Right. Good afternoon, everyone. My name is Brian Essex. I'm JPMorgan Securities Software Analyst, and thank you for joining us today for Fortinet. With us today, very pleased to have John Whittle, Fortinet's Chief Operating Officer, and Christiane Ohlgart, their Chief Accounting Officer, soon to be Chief Financial Officer. And then, I don't know, is Aaron here somewhere?
Do you need to do a safe harbor?
No.
No? Okay, we're good? All right. Every company's different. Thank you both for joining me. I really appreciate it. John, I think it's a unique opportunity to have you with us. Maybe, for those that may not be familiar with you, maybe a brief intro. I think you've been with the company quite a long time.
Correct, yes.
Maybe your perspective on how Fortinet's sales, leadership, and culture have evolved and what your experience has been at the company would be helpful, like background.
Sounds good. All right, thank you, Brian. Thanks for including us. We really appreciate it. It's great to be here. Thanks, everybody, for joining us. My name's John Whittle. I'm Chief Operating Officer. I've been at Fortinet for 19 years. I joined in 2006, a few years before our IPO. My main mission throughout my time here has been trying to help support Ken and Michael and the team really grow this business and grow it in a disciplined way and properly disciplined way. We've built up a pretty good track record so far, and we feel really good about the future as well. In terms of kind of the leadership team, to your question, now, and the sales leadership team, what we're seeing in the market is really kind of this confluence of tailwinds.
There are a number of kind of short-term tailwinds, the refresh cycle, which we might touch on a little bit. At a high level, what we're seeing, we talked about this in some of the 101s. Some of you might have been in some of those. A real step-level increase in the threat that's out there in terms of pervasiveness, in terms of sophistication, in terms of downside from the threat. A lot of the demand for our solutions follows the threat. You have AI, you have nation-states, you have organized crime. It's really just kind of going like gangbusters from a threat standpoint, which opens up opportunity for us. The good thing about that is it's good timing-wise in terms of our solution set. We have a very broad solution set.
We've kind of followed where we can add value to customers. So we've gone from a firewall-only company to now we divide our solutions between secure networking. You think of that as firewalls integrated with switches and access points, SaaS, and SecOps. We have very mature solutions. We're number one in terms of the deployed firewalls out there. We're number one in SD-WAN. We are number one in terms of OT security. We have line of sight to become number one in SaaS. We feel like we have this very broad solution set, platform solution set. Our SecOps platform is one of the broadest in the business, right when this step function increase in the threat landscape is out there. In terms of our sales leadership, I think the confidence level is high across the board.
We have three sales leaders: Joe Sarno, who runs EMEA and APAC, and he's been with the company for 20-plus years, maybe 21 years. He's driven a lot of that growth in those regions. We've done very, very well. We have Pedro, who runs Canada and LATAM. He's been with the company for 17 years now, I believe. Trevor is running US, Trevor Pagliara. He's been here coming up on two years now, so he's the newest of the three. Across the board, I see a lot of confidence from each of those sales leaders. Trevor's brought new energy in the US. US, obviously, is a very competitive market, and Trevor has brought this kind of hard work culture.
I think we historically have relied on the channel a little too much, and so he's got a certain amount of passion and hard work and aggressiveness that is really, really positive. I really enjoy working with all three of them to kind of uplevel that sales approach across the world.
Great. Not super helpful color. Maybe for Christiane, I know in the earnings call there was some commentary around different sales management changes, right? I mean, last year we had Patrice Perche retired, and you brought, as John mentioned, brought new sales leadership in or maybe elevated some people into new leadership positions. There were some questions around the way that you formulate your outlook and the input that your sales management has into the outlook. Maybe explain or help highlight for us how the input that you get from sales has influenced the outlook and what the result of some of those sales management changes have been from an outlook perspective.
Yeah, I think the inputs to our guidance setting and outlook, of course, is always sales input, pipeline, hiring, quality of pipeline, so how many deals have already been committed, what is best case. Then, of course, market outlook, right? What is the market doing? What is the voice that we're hearing? Because as any tech company, I think, is obvious, most of the business is done in the third month of the quarter. There's always a little bit of risk there when the market outlook is changing. That's what we saw this quarter. From a sales perspective, not having one leader, but having three leaders providing the input is what we had before, but we do not have one leader who balances the kind of risks or benefits that they see and give us one number.
