SecureWorks Corp.

Good morning. My name is Emily and I'll be your conference operator today. At this time, I would like to welcome everyone to the SecureWorks first quarter fiscal 2025 earnings conference call. All lines have been placed on mute to prevent any background noise. A supplemental slide presentation to accompany the prepared remarks can be found on the company's website. After the speaker's remarks, there will be a question and answer session. If you would like to ask a question during this time, simply press star followed by the number one on your telephone keypad. If you would like to withdraw your question, please press star followed by two. Thank you. At this time, I would like to turn over the call to Kevin Toomey, SecureWorks Vice President of Investor Relations. Mr. Toomey, you may begin your conference.

Thank you, Operator. Good morning and welcome to SecureWorks first quarter fiscal 2025 earnings call. Joining me today are Wendy Thomas, our Chief Executive Officer, and Alpana Wegner, our Chief Financial Officer. During this call, unless otherwise indicated, we will reference non-GAAP financial measures. You will find the reconciliations between these GAAP and non-GAAP measures in the press release and presentation posted on our website earlier today. Finally, I'd like to remind you that all statements made during this call that relate to future results and events are forward-looking statements based on current expectations. Actual results and events could differ materially from those projected due to a number of risks and uncertainties, which are discussed in our press release, web deck, and SEC filings, which you can also find at the investor relations website at investors.secureworks.com. We assume no obligation to update our forward-looking statements. With that, I'll turn the call over to SecureWorks CEO, Wendy Thomas.

