go through all the capabilities and say, we’re we’re here for you, and then listen to the customer problem where whether it’s a focus on cybersecurity risk reduction, response to an audit, specific to digital or transformation or even just a a straight automation, and and operational efficiency type of approach.

So you take that, and then you figure out the landing spot. And so even even if it’s a very specific landing spot, we tend we’re helping our win rate our win rates by giving our customers the comfort that we have much more to offer. So you’re seeing, you know, quick, you know, quick follow ups with with expansions. Having said that, we’re also seeing, you know, many more instances of customers landing with even new logos landing with multiple different solutions. So so we’re seeing it we’re seeing it both ways.

But even if we we land with just a a more of a a point type offering or a point problem, we have this opportunity to expand, and our customers expect that. It it gives them great great comfort that we’re we’re able to do that. That goes back to the consolidation of trust. It’s like, would you would you rather they’d rather work with CyberArk, solve this problem, and know they can solve a much wider birth than go in and have to have to rifle shot and get a dozen different vendors to solve all these different, different problems. So we can solve at a very high level.

Jonathan Redcarver, Analyst, Kantor: Yeah. Yeah. That rifle shot approach isn’t really working. Yeah. Alright.

Well, I think we are out of our time. So, Clarence, thank you very much.

Clarence Hinton, Chief Strategy Officer and Head of Corp Dev, CyberArk: No. Thank you.

Jonathan Redcarver, Analyst, Kantor: Looking forward to seeing you again soon.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.