Thanks for joining us, everybody. Well, this chair, this one is; it's got some wobble to it. I just can't move on this chair, and I'll be fine. Thanks for joining us. We've got F5 here, in this lead-up to lunch session, and so I appreciate everybody in the room. We'll save some time at the end for questions if there are any, but joining us on stage, starting at my far left, Cooper, the new, newly minted CFO of, but not new to F5, but newly minted CFO of F5, and Kunal Anand, Chief Innovation Officer. Is that, that's your title? Okay, well, thanks for joining us, gentlemen. I think before we start, Cooper was going to start with a quick.
Yeah, I will. I'll jump into the safe harbor. Thanks. So please note that our discussion today may contain forward-looking statements which involve uncertainties and risks. Our actual results may differ materially from those expressed or implied by these statements. Please see our SEC filings for more information on these risk factors.
All right. Now we can talk about updated guidance.
Yeah, let's go for it.
We've got that out of the way. All right. Well, thanks for, thanks for that. You know, F5 has gone through a really, it's been an evolving story over the last several years, and certainly the focus on cyber and the focus on software. Maybe just level set us, maybe from a technology perspective on what the company's primary focuses are, because it's a different company than it was a couple years ago, let alone five years ago.
Totally. Yeah. Let's go back in the Way back Machine, I guess, the DeLorean.
Yeah, yeah, please.
And, you know, when F5 was created and when we saw growth initially as an organization, it was specifically around helping organizations load balance and do application delivery in physical websites. And that was a really important thing to do. So application delivery, performance. And then we got to see the initial era of application security.
Yeah.
And so web application firewall became really important. We get into this ADC 2.0 era, if you call it that, where organizations now start to move workloads to the cloud. And there's this big question of where are these workloads going to reside? And of course, we saw the inflection with mobile during that cloud era. So we saw applications turn into APIs. We started to see new types of security issues, new types of things on the horizon, including fraud, bot attacks, denial of service, nation-state issues. And now with, you know, a little bit of AI in the mix today, we're in this sort of third era of application delivery and security. And in this third generation of ADC, it's just totally different because we're now hybrid and multi-cloud.
Yeah.
Organizations are not in a single environment. The enterprises that we work with, it's common for them to be in six or more environments, and that could be on-premises, that could be in a variety of cloud environments. Their application delivery needs have changed. Their application security needs are really, really critical for them. And we are seeing organizations combine both of these things in their brains. We don't just need delivery or we just don't need security as separate things. We need these things to work and operate together.
Yeah.
A broad sea change in terms of what the landscape and the technology looks like, and we've been there with all of those capabilities, so whether it's delivery, performance, secure multi-cloud networking, some Zero Trust capabilities, web application and API protection, and now some stuff around enterprise AI delivery.
Yeah. And I think that, you know, this is, I cover a lot of companies that are very much hybrid, and it feels like, I don't know, if we were sitting here five years ago, it's like, everything's going to the cloud, and I think the pendulum swung far too far that way, and it feels like hybrid is the new norm, and I still get the question, like, how is F5 relevant in sort of like for the next 10 years? And it feels like it's all going to come down to relevancy in hybrid cloud, and that is the new norm, and I guess, you know, how are you helping customers think through that hybrid mentality?
Yeah, look, what comes down to a couple of things. In a hybrid modality for physical data centers, organizations are still typically deploying hardware appliances or hardware solutions. Performance is paramount. So for them, they need the highest quality hardware paired with the best software in the world to fit those environments, but we see organizations that have gone to virtualized environments, or they go to things like Kubernetes.
Yeah.
We're there for them. Just a couple of weeks ago, we announced BIG-IP for Kubernetes. So the ability to bring BIG-IP into these modern workloads and these environments we think is really important. Or if people want to consume it as a SaaS platform, we can meet them there as well. So choice and flexibility is important. And on the hybrid notion, we think that there's an element. Multi-cloud networking is really important for folks that want to bridge between these environments. And we're seeing some great places where organizations are leveraging us for application connectivity, bridging networks, and also application migrations. So more of that layer seven work as they're coming across different cloud environments.
Okay. A couple more and then Cooper will flip to you. But, you know, you've been spending a lot of time talking about sort of like the broadening distributed cloud platform. Just level set us for what's included there and like when you think about that expanding platform, what does that look like in a year, two, three from now?