Now it's up to the organization, to finance and the rest of the leadership, right? I mean, it's not a finance decision what we guide to make these statements and, or not statements, but to come up with the final numbers, what we are comfortable with, given the nature of the macro environment. I think what we saw with the Q1 release, our guidance for Q2, was a little bit that there was expectation we would guide up, but on the other hand, a lot of our customer companies, you see they're uncertain about the macro environment, what is it doing to their business with tariffs, with increase in interest rates, with lowering US dollar values, lots of different economic changes that we saw happening in April that we took a decision.
We are super confident about our execution, about outgrowing the market, but what happens near term within the next couple of months was unclear. That is how we ended up with the numbers for Q2.
I think to summarize it, I mean, we see a lot of confidence across the board from the three sales leaders, but we do not know what we do not know in the macro, so a little conservatism probably makes a little bit of sense. In terms of confidence levels from sales, we meet with them regularly, multiple times a week, very high.
Would you say that relative to what you had last year with Patrice, would you say that's more conservative than it was before, or just it's a different environment, so you're really hard to compare?
It's a different environment. I think many of you may have been at our analyst day. You saw the sales leaders. They know their business. They know their customers. From their perspective, not so much has changed. Our business is extremely diverse. We sell into SMB, mid-size, and enterprise. We have the best visibility into enterprise customers, of course, because the rest is more channel-driven, and we are highly diversified across the globe. There's always an element of uncertainty. If the macro environment comes in, it just gives us a little bit more pause.
Great. John, from a strategic perspective, I think it's funny I asked one of your peers this question this morning in a different way, but if we look back 10 years ago, you had a much different rank order of the size of the companies. I think Checkpoint was at the top of the podium, and then you guys were number two and Palo Alto number three. That order has dramatically flipped, and it's been really fascinating to follow the strategy of each company. Obviously, one has been much more acquisitive. Another one, much more organically focused. I think that's changing a little bit. How would you frame the way that Fortinet's looked at the business, maybe from a build versus buy versus partner perspective historically? Is that changing as it seems some of these vendors are focused more on faster time to market for new product?
Yeah, it's a good question. In fact, when I got to Fortinet, Juniper was one of our top firewall competitors. I think they were tough. Ken is so focused on results and execution and his roadshow, the IPO roadshow. He said, "Cybersecurity is a great industry, but you got to execute." It's not like it just kind of rising tide lifts all ships. In fact, we want to rise faster than the rising tide. We want to out-execute the market, take market share. That's our goal. That's how we grade ourselves. We feel like the best way to do that is tilting towards organic. We've got R&D at scale. We've got thousands of great engineers. Having that scale advantage is an advantage against some other companies where you have this skill shortage. We also have an entrepreneurial culture. We're founder-led.
I think that really works to our benefit in a lot of ways. One, we do move fast. The threat is moving fast, like we were talking about earlier. We have engineers who can develop fast. It is not necessarily a trade-off between do you acquire or do you move slow. You can actually move fast through organic development. That is where we will tilt towards, for sure. We still do a lot of tech and talent tuck-ins for features and whatnot, but we view our common operating system across platforms, a lot of platforms, as a competitive advantage because it just works better. We have had a lot of customer meetings recently, and they have told us that. They have said that we go in, and the slides look great from some of your competitors, but then you try to implement these solutions. It actually happened to Juniper.
When they bought NetScreen, they had separate operating systems and could not get it to work together. That was a lesson learned by us early. We are very focused on these solutions that work really well together. They are built from the ground up to work together. We have still done three or four. We do three or four tech and talent tuck-ins a year, but they are relatively low risk. We are going to keep our options open. Obviously, we have a lot of resources at this point, and we could do something significant, but I would think we will probably stick to our knitting and focus more on organic development, but with little supplements here and there by M&A.
I would add, you made a point that acquisitions allow you to be faster to market. I think that's true for certain aspects, right? For other aspects, I think we are actually pretty much upfront and innovative. If you think about quantum, right, about cyber risks that exist and that we now are going to be exploited in a couple of years, we build this into our solutions right now to protect us, right? Quantum is one. We've spent a lot of efforts on AI in the past, where initially it benefited us internally for analyzing our threat intelligence. Now, with GenAI coming up, we use it in our products, but we also use it internally in support to get more efficient. I don't think that you need to necessarily buy to be fast to market.
There are other areas where we may not have been as fast, like SSE, but we believe that we can capture the market pretty quickly now because it's a great expansion site.