Thank you, Kevin, and welcome, everyone. We reached a significant positive milestone with the close of first quarter. This moment was several years in the making as we executed against our strategy to transform our business from a pure play services company into a product-led SaaS business as the foundation for long-term growth and success. We delivered on this transformation in our committed timeframe while delivering even better security outcomes to our customers as a result. we are pleased to move past the financial headwinds from the sunsetting of our non-strategic lines of business going forward. Our TAGES business continued its strong momentum in first quarter, as TAGES revenue grew 10% year over year to $69 million. TAGES annual recurring revenue, or ARR, now stands at $287 million. And we delivered Q1 total revenue and adjusted EBITDA above our guidance ranges. It's important for me to also recognize our progress on profitability. We continue to see further opportunities to benefit from the scale our business model offers, and we remain committed to delivering positive adjusted EBITDA for the full fiscal year. This quarter, we launched new TAGIS modules and capabilities and announced major global partners. Importantly, our unique OpenXDR-based approach is increasingly receiving accolades by the market. This quarter, we were recognized by Frost and Sullivan as a leader in the 2024 MDR radar for our understanding of the industry, customer demands, and for taking a collaborative approach, positioning us as one of the most innovative companies in the space. Our efforts have set us up to drive sustained growth with a business model that has a proven ability to scale, underpinned by our unique cloud architecture, and advanced automation and AI capabilities. Specifically, for first quarter, I'll highlight several important results. We delivered expanding gross margins, with Tagus gross margins improving 430 basis points year over year. We added marquee global partners who recognize the strength of Tagus in our security expertise and who further broaden our reach and expand our addressable market. We launched to TAGIS modules. New products propel expansion and retention with our customers and allow us to further increase our industry-leading TAGIS average revenue per customer of $145,000. With our other MSS business reaching end of life, we can be singularly focused. All of our go-to-market and product development resources are focused on our go-forward business. with the opportunity to accelerate innovation even further through both add-on and native security products within the R&D envelope. To that end, we made two significant product advancements for our customers in first quarter. First, NDR, network detection and response. For context, the dominance of cloud applications and hybrid workforces with the growing return to office have created a surge in network traffic. up over 20% in the last year. Adversaries are taking advantage of these increased volumes to lurk unseen and slip past cyber defenses. With threat actors obfuscating their behavior, legacy network controls, such as IDPs and firewalls, are no longer able to keep pace, nor offer sufficient protection against evolving adversarial tactics. This quarter, we launched TAGIS network detection and response to help organizations protect against these threats. SecureWorks NDR closes the gap to detect network-based attacks and anomalous insider threats and comply with the ever-growing audit and compliance requirements. TAGIS NDR furthers TAGIS's defense-in-depth approach with a full prevent, detect, and respond set of capabilities. The key differentiation of TAGIS NDR lies in its design to add context to the detection of adversarial behavior and stop threat actors from traversing the network with no interruption to business traffic. NDR provides a complete picture of all internal traffic, not only moving between endpoints, but also traffic entering and exiting the network at the edge with added visibility into hypervisor attacks, all managed centrally within the Tagus UI. Endpoint solutions alone are not sufficient. Organizations often have operational control gaps or technology gaps where they cannot apply or deploy an EDR, leaving them vulnerable if they do not have an NDR in place. Tagus NDR simplifies security management by eliminating the burden of device management through a fully managed cloud offering with on-premise protection, saving customers time and resources that can be deployed elsewhere. And Tagus's AI engine uncovers hidden threats with AI-powered behavior detection, and NDR goes beyond detection to prevention, automatically blocking threats in real time, blocking nearly 1 million threats per month, and preventing 99% of malicious activity identified across all network traffic. The second product advancement that I'll highlight from first quarter is squarely aimed at solving one of the most entrenched pain points in cybersecurity, protecting against software vulnerabilities. As our Counter Threat Unit's recent State of the Threat Report documented, software vulnerabilities remain one of the largest risk factors for organizations, representing a third of initial access by threat actors in successful breaches. Organizations are faced with an overwhelming and growing number of software vulnerabilities to be mitigated, taxing both security and IT resources in the process. With Tagus VDR and prioritization, We offer the first security platform that integrates and unifies two worlds. Vulnerabilities with threat detection, investigation, and response within Tagus XDR. Ingesting vulnerabilities from both our native vulnerability scanner and third-party vulnerability products, we streamline investigation and remediation workloads. The platform offers tailored vulnerability prioritization. based on each organization's unique threat landscape and operational context. This personalized approach ensures that security efforts are focused on the most pressing threats, improving overall risk management and resource allocation. Furthermore, with C-suite and board attention more focused on cyber risk than ever, Tagus VDR provides an overall health score that helps executives understand their organization's security posture, and prioritize the best way to improve it. This contextual information supports informed decision-making and strategic planning, empowering leaders to drive and demonstrate continuous improvement in their security programs. A great example of customer success with VDR this quarter was a utility company dealing with ongoing resource constraints in prioritizing and remediating the high-risk vulnerabilities in their environment. Cages VDR's risk-centric prioritization engine has drastically improved their timely remediation of high-risk IT vulnerability backlogs. Our dashboard also solved their need to provide meaningful visibility into their risk posture to their senior leadership and stakeholders. Bringing together the combination of our vulnerability and alert prioritization engines, each differentiated in their respective markets, integrated with the real-time threat observability of our XDR platform, We are redefining integrated vulnerability management programs to provide for unmatched security operations. Moving to an update on our go-to market, this quarter we continue to expand our partner ecosystem across tech alliances, solution providers, managed services providers, and cyber insurance partners with leading providers in each category. For example, we recently announced a managed security services provider partnership with SoftBank. one of the largest multinationals in Asia Pacific. SoftBank joins more than 50 MSSPs in our partner ecosystem, providing further validation of Tagus's ability to drive scale for large MSSPs with global footprints. Building on our decade-plus market presence and leadership position in Japan, we've seen early traction with this partnership, with the onboarding of new customers well into the double digits since deploying Tagus. We also launched new capabilities for our partners to customize and further scale their MDR offerings. Partners can write and port their own custom detectors supported with their proprietary threat intelligence additions, enabling them to show unique differentiation for their customers. We also delivered capabilities to support their operating efficiency with enhancements to securing diverse technology stacks with a federated multi-tenant approach. enabling our partners to manage thousands of customers at scale while segmenting access seamlessly. As a growing number of end customers look to consolidate vendors, our platform approach to supporting a wide remit of third-party controls makes us the vendor of choice for MDR providers to expand their addressable market. Our investments to offer native security controls and capabilities in CAGIS from SOAR and EDR And NDR and VDR means partners have a path to meet customer desires for consolidation, while enabling our partners to grow more profitably. A good example of vendor consolidation comes from a partner deal to replace a legacy SIM at a large property developer in EMEA, looking to consolidate Endpoint and other vendors feeding and managing their SIM. This customer was looking to address alert fatigue from a stream of false positives. consolidate prevention capabilities, and automate investigation and response actions holistically across their diverse and multi-cloud technology stack. Our ability to go live quickly with their existing stack while providing the path to consolidation as various contracts came up for renewal met the desire from their executives for a fast path to risk reduction while also reducing vendor sprawl. On the cyber insurance partnership front, We also entered into an incident response partnership with Tokyo Marine and Ishido Fire Insurance Company, a market-leading insurance company in Japan. Cyber risk partners come to SecureWorks to not only respond to incidents, but also to reduce breach exposure for their customers by leveraging our portfolio of solutions. The power and peril of AI continues to be top of mind for customers. AI has always been core to the design of Cages and our security solutions as fundamental to outpacing the adversary and, combined with automation, underpins the expanding scalability of our business. Some examples of Cages' leverage of AI in its various forms apply to several areas. First, security analysis efficiency and efficacy. Through continuous iteration and feedback from our expert analysts, we achieved significant reductions in false positives, leading to a more efficient and effective security operation. Game-changing capabilities, like automated investigations, provide near instantaneous summaries of complex threat actor behavior, enhancing analyst accuracy and productivity by seamlessly integrating AI and automation into their investigation and response workflow. Second, superior detection. Our security flywheel starts with cutting edge threat and detection research and thousands of IR engagements each year, which are fed into TAGIS via threat intelligence, watch lists, and tactic graphs. When coupled with expertise from our data scientists and engineers to build our proprietary advanced detectors, TAGIS operates at a high signal to noise ratio to find things that the competition cannot. Our alerts are fed into our SecOps pipeline and constantly curated enabling our machine learning algorithms to predict and scale what our analysts are focusing on. With machine-readable threat intelligence updating our detectors every hour, TAGES powers superior detection with unmatched speed. Lastly, faster response time. We leverage large language models to explain detection logic, complex command lines, and esoteric third-party alerts, as well as draft key findings for investigations and automate response actions. accelerating investigation time, and reducing time to respond. From detection and triage to investigation and response, AI empowers us to enhance detection capabilities, streamline operations, and ultimately better protect our customers. This quarter, our innovations in AI to deliver meaningful return on investment for our customers and partners was recognized by receiving the CIO 100 Award for Integrated AI for Better Security Operations In conclusion, demand for our Tagus platform and offerings remain strong. We are fulfilling the promise that is the foundation for Tagus by adding features and capabilities to protect against the initial access vectors, including vulnerability, identity, and email compromise. Providing organizations with holistic coverage and a multilayered cybersecurity strategy to outpace and outmaneuver the adversary. using AI and machine learning to drive automation and efficiency through every aspect of the platform. We have and will continue to deliver innovations to meet the security needs most valued by our customers and partners. We remain confident that our unique, open-without-compromise approach has opened the door to continue expanding our successful partnership ecosystem. Cages is the platform of choice for organizations in an environment where vendor consolidation and scaling spend on both security technology and talent is key, simultaneously helping organizations deliver an improved security risk posture and outcomes. This underpins our growth strategy now and in the future. Thank you for investing in our mission to secure human progress. With TAGUS defining the future of threat detection and response, driving long-term sustainable growth and value creation. And thank you to our customers and partners for joining forces with us. With that, I'd like to hand the call over to Alpana to cover our financial results and guidance.

