ZeroFox Holdings, Inc.

Thank you for standing by, and welcome to the ZeroFox Fiscal Third Quarter 2024 Results Conference Call. At this time, all participants are in listen-only mode. After the speaker's presentation, there will be a question and answer session. And as a reminder, today's call is being recorded. I would like to turn the conference call over to Todd Weller, Vice President of Investor Relations for ZeroFox.

Thanks, Operator. Good morning, and thank you for joining us today to review ZeroFox's Fiscal Third Quarter 2024 financial results. With me on the call today is Foster, our founder, chief executive officer, and chairman, along with Tim Bender, our CFO. By now, everyone should have access to our earnings press release. This press release, as well as supplemental financial information, can be found on our investor relations website. During this call, we may make forward-looking statements, including statements related to our anticipated financial results growth opportunities in external cybersecurity, our progress to achieving profitability, and expected benefits from our acquisitions of IDX and Looking Glass. These statements are not guarantees of future performance, but rather are subject to a variety of risks and uncertainties. Actual results could differ materially from expectations reflected in any forward-looking statements. Please review our earnings press release and recent SEC filings for a description of these material risks and uncertainties. Forward-looking statements made today speak only to our expectations as of today, and we undertake no obligation to publicly update or revise them. Additionally, non-GAAP financial measures will be discussed on this conference call. Please refer to the tables in our earnings release and the investor relations portion of our website for reconciliation of these measures to their most directly comparable GAAP financial measure. With that, I'd like to turn the call over to Foster.

Thanks, Todd. Good morning, everyone. Q3 was a record-setting quarter for ZeroFox. We delivered another strong top-line outperformance while also generating positive free cash flow for the second consecutive quarter. We believe that our outperformance reflects the growing demand for our external cybersecurity platform, demonstrates our team's consistent execution, and validates our balanced approach to growth and increased profitability. Today, I'm going to provide summaries on key areas of our results, share a few customer success stories, and provide updates on our one-platform vision and discuss our plan to close out this year. As you may have seen in our press release this morning, we reported strong results. We reported core revenue of $44 million, an increase of 89% year-over-year, and we defined core revenue as total revenue less revenue from our one large government contract. We ended the quarter with record ARR of 186 million, an increase of 21% year over year. And we accomplished this while also improving profitability and generating positive free cash flow quarter over quarter. Overall, I was very happy with our team's performance in Q3. The ZeroFox platform is relied upon by enterprise customers to solve their external cybersecurity challenges. And we continue to see demand for our platform's four strategic pillars including protection, intelligence, disruption, and response. Our continued success with enterprise customers was reflected in the 27% year-over-year growth in subscription customers with ARR greater than $100,000, and in general, our overall growth in large enterprise deals. Given the U.S. federal government's fiscal year-end during the middle of our Q3, I thought it was relevant to highlight our public sector business this call. with a very strong performance with record bookings, new customers, and public sector ARR. In Q3, we signed an eight-figure renewal and expansion with a strategic U.S. federal agency that is focused on cybersecurity. Through this contract and program, Xerofox is supporting critical cyber threat intelligence, cyber defense, and security operations across hundreds of federal, state, and local government organizations. We also signed a multimillion-dollar renewal and expansion with the U.S. Cyber Defense Agency that is using Xerovox to protect thousands of personnel from advanced digital attacks. Over the last three years, this customer has significantly increased their adoption of our platform and specifically, over the last two years, has more than quadrupled their ARR with us. Our team always takes great pride in supporting mission-aligned organizations with critical capabilities. We also added two additional six-figure customers that purchased six plus modules across our protection, intelligence, and disruption pillars. While public sector business benefited from the end of the government fiscal year and its seasonally strong spending, we believe there are underlying fundamental drivers that give us confidence in the future growth outlook and our one-platform approach. For example, the current geopolitical environment is amplifying the intensity and sophistication of the external threat environment and driving increasing awareness of the critical need for organizations to defend themselves against activity from nation state adversaries and organized cyber criminal groups. The days where insider threats were a top concern for CISOs are behind us. Today, our customers are thoughtfully protecting themselves from a myriad of external threats that are beyond their perimeters and most frequently beyond their borders. Turning to our on-demand response services, we experienced another record quarter, resulting in year-to-date revenue growth of nearly 100%. Our strong performance was driven by continued high levels of cybersecurity breach activity, including a significant increase in large-scale breaches and our continued success in capturing market share. We signed several six-figure deals as well as three seven-figure deals, including one with a large gaming and hospitality company. The market is recognizing our differentiated vision, brand, and one platform approach to helping customers navigate the increasingly complex emergency response and notification requirements, especially for regulated organizations. Furthermore, these requirements are becoming more stringent with the new SEC cybersecurity incident disclosure requirements for publicly traded companies. While we remain optimistic about our response services business, the go-to-market engine we are building, and the trust we are creating with our customers, it's important to remember that the response business is largely reactive and macro-driven. For example, major events and cyber cleanup campaigns like MoveIt, Log4J, or the fallout from SolarWinds are largely time bound and come in waves. And as you know, the great thing about things that come in waves is that there may be peaks and valleys, but it's just a matter of time until that next great wave hits. With that, I'd like to change gears and spend a few minutes providing an update on our vision. At Xerofox, we believe that solving the external cybersecurity challenge and problem set requires a one platform approach. This has been the driving force behind our strategy and the development of our comprehensive, unified platform with four pillars of capabilities. We continue to see adoption of the modern security triple crown, where security organizations will standardize on internal platforms like Microsoft, CrowdStriker, Sentinel-1, edge platforms like Palo Alto Networks or Zscaler, and an external platform like ZeroClock. Customers have grown tired of the complexity and cost of managing multiple external cybersecurity point products for digital risk protection, threat intelligence, takedowns, and even external attack surface management, a dynamic that has intensified in the current economic environment. We believe that our proven ability to provide an external cybersecurity platform that unifies protection, intelligence, adversary disruption, and response is a critical component of the success of this organization, and it provides us with key competitive advantages. We also believe that our technical EAS and capabilities from our acquisition of Looking Glass will provide immense value to our customers. Organizations need to understand their full external risk, their vulnerabilities in both digital and cyberscapes, and have detailed information on threat actors that are attacking them. This and this alone stands for the robust capabilities required for organizations to defend themselves from these advanced external threats. Furthermore, our team is committed to protecting our customers. It's in the DNA of our company, and quite frankly, it's what motivates us. It's our passion. We're not just AI data scientists, analysts, and engineers. We are true cyber defenders for our customers, and it's a responsibility that we cherish. Speaking of our customers, we had a six-figure new customer win with a large retail organization that is leveraging the power of nearly our entire platform. This customer purchased seven modules across protection, intelligence, and disruption pillars to protect their external tax service. We had another six-figure new customer win with a Fortune 500 financial services company that purchased four modules across protection and disruption pillars as well. This company selected Xerofox based on our ability to protect multiple digital asset types, including brands, domains, and a large number of credit card bin numbers, given our ability and proven capability to do takedowns and disruption at internet scale. We were also able to showcase our full capabilities for a new healthcare customer. This organization initially purchased the Xerofox platform for digital protection, however, During the sales process, they had an urgent need for on-demand response services and capabilities, and they selected ZeroFox for both incident and breach response capabilities. This resulted in a multimillion-dollar deal in Q3. This customer experienced the full value of our one-platform vision in action as we demonstrated our ability to disrupt and respond to aggressive external cyber attacks and, furthermore, protect them from those future attacks going forward. Another example was with an existing technology customer. This customer initially selected ZeroFox several years ago to protect its high-value digital assets. In Q3, the customer significantly expanded the number of digital assets protected and added on on-demand response capabilities, resulting in a 6x increase in their recurring spend. In short, I'm very pleased with our team's commitment to solving customer problems and the pace of innovation of our organizations. As a cybersecurity company, the pace of innovation is critical to ensuring we stay ahead of our customers' relentless adversaries. In Q3, we delivered significant advancements to our phishing and domain protection and global threat intelligence capabilities, specifically in the area of physical security intelligence. As we have always done, we will continue to leverage innovations in AI and machine learning to improve our ability to detect and disrupt threats. Large language models, generative AI, and various other types of computer vision, deep learning, and machine learning capabilities are commonplace in the Xerofox platform. For example, we are now using LLMs and generative AI to help us enhance our finished intelligence and alerted capabilities, as well as evaluate risk for key alerts and attacks we identify. Shifting gears, I'd like to turn our focus to the goals for Q4. as we close out what has been a strong and transformative year for Xerovox. We will continue to execute on our strategic plan to expand our platform capabilities in preparation for next year. We will grow our customer base, and we will continue to increase adoption. We will also continue to prudently invest in our go-to-market engine, our services to support and enable customers, and to optimize our business to improve efficiencies and profitability. We were very pleased with our Q3 cash flow performance and believe this trend reflects our commitment to balancing growth and profitability. Before I turn the call over to Tim for a detailed review of our Q3 financial performance, I would like to share one more customer story with you. I've always enjoyed meeting with customers and hearing their goals and challenges. It's personally been rewarding. In Q3, I had an opportunity to meet with one of our top 10 customers who was also on the Fortune 10 list. During our discussion, this customer described our offering as unbeatable in the marketplace and highlighted the significant ROI they are generating using the XeroFox platform each and every day. They even went up so far to say that XeroFox was saving them hundreds of millions of dollars per year. We ended up agreeing to expand our scope for the third consecutive year, and XeroFox also agreed to help automate and streamline another key external challenge with our platform with them. To me, there is nothing more powerful than the validation of this kind of direct customer feedback, particularly from a customer of this size and sophistication. It feels really good to know that a platform works, a team is committed, and that what we're doing is really helping people and organizations around the world. In short, I love this industry. And with that, I want to thank all of our foxes for their energy, passion, and commitment throughout Q3 and certainly before that. And now I'd like to turn our call over to our CFO,