Look, when you look at the overall landscape today, you see organizations that have these cloud points of presence, right? Large cloud PoPs, and I think about companies like the Akamai of the world, the Cloudflares of the world, et cetera.
Yes.
And so we're no different in that we offer points of presence as well. One of the unique things that we provide is for those organizations that want that hybrid deployment where they want to be able to deploy that same set of technology, same exact product, same exact service, same exact set of features in their environment, they can do so. So our points of presence, we call them Regional Edges. We also have something else called a Customer Edge where an organization can basically take the essence of our regional edge or pop infrastructure and deploy it in their environment. And so this means they have that consistency, they have the multi-cloud networking, they've got the application security pieces.
What I'm excited about is what we've been able to do and what differentiates us from our peers is not only can we shield, right, and help people with load balancing and security in production, but we can also shift left and we can give people risk discovery. This is a huge topic for CIOs and CISOs, so prior to joining F5, I was operating as a CTO and CISO at Imperva, and one of the top things when you go and you talk to CISOs globally, the number one thing in their risk register is around data breach and data exfiltration, and where are the biggest gaps right now in the infrastructure? It's not at the data layer. It's through applications and APIs.
And so the cool thing that we've done through M&A that we did over the last year, we have the ability before people deploy applications to production to identify risks in those underlying applications and in those APIs. And with the tight integration that we have in our platform, we can actually go in and allow them to click a single button to mitigate. Now, it doesn't fix the root cause of the source code or the weaknesses or the vulnerabilities there. We still have to do that. But the nice thing is it provides them that they're covered. So we can do risk discovery and we can do risk buy down.
And that's what I love about what we have in the platform today is we can be that one-stop shop for those organizations, and especially for the CIOs and CISOs that need to find and identify those risks and buy that risk down.
There's a lot I want to unpack there, but maybe we'll just pivot to Cooper a second. You talked about stabilizing demand and, you know, actually, you know, you've seen improving results. And the question that I get asked from a lot of folks, and you guys have such a broad perspective on IT buying is like, do you think we've seen the worst? And obviously there's some idiosyncratic elements to, you know, hardware and other things that you guys, you know, are exposed to that maybe some others aren't. But do you think, you know, where do you think we are from like an economic demand perspective? And acknowledging you guys have had some pretty strong results recently.
Yeah. So we think that we're in a period of stabilization with customer budgets. So we're not anticipating a material improvement to the macro or immaterial increases to customer budgets, but our customers do have better visibility and accessibility to their existing budgets. That's allowing them to move forward in a more orderly fashion with new projects. We're not seeing the same kind of, friction around approvals at the end of these deal cycles. And so that's helping. In addition to that, customers have a better understanding of their architecture going forward. So they have a better feel for which application workloads are going to live in a data center, which ones will be public cloud and so on.
And so that's giving them more confidence to move forward with some of these opportunities because they, they no longer have that, uncertainty that they may be investing in the wrong technology or, you know, over-investing in one, model and under-investing in another.
What do you think? Is that just general economic, just more certainty around things or maybe less uncertainty?
No, I think it's more certainty both on an economics perspective, but also you got to remember that a lot of customers were undergoing a lot of change in their own operating models in F5, you know, calendar 2022, 2023.
Yeah.
There were changes with their operating teams, and so they had to get through those changes to then kind of be at a steady state with their operations, and we think that they're there now, and so that's allowing them to move forward with some of these larger projects.
The other question I wanted to ask you, and I know CFOs embedding any sort of December budget flush into their outlook, but, you know, do you typically see that? Have you seen that? And I'm, you know, even just like on a hardware with, hey, I have extra CapEx dollars. I'm just going to deploy them now because I'm going to lose them. Have you seen that historically?
Yeah, we have sometimes. It's not super common, but you'll notice sometimes in our Q1, which is calendar Q4. We tend to see more perpetual software, especially with service providers, and that can be tied to CapEx budget that closes at the end of the year. So it's not typically a major driver of our Q1 results, but we do see it from time to time.
You have seen it there?
Yeah.
Okay, and I can imagine you're probably not assuming any real benefit this Q1.
No, no. When you're looking at an individual quarter, it's more about what's in the pipeline and the current close rates that we're seeing.
Have like through four Q close rate, close rates seem to be improving?
