This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
CyberArk Software Ltd.
5/11/2023
Good morning. My name is Rob and I'll be your conference operator today. At this time, I would like to welcome everyone to the CyberArk first quarter 2023 earnings conference call. All lines have been placed on mute to prevent any background noise. After the speaker's remarks, there will be a question and answer session. If you'd like to ask a question during this time, simply press star followed by the number one on your telephone keypad. If you would like to withdraw your question, again, press the star one. Thank you, Erica Smith, SVP, Investor Relations, and ESG. You may begin your conference.
Thank you, Rob. Good morning. Thank you for joining us today to review CyberWorks' first quarter 2023 financial results. With me on the call today are Matt Cohen, our Chief Executive Officer, and Josh Siegel, our Chief Financial Officer. After prepared remarks, we will open up the call to a question and answer session. Before we begin, let me remind you that certain statements made on the call today may be considered forward-looking statements, which reflects management's best judgment based on currently available information. I refer specifically to the discussion of our expectations and beliefs regarding our projected results of operation for the second quarter, full year 2023, and beyond. Our actual results might differ materially from those projected in these forward-looking statements. I direct your attention to the risk factors contained in the company's annual report on Form 20F filed with the U.S. Securities and Exchange Commission and those referenced in today's press release that are posted on CyberArk's website. CyberArk expressly disclaims any application or undertaking to release publicly any updates or revisions to any forward-looking statements made today. Additionally, non-GAAP financial measures will be discussed on this conference call. Reconciliations to the most directly comparable GAAP financial measures are also available in today's press release as well as in an updated investor presentation that outlines the financial discussion in today's call. We also want to remind you that we provide information for additional color regarding subscription mixed bookings, but it should not be viewed as comparable to or a substitute for reported gap revenues or other gap metrics. A webcast of today's call is also available on our website in the IR section. With that, I'd like to turn the call over to our CEO, Matt Cohen. Matt?
Thanks, Erica. And thanks, everyone, for joining my first earnings call as CyberArk CEO. Since starting my new role about six weeks ago, I've met extensively with our team and with customers and partners from around the world. The support, passion, and commitment to our mission is palpable. My meetings reinforce that we have amazing people an impressive base of customers and partners. And we are the only vendor tackling the critical security challenge of applying privileged controls to all human and machine identities through a unified identity security platform. We are adding the mission-critical controls that stops attacks from progressing, a requirement in today's threat landscape. Because of our unique value proposition, CyberArk is being prioritized even in today's macroeconomic backdrop. And I am pleased with how we are navigating the current environment. Subscription ARR reached 403 million and grew 84% year-over-year. Total ARR reached 604 million and grew 42% year-over-year. Total revenue growth accelerated to 27% and came in at 161.7 million for the first quarter. Our subscription bookings mix reached 95%, an all-time high driven by a demand for our SaaS solutions and our platform selling motion. Before getting into the details of the quarter, I wanted to talk about the macro environment itself. We are pleased that our SaaS and subscription bookings outperformed the macro assumptions embedded in our Q1 guidance. We did continue to see longer cycles in Q1, and select larger deals downsized, reducing the scope of these initial engagements. But we are confident that identity security programs are moving forward because many of those customers are already back in the pipeline, and we expect expansion opportunities as we move through the year. The strength of our subscription ARR, our ARR guidance, and our ability to maintain our full-year revenue guidance despite a material increase in subscription bookings mix speaks to the durability of demand and the prioritization of our identity security platform. Deals are progressing through the pipeline, and we are seeing record pipeline growth across the entire portfolio, with strong momentum in our access, EPM, and secrets business, as well as for our privileged cloud offering. Moving on to the quarter, we will frame the discussion as always around growth, innovation, and profitability. The persistent secular tailwinds of digital transformation, cloud migration, and attacker innovation are only accelerating. AI is a new powerful example of technology that will shape the cyber landscape. With weaponized AI, organizations become even more vulnerable to attacks that are difficult, if not impossible, to detect. An assumed breach posture, including implementing privilege controls and least privilege, is one of the best ways to protect against these emerging threats. At our impact customer event taking place in just under two weeks, you will not only hear about AI as an attack vector, but also how we can leverage AI to make our customers more secure. Recently conducted a survey of 1,500 cybersecurity professionals, and 92% consider identity security as mission critical, but only 9% stated that they had a comprehensive strategy in place. There is an enormous gap between the level of identity protection and the maturity of organizations, a massive opportunity for us at CyberArk. We have architected our platform strategy to capitalize on these secular tailwinds, and our go-to-market engine is built to scale CyberArk well beyond our 1 billion ARR target. Our recent innovations are gaining traction, workforce password management, secure web sessions, privileged lifecycle