All right. Good afternoon, everyone. My name is Brian Essex, J.P. Morgan Securities Software Analyst. Thank you very much for joining us. With me this afternoon, I have Corey Thomas, the Chairman and CEO of Rapid7, and Sunil Shah from Investor Relations on the end there. Maybe to start for those that are not very familiar with Rapid7 and what you do could you give us a brief overview of the company, how it was started and when you stepped in and become involved?
Oh, okay. Well, one, thank you, Brian, for having me here today.
Sure.
Rapid seven started in the early 2000s. The founders were enterprise software architects, their big observation was that data collection in cybersecurity was a challenge. The company was founded on the premise that you would need lots of security telemetry to manage cybersecurity environments going forward. They start with that premise, and they actually built them out to Vulnerability Management. I joined the company in 2008, right as they were actually starting to get traction in the Vulnerability Management space. At that time, they were, like, one eight Vulnerability Management vendors. It was like the Wild West then.
The thing that was unique and the thing that attracted me to the company was sort of like two unique things, is, one, their focus on making it easy to actually collect security telemetry, I thought was gonna be a long-term game changer before that, I was at a series of startups, and I was at Microsoft before that.
Okay.
I knew the value of ease of use when it came to sort of, like, making technologies mainstream. Rapid7 was one of the few companies that actually had an ease of use and a productivity story when it came to security.
Mm-hmm.
I joined the company then. I became CEO in 2012. Went after was really the core security operations market, which is about how do you actually collect security telemetry data, how do you actually analyze it, and then how do you actually automate security workflows based on that data.
Mm-hmm.
Our whole goal was, how do we actually take the complexity and the cost out of security operations while driving up productivity and efficacy? That's the journey we've been on, and that's what's pretty much catalyzed our success.
Great. Great. No, thank you for that. I guess maybe after that, I think where we'll move is on the macro, everyone's got a pretty close eye on, it's kind of the default question of these sessions. Maybe, you guys certainly called it out on your, on your earnings call. , could you share a bit of insight around where you saw pressure last quarter? Have there been over any changes in the environment over the past say month and a half as you've executed past that?
Last quarter was a lot of what we expected to see. I would just say that while there was some mild incremental sort of like questions right around the Silicon Valley Bank outing, last quarter actually ended quite healthy, and it ended up fairly what we expected to see. We expected this year coming in to see incremental pressure in the environment. Let's just talk about that and break it down.
Mm-hmm.
Is, one, we see very healthy fundamental demand, but we see customers' budgets under pressure, and so they're trying to do two things, do more with less and try to navigate sort of, like, how to get their projects funded. What that means for us is that, one, we need to be part of helping them do more with less. That's our platform consolidation offerings, are focused squarely on how do we actually help both existing customers and new customers get more done with a more constrained, tighter budget.
Mm-hmm.
That's one. The second thing that we saw, we expected to see, was that customers are going to be working their ways into what their budgets are, that means that we have to actually get better and better at managing deal cycles and timing and the approval processes that go along with that. That was definitely par for the course. Now, luckily, part of the reason that we were a bit more, I would say, conservative in thought for the first half of the year and while we expect to ramp, is that we knew coming in that we would have to have higher coverage ratios because some deals were just gonna push out.
Mm-hmm.
We set our guidance based on the pipeline that we had and said we need enough coverage ratios to actually hit these and hit these well. Exactly what we expected to happen, happened. The good news is our teams got better and better at actually forecasting and understanding the deal cycles that they're currently in and asking the right questions about what are the approval processes, what are the time frames, and our customers, frankly, are getting better at navigating that and managing through that.
Mm-hmm.
That was par for the course, and was expected. The last thing that we specifically saw is we saw a good uptick in our consolidation offerings and packages. Those are the things that we actually saw as we actually came out and started the year. Sunil, did I miss any material?
No, I think that's right. I think the latter point really speaks to what we're seeing from a customer demand standpoint in this environment, which is customers are trying to do more and get more value for the budget that they're spending. I think that plays into sort of the engagement that we're seeing with them and the opportunity that we're seeing to consolidate more of their sort of stack and their dollars into a unified offering.
Yeah.
Mm-hmm.