Thanks, Foster. As Foster mentioned, ZeroFox generated strong Q3 results across both top and bottom line metrics. With the exception of revenue and unless otherwise stated, all financial results we will discuss today are non-GAAP financial measures. Reconciliations between our GAAP and non-GAAP results can be found in our earnings release. This is the first quarter where we can truly present comparative year-over-year financial information although the year-ago quarter excluded three days as our D-SPAC transaction closed on August 3rd, 2022. For Q3, Xerofox reported revenue of $65 million, an increase of 45% year over year. Subscription revenue was $23.7 million, an increase of 51% year over year. And services revenue was $41.3 million, an increase of 42% year over year. Services revenue consisted of $20.7 million of recurring revenue from our strategic government customer and $20.6 million from our on-demand response services. The significant outperformance in services revenue was driven by another record quarter of on-demand response bookings as we benefited from continued high levels of cyber breach activity and continued success winning enterprise deals. As you've heard from Foster, we feel well positioned to continue winning enterprise service opportunities. However, given our significant performance in Q3, we currently anticipate a sequential decline in 4Q services revenue. Our services revenue continues to be less predictable when compared to our subscription revenue. Because of the unforeseen nature of response services, we would encourage investors to look at the performance of our services business on an annualized basis to assess our performance and growth potential. As of October 31st, annual recurring revenue was $186 million, an increase of 21% year-over-year. ARR consists of platform subscriptions, a small amount of recurring on-demand services, and $83 million from our strategic government contract. We ended the quarter with a record high 1,330 subscription customers. As Foster mentioned, in Q3, we saw continued success winning larger deals. we ended Q3 with 182 customers with ARR greater than 100,000, which represented an increase of 27% year over year. Turning to gross margin. For the third quarter, subscription gross margin was 73%, up from 72% in Q2. For Q4, we expect subscription gross margin to be consistent with Q3 levels. As expected, services gross margin of 18% was consistent with Q2. Services gross margin continues to be impacted by a higher mix of notification services driven by the mix of large deals. Given the continued impact from large deals in Q4, we would expect services gross margin to be relatively consistent with Q3 levels before returning to more normalized historical levels over the course of fiscal year 25. Total gross margin was 38% consistent with Q2. As we look to Q4, we would expect gross margin to increase slightly from Q3 levels, driven by a higher mix of subscription revenue. We continue to see opportunities to improve our overall gross margin as we scale our business, and we expect our higher margin subscription revenue to become a greater portion of our overall revenue mix. Turning to operating expenses. Total operating expenses were $27 million in the quarter. The sequential decrease in operating expenses was driven by lower R&D and G&A expenses, resulting from acquisition cost synergies. Our loss from operations was $2.5 million, a significant improvement from $4.8 million in Q2. Looking at the balance sheet and cash flow, we ended the quarter with $30 million in cash, $38 million in accounts receivable, $88 million in total deferred revenue, and $194 million in total outstanding debt. In Q3, we generated cash flow from operations of approximately 1.8 million and free cash flow of approximately 1.6 million. Our Q3 cash flow performance was positively impacted by the timing of collections from our enterprise customers and also reflects our focus on improving profitability. We are committed to enhancing our financial position and are considering various options to strengthen our balance sheet, manage our convertible debt, and optimize our capital structure. We will continue to focus on sustaining our strong business fundamentals and improving profitability. Now to our outlook. Our outlook assumes no material changes in the macro environment. Demand for our external cybersecurity platform remains consistent and assumes that no incremental outsized response deals close within the quarter. For Q4 fiscal year 24, we currently expect revenue to be in the range of $56 million to $58 million, and non-GAAP loss from operations to be in the range of 5.8 million to 4.8 million. For fiscal year 24, we currently expect revenue to be in the range of 228.7 million to 230.7 million, and non-GAAP loss from operations to be in the range of 21.4 million to 20.4 million. We continue to focus on profitability. Consistent with what we said last quarter, we expect free cash flow for Q4 to be at or near break-even And as we begin to look at fiscal year 25, we now expect that we will achieve free cash flow on an annual basis. To conclude, we are pleased with our three Q results, for which we again exceeded top and bottom line expectations and are raising guidance for Q4. With that, we'd like to take your questions. Operator?