Got it. Not super helpful. Maybe, Christiane, from your perspective, still relatively new to the company. I'm sure it's been very much a drinking from the fire hose event for you. Anything you can share, first impressions that you've had from your introduction to Fortinet, and then how you might manage things differently than Keith as CFO once you take that role.
I've known Keith for a long time. While I rejoined Fortinet a year ago, I've worked for Fortinet for a longer period since 2016. I know the business. Keith and I, we're both data-driven, and that serves us well. I think we are making data-driven decisions. We are, of course, to make data-driven decisions, constantly trying to improve our own internal data that we use internally and that we provide to the organization. What is going to change? I don't think too much from how we manage. Internally, I think I would like to get more insights into certain aspects that we are building out. One is the infrastructure. Better visibility into how is our cost benefit as we build out infrastructure for our SaaS solutions as well as SaaS and what's to come.
I think the successes that we have internally with AI for support and managing support cases, I would like to see how we can use AI in finance for our own internal efficiencies. From a strategy perspective, I do not think much will change.
Just from my standpoint, Keith will be sorely missed. One of the traits of a great exec is he's left us in good hands. I mean, we've worked with Christiane for, what, seven years with the boomerang. She's been a great teammate all along, and we're in really good hands. Thank you, Keith. Christiane's going to be great for the company, for sure.
Great. Maybe on your point of leaning into AI a little bit, are there any observations that you've had based on your usage of AI internally within your operations that you can share? Where do you think you might have the biggest opportunities for productivity improvement leveraging AI?
From an internal use perspective, I think especially GenAI has been deployed in support to manage all the L1 support cases that come in versus taking them over the phone. That has actually helped us reduce the need for additional headcount in support, right? We can be more efficient. Customer success close rates and customer CSAT ratings have been the same. It is a great use case how AI can be very efficient for organizations. In addition, we have used AI in the past for machine learning and so on to manage our threat intelligence and deliver FortiGuard solutions, which is our security content that we provide to customers faster because we were able to analyze our data faster, our telemetry that we get from the firewalls. These are great use cases on how AI makes us more efficient.
I actually personally have great hopes that technology can make us more efficient in finance. That is what I want to evaluate.
Great. I wanted to touch on the Q1 results briefly and maybe recap those a little bit, particularly with regard to it seemed like results were relatively strong. Product-related revenue in particular seemed as though it was pretty strong. How much do you think the strength there was due to industry-wide demand versus product cycle versus refresh cycle? What are your expectations for the rest of the year there?
I think there are multiple trends that we see in tailwinds, right? One is our own end-of-support cohort, which forces customers to upgrade and replace their existing firewalls because they go end-of-support at the end of 2026. That is a forcing function that we started to talk about last year at our analyst day. Since then, we have created go-to-market motions that allow us to capitalize on that and sell more services. You have another more market-wide trend, which is what I would call the COVID cohort of buying that is going to be three to four years old by the end of 2025, 2026. Many customers do replace their technology after it has been depreciated. I think in two to three years, we will see more of that being refreshed. There is not a forcing function to refresh the firewall because it is still under support.
We will see that across all the firewall providers. Naturally, there's always expansion with more use cases going on. We see a lot of expansion in segmentation, but also in OT. In this quarter, OT was a very strong use case for us.
Got it. Maybe John, to the extent that you have visibility into it, how should we think about the different puts and takes from a refresh perspective? From the point of you have some, I mean, you're kind of like a unique end market, right, where you have a third, a third, a third, small, mid, and large business. You may have some at the smaller end, which may go out of business, maybe more sensitive to macro than the large enterprise. When you're faced with an end-of-service deadline and we're also looking at evaluating the macro impact we might see this year, what do you think the customer's outlook is going to be on the timing of refresh that they might have?
If they're coming up with an end-of-service date kind of in the second half of 2026, who might be more inclined to wait until the last minute? What are the implications? Who might spend this year anyway, regardless of that event?
Yeah, I think, I mean, our hunch is that the smaller companies in general may wait a little bit versus the larger companies who will typically get ahead of this. It'll be a mix. I think some of the smaller companies will get ahead of it as well. I think a lot of these companies, they have been sweating the assets for so long that it definitely makes sense for them to upgrade regardless of the end-of-support period. I think it'll, and I think some of it can be driven a little bit by our channel as well at the low end because they can kind of push those discussions earlier so that smaller companies can get ahead of it as well because it can behoove them to be prepared as opposed to wait till the last minute too.