I do think the one thing that may get misunderstood, 'cause it's somewhat confusing, is there's a widening gap between the fundamental demand that security teams see what they need and the budgets that they're able to get. Now, you can actually sort of have one of two perspectives. Is one is that gap persists and that the security teams don't need it, aren't gonna get it, and it's gonna be like that in perpetuity. Of which then you would see both the growth rates in the public companies and the crisis that you see in some of the private companies continue.
The alternate view is in some ways what I think that many experts, both across government and across the private sector, is you'll see that lack of investment, actually end up causing issues and that you will see people actually catching up because there are fundamental sort of like lags in sort of like security programs that actually have real material risk for both companies and the U.S. economy.
Got it. , from your perspective, anything you can call out in terms of, I guess, pressure that you can attribute to specific verticals, customer sizes, segments of technology that is notable?
Yeah. , one question we'll get, so I'll just hit it up front.
Sure.
Is there financial services pressure? Look, we think that I would say that we did not see any specific pressure in financial services.
Mm-hmm.
That said, I think there was a crop of companies that if you were sort of in a certain profile of regional banks, then you probably saw some pressure, if you happen to have deals closed. , we have large insurers. We have a wide cross-section of financial services companies, everything from large insurers to credit unions.
Yeah. Yeah.
We didn't see any material delta there. Where we continue to see pressure, although not as bad from a pipeline build as we expected, is in the, I would say, the mid-market.
Mm-hmm.
In the lower mid-market. We continue to see pressure there. I would say those organizations are slightly more reactionary to what's happening in the macro economy and uncertainty because they are running on tighter margins and tighter business models. They tend to cut spendings fast and accelerate spending fast.
Mm-hmm.
We expect to see pressure there, and that's where we saw the pressure.
Yeah. How would you differentiate it? It seems like in the Q1 , a lot of the kind of mid-market, they were slower to get like, budgets finalized.
Yeah.
, enterprise is , faster-
Yeah
... to kind of like finalize the budgets and get going. Was that different than what you saw kind of for the remainder of the quarter or was the, I guess, deal activity like pushed into like?
Well-
... back end of the quarter a bit more as well?
It gets a little bit tricky. This is why I say it looks better than expected, 'cause what happens in the mid-market is just this is in some ways where your sales teams have... You have so many organizations.
Yeah.
In some ways your selection bias matters. Are you good at selecting where you actually spend time?
Mm-hmm.
I would say that we're expecting less pressure as the year goes on, in that. That's just as much of, I think, that our sales teams have actually gotten better at actually figuring out how to qualify which companies are under pressure and which ones aren't under pressure. If you think about the tail end of last year, is that you actually have the pipeline that you actually have.
Mm-hmm.
You're in the deals that you're actually in.
Right.
This is I was joking around with Sunil that this is the first time that I think our sales reps are actually listening to earnings calls. It might be. Which is actually, which is great. It just goes to show that like they are actually taking a much more thoughtful approach.
You're doing a better job picking your battles in terms of...
Picking our battles.
... where you can actually be more successful
... in the midsize market, picking your battles matters hugely.
Yeah.
There's lots of companies that you can actually spend time on. Ultimately, we have a reasonable amount of salespeople, but it's not unlimited.
Mm-hmm.
How you allocate your time matters hugely in this segment.
Great. Great. Then maybe to kind of move to strategic from a strategic point of view, you've migrated from kind of a relatively Vulnerability Management-centric platform and have recently evolved in kind of adjacent markets, including threat intelligence and cloud security. How would you characterize the catalyst for that migration, the way the platform shifted to those? I guess a year ago.
Yeah
... it was like three pillars. Now it's mostly like two with an overlay of Vulnerability Management to it.
Yeah. There's two questions there.
Yeah
... why did we shift into two, how are we shifting, right?
Right.
One, I would just say we looked at the security operations market and said that market is ripe for consolidation. It's a bunch of point tools and solutions that are fairly expensive, and they're fairly complex, and customers will want to rationalize it. That looks like a very good bet, just to be clear. If you talk about any market that is prime for consolidation, is you have to have an enterprise-level risk view of your environment, and you have to have an enterprise-wide way to actually detect and respond to attacks.
Mm-hmm.
That was the thesis. It's been the thesis for like the last six years. It's been sort of like a lot of work, but that thesis is actually paying massive dividends now because people do have to figure out how to manage risk across the environment and how to detect and respond to attacks across the environment.
Mm-hmm.