management, compliance, flows, Conjure Cloud and Secrets Hub, all had key wins in the quarter. and are contributing to customer excitement. Our land and expand motion begins with new logos, and we signed over 200 customers in the first quarter. A few key Q1 wins include a major insurance company was struggling to scale and secure its cloud-first strategy with a point PAM provider. This customer wanted deeper protection and to increase security and control by layering privilege controls across every identity. Our identity security platform will be deployed globally, including secure web sessions, identity flows, identity compliance, and of course, privileged cloud. For many customers, the AWS marketplace is reducing friction in our sales cycle. In the first quarter, a leading healthcare provider leveraged this new route to market to buy workforce password management, as well as privileged cloud and secrets management to secure the DevOps pipeline. Regulation, compliance, and cyber insurance are broad drivers that contributed to our results, including wins in the banking, insurance, and healthcare verticals. Early in Q2, we formalized the cyber insurance referral program with a leading company, and already we're receiving opportunities in the pipe. In addition to signing marquee customers, we had a strong expansion quarter for SaaS and subscriptions. Our land and expand motion is accelerating across the identity security platform and the most visible metric is the over 40% increase in customers with more than 100,000 in annual recurring revenue, which reached 1400 customers at the end of Q1. A few examples include an existing IT software company that purchased identity flows to automate PAM workflows in order to increase efficiency and also expanded its protection with workforce password management to provide peace of mind by not only managing but securing employee passwords. A Fortune 100 transportation company who has been a longtime PAM customer and began protecting endpoints in the second half of 2022 cited the threat of weaponized AI and our ability to protect against ransomware as key motivators in a significant Q1 expansion deal. The channel is extending our market reach with more feet on the street and momentum is building with partner certifications in CyberArk Identity and now also in Secrets Management. While still a relatively small contributor to our overall business, MSSPs across APJ, EMEA, and Americas are helping us move down market and reach customers who rely on managed services to secure and scale their environments. On the innovation side, we were recognized by Coupanger Coal, as a leader in privileged access management. Further validation of the strength of our solutions. Workforce password management is another example where we are setting the pace of innovation in identity security. In the first quarter, we announced that workforce password management used in conjunction with secure web sessions create an industry first way of accessing sensitive applications. The platform effect is accelerating. Today, early access customers are leveraging EPM and Privileged Cloud to discover, review, and automatically onboard all local Windows and Mac OS endpoint privileged accounts. This enhanced capability improves security and lowers risk of credential theft and privilege escalation at the endpoint. Josh will cover profitability in just a few moments, but I wanted to reiterate that as we look into 2023, we will continue to invest with discipline and leverage each of our operating expense lines this year and beyond. Importantly, with our growth, we have the ability to be agile in our investment plans and make adjustments as we move through the year. As I've done the round with investors, I've been asked about what I would be changing as CEO. As we talked about in February with Udi, at the highest level, we're not changing the strategy. We have all the ingredients to execute and deliver growth and profitability. That said, there remains areas where we can improve our execution, and drive the next level of performance. One key focus area is harnessing the data that comes with the subscription transition to drive expansion opportunities, boost productivity, and deliver operational excellence. This data combined with the same rigorous programmatic execution that allowed us to shift our entire business model in only five quarters will empower the company to take customer success to the next level, increase our sales and marketing productivity, and drive more efficiency through our innovation engine as we enhance our identity security platform. A second focus area and one that we are all laser focused on is our role as the leader in identity security and fully realizing this tremendous opportunity. Consolidation of trust for identity is underway within our customers. Identity is more critical than ever and organizations are increasingly moving towards trusted partners that can secure the broadest set of use across identities and environments. With this in mind, we are accelerating our platform selling motion, our new platform services, and how we leverage our robust partner ecosystem to extend our reach and drive our growth. Securing all identities, not just managing human access, is a requirement at the center of our customers' cybersecurity strategies. And with our approach based on privilege controls, we are best positioned to capture the market. We are becoming the platform of choice for customers and driving deep alignment across the organization while creating a disciplined execution machine will help ensure we extend our commanding lead in the identity security market. In the first quarter, we made great progress executing our strategy, and we delivered strong results as we navigated a challenging macro environment. We are executing and on pace to accelerate growth, improve profitability, and generate strong cash flow for the year. I will now turn the call over to Josh who will discuss our financial results in more detail and provide you with our outlook for the second quarter. The increase in our full year ARR guidance and what is essentially a guidance raise for the full 2023. when you look through the subscription bookings mix, Edwin. Josh?