Yeah, they have. The last second half of the year, we saw improved close rates, and just more predictability. The sales cycles were back to kind of more normalized durations.
Yes. Okay. I want to get to some of the cyber questions, but you sort of teased out AI a second ago. What is F5's role in helping customers think through adopting AI and leveraging AI with increased bandwidths and increased, you know, data security issues? We'll get to the security piece, but maybe just like, what is F5's role in enabling AI for customers?
Yeah, we've seen three really interesting use cases in the market. Still early wins in AI, but we're winning opportunities there right now. And so one example is data ingestion. A lot of people have to move a lot of data around to make AI work better, whether it's retrieval augmented generation, where they have to go and get better value out of these language models, or if they want to go in and train these models, that requires effectively moving a lot of data in between these structured, semi-structured, unstructured data stores and these AI factories that they deploy. They will typically rely on an organization that can provide an ingress controller, a high performance ingress controller right in front of those data stores.
And so that, that's a role that we can play at F5 where we can sit in front of those data stores, effectively do the load balancing, the traffic management, and the security work in front of all those things to make it really efficient to move the data around. That's part one. Part two is intercluster and intracluster load balancing as well. And that's super important because the organizations that are out there that are building these AI factories and, you know, homogeneous sets of technologies, whether it's CPUs, GPUs, we find that a lot of organizations that are doing that, because of how stochastic and how variable AI is, right? They need predictability. They need load balancing in front of that stuff.
And so they need to load balance between the different AI factories that are out there, even between cloud capabilities and local capabilities, as well as intracluster load balancing. So a few weeks ago, we announced that BIG-IP for Kubernetes with NVIDIA, the fact that we can now run on NVIDIA GPUs, the BlueField-3 GPUs. And that's huge, right? Because effectively we can bring the years of experience in technology to run in these modern environments. And that's a big leap for us because we've been for a long time in building technology to run in the Intel and the x86 ecosystem and to run on top of the NVIDIA ecosystem requires us to run this code on top of ARM, which is a big deal. And then the last example of this is specifically around API security. And you touched on cyber.
APIs glue the whole AI ecosystem. It doesn't matter if you're calling OpenAI or a local model or between an application and any one of these different services or capabilities, you're going over APIs. And we think it's really important to do things like discovery, data analysis, and, like, what is the data that's moving between your applications and these AI solutions, and then the ability to block.
You see that was literally my next question. It feels like you guys are in an enviable position with the traffic flow that you see to look at, you know, data exfiltration or sensitive data. What role does F5 have in the future there? Because it feels that's a competitive market and a lot of people are kind of getting at that with kind of deep inspection. What role does F5 play in kind of the data governance, data security landscape?
Look, I came from Imperva and we were focused on data at rest. I think there's a very well-established market, but that's not the biggest problem that people have. It's data in transit. The one thing that I love about the BIG-IP technology that we have is years and years ago, F5 ended up building this set of capabilities in BIG-IP called APM. That's around access policy management. That allows companies to do things like break and inspect. We have many organizations globally that rely on the technology to do that level of breaking encryption if needed to do the deep packet inspection where we can do things like data analysis today. We can do it directly inside the product. We can also connect to the broader ecosystem if people want us to connect to a different DLP.
And then we can re-encrypt if we needed to. And so we have organizations that are already using that. And in order to do that, you need an incredible data plane. So you need high quality software to be able to do that statefully. And then you need high quality hardware underneath to do that. So we've been doing this for quite some time. And yes, absolutely over time. You think about the fact that more organizations are relying on APIs, more people need to know how data is moving around. I think there's a clear need for organizations to get that level of visibility and observability. That's important for CIOs right now.
One other question here, then I'll come back to you, Cooper. The other thing I've always, it struck me that you guys have a real opportunity or like you should be a relevant like SASE vendor just relative to where you're sitting in the network and with points of presence. Like how do you think about that market? Because obviously it's competitive and there's a lot of folks going after it, but you know, is that, is that an intriguing opportunity?
Look, SASE is interesting from the perspective of what it is trying to do. I'll start there, which is, you know, people who are typically deploying SASE and I'm thinking of companies like Zscaler, et cetera. You're typically deploying those technologies because you want to bring your internal employees to applications and services. I get that. But I think if you zoom out a little bit, I think what's more intriguing isn't SASE itself. It is the concept of zero trust architecture. That is the part that is really intriguing, and so what we've been focusing on is things like access policy management, privileged user access, being able to do ephemeral authentication to internal systems, east, west, as well as north, south.