That's the why, is that there was a market opportunity that was too complex, that did not have enough reach across the broader ecosystem, and had too many failed projects, we wanted to actually pursue that. We actually had a reasonable why to win, 'cause we were actually good at collecting security telemetry. The approach, now you actually get to the approach question, is about why did we actually organize our platform offerings and our go-to-market around the risk in the end-to-end enterprise risk management and around end-to-end threat management? Why is vulnerability management a feature of those things? Well, first and foremost, the cloud is the most. It is the highest growth area of strategic importance in the risk space.
It is currently a must-have when the Vulnerability Management is something that you should do. When you think about prioritizing your sales efforts, one of the most important thing when it comes to prioritizing sales efforts is you wanna prioritize those efforts on things that are much likely projects that are likely to close. Cloud security projects have a higher likelihood of closing than Vulnerability Management projects. It's where the energy is. It's where the focus is. It's where companies and organizations are. That's the first thing that we're focused on. The second thing, if you think about the threat space, part of the reason we've had such consistent growth in this threat space, and I would say that continued even last year.
Mm-hmm
is that the one thing that companies cannot skip over is actually monitor for attacks in their environment. It is a must-have. It is an area where we have competitive position. If you look at the SIEM market, you have a bunch of legacy players, , ArcSight, you have Splunk, which is having mixed success.
Mm-hmm
... but still a very strong, healthy company. You have the Managed Detection and Response is where companies need help actually managing it, and we do high margin, MDR services there. There, I would say that we're actually gaining rapid share, and it's becoming an us and an Arctic Wolf world, in that environment.
Mm-hmm.
For the high margin services for the larger clients, we're actually winning quite substantially there. That is an area where the market's actually playing to our favor. It's one of the most consistent areas of land. In the cloud space, it's 100% about how do we actually upgrade our install base to our cloud security offerings, which is the lower risk way to actually participate in the cloud market.
Got it. I guess overall, it recently sounds like vulnerability, I think you alluded to it a little bit, vulnerability management has had, like, less traction in the market or maybe it was, like, slower growth than.
Well, yeah, let me add to that more. Vulnerability Management is actually critical. It's something that people won't stop doing. It's something that they actually need to do, and they need to cover their environment.
Yeah.
There's two trends, this is part of why we got into cloud security. At the end of the day, Vulnerability Management is about visibility into the environment, and it's actually about risk management of the environment. What's my risk? What's my exposure, and how do I actually remediate it? Now, it has dominated the on-prem world. We looked at it, and we said, "Listen, we wanna be the vulnerability...
We wanna be the risk management platform of choice for how people get visibility into their environment, how they manage risk across the environment." In a world where more and more people are actually deploying on the cloud, it became a critical focus and priority for us to actually make sure that we had dominant, strong technology and doing visibility and risk management in the cloud while we actually give up something that we were actually had a strength in.
Mm-hmm.
We look at cloud security as a continuation of the Vulnerability Management focus on visibility and risk management. In that light, I would say that more of the new deployments over the last few years have been in cloud, which is why you see urgency of people to catch up on risk and visibility in cloud security space.
Mm-hmm.
Lots of what's left in the on-prem world, or they get to add it in the on-prem, happens to actually just be less critical. That does not mean vulnerability management's not critical. It doesn't mean it's not gonna be, continue to grow. In an environment which we're in right now, where people have to make choices about where they actually do their spend, customers start focusing on, like, all right, what is most critical today? What's most critical today is the cloud environment and getting visibility and control of the cloud environment. Vulnerability management is still important. It's still something that people are gonna do. It's still something that's gonna expand, but that'll happen as budgets loosen back up over time.
Mm-hmm.
We're still, by the way, we're still closing new Vulnerability Management business. I'm talking about in aggregate.
I guess maybe on the cloud security side of the business who do you typically see for competition there? It seems like it's a big focus for everybody.
It's a big focus for everyone. I would say that we're very disciplined. Like, look, we are not gonna spend unlimited amounts of money on cloud security, and so on marketing. We'll spend an unlimited amount of money on the technology to make sure it's best in class technology. There's people that have massive war chests out there, to actually lose money on a go-to-market.
Yeah.
We're not going to lose money on cloud security. The advantage that we have that other people don't is that we have 10,000 customers around the world of which we are their risk management platform.
Mm-hmm.
A home run is upgrading 30% of my install base to our cloud security offerings.
Mm-hmm.