Thanks, Matt. In the first quarter, we delivered exceptional ARR growth once again. Annual recurring revenue grew 42%, reaching $604 million at March 31, and the subscription portion reached $403 million. That's increasing 84%, representing 67% of our total ARR. We also added $39 million of net new subscription ARR from Q4 2022, which is higher than the sequential increase of the $36 million in the first quarter of last year. Demand for our SAS offerings drove our subscription bookings mix up to an all-time high of 95% of total bookings, above our guidance framework of 93%. The 95% compares to only 86% in the first quarter of last year. The maintenance portion of ARR was $202 million at March 31. The decline in maintenance was due to lower perpetual license sales over the last two years as a result of our subscription transition. Like for like, conversion activity still only represented a single digit percent of our year-on-year ARR growth. Total revenue was $161.7 million with growth accelerating to 27% year-on-year. While our records description bookings mix resulted in strong ARR growth, it also lowered our total recognized revenue in the first quarter. Normalizing for the higher mix than we assumed in our guidance framework, our recognized revenue would have been at the high end of our guidance range. Like every company, we are also navigating the current macroeconomic environment. As Matt mentioned, longer approved sales cycles persisted towards the end of the quarter. Select large deals were downsized as customers bought for their immediate needs versus longer-term planning, which would have contributed to more upside in our performance. For self-hosted subscription deals, duration again came in at the lower bound of our range, putting pressure on long-term deferred and recognized revenue. While we signed 200 new logos in the quarter, it was a more challenging environment for new customer acquisition, primarily in our corporate or mid-market segment. Looking across the metrics, our strong ARR and record pipeline growth illustrate that we are navigating the current macro environment, customers are moving forward with their identity security programs, and that we remain a priority. Moving into the details of the revenue lines for the first quarter, subscription revenue reached $92.7 million, growing 78% year-on-year and representing 57% of total revenue in the first quarter. Consistent with our move to a subscription business model, perpetual license revenue did decline, coming in at $3.9 million. Our maintenance and professional services revenue was $65.1 million with $53.2 million from recurring maintenance and $11.9 million in services revenue. The recurring revenue portion reached $145.9 million, now hitting 90% of total revenue. That's growing 37% year on year from $106.9 million in the first quarter last year. Geographically, The business continues to be well diversified. America's revenue reached $98.4 million, growing 31% year-on-year. APJ grew by 28% to $16.8 million, and EMEA grew by 18% year-on-year to $46.5 million in revenue. The EMEA region continued to experience some FX headwinds and had a nearly 10 percentage point increase in subscription bookings mix to 93%. in the first quarter. That's compared to 84% in the first quarter last year, creating a meaningful recognized revenue headwind in the quarter. Online items of the P&L will be discussed on a non-GAAP basis. Please see the full GAAP to non-GAAP reconciliation in the tables of our press release. Our first quarter gross profit was $131.5 million, or an 81% gross margin. That's compared with 82% gross margin in the first quarter last year, as a result of lower perpetual revenue and higher SAS business. Our operating expenses increased by 24% to $144.1 million, and that resulted in an operating loss of $12.6 million. Net loss was $6.9 million, or 17 cents per diluted share. While overall profitability continues to be significantly impacted by the mixed shift to recurring revenue, our margin profile has begun to improve as we have we planned. We ended March with over 2,860 employees worldwide, including nearly 1,230 in sales and marketing. For the first three months of 2023, free cash flow was $4 million, or 3% free cash flow margin. Turning to our guidance. Our guidance for the second quarter and the full year 2023 balances our strong competitive position, the increased headwind created from our higher than expected subscription bookings mix, and the durable demand for our platform against the uncertainty in the macro environment. For the second quarter of 2023, we expect total revenue of $170 to $175 million, which represents 21% year-on-year growth at the midpoint. We expect the subscription mix to be in the mid-90% range and our perpetual license revenue to be similar to the levels we saw in the first quarter. The mix we are assuming for the second quarter is higher than our initial guidance in February, increasing the headwind to reported revenue. We expect a non-GAAP operating loss of about $10.5 million to $6.5 million for the second quarter, and we expect our non-GAAP EPS to range from net loss of 19 cents to net loss of $0.09 per basic and diluted shares. Our guidance also assumes 41.7 million weighted average basic and diluted shares and about $5.1 million in taxes. For the full year, 2023, given the increase in our subscription bookings mix in the first quarter and our expectation that it will remain at this level for the rest of the year, we are still maintaining our guidance for total revenue in the range of $724 to $736 million. The subscription bookings mix assumption for the full year is now about 95%. That's compared to prior expectation in the low 90% range. Maintaining our revenue guidance for the year at a higher mix is essentially a meaningful raise of our full year revenue guidance given the more ratable revenue of our SAS and subscription bookings. We are maintaining our full year operating results to be in the range of an operating loss of $5 million and operating income of $5 million. And we are improving our EPS range to a net income per share of 16 to 38 cents because of increased interest income for the first quarter. We expect about 46.3 million weighted average diluted shares and about $21.5 million in taxes for the full year of 2023. On the back of our strong ARR growth and subscription bookings increase in the first quarter, we are raising our guidance for annual recurring revenue to be between $735 million and $745 million at December 31, 2023, or about a 30% year-on-year growth at the midpoint of the range. Our free cash flow came in at 3% free cash flow margin. As a result of our performance in the first quarter, We're revising the guardrails for free cash flow margin for the full year 2023 upward to the range of non-GAAP net income margin to 5% above our non-GAAP net income margin. We expect there to be fluctuations between the quarters and in, for example, in the second quarter, we have cash expenses from our impact customer event and other seasonal expenses that will affect our free cash flow. Overall, we were pleased with our execution, particularly in this macro environment. The strength of our demand and prioritization of our identity security platform are evidenced by accelerating revenue growth, strong net subscription ARR, overall ARR growth, and record pipeline build. With 90% of our revenue now recurring, we have a more resilient business model that is beginning to deliver strong growth, operating leverage, and improving cash flows. I will now turn the call over to the operator for Q&A. Operator?
At this time, I would like to remind everyone, in order to ask a question, press star, then the number one on your telephone keypad. And your first question comes from the line of Saket Kalia from Barclays. Your line is open.
Okay. Hey, good morning, guys. Thanks for taking my questions here. Matt, congrats on your first six weeks as CEO.
Thanks, Saket. Good to hear from you.