Thank you. If you'd like to ask a question, please press star 11. If your question hasn't answered and you'd like to remove yourself from the queue, please press star 11 again. Our first question comes from Joseph Gallo with Jeffries. Your line is open.

Hey, guys. Thanks for the question. You said that you're assuming macro stays the same in your guidance, but you raised full-year revenue by more than the beat in the quarter, which was really impressive. So maybe just talk through where some of the incremental positivity is coming for 4Q. And then just on macro, How are your customers thinking about their calendar 24 budgets?

Yeah, good morning, Joe. Thanks for the question. I think we'll tag team this one here. So on the macro, I think you've got to see us execute here now. We had a really strong Q3, and so timing of subscription as well as some of those large services deals will help us. not only with the foundation for Q4, but we see some opportunity, as you saw, to raise guidance above beat for Q4. So I think that's exactly what we did. You know, in general, with the macro environment that we're seeing right now, we haven't really seen a slowdown in large deals, and we've seen some of the pressures maybe in other parts of the world that were there in previous quarters, you know, improve. in the last quarter or so. So I think we're pretty, pretty bullish about Q4 and excited to kind of finish out the year strong.

And Joe, this is Tim. I missed your second half of the question on this, but I think you're asking about calendar 24 next year's budgets.

Yeah. Just as far as like the macro conversation, like when you're talking to your biggest customers, right. You said you're assuming macro stays the same, but you know, how are they feeling? How are they thinking about calendar 24 budgets? Is that fresh P and L that you can attack?

Was that, again, I think it's similar, just, you know, again, you know, our platform strong and we'll compete at that level. And I think from that standpoint, customers see the value in our platform and we're going to continue to win customers. So I don't think there's any real material change as it relates to how customers thinking about spending on external next year.

Okay. Thanks.

And then I double click on that for your Joe too, is we, as an organization continue to try to strike this healthy balance between growth and profitability. And so going into Q4, profitability is still a top area that we're continuing to optimize the business around. You know, we had nice growth in free cash flow quarter over quarter, and we're going to continue to refine and improve the business there. We're not done growing profitability here. That's for sure.

You must have a crystal ball because that kind of leads into my second question, which is just, you know, great to see the second straight quarter of free cash flow positive. and strong margin performance. You mentioned synergies being a large driver of the margins. How should we think about incremental synergies or leverage as we enter calendar 24? That's all from me. Thanks.

Yeah, thanks. We did have a nice outperformance in the quarter, right? I mean, our subscription gross margin ticked up a point quarter over quarter between Q2 and Q3, a little earlier than we had in our plan, which was nice to see. We think that we'll have the ability to continue to kind of continue to run that ahead of plan or maybe even take up a little bit in the next couple quarters. You know, our long-term plan for this organization continues to take up our subscription gross margin in a meaningful fashion in the coming years. You know, we think we've been able to improve margin by one to two points roughly every year, year and a half for the last half a decade. And we can continue that same cadence for the next half a decade. So that's kind of like point number one. And I think it was, you know, in terms of profitability, right, the market has said and the market is rewarding those organizations that continue to find optimizations. We acquired Looking Glass two quarters ago. I mean, when you think about acquisition synergies, we've done a really nice job with that organization. We've got really strong talent we brought into the fold. But our acquisition synergies in the tail around some of those things are going to take quarters still to play out. You know, they had some leases and some other long tail contracts. that we've synergized our platforms, but we've just got to let those things run out. So you will see improvements in overall operating expenses, G&A, and other areas of the business continue to play out in the coming quarters, which will result in a higher chance for profitability.

Thanks.

Yep.

Thank you. Our next question comes from Brad Reebok with Stiefel. Your line is open.

Great. Thanks very much. Deferred revenue contribution was very strong in the quarter. I think it was positive 21 million. Can you guys talk to where those payments came from? Thanks.

Sure. Thanks, Brad. I'd say they are driven by two certainly enterprise quality deals. As Foster mentioned in the talking points earlier, we had that large eight-figure public sector deal that was a nice renewal that came in kind of towards the middle end of the quarter. And then we mentioned the large breach response with the large gaming company, and that as well came in late in the course. So those two alone were the significant contributors to the increase in deferred revenue.

That's right. I will say that the public sector customer that Tim just referenced was not only a renewal but an expansion, which was nice to see that we were able to continue to kind of expand the adoption and expand the value that the government is getting from that program. And then on that large gaming contract, it was also nice to see that we extend that protection from kind of a regulated one-year requirement to a two-year contract with that organization. So we are seeing our customers kind of adopt more of the platform and feel more comfortable where they're also doing larger TCV-based contracts in addition to large HCV-based contracts.

That's great. And Foster, maybe... switching our focus to subscription revenue, how should we think about the long-term sustainable organic growth rate for that line?

Yeah. Yeah, look, I think we're, right now, if you look at the lines, we're in the 20s, Brad. We see an opportunity to improve that in the coming quarters. You know, for fiscal 25, right, You know, we think that there's going to be an opportunity to grow from the mid to the kind of upper 20s just based on what we've got right now. The key is balancing profitability, right? We need to be cognizant and recognize the market and where we think we will get recognized and rewarded on that balance of profitability. As I was telling Joe just a second ago, You know, I think we've done a really nice job in the last two quarters, putting up consecutive back-to-back free cash flow quarters where we grew it almost double quarter over quarter here in Q3. But we're not done yet. And I think the market will expect us to continue to grow that profitability line on a quarterly basis. And once I think we've reached the right level of profitability, we'll continue to make sure we optimize our growth as well and get efficient growth.

So I think we would start with probably low 20s next year and try to outperform. Perfect. Thanks very much. Thanks, Brad.

Thank you. And our next question comes from Yi-Fu Lee with Cantor Fitzgerald. Your line is open.