, a double, this is a baseball analogy, is sort of upgrading 20% of our install base. The point here is that we're not going out and chasing new. We're actually focused on the very efficient model of upgrading our Vulnerability Management and our detection response customers to cloud security. We have a preferred right to win there because we're already their risk management platform of choice.
Mm-hmm.
That's our strategy for cloud security. We're not taking one that says we're gonna spend an inordinate amount of money to actually go, try to compete for lots of new hit-to-hit lands. It's just not a good use of our capital at this stage.
Got it. As you push into cloud security, I mean, where are you drawing the boundaries where you think you can be most competitive, whether it's from the developer side of the equation?
Yeah. We're foc-
Or-
We're focused on the cloud infrastructure management, so we focus on agentless cloud security. That is sort of like people that are deploying in multi-cloud ideally. We have people who wanna assess their risk profile of the cloud, so you can think about it as Cloud Vulnerability Management, and Cloud Security Posture Management. Then people wanna automate the remediation, so we have a heavy focus on automation in that environment. That is the heavy focus. We cover the full cloud security stack, but where we aim to be differentiated is in three areas, two today and one we have a massive investment in, is we're differentiating in Cloud Vulnerability Assessment and Cloud Security Posture Management, and automation. Those are areas. Those are actually three areas.
The other one that we're actually adding in, 'cause it's our core expertise, is Cloud Detection and Response.
Mm.
The areas where we actually have strong capabilities, but it's sort of different, is sort of cloud workload, cloud workload protection. We have a Kubernetes-centric approach, where some people are taking a more agent-centric approach.
Mm-hmm.
Which is fine, that works for some people. There's lots of Kubernetes in the world. It's actually growing fast. That's our approach about how we're actually approaching where we're differentiating that environment.
Got it. I guess maybe to focus on attach rates, we used to have a little bit of visibility into attach rates.
Yeah.
, any comment in terms of how attach rates, now that you've kind of, like, reshifted this platform to, .
Yeah
... cloud security and threat management or threat intelligence. I mean, how-
Yeah
... how do you think about attach rates now that you've kind of?
And, and-
reorganized the platform?
We are working on a how do we actually communicate it to you all over time. Look, here's what we know. We have products that we actually have consolidated into platform offerings. What used to be a standalone product is now a component of an offering that we still monetize 'cause we actually are charging a higher amount for that consolidated offering. You can think about it a little bit like Microsoft has E3 and E5. We actually are taking an approach that actually says we wanna make it simple for people to consume enterprise risk management. That includes sort of like at the baseline level, cloud vulnerability assessment-
Mm-hmm
... traditional vulnerability assessment, and external threat intelligence. At the next level, then I add security posture management and a whole bunch of other cloud services around that. , the question is, are you talking about the individual components of which you have a menu of like 15, 20 different things?
Mm-hmm.
Or are you talking about sort of like the traditional product categories? We will actually talk more about that right now. I think the thing that we've actually reported on, because our investors had such a big focus about, like, are you getting traction with your platform consolidation? Are you getting consolidation budgets? What we sort of like provided some indicators on was specifically the platform consolidation offerings and their traction uptake. What we said is in Q4, it was 10% of our new ARR, and in Q1 it was at 20% of our new ARR. So those are just leading indicators. Sunil and Elizabeth are continuing to work through how they actually describe the overall taxonomy going forward.
Got it. Got it. Super helpful. Maybe on the strategic side wanna touch on M&A. , can you maybe frame out the rationale behind your recent acquisition of Minerva? What does that bring to your platform? Then I have some follow-ups there.
Yeah. Keep in mind, the backdrop is that we're likely going to enter a phase where the, You can even argue, seeing somewhat of a lull in sort of like big security compromise and attacks, but that will escalate 100%, sort of like as you actually go forward, if you look at what's happening in the attacker landscape, what's happening from a nation-state perspective.
Mm-hmm.
There's two things that we're focused on, is, one, we wanna have a highly efficient business model, so we're doing lots of stuff to focus on the efficiency of our overall organization and company. That has benefits to investors, of course, in profitability, but it also has benefits of allowing us to actually invest back in. That's one.
Mm-hmm.