Yeah, Matt, maybe we'll start there since the last couple months have been interesting, to say the least, for security. I know you spend a lot of time with customers, so maybe the question is, can we just talk about how the March quarter progressed in terms of linearity and conversations? It's just been such mixed results from other March quarter security companies. Curious what you saw just in terms of progression, and maybe if you can comment on just anything that you're seeing more recently.
Yeah, sure. I think as we talked about, we're really pleased with the results on the quarter. When we look back into the quarter and try to analyze what's occurring, we continue to see this phenomenon where when we show up and we're having these conversations with customers, we are at the top of the list of conversations they want to have. There's a prioritization process, obviously, across the entire tech stack, but even within cybersecurity. And when we are a mission-critical solution, for these organizations. And so while macros are on the mind of everybody, when we're having the conversations with the customers, they understand the importance of their investments in these areas. They understand that actually this is something they need to be implementing and implementing fast in order to secure in this threat landscape. And overall, we just feel this level of partnership and awareness within our customer base. As we mentioned in the prepared remarks here, We do see approval cycles take a little bit longer. One of the things I tell the sales team all the time is, since we're selling something that's needed, let's make sure that we're going out and actually addressing people who might pop up in the approval cycle. Even some of our sponsors are not always aware of who's going to show up. So we talk to the teams about actually engage with them early, talk about who else might come in, and let's go pre-brief them in that conversation make sure they're aware so that when it gets to their approval level, they're able to actually sign off on it. And we see that type of behavior and execution help us throughout the length of the quarter. We also talked for a second there about this kind of downsizing of deals. And I just want to hit that head on. You know, what that kind of looks like is more of a, you know, maybe there's a 400-seat expansion deal for PAM. And when the customer gets there, they realize that there's 300 seats that they can buy right now, they need right now because identities are proliferating. And maybe there's 100 seats that they need in the summer. And so they'll buy the 300 now, and then they'll push off the 100 to later in the summer. Now, we never want to see deals go a little smaller and definitely limit a little bit of our upside. But what that actually opens up for us, and as a selling team, it's actually an exciting fact, is a compelling event in the summer to readdress the customer not only now for those 100 seats, but for any other needs that they have. And as a sales team, you're always looking for those moments to kind of open up so that you can go back in. So across the board, that's kind of my sense of what's going on. It's a nice place to be, being the type of security company we are, even in this tough macro environment.
Yeah, absolutely, Matt, and it shows. Josh, maybe for my follow-up for you, a lot of focus on the financial services vertical in security this quarter. Can we just talk about how that vertical specifically performed? And Josh, if you could, maybe go one level deeper into that exposure because, of course, not all financial institutions are created equal. Can you just maybe talk about how much of that mix is regional banks versus other types of financial institutions?
Yeah, thanks, Scott Sackett. Actually, I'll start off by saying our financial vertical was up year on year, so And overall, what I would also say is that we actually closed, you know, deals in kind of the regional bank level or even during the end of the quarter. So I think, you know, from our perspective, you know, financials is an important vertical for us from the small to the large enterprise. Clearly, the majority of our business is going to be coming from mid to large enterprises from the banks. they have a much larger footprint and are going broader across our entire portfolio. So when we look at our pipeline, it's going to be coming from the larger size of the financial enterprises. And I think the other thing that I would say is that as we look into our pipe going forward, we're not seeing any degradation of the financial services customer pipeline. And I think out in the field, we're not seeing any tapering off of engagement with large financials and with the regional financials as well. Very helpful. Thanks, guys.
Thank you.
And your next question comes from the line of Roger Boyd from UBS Securities. Your line is open.
Great. Thank you. Maybe a higher level question for Matt. Matt, I'd be curious, I mean, you have tons of opportunities and access and EPM and secrets management, but where do you think we are in kind of the PAM adoption curve? And any view on what you're seeing in terms of Greenfield, Brownfield, shift to SAS in this current environment would be helpful as well. Thanks.
Yeah, I think sometimes we get so excited about the newer areas that we forget to talk about the opportunity in PAM. I think that what we are continually excited about is both the new opportunities, the new prospects out there, not even just in the low end of the market, but even in the kind of sweet spot of the enterprise space. We see the kind of movement towards more mature PAM programs and all that brings. And then within our base, we actually feel that we're underpenetrated. And the reason for that is, that when we started out, there was only a certain type of user that needed a privileged account. And so, you know, if you were that type of user within the core IT department, you know, we were going to sell you a license. And now, as we start to see this notion of any user can become privileged at any time, the business user actually needs privileged access management. A lot of functions outside of core IT need it, as well as the developer and the development community, the DevOps group. you start to understand a little bit more about how much more room there is to run within our customer base themselves. And so when you combine both the room to run in the customer base, as we broaden the circle of users that we can bring under the PAM umbrella, and we look out and see both midsize enterprise all the way down to mid-market really starting to adopt new and modern PAM approaches, it really speaks to the market opportunity that's ahead of us. and our ability as the leader in PAM to go out and capitalize on it.
Great, thanks. Josh, just a quick one on the guide. You raised the foliar ARR guide, but I think the deceleration looks a little steeper than we were modeling from the 42% growth in 1Q. Can you just walk us through your assumptions in the macro environment there and any change that you might be seeing as a little more conservative versus a quarter ago? Thanks.