Hi. Good morning, Foster and Tim. Congrats on another strongly executed quarter on revenue momentum and free cash flow generation. I guess two questions for Foster and one for Tim. So thanks for publishing the external cyber threat report, especially the ones on the Middle East conflict. I was wondering, has the elevated threat environment helped in the pipeline building generation as well as deal expansion activities? And is there any pushback from customers in terms of, like, let's say budget concerns because we're still in a challenging macro environment?

I heard a couple things there, Yi, and good morning as well. Look, I was talking to somebody yesterday. Maybe something comes to mind, and I think it's relatively relevant. The number of attacks and the number of successful data breaches that are out there continues to rise, right? LockBit 3.0 has been the most successful threat actor and kind of affiliate group we've seen in this space in 20-plus years. Right. And there's changes that's happening out of the macro. And one of the things we were talking about with a reporter yesterday was that the number of financial services companies targeted by LockBit and its affiliates in 2023 on a pro rata basis is up 50%. And so, you know, there are some tactics and techniques that are changing. I think the threat actor groups are changing and their targets are changing and This combined with, like, another really interesting thing that we continue to monitor on our side, given the amount of large breach response work we do, we see customers in general about 60% of the time still paying ransomware, right? And so there's this imbalance in the market that's happening right now on what exactly to do. When you've got the U.S. federal government and the FBI saying don't pay ransomware, yet the majority of customers that we engage or know of still paying it and still getting hit, I think it becomes a real challenge. And probably the most concerning stat that we've been monitoring inside from our intel team is organizations that have been hit with ransomware once and pay get hit 80% of the time within three years again. And so, you know, there's a causation or correlation line on are you getting hit again because you paid or are you getting hit again because you still haven't covered the basics? And as we've said here, like, The basics require three fundamental pieces of your tech stack now to protect yourself. You've got to have something on the inside, on the endpoint. You've got to have something that separates the inside from the outside. And you've got to have something on the outside protecting your external attack surface. And we see a lot of our customers that have adopted that kind of modern security triple crown, but there's still a lot of customers out there working on the basics and still trying to adopt those three things.

Thanks for the comment on that, Foster. It sounds like that's the Asian bank with the U.S. Treasury situation. And then, like, moving on, right, there's a recent attack on a, let's say, cloud-native identity player on their customer support system that happened this quarter, you know, within their public disclosure, right? They mentioned that, you know, because client lists are compromised, right, that they may be susceptible to elevated phishing attacks going forward, right? You know, I'm thinking back, you know, the services offered by Zero Fox, external cyber protection as well as breach response, right? Do you think there could be additional opportunity in addition to this? Because I think you mentioned there's a gaming company that you help, you know, in addition.

I think there is, Yi. I mean, one of the things that we see

And the new SEC notification requirements are helping to highlight what I call visibility at the board level, making sure the boards understand their security programs, the frameworks they've adopted, making sure they understand the notification requirements, kind of the liability now at the board level for getting this right. The challenge so far, though, is it's very, very difficult to adhere to that SEC requirement and have full details that fast. For example, if you've been compromised or if there's been an incident and you've got just a few days to provide some level of notification, almost 100% of the time the customers that we work with, you don't have your arms around the full potential problem set within a few days. So what happens is you notify that something's happened and that you're working on it. And then ultimately the way this is going to play out in the market, if you ask for my opinion here, is everyone's going to say it's worse than expected. Because they are going to set expectations on, hey, we're looking into this. We're trying to get our arms around this. And I think very few will come out and say the sky has fallen before they get their real arms around it. So they'll just say something's happened. We're looking into it. And when they come back, it'll be, well, it's large, and this is what it looks like, and this is how it moved around internally.

Before I just move on to the finance question, can you expand on the SEC disclosure requirement? Because the requirement is within four days, right? How does Zil Fox help, like, let's say, the client with the compliance requirement, right, to get the disclosure, right, what they need, the info, the intel, right, to communicate to the public in such speed?

Yeah, I mean, I'll just point out one example because it's public. I mean, in general, we can't really comment a tremendous amount on our response deals, but if a client makes it public on their behalf, then we have a little bit more leniency. You know, Caesars, as an organization, put in their 8K in Q3, right, that they had hired ZeroFox to help with their response services. And so that's a great example of them, you know, an organization with a strong security program, had good capabilities to identify and help kick off the response, and then pull in trusted third parties to help, and then they 8K'd that. And I think that's an example of where I think regulation could actually help here in the market where, you know, they're being asked to move quickly, And in general, you're going to have to work with partners to help with that and then disclose what that looks like. And they disclosed that, again, ZeroFox had been brought in to help with the response, notification, and protection side of the house. We're proud of that one.

Got it. Thanks for that, Foster. And then to end it on financing, my arbitrary financing update question for Tim. $30 million on the balance sheet on cash, right? Last update was that you guys could get to free cash flow positive, right, next fiscal 25, right? I was wondering, Tim, if you could help us on any financing, you know, raises that you're anticipating, you know, within the next 12 months. And help us with, can you please kind of help us with the free cash flow seasonality? It's a more modeling question, Tim. And that's it for us. Thank you very much, Fox and Tim.

Yeah, thank you. I'll start maybe in reverse order as far as some seasonality and timing of cash flow. Again, we said it and we believe we've got certainly the ability to be free cash flow positive next year. Q1 is always our most challenging quarter. This Q1 was indeed more challenging than most, but in general, Q1 tends to be our toughest quarter from a cash flow generation standpoint, then we tend to turn around 2, 2, 2, 3, 2, 4. So I'd expect to see that same trend next year. You know, as it relates to financing, I, you know, nothing necessarily is planned at this point. I think that's a larger conversation. We started touching on last, you know, at the last call and, and kind of, we'll leave it at there for that. And Foster, if you had any other comments on, on financing.

Yeah. I mean, look, we have a convert, that matures in roughly 18 months from now, you know, beyond 18 months from now. We've just put up the best quarter in company history for the third consecutive quarter. And I think this improved profitability will actually help our optionality and will show the sustainability of the company that we've built. And I think we needed to do some blocking and tackling here the last six months, last couple quarters. around improved profitability, making sure we saw synergies realized here in our financial statements, not just in vision decks. And I think we've done those things, which will help us on the financing front. In general, we're always looking for new investors, and we're open for business from 9 to 4 every day, Monday through Friday.

Thanks for that, Foster, and congrats, Tim. Thanks for calling in.

Thank you. I'm showing no further questions. I'd like to turn the call back over to Foster for any closing remarks.

Thank you, operator. Q3 was another strong quarter for Xerofox, where, as you heard, we made significant progress on many fronts. We remain excited about the opportunities in front of us and look forward to closing out our fiscal year 24 on a very strong note. Again, I want to thank everybody for joining us this morning. Have a great day. Cheers, cheers.