The second thing is we wanna make sure that our risk platform and the risk and the threat parts of our security operations platform are relevant for the world that we're gonna find ourselves in as we actually go forward. That is actually a very different world. Now, we've talked a lot about the stuff that we're doing on the risk side, where we've made significant investments in cloud security, and we've tied that into an overall enterprise risk strategy. The next area is on the threat side of the equation, where you actually have to actually be able to manage threats from the endpoint to the traditional environment to the cloud. Now I talked about our cloud investments in Cloud Detection and Response, which is an increase in attack vector.
We've done lots of stuff, over the last few years to actually not just get market share, but get a leadership position in the traditional SIEM market.
Mm-hmm.
, one of the gaps was, how do we actually reduce friction in the endpoint ecosystem? Now, I wanna be clear up front. We integrate with partners like CrowdStrike and SentinelOne and others, but what we're finding is that around the world, there was lots of customers who could not actually afford, I would say, more advanced things, and they were relying on technologies like Bitdefender and Microsoft Defender. They were hard to manage...
Mm-hmm.
They were not integrated into their response. What Minerva allows us to do is, and we have a partnership with Microsoft, it allows us to actually manage directly Microsoft Defender, add some advanced in-memory protection to Microsoft Defender, also to Bitdefender, and integrate that into our overall incident detection and response platform. We're able to go from the endpoint, leveraging, Microsoft Defender and Bitdefender.
Mm-hmm.
Plus Minerva, manage that seamlessly into our traditional SIEM and extend that into the cloud, providing end-to-end threat detection and response. What you'll see is that in a world where attackers can actually attack any piece of the chain.
Mm-hmm.
We have end-to-end visibility. The thing that we actually liked about the Minerva strategy is it did not require customers to actually go do something net new. It allowed them to leverage their existing investments. Look, Microsoft's put a ton of money into the Microsoft Defender strategy.
Mm-hmm.
It allowed us to actually leverage that investment that was actually already out there to integrate that data directly into our platform and provide a holistic end-to-end solution while solving customers' problems about how to actually manage that environment.
Got it. maybe side or adjacent question there is how closely do you work with Microsoft in that regard, and do you have a lot of visibility in what their roadmap is?
Microsoft like VMware platform is co-opetition. I spent a lot of years working at Microsoft. I would say that we spend time with, and we do work with Microsoft. They compete in some areas. We work together in some areas. This is one of the areas, though, that I would just say is not fraught with tension.
Mm-hmm.
Because it's out there, and they wanna make their customers successful, and this is part of the integrated sort of like stack. This is one area that we actually just work together quite well in.
Mm-hmm.
I can't comment on their roadmap.
Yeah. Okay. fair enough. In terms of your M&A aspirations.
Sure.
Opportunities that you see in the market, particularly considering some of the headwinds that you've seen recently over the past few quarters, how would you frame your appetite for M&A, the pipeline that you see of potential deals, and what might be more attractive segments that you're looking at?
A couple different things is that I think Minerva was a good, interesting thing because we paid a reasonable price for it. For the technology, the traction, and actually what it got. It was it was early stage, but we paid a reasonable amount. I have to say that I'm somewhat cheap, and I really can't tolerate sort of like a big disparity between the public market pricing...
Mm-hmm.
Private markets. Private markets are starting to reconcile down. Right now, I would say that it's the lower quality companies that are affordable. I'm sitting on the sidelines right now. I do think you'll have decent quality over the next two years, of companies that sort of like just have big valuation gaps and that could be interesting, but I have patience right now, because I think the prices will actually get to a reasonable level over the next couple of years.
Okay. Excellent. Maybe on the execution side from a sales cycle point of view, I think you touched on a little bit of pressure. We've certainly seen it across our coverage, in some of the elongation of cycles, sales cycles. But anything specifically that you're doing to manage the deal cycles in return particularly with regard to that, what seems to be a pretty common approval to procurement...
Yeah.
-type of stage.
Look, I don't try to fight the river.
Yeah.
This just goes down to fundamentals. There's a couple things that we're actually doing fundamentally. First is that you actually have to. We had this debate with our team. They've come around mostly. You actually have to have higher coverage ratios. Like, if it took , a 3x coverage to actually close the deal before, you gotta have a 4x or 5x coverage right now because you should not expect things that are normal to actually not happen. You're gonna have delays, so that means you have to have enough pipe and enough deals that are gonna close.