That is the place that I think you're going to see F5 play a bigger role in not necessarily bringing internal users to internal applications, but that overall north, south, and then the cascading east, west flows that result from that.
So what happened from a product perspective? What inning are we in, sort of realizing some of that opportunity? Because it feels like that, that could be massive in and of itself.
We are already helping some pretty large organizations with their Zero Trust network strategy in terms of leveraging BIG-IP or NGINX to specifically deal with some of those ZTNA principles we're already in place there. So I think we've got the right technology to go after that.
Okay. Okay. I could keep going on this, but I'm going to make sure Cooper doesn't fall asleep over here. The question that I get all the time, and I'm curious your perspective, you know, the election just happened and we're, you know, we're still sort of not through it in terms of like thinking of what the ramifications are, but I get asked the question and I'm sort of curious on your perspective, you know, there's obviously talk of lower corporate taxes, maybe increased tariffs, DOGE, you know, trying to make the government more efficient. What is your perspective on, and could any of that be a benefit to F5 or is there a maybe, you know, could tariffs, you know, negatively impact kind of the hardware ecosystem?
Yeah. So the tax rate, of course, would benefit, you know, if we saw a 7% drop in the tax, the U.S. corporate tax rate, that would, or sorry, a modest decrease in the tax rate that would carry through. It's not likely that we would see benefit from that. And we're speculating here, but it likely would be up by 2026 at the earliest. So that would help drive our overall profit growth. From a tariff perspective, there could be a modest impact. Again, it's a guessing game as to what tariff rates would be and where we would see them. You know, the majority of our product is now software. So it really would show up in our component costs. We have pretty high margins even on the hardware side of the business.
The direct cause is kind of in that mid-teens% is a percentage of our systems business. And so that would be the part that would be exposed to tariffs. And then, you know, we would have to evaluate, you know, how do we pass some of that through or not. So these are all kind of things we'll be evaluating over the next couple of years. I don't think it's going to have a major impact to our gross margins over time. Now, whether or not it impacts demand, you know, we would see.
Yeah. What about from a federal exposure? You know, I tend to think software could be an enabler for more government efficiency because it just feels like the user experience from a federal perspective would certainly improve. Do you think like F5's role in federal could improve with, you know, maybe, you know, whether it's Musk talking about AI or, you know, just, you know, governments becoming more efficient?
Yeah, I mean, absolutely. That's one of the big draws for our technology is we can help customers, whether they're enterprise service provider or the federal government, get more efficient in how they deploy their infrastructure. Security remains of paramount concern, especially in the federal government. And so we don't think that that's an area that would be, you know, where the demand would be negatively impacted overall from any, you know, efficiency initiatives. So I think potentially there's a little bit of a tailwind on driving broad efficiency into those environments. And then security will continue to be a big driver of demand.
Have you talked about what your public sector exposure is?
Yeah, we break that out. It tends to be in the kind of mid- to upper-single digits as a % of revenue over time. Now it varies quarter to quarter. You know, September quarter is typically the higher quarter for that space and then kind of the mid-single digits for most other quarters.
That's helpful. All right. Flipping back to the product side, you know, if we're sitting here a year from now and, you know, sort of like what, you know, you're sort of coming out of a lab and you're thinking about like, you know, from a product innovation standpoint, what are you most excited about for the next 12, 28, 24 months? Are there things that, I mean, we've probably talked about some of the things already, but like, are there some incremental things that you, you know, you think the product folks are going to be investing from at F5?
Yeah, look, I mean, I think number one, when you look at application security in general, applications have fundamentally changed. They're no longer just these large monolithic apps. We have APIs now. APIs make up a massive chunk of public internet traffic, even more internal traffic as well. And so I'm encouraged about what we're seeing on that side. And I think you can expect F5 from a technology perspective to go a little bit deeper around what we see around APIs, additional protections, additional capabilities, improved discovery, things like that, that I think will really be important for CIOs and CISOs, especially as they try to get their arms around the API side of challenges and API problems. Of course, AI is always interesting as well. And again, early innings, it's going to be exciting to see how that develops. Like what is the future of the data center?