Thanks, Wendy. Good morning, everyone. I will review our Q1 results before I provide expectations for Q2 and fiscal year 25. We once again hit our financial commitments in Q1. We delivered total revenue of $86 million above our guidance range of $83 million to $85 million, primarily due to professional services revenue. Total revenue continues to be impacted by the wind down of our non-strategic legacy business, which represented 15 points of the 9% decline year-over-year. CAGE's subscription revenue was $69 million, up 10% year-over-year. CAGE's ARR increased 7% year-over-year to $287 million, which was in line with our expectations. We ended the quarter with 2,000 Tagus customers, and our average revenue per Tagus customer was $145,000. On a year-over-year basis, Tagus ARPC was up 10% in Q1 and remains a premium to the industry average, underscoring the value that Tagus provides our customers. As our Tagus pricing is largely on a per-endpoint basis, Growth in endpoints is another indicator of platform expansion. Our endpoint count grew 11% year-over-year in the first quarter. Our Q1 operating results were strong, reflecting our continued focus on operational efficiencies, productivity improvements, and cost discipline. Q1 non-GAAP TAGIS subscription gross margin expanded 120 basis points sequentially to 74.3%. and showed an improvement of 430 basis points versus first quarter a year ago, driven by automation, continued cloud architecture scaling, and by leveraging our AI and machine learning capabilities. Total gross margin expanded by 1,000 basis points to approximately 70% in the quarter. Adjusted EBITDA was 6 million, exceeding our guidance of break even to 2 million, and an improvement of 26 million from Q1 of the prior year. The Q1 outperformance was driven by the revenue performance I just discussed, acceleration of the elimination of a portion of our redundant costs, and the push in timing of certain discretionary spend to later in the year. GAAP net loss was $36 million for the first quarter, or $0.41 per share, compared with GAAP net loss of $31 million, or $0.36 per share, in the same period last year. GAAP net loss reflects $26 million in non-cash tax expense for valuation allowance recorded as a result of our tax deconsolidation from Dell Technologies effective in Q1 of this year. Non-GAAP net income was $4 million, or $0.05 per share, compared with non-GAAP net loss of $17 million, or $0.20 per share, in the same period last year. Turning to the balance sheet and capital allocation. We ended Q1 with a strong balance sheet with $47 million in cash, no debt, and an undrawn $50 million credit facility. We used $13 million of cash from operations compared with $41 million used in the prior year period. The decreased use of our operating cash is driven by our focus on cost discipline, reduction in duplicative costs, and increase in operational efficiencies. As a reminder, our cash flow can fluctuate from quarter to quarter, and first quarter is seasonally, the highest use of cash primarily due to annual incentive payouts and the timing of equity compensation related taxes. Now turning to our second quarter and full year 25 guidance. For Q2 fiscal year 25, we expect total revenue of 80 to 82 million. Adjusted EBITDA to be between 1 and 3 million. Our outlook for Q2 EBITDA reflects the timing difference in completing the revenue wind down of other MSS in Q1, and the remaining redundant costs, which will be eliminated in the second half of fiscal year 25, as well as our expectation for lower non-strategic professional services. And we expect non-GAAP EPS to be break even to two sets. For the full year fiscal 25, we now expect total ARR to be $300 million or greater, Total revenue of $325 to $335 million. Total gross margins to be 68%, inclusive of TAGES gross margin to be 74%. Adjusted EBITDA to be between $6 and $12 million. Non-GAAP EPS to be between $0.03 and $0.09. Cash flow from operations to be between cash used of $2 million and cash generated of $8 million. And we expect CapEx to be in line with fiscal year 24. In closing, our Q1 results give us confidence in our ability to meet our 2025 outlook. We will continue to invest in our growth strategy through opportunistic investment in sales and marketing to accelerate traction with partners and investments in product development on new and innovative capabilities, both add-on and native security products, to deliver additional value to our customers and partners, while remaining committed to EBITDA profitability as we continue to drive scale in our business. Thank you for joining us on the call today. Wendy will now rejoin us as we begin Q&A. Operator, can you please introduce the first question?