Mm-hmm.
to actually have a quarter of those deals not close, and you still hit your number. That's part of why if you look at our original model, we said it was back-end loaded versus front-end loaded because I'm definitely not gonna try to change the assume that things are gonna close faster in this environment. That means that the pipe that I'm building in the H1 of the year really is not gonna close till the H2 of the year. We're building pipe that actually has a higher coverage ratio for the H2 of the year, presuming that you're gonna actually just need more pipe to close.
Mm-hmm.
That's a little bit. By the way, that's what played out in Q1. Like, our estimates ended up being quite good, is that you had a little bit of economic pressure with Silicon Valley Bank, and we actually hit our targets, but primarily because we actually sort of as-presumed exactly what the ratios were gonna be that you actually needed. That's 1. The second thing is a sales discipline and training that anyone can actually sell when things are easy, but in this environment you actually have to be respectful and you actually. , part of it we actually had to human.
This is why our sales force listens to earnings calls. We have to humanize it a little bit because what happens is that historically security teams and CSOs could green light projects. They could say, "We wanna fund it.
Go." In this environment, CSOs get pushback from their finance, from their budget. I don't know about you, no one really likes to actually have authority taken away from them. If our sales force goes out and actually says that like, "Hey, who's the decision maker on this?" Of course someone's gonna say, "I'm the decision maker on it." They've had to get better, and this is where our sales leadership has come in, at actually doing, I would say, friendly investigations. They had to get better at sort of like doing things like, "Hey, who do you need to consult on this deal to get closed? Not do you need approval, but who do you have to consult? What's the timeline of consultation?
Mm-hmm.
That's the stuff that is being adopted. It's not 100% of our sellers yet.
Mm-hmm.
That's the tools and techniques that we're having to put in place to actually make sure that we have clear line of sight and we can better forecast. It has gotten better.
Mm-hmm.
It will get better still as we actually get that more universe, but that is probably one of the two or three biggest priority areas that our sales leadership is focused on. Is yeah, I know that this worked in the past, but just 'cause it worked in the past does not mean it works right now.
Great. I wanna sneak one more in and then I'll open it up.
Sure.
to the audience for questions. I wanna ask net new ARR has declined over 50% year-over-year as well as sequentially. guidance implies re-acceleration of net new ARR through the rest of the year. Maybe help us understand what factors support confidence in better net new ARR.
It's a fair question. I think the important thing is to understand I always start with is, well, is the question valid and sort of how people think about it.
Yeah.
The thing to look at is we actually had poor sales productivity in Q4.
Mm-hmm.
Q1 it was okay. Why is sort of like sales productivity, which is gonna be the primary driver of that, gonna be higher this Q4? Let me just be clear. We are not expecting record high productivity or even average productivity for our sales force in Q4. We're expecting sub-average productivity. Okay. That is still materially higher-
Mm-hmm.
-than last year. It's higher than Q1. Why we actually have confidence in that? There's 3 factors that I point to that says we don't get to even average productivity with the sub-average productivity. The first is that in Q4 our sales team was coming to maturity. That means they were hitting the marks where they should be productive right as the economy was turning south. That's just sort of like poor and unfortunate.
Mm-hmm.
just like we just had that last discussion about how you manage the sales cycle.
Yeah.
This Q4 will have the majority, almost all, not all, but like a super majority of our sales team that'll actually sort of like be both mature and have over a full year selling in a pressured environment. That's a big difference in terms of experience and expectations. The second thing is that if you looked sort of like in the past, our pipe constituted like two classes of things. Things that companies should buy but they could delay, and things that were must-have. The must-haves are the cloud security and incident detection and response. If you look at the conversion rates on the things that are must-have, the cloud detection and incident response categories, those conversion rates have stayed fairly consistent.
Mm-hmm.
We're projecting that those conversion rates do not improve at all over the course of the year. Now, what we're projecting improves is the percentage of our pipe that makes up those deals in Q4, and we're managing to that, and we're actually tracking the management for that.
Mm-hmm.
Again, more mature sales force. Consistent conversion rates, it's just the pipe mix has shifted those must-have areas. The last thing that I'll actually, that I'll actually highlight is the thing that we actually talked about earlier, is that do you actually have enough pipe coverage so that, like, delays, which are inevitable to happen in this environment, don't actually cause you to actually miss and you're fretting about specific things. Again, we are. It's not we have. We have to do it every week. Building up the pipe over the course of a year to actually have the excess pipe that you actually need in this type of environment.
Mm-hmm.
Those are the factors that we're actually looking at.