Got it. And then Christiane, I think one of the points of question or pushback I've gotten after the earnings call was on the initial, or I guess the outlook for the rest of the year, particularly relative to your midterm outlook that you gave during the analyst day. So I think we were looking at a 12% CAGR, but your guidance for this year would imply about a 12% billings number. How would you reconcile those two given that this should be kind of like some refresh benefit this year? Shouldn't it be higher than that midterm CAGR that you gave at the analyst day?
How did we come up with our midterm CAGR at the analyst day? It's really a function of the overall market growth and our ability to outgrow the market. I think our current year, fiscal year 2025 outlook is prudent based on where the economy is and the ability that customers still have the choice to renew for a year. Do we believe they will all go to the end of next year until they upgrade? No. It was too early to change the guidance. We are confident that we are capturing the market and that we are capturing the opportunity. We do not see any discussions where competitors come in. Firewall is our strongest product. We are up there in the magic quadrant. The new firewalls that are being refreshed probably do not have SD-WAN functionality.
There is a lot that speaks for us to use the same technology. We are not afraid to have those discussions. We believe we have great customer journeys to upsell from the firewall to SD-WAN to SSE. We have the technology now to make it really simple, and it's going to come.
Yeah, I think it goes back a little bit to the earlier comments about macro conservatism. We did have a good Q1 where there was some uncertainty. Good start to Q2 as well. You just do not know what you do not know, what is coming down the pike. I think we see a lot of confidence, like I said earlier, across the board with our sales team. We want to be a little bit careful.
Right. On that, any change that you've seen since the beginning of April in terms of macro pressure on maybe sales cycles, close rates, customer buying patterns across the platform of the business?
No, I haven't seen any indications of risk since then.
April was good. 50% of our business is always the last month of the quarter. You do not know what you do not know. I mean, I think yesterday we got great news, right, that the China tariffs are going to be reduced. You do not know what news you get over the next four or five weeks. We are just playing the conservative game here.
One more, and then I'll open it up for questions. There's been a lot of focus on the SaaS space. Wanted to understand your opportunity there. I mean, I think if I go back a year, there was a lot of excitement over your SD-WAN install base and your ability to convert those customers. I think since then, we've seen you sign an agreement with GCP to shift your network, to give you more network availability. Things have kind of progressed from an overall industry perspective, very competitive space. If we think about, and I think SaaS billings were relatively strong this quarter. How much of that is SD-WAN conversion? How much of that is new customer kind of go-to-market traction in that SaaS space and potentially some share shift from some of your peers?
From a, I think, buying behavior, it's mostly upsell from SD-WAN to SaaS. This is also where I think our strength lies. We get into more RFPs now natively, right, where we are considered. John can probably also talk to how the SaaS product has matured. We were late to the market, but I think we've taken a little bit of a different approach and used SaaS as an extension to the network. You have common security policies. You have ZTNA policies that apply across. On top, we've started building out our own infrastructure, which actually has allowed us to now come out with sovereign SaaS, which is very interesting to telcos and also for regulators that want to have data in country. It's going to give us another growth angle to our SaaS story.
Yeah, we see a lot of kind of a sales process going from firewall to SD-WAN to SaaS. There's a huge portion of our SaaS customers that follow that approach. Number one in deployed firewalls, number one in SD-WAN, like I said. We see line of sight being number one in SaaS as well, partly because we're just kind of scratching the surface on that expand sale to our SD-WAN customers. I think we're like 11% penetrated or something like that in our SD-WAN customer base. We're also seeing at the high end, we've been working with Fortune 100 companies to roll out our SaaS, and it's getting adopted more and more. We're getting good feedback from there. We're learning. We feel like we have a very mature solution.
We were just voted vendor of the year by a very large retail organization that displaced one of our big competitors. It was not kind of that approach where you go from SD-WAN to SaaS. We displaced a SaaS competitor at a very large enterprise. If it's good enough for this enterprise, it's kind of good enough all the way down the stack. We feel really good about it. That's a big focus of ours. You're going to see not only is it good enough and mature right now, but we're going to add to it with more advanced DLP, next-generation CASB. You're going to start to see us continue to add to an already mature solution.
Got it. With that, I'm going to pause and see if there are any questions from the audience. Okay. I'll check back again in case there's any additional ones. On that, sticking with the SaaS theme, I think a while back you decided that instead of building out your own data centers and relying just on that, you'd partner with GCP to kind of broaden out the network. How have you seen buying patterns change since you made that announcement? I mean, where was the, it seemed as though there was a secure service edge or access network headwind because you didn't have as many pops as some of the peers did. How has that changed things since you made that announcement?