Thank you. As a reminder, if you would like to ask a question today, please do so now by pressing Start, followed by the number 1 on your telephone keypad. We will now take our first question, which comes from the line of Flackett Carlier with Barclays. Please go ahead. Your line is now open.

Okay, great. Hey, Wendy. Hey, Alpena. Thanks for taking my questions here.

Good morning. Hi.

Wendy, maybe, hey there. Good morning. Wendy, maybe to start with you, you know, as you know, there's been some consolidation in the SIM market recently. And I found some of your customer examples in the prepared remarks really interesting just around SIM. So the question maybe is, what are you hearing from customers today about how they're thinking about their sims right now, given some of these changes. And how do you think Tejas could benefit in that backdrop?

Sure. Thanks, Saket. So we've been talking about this consolidation for some time, but it really has now begun in earnest.

And you certainly see that in some of the legacy players looking to consolidate.

But in terms of customers, what we see as the opportunity is not just the SIM replacement, but as an XDR platform with both native controls and capabilities across EDR, NDR, VDR, orchestration, threat intelligence, it means that there is a broader consolidation play going on in the marketplace that we can take advantage of.

It's more than SIMs or even legacy MDRs.

It's some of these point products that really are features or capabilities of an integrated platform. And so when you think about our ability to serve as sort of that control hub for both our own native controls or a mixed tech stack or set of control environments, you not only provide the most optionality for customers to reduce vendors, get better total cost of ownership with SecureWorks,

But given our experience, which we've just completed, of re-solutioning our MSSP customers, we are uniquely positioned to provide customers with the playbook and, frankly, the reference customers that demonstrates our ability to mitigate their risk and streamline the process of them transitioning controls and or replacing their SIMs without missing a beat. And it's why we've seen not only our customers come to us to replace their SIMs, but MSSPs that we've signed as well, because they see the opportunity not just for better security outcomes for their customers, but better margins for their business, and we don't have to buy those customers in the process.

Got it. Got it. That's actually super interesting.

Alpana, maybe for you for my follow-up, I believe the ARR from the other MSS business here is really de minimis at this point. But maybe curious, where are we sort of in the arc of subscription revenue? And where does that sort of bottom before we start to see sequential growth? I mean, clearly that transition has happened on ARR. Revenue, of course, always lags that. Where are we sort of in that arc, if that makes sense?