Thank you for your participation. This does include the program, and you may now disconnect. Everyone, have a great day. you Thank you. Thank you.

Thank you.

Thank you for standing by, and welcome to the XeroFOX fiscal third quarter 2024 results conference call. At this time, all participants are in listen-only mode. After the speaker's presentation, there will be a question and answer session. And as a reminder, today's call is being recorded. I would like to turn the conference call over to Todd Weller, Vice President of Investor Relations for XeroFOX.

Thanks, Operator. Good morning, and thank you for joining us today to review XeroFOX's fiscal third quarter 2024 financial results. With me on the call today is Foster, our founder, chief executive officer, and chairman, along with Tim Bender, our CFO. By now, everyone should have access to our earnings press release. This press release, as well as supplemental financial information, can be found on our investor relations website. During this call, we may make forward-looking statements, including statements related to our anticipated financial results growth opportunities in external cybersecurity, our progress to achieving profitability, and expected benefits from our acquisitions of IDX and Looking Glass. These statements are not guarantees of future performance, but rather are subject to a variety of risks and uncertainties. Actual results could differ materially from expectations reflected in any forward-looking statements. Please review our earnings press release and recent SEC filings for a description of these material risks and uncertainties. Forward-looking statements made today speak only to our expectations as of today, and we undertake no obligation to publicly update or revise them. Additionally, non-GAAP financial measures will be discussed on this conference call. Please refer to the tables in our earnings release and the investor relations portion of our website for reconciliation of these measures to their most directly comparable GAAP financial measure. With that, I'd like to turn the call over to Foster.

Thanks, Todd. Good morning, everyone. Q3 was a record-setting quarter for ZeroFox. We delivered another strong top-line outperformance while also generating positive free cash flow for the second consecutive quarter. We believe that our outperformance reflects the growing demand for our external cybersecurity platform, demonstrates our team's consistent execution, and validates our balanced approach to growth and increased profitability. Today, I'm going to provide summaries on key areas of our results, share a few customer success stories, and provide updates on our one-platform vision and discuss our plan to close out this year. As you may have seen in our press release this morning, we reported strong results. We reported core revenue of $44 million, an increase of 89% year-over-year, and we defined core revenue as total revenue less revenue from our one large government contract. We ended the quarter with record ARR of 186 million, an increase of 21% year over year. And we accomplished this while also improving profitability and generating positive free cash flow quarter over quarter. Overall, I was very happy with our team's performance in Q3. The Xerofox platform is relied upon by enterprise customers to solve their external cybersecurity challenges. And we continue to see demand for our platform's four strategic pillars including protection, intelligence, disruption, and response. Our continued success with enterprise customers was reflected in the 27% year-over-year growth in subscription customers with ARR greater than $100,000, and in general, our overall growth in large enterprise deals. Given the U.S. federal government's fiscal year-end during the middle of our Q3, I thought it was relevant to highlight our public sector business this call. with a very strong performance with record bookings, new customers, and public sector ARR. In Q3, we signed an eight-figure renewal and expansion with a strategic U.S. federal agency that is focused on cybersecurity. Through this contract and program, Xerofox is supporting critical cyber threat intelligence, cyber defense, and security operations across hundreds of federal, state, and local government organizations. We also signed a multimillion-dollar renewal and expansion with the U.S. Cyber Defense Agency that is using Xerofox to protect thousands of personnel from advanced digital attacks. Over the last three years, this customer has significantly increased their adoption of our platform, and specifically, over the last two years, has more than quadrupled their ARR with us. Our team always takes great pride in supporting mission-aligned organizations with critical capabilities. We also added two additional six-figure customers that purchased six plus modules across our protection, intelligence, and disruption pillars. While public sector business benefited from the end of the government fiscal year and its seasonally strong spending, we believe there are underlying fundamental drivers that give us confidence in the future growth outlook and our one platform approach. For example, the current geopolitical environment is amplifying the intensity and sophistication of the external threat environment and driving increasing awareness of the critical need for organizations to defend themselves against activity from nation state adversaries and organized cyber criminal groups. The days where insider threats were a top concern for CISOs are behind us. Today, our customers are thoughtfully protecting themselves from a myriad of external threats that are beyond their perimeters and most frequently beyond their borders. Turning to our on-demand response services, we experienced another record quarter, resulting in year-to-date revenue growth of nearly 100%. Our strong performance was driven by continued high levels of cybersecurity breach activity, including a significant increase in large-scale breaches and our continued success in capturing market share. We signed several six-figure deals as well as three seven-figure deals, including one with a large gaming and hospitality company. The market is recognizing our differentiated vision, brand, and one platform approach to helping customers navigate the increasingly complex emergency response and notification requirements, especially for regulated organizations. Furthermore, these requirements are becoming more stringent with the new SEC cybersecurity incident disclosure requirements for publicly traded companies. While we remain optimistic about our response services business, the go-to-market engine we are building, and the trust we are creating with our customers, it's important to remember that the response business is largely reactive and macro-driven. For example, major events and cyber cleanup campaigns like MoveIt, Log4J, or the fallout from SolarWinds are largely time bound and come in waves. And as you know, the great thing about things that come in waves is that there may be peaks and valleys, but it's just a matter of time until that next great wave hits. With that, I'd like to change gears and spend a few minutes providing an update on our vision. At ZeroFox, we believe that solving the external cybersecurity challenge and problem set requires a one platform approach. This has been the driving force behind our strategy and the development of our comprehensive, unified platform with four pillars of capabilities. We continue to see adoption of the modern security triple crown, where security organizations will standardize on internal platforms like Microsoft, CrowdStriker, Sentinel-1, edge platforms like Palo Alto Networks or Zscaler, and an external platform like ZeroClock. Customers have grown tired of the complexity and costs of managing multiple external cybersecurity point products for digital risk protection, threat intelligence, takedowns, and even external attack surface management, a dynamic that has intensified in the current economic environment. We believe that our proven ability to provide an external cybersecurity platform that unifies protection, intelligence, adversary disruption, and response is a critical component of the success of this organization, and it provides us with key competitive advantages. We also believe that our technical EAS and capabilities from our acquisition of Looking Glass will provide immense value to our customers. Organizations need to understand their full external risk, their vulnerabilities in both digital and cyberscapes, and have detailed information on threat actors that are attacking them. This and this alone stands for the robust capabilities required for organizations to defend themselves from these advanced external threats. Furthermore, our team is committed to protecting our customers. It's in the DNA of our company, and quite frankly, it's what motivates us. It's our passion. We're not just AI data scientists, analysts, and engineers. We are true cyber defenders for our customers, and it's a responsibility that we cherish. Speaking of our customers, we had a six-figure new customer win with a large retail organization that is leveraging the power of nearly our entire platform. This customer purchased seven modules across protection, intelligence, and disruption pillars to protect their external tax service. We had another six-figure new customer win with a Fortune 500 financial services company that purchased four modules across protection and disruption pillars as well. This company selected Xerofox based on our ability to protect multiple digital asset types, including brands, domains, and a large number of credit card bin numbers, given our ability and proven capability to do takedowns and disruption at internet scale. We were also able to showcase our full capabilities for a new healthcare customer. This organization initially purchased the Xerofox platform for digital protection, however, During the sales process, they had an urgent need for on-demand response services and capabilities, and they selected ZeroFox for both incident and breach response capabilities. This resulted in a multimillion-dollar deal in Q3. This customer experienced the full value of our one-platform vision in action as we demonstrated our ability to disrupt and respond to aggressive external cyber attacks and, furthermore, protect them from those future attacks going forward. Another example was with an existing technology customer. This customer initially selected ZeroFox several years ago to protect its high-value digital assets. In Q3, the customer significantly expanded the number of digital assets protected and added on on-demand response capabilities, resulting in a 6x increase in their recurring spend. In short, I'm very pleased with our team's commitment to solving customer problems and the pace of innovation of our organizations. As a cybersecurity company, the pace of innovation is critical to ensuring we stay ahead of our customers' relentless adversaries. In Q3, we delivered significant advancements to our phishing and domain protection and global threat intelligence capabilities, specifically in the area of physical security intelligence. As we have always done, we will continue to leverage innovations in AI and machine learning to improve our ability to detect and disrupt threats. Large language models, generative AI, and various other types of computer vision, deep learning, and machine learning capabilities are commonplace in the Xerofox platform. For example, we are now using LLMs and generative AI to help us enhance our finished intelligence and alerted capabilities, as well as evaluate risk for key alerts and attacks we identify. Shifting gears, I'd like to turn our focus to the goals for Q4. as we close out what has been a strong and transformative year for XeroFox. We will continue to execute on our strategic plan to expand our platform capabilities in preparation for next year. We will grow our customer base, and we will continue to increase adoption. We will also continue to prudently invest in our go-to-market engine, our services to support and enable customers, and to optimize our business to improve efficiencies and profitability. We were very pleased with our Q3 cash flow performance and believe this trend reflects our commitment to balancing growth and profitability. Before I turn the call over to Tim for a detailed review of our Q3 financial performance, I would like to share one more customer story with you. I've always enjoyed meeting with customers and hearing their goals and challenges. It's personally been rewarding. In Q3, I had an opportunity to meet with one of our top 10 customers who was also on the Fortune 10 list. During our discussion, this customer described our offering as unbeatable in the marketplace and highlighted the significant ROI they are generating using the XeroFox platform each and every day. They even went up so far to say that XeroFox was saving them hundreds of millions of dollars per year. We ended up agreeing to expand our scope for the third consecutive year, and XeroFox also agreed to help automate and streamline another key external challenge with our platform with them. To me, there is nothing more powerful than the validation of this kind of direct customer feedback, particularly from a customer of this size and sophistication. It feels really good to know that a platform works, a team is committed, and that what we're doing is really helping people and organizations around the world. In short, I love this industry. And with that, I want to thank all of our Foxes for their energy, passion, and commitment throughout Q3 and certainly before that. And now I'd like to turn our call over to our CFO,