It's really opened it up. I mean, we went with speed and really partnered closely with Google, and we partnered with other colos as well. It's really opened up the demand. We see other demand popping up in different geos. We partnered with Google to really spark up the pop really quickly. We also balance that with our own infrastructure. We're buying data centers as well. We think that'll be a competitive advantage too because the cost of Google and these colos is so high. If you go with a hybrid approach where you have your own data centers, you can bring your cost down a bit, pass through some pricing benefits to customers, maybe have some margin benefit for Fortinet as well.
I think if you look at it from a customer perspective, they want a vendor that has multiple POPs, right, because they have typically employees located in different locations, right? I think it has given us the ability to compete more. Now that the customers see that there's a price differential between going through Google POP or going through Fortinet infrastructure, a lot of the customers decide that it's actually beneficial for them to go through our infrastructure and get those price benefits on their SaaS solution.
Got it. The other area of focus, obviously SecOps. Where are you seeing the demand within your customer base given the composition that we have visibility into of what the customers look like? Is this just a large enterprise solution and are smaller customers more, I guess, best served by service providers? Or can you kind of like sell SecOps across the whole customer base that you have?
We sell across the whole customer base. We have EDR, SIEM, SOAR, NDR. Some of those are well suited for the larger customers. We have developed a lot of SecOps functionality into our FortiAnalyzer product. We also have other SecOps solutions like SOC as a service. If smaller customers want to expand their SOC capabilities, like we talked about earlier, there is this huge cybersecurity skills gap. They can have this kind of extensible SOC service leveraging Fortinet. We have different services that are more helpful and add more value to different customer segments, but it is kind of across the board.
Got it. I want to hit on OT really quick. Certainly rising as a priority and we're seeing some emerging vendors really kind of like zero in on that as well. Can you walk us through specifically what OT security products you have that are contributing to growth in that segment? Any metrics you can provide in terms of revenue growth adoption that you're seeing on the OT side?
A lot of the OT solutions that we have are rugged devices that you can deploy in environments that are not as cooled like a data center or that are out there in the weather, right? The OT, I think growth that we see is definitely larger than the rest of the business. These use cases are important because this is still where companies need to invest. In the past, they had their operation environment often air-gapped and not as many security risks. Now more and more this comes together. You have pure OT use cases. You have what we call OT-IT converged use cases. Because from your operational environment, you want to get the data fed into your network, into your applications. This is where the security threats are coming in.
What we saw from our FortiGuard Labs report is that scanning the networks and scanning the APIs and so on is one of the biggest threats. This is where threat actors get in and then crawl through the network. That's where some of our products can help significantly.
Any underlying themes that you can point to on the OT side? Is it things that have historically not been connected to the network now being connected to the network? That is the issue? Or is there also a sense of anticipation that there is more kind of like compute at the edge and that may drive more kind of like OT demand?
I think it's the connectivity to the network. That's one of the big drivers and related segmentation.
Got it. Got it. I wanted to talk about, if I circle back to the earnings, one of the other points of pushback was on the maintenance revenue side. You can split that up into maintenance and services. In terms of the subscription side of the business, I think a little bit softer than some expected. How much of that was Lacework -related? Is there any way to think about how we might set expectations around kind of maintenance revenue for the rest of the year?
I think there are a number of factors that play a role here. One is, I think what was called out by analysts is that there was a quarter-over-quarter decline, right? First of all, we had an out-of-period recognition of about $5 million in Q4 that played a role. We had two less days in Q1 compared to Q4 that played a role. The fact that last year we only grew 2% also impacts our overall services growth. The part that was not anticipated as much was more churn in the business from Lacework than we had expected. We knew this was after our Lacework customers when we purchased, not a surprise. We had expected that by the end of Q4, this kind of tapers off and that the customers who have decided to move on and not stay with Lacework would be pretty much done.
There was more churn in Q1 than we had expected. I think it's almost done. We get good reviews for the product. The fact that Google has purchased Lacework is probably pausing some decision makers, right? What's the right next strategy?
What's going to happen? That's changing your outlook at all.
I do not want to call it done, but I think the risks have decreased.
Great. Great. With that, I think we're out of time. So John, Christiane, thank you very much for joining us. I appreciate it. Thank you all as well.
Thank you.
Thank you.