Got it. Got it. I wanna give an opportunity if anyone out there wants to ask a question. I have more.
I think you have one. You have a question.
Oh, we got one?
Okay. All right, nope.
No. All right. I guess maybe on that point, a little bit kind of towards execution progress with the sales transition, I think you kind of moved from a more of a land anywhere to a more sell the platform transition that you're currently in the process with the sales force. How is that going? How are you tracking progress with your sales force, kind of like selling in that motion?
Well, I mean, first is to understand why. I mean, the reason we had to move from a land anywhere, is a land anywhere means that we're indiscriminate about whether we're selling the things I should do versus things that I have to do from a customer project perspective. We needed to actually force the shift to make sure our sales force was only selling the stuff that was likely to close and had a higher likelihood to close. That's part of why the land anywhere strategy doesn't work. By the way, it's not even that they're not actually valid deals. On Saturday I actually saw, like, a fairly large customer at a big bank, and they have one of the a very large project that's on the should have list.
I said, "Hey, what's going on with that? Can you give me a little bit of insight?" He said, "As soon as I get budget dollars, it's gonna be one of the I'm gonna green light it.
Yeah.
That's not a great place to be. That was the requirement there. Now, how's it going? I would say it's going better than expected. And the reason for that is straightforward, is the biggest concern whenever you make a change that impacts the sales force is do you actually have a sales force mutiny where they actually sort of like vote with their feet and they walk away. By the way, in the last two years, that's a very real fear. There's two things that have actually worked in our favor. , the first is that we closed enough of those deals that it created envy, people wanted to actually do it because they thought it could actually help them hit their number.
Seeing success actually helps, and so that was a positive thing. The other one that we had nothing to do with, the tech environment has gotten more favorable to companies, and so people are less likely to walk 'cause they're not sure they're gonna be able to keep the job.
Mm-hmm.
That's just an environmental change. Those two together actually set it up where we're making traction, and we have the time to actually make that change with our sales force.
Got it. maybe last one I'll hit you with is vendor consolidation's a theme I think you've touched on a little bit, certainly one that we're seeing resonate across the past few, several quarters across our space. Where do you see the most traction with share consolidation on your platform? , where is it coming from, and is it skewed toward the mid-market or maybe enterprise clients.
Oh.
across the board?
Oh, that's a great question. We see it both on the threat and the risk side. I would just say there's urgency on the threat side, but that's mostly because we can really land sort of like well there. From a land perspective, it's happened on the threat side. We expect to see more of the upgrades.
Mm-hmm.
to Cloud Complete over time. As far as segment of the market I personally think that Russell 3000, and the private company co is an ideal sweet spot right about now.
Mm-hmm.
The reason for that is these are large enterprises, but they have lots of budget dollars and pressures, but they're too big to ignore security. This is both the private companies and the public companies. It's not really the the mid-market. It's in that sweet spot of companies that are probably, like, high hundreds of millions of dollars in revenue to $5 billion in revenue. Those ones have to do security, but they actually have urgency to actually get something. They have to do it efficiently.
Mm-hmm.
We see lots of demand for that right now in the consolidation piece.
Got it. Maybe we're almost just about out of time, but I wanna hit you with one last one.
Yeah.
Most misunderstood thing, particularly with around investors with regard to Rapid seven and messages that you're trying to get across.
Look, I think the most misunderstood I think has most to do with understanding the competitive environment, because it's just noisy. I actually get why it's actually most misunderstood. Here's a simple way to think about it, is that if you look at the landscape of customers, if you think about mainstream enterprises being that Russell 3000, large mid enterprises, and even the margin constrained, the manufacturers of the Fortune 500, our goal is not to win 100% of them. Our goal is to be dominant and to win all of them that are actually margin constrained and have to do security but need to do it productively. We're uncontested in that market, in that space. We are the most productive security platform for security operations on the planet. Our goal...
We have a lot of growth by being the dominant provider of technology to those customers. It is not an apples to apples to look at the whole market. It's really when you think about companies that actually are large, have to do security, and they wanna do it at high levels of productivity and efficiency, and they wanna have good security and not a dollar more, there's no platform that actually compares to what we actually offer there.
Great. Great.
All right.
With that, I think we're definitely out of time. Corey and Sunil Shah, thank you both very much. I really appreciate it. Thank you all for joining us.
Thank you all.
Thanks very much.