How is that future of the data center going to evolve? Are they still going to be in the same set of physical appliances or is it going to be the same software that's running in a different form factor? It could be GPUs, IPs, whatever that might look like. So it's going to be exciting to see. So flexibility is going to be important for organizations like F5 to be agile to meet the customer where they're at.
Yeah. From a competitive standpoint, could you talk about, you know, thoughts on Citrix these days? And then I also want to double click on Broadcom VMware, because obviously there's some pricing pressure that Broadcom is putting on some customers there. Any kind of comments on the competitive?
Yeah, I mean, I can speak to just what we're seeing in the marketplace and then if you want to talk technology wise. But yeah, we are seeing there's definitely that dynamic of some pretty substantial price increases that some of these peers are introducing to their customer base. I think it's causing some disruption and frustration with customers and it's really driving interest in evaluating alternative solutions. So there's an opportunity and we're starting to see that in some competitive takeouts. Won't name specific companies, but that momentum has increased. It's driving some of the hardware demand that we've been seeing. You know, we try to take a more thoughtful, holistic approach to our pricing as we look ahead with customers and really just kind of monetizing the value that we're driving with our innovation, but doing it in a more sustainable fashion with our customers.
And so pricing is an opportunity to kind of help drive a higher growth rate over time. But again, doing it in a way that is more sustainable with our customers.
Yeah. From a product innovation standpoint, have you seen any change competitively, whether it's some of the folks that we mentioned?
Yeah, look. I think what we've typically seen is some of those legacy players, like let's say Citrix. They have not made the appropriate investments on innovation in categories like API, as an example. And so I think what we've seen is it's mostly relatively static and stagnant ADC capabilities, stagnant load balancing capabilities, networking capabilities. Nothing really that's pushing more to the application side or to the API side that's solving these more modern challenges that people have. And certainly not flexibility in form factor, not to run as a service or as an ingress controller or something in a Kubernetes environment. And definitely not on like a GPU or an ARM. So I think what we're finding is that some of those other players in the traditional ADC market, they have not made the right innovation. They haven't made the right leap.
And some of that might just be because they have not invested in the underlying data plane. You know, they've not invested in terms of what we've been doing on the F5 side. Underneath the hood in BIG-IP is something that we call TMM, the Traffic Management Microkernel, the most sexy name on it, right? And so the idea behind TMM is, you know, it is built around performance. It's built around speed. And it's also something that it's software, which means that we can literally take this and move this anywhere. I think what we found is that so many of the other players in the ADC market don't have that portability. They don't have that flexibility where they can bring the power of TMM to different environments. Some of that is just so locked into the hardware footprint that they have.
That gives us that optionality and gives customers that flexibility of where they want to deploy this stuff.
What about? That's helpful. That makes a lot of sense to me. Then within like VMware's, what are these, Nicira? I forget what that business, or they changed the name a couple of times. You know, how do you think about that? I guess with NGINX in particular, like how do you think about that opportunity?
Yeah, look, I mean, I think to what Cooper was saying, everyone who is a VMware customer right now is re-underwriting from first principles how they want to continue leveraging that technology and how they want to continue leveraging those software capabilities. So for us, I think there's one part of it, which is a lot of these big companies are kind of re-underwriting why and what they want to do from a deployment perspective. If they want to stay virtualized, if they want to move to more containerized workloads, if they want to go to something else that's a little bit different, we will meet them wherever they are. And so to be really clear, if they want to continue being on VMware, we can meet them with a virtual appliance with BIG-IP.
If they decide that they want to change their architectures and they're looking for the same type of ingress controller, we can meet them with that. It's a tale of; it really comes down to like where do they want to be and how do they want to protect themselves. We'll provide the same capabilities, as I mentioned, whether it's load balancing, web application firewall, et cetera. We'll give them the appropriate ingress controller. It could be BIG-IP, it could be NGINX, but we'll meet them there.
Sounds like really the ultimate flexibility from a customer perspective, but I think from an investment perspective, I think a lot of people would have to look at you guys as kind of more on the innovative side than others right now.
Yeah, and I mean, that's really always been our approach is providing choice to customers. You know, technology wise, meeting their applications wherever they reside, commercial model, finding the commercial model that fits their business model. So we have systems, software, SaaS-based services. We have perpetual term-based subscription, SaaS, utility. So we're trying to find the model that long-term is going to fit best with our customers. And that's proven to be very beneficial.