Yeah, thanks for the question, and good morning again. So you're right in that with the completion of the end of life at the end of this quarter, Q1, we have very de minimis amount of remaining ARR. So, effectively, we're 100% at this point, TAGIS ARR. So, as we look ahead, just on the subscription line alone, I would say that, you know, we feel good about the second half of this year, seeing that sequential growth start to come through. As we mentioned in our commentary, you know, we continue to see good performance on the And with that being the full concentration of our book from a subscription standpoint, that's what's giving us the confidence as we look at the second half of the year and expecting that sequential growth to come through.

Got it. Makes sense. I'll hop back in queue. Thanks, guys.

Thank you. Thank you.

Our next question comes from Mike Seacoast with Needham. Please go ahead. Your line is now open.

Hey, good morning, team. This is from Mike Secos over at Needham. Thanks for taking our questions. I was wondering, what can you tell us about your assumptions for the slope of net new ARR in the back half of the year, now that the drawdown of other MSS is complete?

Yeah, good morning. Thanks for the question. And this is Alpana. I'll maybe start, and then Wendy can add in if there's something there that I missed. I would say that we were, when we guided at the beginning of the year, we had taken into consideration several factors. Those factors haven't really performed any differently as we look at the performance from Q1 and as we look ahead. And so, we would continue to expect to see, as we've discussed in our last call when we set that guidance, we continue to expect to see similar sequential performance on the ARR line and again those primary factors that shaped that thinking was really the macro environment and what we're seeing from buying behaviors q1 didn't didn't didn't veer from that we've kind of seen steady state and and we continue to see good demand the the cybersecurity spend prioritization is still there and we do think is them from a macro perspective as we see the market gaining some resiliency. We expect that to continue to improve. And really, you know, our view is we're kind of in a steady state right now as we're progressing through the year, just being somewhat measured on how we think about that arc, as you're asking about.

Okay, very helpful.

And then last quarter you called out deals both being pulled forward and closing earlier in the quarter. Was there anything to call out this quarter in terms of pull forward or linearity and any comments on what was driving that and expectations for the rest of the year?

We did talk about that in fourth quarter.

We did not see anything of that nature kind of pull forward or acceleration, which you often see kind of at the year end and fourth quarter seasonality-wise, we tend to have to see really strong fourth quarters and more moderate first quarters.

People are sort of getting their budgets under their belts and that kind of thing. So nothing of that nature this quarter that we would call out as a caution against second quarter.

Okay, good. Thanks so much.

The next question comes from Hamza Fodawalla with Morgan Stanley. Please go ahead. Your line is now open.

Hey, good morning. Thank you for taking my question. A nice revenue beat in a difficult demand environment. I'll just keep it to one question for you. I'm curious how you're feeling about the capital position, the financial condition of the company. You spoke about having a good amount of cash on the balance sheet. Obviously, the revenue is still in decline, but that decline seems to be moderating. But I'm curious how you feel about the position of the company and the health of the company going forward. Thank you.

Yeah. Good morning, and thanks for the question. As you mentioned, we do feel good from a balance sheet perspective. The cash that we have on the balance sheet is certainly in a position to be able to have the appropriate balance sheet from a working capital perspective. And as I mentioned in my prepared remarks, we also believe that the current operating leverage that we have in the business allows us to invest in some key areas from a growth perspective, particularly as we look ahead in the year. both from a marketing and a demand and a go-to-market perspective as well as from a product. I think as we look ahead to the year and as we've shared, you know, we see that sequential growth in revenue coming back in the second half of the year, which I think also helps us from a positioning perspective to feel that we've got good stability and sustainability in the business. And we're continuing to see good operating leverage at the gross margin line. And so we really feel like we like what we're seeing from how the business is performing in Q2. As we've indicated previously, we do expect to be a bit of the bottom, both from a top line perspective as well as the bottom line, with some of the redundant costs remaining in Q2, but we see that coming off in the second half. As I look ahead, you know, the second half has some key milestones ahead for us, and that will just continue to give us a higher degree of confidence in the balance sheet and in the operating leverage that we have.

Thank you. And then Chuck.

Thank you. Thank you.

At this time, we have no further questions. As a final reminder, if you wish to ask a question today, please press Start followed by the number 1 on your telephone keypad now.

We have no further questions, so I'll turn the call back to the management team for any closing comments.

Okay, thank you very much. That wraps the Q&A for today's call. A replay of this webcast will be available on our investor relations page at secureworks.com, along with our supplemental web deck and additional financial tables. Thanks again for joining us today.

Thank you, everyone, for joining us today. This concludes our call, and you may now disconnect your lines.