Yeah, sure, Roger. We're still keeping consistent on the trends around close rates in light of the macro with new logos probably potentially being harder and longer approval cycles that Matt was referring to before. And so we're still persisting with that within our guide. But at the same time, we're seeing record pipeline, you know, being generated. And so that's what gave us the confidence. That's what gives us the confidence to be able to raise the guide effectively, not just on the ARR that you pointed out, but by keeping the revenue guide at the same level despite really increasing the mix of SAS and subscription by a couple percentage points.
And your next question comes from a line of Adam Borg from Stiefel. Your line is open.
Awesome. Thanks so much for taking the questions. Maybe for you, Matt, I know you talked a little bit about this in the script, but we'd love to hear anything more about the platform motion, how that's progressing, and if we'll hear more about that at the customer event in a couple weeks, then I have a follow-up.
Sure, Adam, and thanks for the question. Good to hear from you. So, you know, I do get excited about this platform selling motion because I think it represents kind of the the maturity or the nature of the market now that we're selling into. We talk a lot about this idea that there is multiple types of identities that need to be secured and multiple types of environments that they're going after that need to be protected. And so when you start to think about this idea, again, of human and machine identities, and you think about core PAM users as well as business users or the general workforce, And then you move over into the endpoint and least privilege at the endpoint and the complexity of protecting all of those identities as they go after, not just now on-prem infrastructure, but hybrid and cloud infrastructure. Customers are waking up to the fact that you can't plug in multiple point solutions to be able to solve all those problems. They actually want an integrated approach that they can count on to make sure that all identities are secured. And so our entire approach with the platform is meeting that market need, talking to the customers in that context to make sure that actually we can actually do things that those point solutions, even when knitted together, can't do because it's one integrated motion. So as you know, we've been focused on ramping up the sales team and making sure that they can position that. Our marketing team is out there messaging that. And I just get really excited by the opportunity of ours to be able to go do that. You heard us use this phrase in the prepared remarks around consolidation of trust. And what we mean by that is that the customer themselves are looking to consolidate their vendors down to partners that they can trust. And we feel like we're well positioned in that environment, well positioned within this identity space to take advantage of that market trend.
super helpful and maybe just as a quick follow-up you know you did talk about adding over 200 new logos in the quarter a little bit down year on year um talked about the top for macro and record pipeline so if they think about 2023 are we really looking at this as more of an upsell year and if so are we reorienting any go-to-market efforts uh back to the base thanks again yeah sure no problem so you know when we think about new logos i i want to just paint a couple different things here one is obviously there is the new logo absolute number
And for sure, we saw some pressure there, particularly, by the way, down market in our mid-market space where, you know, deals started to slip out a little bit around new logo acquisition. But there's some other trends within our customer business, a new logo business, that I think are important to understand. One is the actual deal size of the logos that we are closing is getting bigger, not smaller. The ability to be able to sell multiple products to those new logos beyond PAMM It continues to trend in the right direction. And overall, the contribution, the net ARR contribution from new logos actually was really strong in the quarter. So although the absolute number of new logos, and we always want to be planting as many seeds as possible for the future, although that occurred in the quarter, we actually are pretty happy with the contribution from the new business. And so we don't actually see a need to shift our overall go-to-market approach We can go focus on building and planting pipeline for new logos, even if it closes a little bit slower, it'll come to us eventually, at the same time as we can upsell and cross-sell within the base. The final thing I'll just say is within our new logo business, within our customer business, our win rates continue to be really strong. So although, again, the overall number at 200 may be a little bit less than we would have liked, Overall, we're actually really happy with the new customer business that we're seeing.
Excellent. Thanks again.
And your next question comes from a line of Angie Song from Morgan Stanley. Your line is open.
Hi. Congratulations, Matt, on your first few weeks as CEO. And thank you for taking my question. I'm speaking on behalf of Homs of Waterwalla here at Morgan Stanley. So, I guess, Matt, just a question for you. It's been a couple of months since the transition of CEO has been announced. So, could you just talk to us about your top three priorities for the company as CyberArts scales beyond that $1 billion in ARR by around fiscal year 25? Yes, sure. No, I always love to talk about that.
I think it's been a really fun last six weeks or so. I've had the opportunity to kind of travel around the world and go see employees in different locations. I was able to spend my first day as CEO over in our Israel headquarters and meet with our amazing R&D organization and talent there. And around each one of those conversations, when I meet with the customers, As I visit, it comes back to the same things, and that's what sets our priority. Increasingly, again, as I was just talking about, they're looking for a platform provider. They're looking for someone that can secure not just privileged users, traditional PAM, but that can actually secure the workforce, secure the non-human identities, even more and more secure their cloud environments. And so the first priority for sure is our expansion, continued expansion to own our leadership position in identity security. And that really is the anchor point for everything else that we go and look at. We have a second focus and it's core to us, which is to get our go-to-market engine ramped up, fully ramped from a productivity perspective, from a contribution of marketing, from a modern way of doing the sales process so that we can take advantage of that market. And that becomes a continuation of something that obviously I was working on for several years, but our ability to be able to go do that. And then the third thing, and it's important for us because it's fundamental to our DNA, is to make sure that we're scaling efficiently through these next couple of years. We want to make sure that we're delivering the right level of profit back into the investor community, into our shareholders. And the best way to do that is to exit this subscription transition fully, which obviously we're ramping our way through, and get the leverage back into the business so that we're not just growing the top line, but we're able to deliver a strong, strong cash flow number into the shareholder base.