Thanks, Foster. As Foster mentioned, ZeroFox generated strong Q3 results across both top and bottom line metrics. With the exception of revenue and unless otherwise stated, all financial results we will discuss today are non-GAAP financial measures. Reconciliations between our GAAP and non-GAAP results can be found in our earnings release. This is the first quarter where we can truly present comparative year-over-year financial information although the year ago quarter excluded three days as our D-SPAC transaction closed on August 3rd, 2022. For Q3, Xerofox reported revenue of 65 million, an increase of 45% year over year. Subscription revenue was 23.7 million, an increase of 51% year over year. And services revenue was 41.3 million, an increase of 42% year over year. Services revenue consisted of 20.7 million of recurring revenue from our strategic government customer and $20.6 million from our on-demand response services. The significant outperformance in services revenue was driven by another record quarter of on-demand response bookings as we benefited from continued high levels of cyber breach activity and continued success winning enterprise deals. As you've heard from Foster, we feel well positioned to continue winning enterprise service opportunities. However, given our significant performance in Q3, we currently anticipate a sequential decline in 4Q services revenue. Our services revenue continues to be less predictable when compared to our subscription revenue. Because of the unforeseen nature of response services, we would encourage investors to look at the performance of our services business on an annualized basis to assess our performance and growth potential. As of October 31st, annual recurring revenue was $186 million, an increase of 21% year-over-year. ARR consists of platform subscriptions, a small amount of recurring on-demand services, and $83 million from our strategic government contract. We ended the quarter with a record high 1,330 subscription customers. As Foster mentioned, in Q3, we saw continued success winning larger deals. we ended Q3 with 182 customers with ARR greater than 100,000, which represented an increase of 27% year over year. Turning to gross margin. For the third quarter, subscription gross margin was 73%, up from 72% in Q2. For Q4, we expect subscription gross margin to be consistent with Q3 levels. As expected, services gross margin of 18% was consistent with Q2. Services gross margin continues to be impacted by a higher mix of notification services driven by the mix of large deals. Given the continued impact from large deals in Q4, we would expect services gross margin to be relatively consistent with Q3 levels before returning to more normalized historical levels over the course of fiscal year 25. Total gross margin was 38% consistent with Q2. As we look to Q4, we would expect gross margin to increase slightly from Q3 levels, driven by a higher mix of subscription revenue. We continue to see opportunities to improve our overall gross margin as we scale our business, and we expect our higher margin subscription revenue to become a greater portion of our overall revenue mix. Turning to operating expenses. Total operating expenses were $27 million in the quarter. The sequential decrease in operating expenses was driven by lower R&D and G&A expenses, resulting from acquisition cost synergies. Our loss from operations was $2.5 million, a significant improvement from $4.8 million in Q2. Looking at the balance sheet and cash flow, we ended the quarter with $30 million in cash, $38 million in accounts receivable, $88 million in total deferred revenue, and $194 million in total outstanding debt. In Q3, we generated cash flow from operations of approximately 1.8 million and free cash flow of approximately 1.6 million. Our Q3 cash flow performance was positively impacted by the timing of collections from our enterprise customers and also reflects our focus on improving profitability. We are committed to enhancing our financial position and are considering various options to strengthen our balance sheet, manage our convertible debt, and optimize our capital structure. We will continue to focus on sustaining our strong business fundamentals and improving profitability. Now to our outlook. Our outlook assumes no material changes in the macro environment. Demand for our external cybersecurity platform remains consistent and assumes that no incremental outsized response deals close within the quarter. For Q4 fiscal year 24, we currently expect revenue to be in the range of $56 million to $58 million, and non-GAAP loss from operations to be in the range of 5.8 million to 4.8 million. For fiscal year 24, we currently expect revenue to be in the range of 228.7 million to 230.7 million, and non-GAAP loss from operations to be in the range of 21.4 million to 20.4 million. We continue to focus on profitability. Consistent with what we said last quarter, we expect free cash flow for Q4 to be at or near break-even And as we begin to look at fiscal year 25, we now expect that we will achieve free cash flow on an annual basis. To conclude, we are pleased with our three Q results, for which we again exceeded top and bottom line expectations and are raising guidance for Q4. With that, we'd like to take your questions. Operator?