I have a capital allocation question for you, Cooper, but I don't know if there's any questions from the group here. If you do, you can raise your hand, whether it's now or in the next five minutes. Let me know. Not yet. So yeah, capital allocation. How do you, you know, I mean, one of the other things is, you know, people are wondering, could M&A pick up a bit, you know, with the new administration? How do you think about, you know, the overall capital allocation? What is your philosophy on capital allocation, I guess? And how do you think about M&A playing a role in that?
Yeah, so I'd say no real change from what our approach has been for the past couple of years. We've done some smaller kind of tuck-in acquisitions over the last couple of years that have been very beneficial in terms of driving new functionality for customers to get better visibility into their threat landscape. As an example, we've been able to bring some new talent into the organization, but you know, larger M&A is something that is not necessarily something we think we need. There's no gaps in our portfolio that we see that we need to address with the larger scale M&A. It's not to say that we wouldn't continue to look and be open, but right now it's more likely to be kind of in the vein of what we've done over the last couple of years.
And then just in terms of how we use our cash, you know, share repurchase continues to be our primary vehicle. We've committed to doing at least 50% of our free cash flow. We've done much higher rates than that over the last couple of years, and that's going to continue to be our model.
And then like if growth accelerates here on a software, continued software mixture, how do you think about then from margin perspective, you know, would you know kind of think of not just this fiscal year, but just longer term, how do you think about the margin progression with an accelerating top line model?
Yeah, so we expect that our operating margins will continue to go up. We increased them pretty substantially in the last year. We guided to 140 basis point improvement in FY25, but we would continue to expect operating margins to go up. A lot of that is that software subscription model. The cost to serve our customers continues to go down as more of that business is coming through in a renewal motion. The gross margins, it's also beneficial, but you know, we're already in the kind of 83 plus % range. So it's a little bit, you know, harder to move the needle from there just because the margins are already so high, but we do see some opportunity to continue to improve the gross margins over time as well, driven by the software mix continuing to go up.
Okay. And then maybe from a technology perspective, I'm always curious, you know, you guys are on the front line of innovation and you talking to customers, and do you have any like interesting predictions from a technology perspective on, you know, obviously everybody wants to talk about GenAI and all that kind of stuff, but do you have any sort of like crystal ball predictions on like from a tech perspective, what we should be thinking about?
I think cybersecurity is one of the most important.
Still, yeah.
Still, I think the nation-state attacks that are happening are insane. When you kind of take a step back, some of the campaigns that are run against critical infrastructure, as well as some of the biggest companies in the world, it's so important.
Mind-boggling when you see it on the ground.
It is, and then also the software supply chain can be underestimated as well. I mean, the attacks in the overall supply chain, most people don't realize how many software components, open source components are in one of these deployments, and all of them are, you know, going to be targeted by all these different things out there. So I just think that's still issue number one for a lot of CIOs and CISOs right now is dealing with risk, risk discovery, risk buy down. It's top of mind.
Like from a cyber perspective, obviously there's dedicated folks in that space that are. That's all they do. Does F5 have to change anything to kind of be thought of as more of like a first party provider from a cyber perspective when you're competing with the Zscaler, you know, or Palo or, you know, some of the firewall vendors?
Yeah, what was very encouraging was earlier this year, we ended up getting ranked by IDC and their MarketScape as the leader in web application security. And that was awesome to see. And so just a testament to the fact that we've been either acquiring or bringing in the right pieces or developing the right technology on web application, API protection, bot protection as well. So I think we've got the right pieces to go after this and really help customers.
Yeah, well, it feels like there's a lot of positive momentum both in growth and it sounds like even margins and, you know, who knows, maybe we have seen the worst of the economic cycle and maybe there's some green shoots in front of us. It feels like you're still maintaining a level of conservatism in the guidance, which is always appreciated from our side, but it seems like there's a lot of green shoot opportunities on the product side to keep folks excited. So we're out of time, but listen, I really thank you guys from all of us at RBC. Thanks for coming here. It's Cooper, congrats on the role.
Great, thank you. It's great to be here.
Best of luck, guys.
Great, thanks.
Thank you both.
Cool.
Cheers.