And your next question comes from a line of Rob Owens from Piper Sandler. Your line is open.
Great. Thanks for taking my question this morning. Just one for me. Want to touch a little bit around the partner ecosystem, the indirect contribution you guys see overall, and maybe some of the green shoots and opportunities. I know you mentioned AWS Marketplace, but just are you seeing channel shift expansion through some of these CSPs? Thanks.
Yeah, sure. No, Rob. Thanks. Great, great question. And, you know, I think one of our differentiators in the market is our partner ecosystem. You know, we've always had a strong indirect component to our business. We run, generally speaking, in the upper 70s, sometimes even touching below 80% of business that's run through our partner ecosystem. And as you kind of mentioned, we've seen an increasing kind of shift in how those partners are going to market. One, they're following suit with us. They're leading with SaaS. They're able to actually get outside of PAM and actually embracing access and secrets management. So they're bringing the full CyberArk story to market. But we also see newer types of partners emerge. And we did mention the AWS Marketplace, which is a great way to kind of lubricate the sales process and actually partake of what one might call found money in this macroeconomic environment, because they already have purchased those AWS credits that they can use. But we also see, as I highlighted in the prepared remarks, the emergence of the MSP or MSSP program. And I think that actually is taking on two flavors. One, it allows us to go down market more effectively. But we see even in the enterprise space that more and more IT organizations and security organizations really do not want to be in the business of managing their solution stack. And so they're looking for even bigger SIs, telcos, to actually one-off managed service their security environment. And we have great partnerships, as many of you know, with the biggest SIs. We've built up the telco program, and we have the MSPs. So as that market starts to mature and accelerate, we can take advantage of it. Now, it's a minimal part of the overall business at the moment, but it's one of the areas that we're exceptionally excited about as we move forward. Thanks. Thanks.
And your next question comes from a line of Tal Liani from bank of America. Your line is open.
Hi guys. Um, hello. I have two questions. One is, uh, we hosted Microsoft on Friday and, um, we see them in more and more and more markets in cybersecurity, uh, extremely successful business. And I'm wondering how do you see Microsoft if at all in the market and, uh, How is competition against them? And the second question is for Josh. Great success on revenues, great sustainability and stability, but margins are still negative. What's the outlook for margins?
Great. I'll take the first one, Josh. So, you know, Microsoft, as you said, is a formidable software organization, and they've built up a, you know, strong cybersecurity core within their overall approach. You know, they've been, frankly, in a kind of competition motion with us for a very long time. They're a good partner in a lot of ways. And sometimes we see them show up within our customer base. What we've seen, though, is that the minute the conversation kind of turns to core security, like real security, for example, PAM, there really isn't a choice that comes up between Microsoft versus CyberArk. The CISOs, the CIOs, they understand that to do PAM right, to do core security right, they actually need the type of depth of solution that only CyberArk can provide. I think we also see them kind of emerge in other areas of the business, though. We took the fight to them, if you will, when we entered into Access. And for basic MFA and single sign-on, I think they're a very credible force out there. As you've heard us talk about before, when we're competing in the access market versus Microsoft or Okta for that matter, our differentiation, again, is the applicability of privileged controls or deeper security to even the commoditized MFA or SSO market. And what that means is solutions like secure web sessions or workforce password management that become these security bodyguards that can sit against a single sign-on or MFA solution where there's comparability between their solution and ours. You even saw them lately enter in and kind of validate the EPM or the Endpoint Privilege Management Market. Actually, to be honest, that's kind of thrilling for me because the biggest problem we have on EPM is not customers, once they understand it, wanting to buy our solution. It's getting customers to be aware to begin with that they need the solution. And Microsoft entering into a market like that is actually wonderful news for publicity. when we get into deep conversation about features and functions and capabilities, I think our solutions come out on top. And so that's my view on the Microsoft landscape. Again, I'm very respectful of them, and I think they kind of help the market overall, but we feel pretty confident when we're head to head against them.
And, Tal, to your second question, so, you know, We're pleased that we're following our playbook, right, through the transition and which kind of drove the shift in our margins negative through last year. We're excited that this year we're already now that we're post-transition getting our first year back for improvement to break even per our guidance. And then we anticipate to continue to expand that gross margin next year, 24, and further into 25. So we're on the right track for continuing, following our playbook post-transition, getting the benefit of the accelerated revenue on the top line. And then as Matt pointed out earlier in one of the earlier answers, we are totally focused on making sure that we think about scaling efficiently. And that's going to drive those expansions of the margins already this year that you're seeing in the guide, and then next year and going forward. Got it. Thank you.
Your next question comes from the line of Eric Heath from KeyBank Capital Markets. Your line is open.