Thank you. If you'd like to ask a question, please press star 1-1. If your question hasn't answered and you'd like to remove yourself from the queue, please press star 11 again. Our first question comes from Joseph Gallo with Jeffries. Your line is open.

Hey, guys. Thanks for the question. You said that you're assuming macro stays the same in your guidance, but you raised full-year revenue by more than the beat in the quarter, which was really impressive. So maybe just talk through where some of the incremental positivity is coming for 4Q. And then just on macro, How are your customers thinking about their calendar 24 budgets?

Yeah, good morning, Joe. Thanks for the question. I think we'll tag team this one here. So on the macro, I think you've got to see us execute here now. We had a really strong Q3, and so timing of subscription as well as some of those large services deals will help us. not only with the foundation for Q4, but we see some opportunity, as you saw, to raise guidance above beat for Q4. So I think that's exactly what we did. You know, in general, with the macro environment that we're seeing right now, we haven't really seen a slowdown in large deals, and we've seen some of the pressures maybe in other parts of the world that were there in previous quarters, you know, improve. in the last quarter or so. So I think we're pretty, pretty bullish about Q4 and excited to kind of finish out the year strong.

And Joe, this is Tim. I missed your second half of the question on this, but I think you're asking about calendar 24 next year's budgets.

Yeah. Just as far as like the macro conversation, like when you're talking to your biggest customers, right. You said you're assuming macro stays the same, but you know, how are they feeling? How are they thinking about calendar 24 budgets? Is that fresh P and L that you can attack?

Was that, again, I think it's similar just, you know, again, you know, our platform strong and we'll compete at that level. And I think from that standpoint, customers see the value in our platform and we're going to continue to win customers. So I don't think there's any real material change as it relates to how customers thinking about spending on external next year.

Okay. Thanks.

And then I double click on that for your Joe too, is we, as an organization continue to try to strike this healthy balance between growth and profitability. And so going into Q4, profitability is still a top area that we're continuing to optimize the business around. You know, we had nice growth in free cash flow quarter over quarter, and we're going to continue to refine and improve the business there. We're not done growing profitability here. That's for sure.

You must have a crystal ball because that kind of leads into my second question, which is just, you know, great to see the second straight quarter of free cash flow positive. and strong margin performance. You mentioned synergies being a large driver of the margins. How should we think about incremental synergies or leverage as we enter calendar 24? That's all from me. Thanks.

Yeah, thanks. We did have a nice outperformance in the quarter, right? I mean, our subscription gross margin ticked up a point quarter over quarter between Q2 and Q3, a little earlier than we had in our plan, which was nice to see. We think that we'll have the ability to continue to kind of continue to run that ahead of plan or maybe even take up a little bit in the next couple quarters. You know, our long-term plan for this organization continues to take up our subscription gross margin in a meaningful fashion in the coming years. You know, we think we've been able to improve margin by one to two points roughly every year, year and a half for the last half a decade. And we can continue that same cadence for the next half a decade. So that's kind of like point number one. And I think it was, you know, in terms of profitability, right, the market has said and the market is rewarding those organizations that continue to find optimizations. We acquired Looking Glass two quarters ago. I mean, when you think about acquisition synergies, we've done a really nice job with that organization. We've got really strong talent we brought into the fold. But our acquisition synergies in the tail around some of those things are going to take quarters still to play out. You know, they had some leases and some other long tail contracts. that we've synergized our platforms, but we've just got to let those things run out. So you will see improvements in overall operating expenses, G&A, and other areas of the business continue to play out in the coming quarters, which will result in a higher chance for profitability.

Thanks.

Yep.

Thank you. Our next question comes from Brad Reebok with Stiefel. Your line is open.

Great. Thanks very much. Deferred revenue contribution was very strong in the quarter. I think it was positive 21 million. Can you guys talk to where those payments came from? Thanks.

Sure. Thanks, Brad. I'd say they are driven by two certainly enterprise quality deals. As Foster mentioned in the talking points earlier, we had that large eight-figure public sector deal that was a nice renewal that came in kind of towards the middle end of the quarter. And then we mentioned the large breach response with the large gaming company, and that as well came in late in the course. So those two alone were the significant contributors to the increase in deferred revenue.

That's right. I will say that the public sector customer that Tim just referenced was not only a renewal but an expansion, which was nice to see, that we were able to continue to kind of expand the adoption and expand the value that the government is getting from that program. And then on that large gaming contract, it was also nice to see that we extend that protection from kind of a regulated one-year requirement to a two-year contract with that organization. So we are seeing our customers kind of adopt more of the platform and feel more comfortable where they're also doing larger TCV-based contracts in addition to large HCV-based contracts.

That's great. And Foster, maybe... switching our focus to subscription revenue, how should we think about the long-term sustainable organic growth rate for that line?

Yeah. Look, I think we're, right now, if you look at the lines, we're in the 20s, Brad. We see an opportunity to improve that in the coming quarters. You know, for fiscal 25, right, You know, we think that there's going to be an opportunity to grow from the mid to the kind of upper 20s just based on what we've got right now. The key is balancing profitability, right? We need to be cognizant and recognize the market and where we think we will get recognized and rewarded on that balance of profitability. As I was telling Joe just a second ago, You know, I think we've done a really nice job in the last two quarters, putting up consecutive back-to-back free cash flow quarters where we grew it almost double quarter over quarter here in Q3. But we're not done yet. And I think the market will expect us to continue to grow that profitability line on a quarterly basis. And once I think we've reached the right level of profitability, we'll continue to make sure we optimize our growth as well and get efficient growth. So I think we would start with probably low 20s next year and

try to outperform. Perfect. Thanks very much. Thanks, Brad.

Thank you. And our next question comes from Yi-Fu Lee with Cantor Fitzgerald. Your line is open.

Hi. Good morning, Foster and Tim. Congrats on another strongly executed quarter on revenue, momentum, and free cash flow generation. I guess two questions for Foster and one for Tim. So thanks for publishing the external cyber threat report, especially the ones on the Middle East conflict. I was wondering, has the elevated threat environment helped in the pipeline building generation as well as new expansion activities? And is there any pushback from customers in terms of, let's say, budget concerns because we're still in a challenging macro environment?

I heard a couple things there, Yi, and good morning as well. Look, I was talking to somebody yesterday. Maybe something comes to mind, and I think it's relatively relevant. The number of attacks and the number of successful data breaches that are out there continues to rise, right? LockBit 3.0 has been the most successful threat actor and kind of affiliate group we've seen in this space in 20-plus years. Right. And there's changes that's happening out of the macro. And one of the things we were talking about with a reporter yesterday was that the number of financial services companies targeted by LockBit and its affiliates in 2023 on a pro rata basis is up 50%. And so, you know, there are some tactics and techniques that are changing. I think the threat actor groups are changing and their targets are changing and This combined with, like, another really interesting thing that we continue to monitor on our side, given the amount of large breach response work we do, we see customers in general about 60% of the time still paying ransomware, right? And so there's this imbalance in the market that's happening right now on what exactly to do. When you've got the U.S. federal government and the FBI saying don't pay ransomware, yet the majority of customers that we engage or know of still paying it and still getting hit, I think it becomes a real challenge. And probably the most concerning stat that we've been monitoring inside from our intel team is organizations that have been hit with ransomware once and pay get hit 80% of the time within three years again. And so, you know, there's a causation or correlation line on are you getting hit again because you paid or are you getting hit again because you still haven't covered the basics? And as we've said here, like, The basics require three fundamental pieces of your tech stack now to protect yourself. You've got to have something on the inside, on the endpoint. You've got to have something that separates the inside from the outside. And you've got to have something on the outside protecting your external attack surface. And we see a lot of our customers that have adopted that kind of modern security triple crown, but there's still a lot of customers out there working on the basics and still trying to adopt those three things.

Thanks for the comment on that, Foster. It sounds like that's the Asian bank with the U.S. Treasury situation. And then, like, moving on, right, there's a recent attack on a, let's say, cloud-native identity player on their customer support system that happened this quarter, you know, within their public disclosure, right? They mentioned that, you know, because client lists are compromised, right, that they may be susceptible to elevated phishing attacks going forward, right? You know, I'm thinking back, you know, the services offered by 05, external cyber protection as well as breach response, right? Do you think there could be additional opportunity in addition to this? Because I think you mentioned there's a gaming company that you help, you know, in addition.

I think there is, Yi. I mean, one of the things that we see

And the new SEC notification requirements are helping to highlight what I call visibility at the board level, making sure the boards understand their security programs, the frameworks they've adopted, making sure they understand the notification requirements, kind of the liability now at the board level for getting this right. The challenge so far, though, is it's very, very difficult to adhere to that SEC requirement and have full details that fast. For example, if you've been compromised or if there's been an incident and you've got just a few days to provide some level of notification, almost 100% of the time the customers that we work with, you don't have your arms around the full potential problem set within a few days. So what happens is you notify that something's happened and that you're working on it, And then ultimately the way this is going to play out in the market, if you ask for my opinion here, is everyone's going to say it's worse than expected because they are going to set expectations on, hey, we're looking into this. We're trying to get our arms around this. And I think very few will come out and say the sky has fallen before they get their real arms around it. So they'll just say something's happened. We're looking into it. And when they come back, it'll be, well, it's large and this is what it looks like. And this is how it moved around internally.

Before I just move on to the finance question, can you expand on the SEC disclosure requirement? Because the requirement is within four days, right? How does Zill Fox help, let's say, the client with the compliance requirement to get the disclosure, what they need, the info, the intel to communicate to the public in such speed?

Yeah, I'll just point out one example because it's public. In general, we can't a tremendous amount on our response deals, but if a client makes it public on their behalf, then we have a little bit more leniency. You know, Caesars, as an organization, put in their 8K in Q3 that they had hired ZeroFox to help with their response services. And so that's a great example of them, you know, an organization with a strong security program, had good capabilities to identify and help kick off the response, and then pull in trusted third parties to help, and then they 8K that. And I think that's an example of where I think regulation could actually help here in the market where, you know, they're being asked to move quickly. And in general, you're going to have to work with partners to help with that and then disclose what that looks like. And they disclosed that, again, ZeroFox had been brought in to help with the response, notification, and protection side of the house. We're proud of that one.

Got it. Thanks for that, Foster. And then to end it on financing, my arbitrary financing update question for Tim. $30 million on the balance sheet on cash, right? Last update was that you guys could get to free cash or positive, right, next fiscal 25, right? I was wondering, Tim, if you could help us on any financing, you know, raises that you're anticipating, you know, within the next 12 months. And help us with – can you please kind of help us with the free cash flow seasonality? It's a more modeling question. And that's it for us. Thank you very much, Foxington.

Yeah, thank you. I'll start maybe in reverse order as far as some seasonality and timing of cash flow. Again, we've said it and we believe we've got certainly the ability to be free cash flow positive next year. Q1 is always our most challenging quarter. This Q1 was indeed more challenging than most. But in general, Q1 tends to be our toughest quarter from a cash flow generation standpoint, and then we tend to turn around in Q2, Q3, Q4. So I'd expect to see that same trend next year. As it relates to financing, nothing necessarily is planned at this point. I think that's a larger conversation. We started touching on at the last call. And kind of we'll leave it there for that. Paul, if you have any other comments on financing.

Yeah, I mean, look, we have a convert that matures in roughly 18 months from now, you know, beyond 18 months from now. We've just put up the best quarter in company history for the third consecutive quarter. And I think this improved profitability will actually help our optionality and will show the sustainability of the company that we've built. And I think we needed to do some blocking and tackling here the last six months, last couple quarters, around improved profitability, making sure we saw synergies realized here in our financial statements, not just in vision decks. And I think we've done those things, which will help us on the financing front. You know, in general, we're always looking for new investors, and we're open for business from, you know, 9 to 4 every day, Monday through Friday. So...

Thanks for that, Foster, and congrats, Tim. Thanks for calling.

Thank you. I'm showing no further questions. I'd like to turn the call back over to Foster for any closing remarks.

Thank you, operator. Q3 was another strong quarter for Xerofox, where, as you heard, we made significant progress on many fronts. We remain excited about the opportunities in front of us and look forward to closing out our fiscal year 24 on a very strong note. Again, I want to thank everybody for joining us this morning. Have a great day. Cheers, cheers.

Thank you for your participation. This does include the program, and you may now disconnect. Everyone, have a great day.