Hey, guys. Hey, Matt. Hey, Josh. Congrats on a strong quarter here. Josh, just to continue the conversation on the margins, A couple things. I mean, it's great to see the maintenance of the margins, just given the increased mix shift to the radical side of the business. But I'm curious, one, just bigger picture, does any change in your thoughts on the pace of investments for this year, just given some of the macro and any change to your hiring plans on number one? And follow up to that, just I think you changed your kind of guidance a little bit on the free cash flow, just that it should be five points ahead of net income margin, where I think it was previously kind of in line with net income margin. So just Curious to change there, given some of the what seems like duration pressure that is hitting buildings a little bit.
Sure, sure. I'll take the first part here. And as it relates to the hiring plan, and, you know, I think we continue to calibrate our investment versus the opportunity. And we talked about it at the last earnings call, which is this year we would see, you know, a little bit less overall headcount percentage increase. versus what maybe we saw in 2022. And that was because we were taking into account both the macro backdrop and also our need to drive leverage back into the business. And I think we continue to see that play out. We added roughly 95 heads in Q1, and we will look towards the rest of the year and continue to make strategic investments in go-to-market where we feel like there's opportunity to go capture. And then throughout the rest of the company to round out our ability to be able to, for example, deliver on the identity security platform vision, you know, drive and support the scaling of the overall operations. So I think we're measured in our headcount hiring. We're consistent with what we were talking about. And our belief is going forward, this is a lever that we can pull in any direction that we need to. So we're very agile in our approach, and we'll make the decisions really quarter by quarter. Should we accelerate more? Should we cut back a little less? And that's the beauty of the model that we're operating under.
Yeah, Eric, and with regard to the cash flow, first of all, we're pleased that we're able to come in already now in the second quarter and start to shift. go up on our cash flow margin guidance to, as you pointed out, net income margin to net income margin plus 5% on a non-GAAP basis. And I really think it's, you know, we have more visibility than we did three months ago. And Q1 tracked well, and I think it's a reflection of one where Q1 ended up, but also as we look at the guide and we look at our pipeline going forward, uh you know and our success with uh renewals and our expectations there um we you know we feel comfortable that uh we'll be uh even a better place on cash flow than than than we said three months ago great thank you both your next question comes from the line of brian essex from jp morgan your line is open hi good morning and thank you for taking the question
I guess maybe for Matt, what might be helpful is, you know, on the onset of the pandemic, you know, we saw a pretty meaningful pause in spend, and we saw a downsizing deal phasing, shorter contract duration. Could you maybe compare and contrast, you know, what you're seeing now versus what you're seeing then? I recall, like, you know, right after that, we had, what, like, SolarWinds and Log4J, and everyone kind of, like, trued up and realized the value of PAM and kind of trued up the deals, and you saw a reacceleration. But how does the, I guess, recognition of the critical nature of PAM and the process of approval and coverage inside your customer base, how do things differ now compared to when we saw that pause a few years ago?
Yeah, as we look back on Q1 and out towards the year ahead, you know, we just, we don't see that pause in business. We see our ability to be able to generate record pipeline. We see our ability to be able to go out and be at the top of the list of priority at our customers. We see the conversations continuing to progress as we've been talking about. And I do think I pull it back to where you hit, which is we are in a different place in terms of our portfolio, our solutions, and the maturity of the market and an understanding of the critical nature of the solutions that we sell. The recognition of what it really means to secure identities and the importance of identity in the attack vector and protecting against the attack vector, it's just tremendously better. It's a good position to be in. I think we show up now with a broad base of solutions and a platform to sell. And it lends itself to better customer conversations and a better market backdrop despite, obviously, macros being on everybody's mind.
Right, right. That makes sense. And maybe we could just circle back to one of the comments made on seed expansion. Any impact this quarter or recently from headcount reductions in your customer base and how they might be thinking about rationalizing their labor footprint and how that might impact your business?
No, we're lucky from that perspective, as I said, that the notion of privileged accounts and privileged identities proliferates regardless. And so when you look at customers that may or may not be in difficult economic situations in certain verticals or industries, I don't think there's a correlation between their decision on headcount and what they need to buy from CyberArk. So that's not one of the things that we worry too much about.
Great. That's a helpful color. Thank you.
Your next question comes from the line of Jonathan Rickhaver from Kantor Fitzgerald. Your line is open.
Good morning. Thank you. So in the past, the company has emphasized the sales motion for adaptive or access is largely install based adoption. So the question I have is given your large enterprise install base, I would think that some portion if not a large portion of those organizations have an existing IAM solution. So how do you see that? How much of that might be greenfield? And then also, if you could also just touch on the go-to-market strategy given the too large and successful incumbents within that market already.
Yeah, sure. So I think as we talk about the access business for us continues to accelerate. in a nice way and become a more meaningful piece of our overall business. And I think that when you look within the customer base, it is somewhat surprising to people how many customers are either completely on legacy solutions or more often than not actually have multiple solutions throughout different divisions, through acquisition, through other kind of vendor sprawl that's happened within their organizations on the access side. And so we do feel like there is this rich opportunity within our customer base to rip and replace legacy solutions, obviously competing against those two significant competitors in that space, but not having to replace those competitors in that space in order to be able to win. You know, from time to time, we're in a conversation about a replacement for sure. But it really is the opportunity here to go in and rip and replace those solutions. I also want to emphasize the notion, and it will connect to your point of how we differentiate or compete, that our solutions in that portfolio, for example, Secure Web Sessions, can sit on top of any IDP. And so even if there is an embedded Microsoft account, we can go in and still talk to them about our overall identity security story And we can talk to them about how they can still take advantage of a more secure way of doing single sign-on and connect it back to privilege controls and back to the overall identity security platform. And so that becomes our special sauce when we're differentiating. It's not my SSO is better than your SSO. It's my identity security platform with strong SSO and MFA can keep you more secure than their SSO MFA. And, you know, again, that's becoming more and more of our talk track. Our team's becoming more and more comfortable with that talk track. And that will be what drives the growth going forward as we continue to, you know, increase our position in that space. Again, as you said, you know, two very formidable competitors directly in the access space.
Your next question comes from the line of Hany Kutari from Baird. Your line is open.
Hey, this is from bed. Thanks for taking my question. Congrats on the first quarter, Matt. So one for you and one quick follow up for Josh. Matt, you mentioned about AI that's shaving the cyber landscape and weaponized AI in particular with organizations becoming more vulnerable to attacks that are difficult to detect. You gave an example of a customer, the Fortune 100 transportation company, who cited the threat and That was a key motivator in the expansion deal. Can you talk a little bit more about AI as a driver this past quarter? And in terms of the pipeline, what do you see in terms of the opportunity ahead? And then one quick follow-up for Josh.
Yeah, I think in any market, there are things that help to educate the market, sometimes through fear, that gets the market more ready and understanding of new solutions that they need. And I think AI, because it's captivated so much attention, helps with that from a market perspective. For sure, we and we're going to talk about it at our impact event, which hopefully many of you will join. We're going to talk about this idea of what does a weaponized AI look like and what is the attack path and what can you do about it? But the reason why we're emphasizing it is not because right now the notion of weaponized AI is the single most important attack path for for organizations, but what it does is it wakes organizations up to the notion that detecting threat is not enough. We actually need to control the threat. And the only way to be able to do that in some cases is by controlling or securing identities. And so I'll give an example here, which is at the endpoint, and this is what the customer that you were referring to was talking about, at the endpoint, you would be silly. to not have an EDR installed. Let's be clear. We believe in it. If our own IT department was installing a new environment, they're going to put an EDR of some sort on the location. But if you can get around that EDR or more significantly, if you can turn off that EDR because there's local privilege controls and local admin controls sitting at that endpoint, then that EDR is relatively useless. And AI is a way that you can weaponize that approach and figure out your attack path to be able to get in, get credentials, and actually turn off the EDR itself so that it no longer can detect. Our EPM solution removes the ability to be able to make changes on the local endpoint, on the local desktop, on the local server. And by doing that, you're actually ensuring your investment in your EDR system because you're now going to make sure that it's there, it's available to do what it does really well, which is to detect and respond. And so the AI concept is more of a concept at this point in time, although we'll talk through some more details. But what it does is it wakes organizations up. It shakes them and says, assume breach. Assume that they're going to get in. Now, what do you do to control? And that's where CyberArk comes in because we're all about security and control.
Your next question comes from a line of Andrew Nowinski from Wells Fargo. Your line is open.
Great. Thank you for squeezing me in. So I just wanted to kind of go back to gross margin. It was slightly better than expected. Do you think an increase in discounting might have prevented some of the downsizing of deals? And is that a tool you would consider using to get some of these deals over the finish line throughout the course of the summer?
Andrew, hi. You know, I don't think that that, you know, our... I think you're referring kind of to our pricing with regard to the gross margin?
Yeah, I mean, if the deals were downsized, I'm just wondering if you could have offered any better, more aggressive pricing on it to help get the full deal size.
I'll let Matt take that a second. I think from our perspective, gross margin, We would not have seen that as necessarily the tactic, but I'll let Matt talk on the pricing.
Yeah, listen, I think that we're operating in a tough macro environment, and we're always price conscious across the board, and we're understanding with our customers when budget is a core concern, and we're working with those customers to make sure that we can fit within their budget while we're getting, as a partner or as a vendor, our value. We continue to see good pricing even in this environment By the way, we see good pricing on our renewals within this environment. And ultimately, we don't want to force or give away seats if we feel confident that those seats are still going to come our way just a month or two months or five months later. You know, certainly for certain customers, you're trying to get them to buy in and you're trying to get them to take their first bite. And when that happens, you're aggressive or you work with them on price. But But overall, I'm pretty confident in how we approach the market from a pricing perspective. We're flexible when we need to be. But at the end of the day, we're actually creating a business for the long run. And we want to make sure that we're delivering value and then we're receiving the right level of value back in the deals that we sell.
And we have reached the end of our Q&A session. I will now turn the call back over to CEO Matt Cohen for some final closing remarks.
Thanks. So I want to thank our employees for their hard work and commitment and our customers and partners for their continued support. As I said, it's been a wonderful six weeks so far. We're looking forward to seeing many of you, hopefully all of you, over a week from now at our customer impact event where we're going to be able to talk about the latest and greatest of our identity security platform and update everybody on the latest and greatest of the company. So until then, thanks for the call today. Take care.
This concludes today's conference call. Thank you for your participation. You may now disconnect.