Rapid7, Inc. ($RPD)

Good morning, everyone. Thank you for joining us. My name's Brian Essex. I cover mid-cap and large-cap software for JPMorgan, and I'm excited to have Rapid7 with me today. To my right, we have Corey Thomas, the CEO of the company; and then to his right, we have Rafe Brown, the company's new CFO. So Corey, Rafe, thank you so much for joining us. I appreciate it.

Thank you for having us.

Thank you for having us, Brian.

Yes, maybe to start, Corey, if you can help me maybe frame out your perspective on the shift in the environment, the threat environment that we've seen over the past 6 months or so and how that's impacted your business just overall?

Yes. I mean, look, I think that -- if you go back, attackers have been adopting AI technology. So you've seen attacks move from low and slow to much faster. And so that's having customers in the detection and response space do, frankly, fast cycle upgrades to their capabilities. The bottom line is that they're looking for how do they get more coverage, faster response, faster detection and better scale. Lots of them are starting to actually move beyond just traditional SIEM. It's been a bit of a tailwind for the MDR players, but it's also been a bit of a pressure point to actually cover more of the environment at lower cost. One of the entrants has actually coming in is what we call the AI SOC players where they're really focused on using AI to actually detect and monitor the environment. We acquired an AI SOC player so player in the past couple of months to actually deliver the capability because it really does matter, the speed and scale matters. So that's a big change in the environment overall and that's also impacting the market. The other one that you can't miss is sort of like Mekhos and the impact on the exposure management market where it's essentially vulnerability discovery on steroids. And so the pace of vulnerability discovery is actually now happening at a -- maybe exponential is not the right way, but at a very accelerated rate.

It's probably exponential.

It's probably exponential. We don't know yet. They're holding -- the government is holding lots of the stuff back. So it's somewhere between hyperaccelerated to exponential overall. But it also has lots of noise. And so it's catalyzed a reinvigorated interest in exposure management and how you actually separate out vulnerability possibility from vulnerable -- vulnerabilities that are exploitable in the overall environment. How do you actually have active remediation in the environment? How do you have active containment in the environment? So -- which is nice because that's been a recategorization of customer interest for something that was trending down in priority on exposure management to actually really accelerate and impact towards the must-have critical focus areas. So those are the 2 bigger dynamics that are happening right now.

And I thought it was really interesting. One of my takeaways from this week as well as recent earnings in general is just maybe a vulnerability renaissance, if you will.

Yes, absolutely. Yes.

Cognizant calling it out, Check Point this morning calling out exposure management, in part vulnerability management. Tenable certainly flagging that and your commentary as well. And then maybe to add to that, it seems as though, based on industry conversations I've had over the past month or so, CIOs are freaking out a little bit about threat environment...

CIOs are definitely freaking out. So that's why I say like half of our -- so the inbound interest has been like amazing at the same time as people are trying to figure it out. Remember that the model -- well, OpenAI was a bit more liberal. We're part of the -- post closure, we tried their Trusted Access program. To be fair, Anthropic tends to be more open. They have some restrictions on how broadly they can actually make it available. And so lots of CISOs are trying to figure out like what's the extent, but CICOs are having their own freakout money about they're preparing for the tsunami. And we're spending lots of time talking about how they'll deal with and manage the significant influx as expected of vulnerability. So again, it's made the vulnerability discussion a much more strategic discussion than it was 2 months ago.

Yes. And how does that -- I mean, how does that convert to an impact on your business? I mean, you have -- recently, you've kind of split things up into core and noncore, I guess.

And exposure is in core. I mean it's a headwind to core, but it's still in -- it's in core. Look, the #1 thing that we can actually do to -- and core is a growing business overall. But the top thing -- and we know how to actually it to grow and accelerate and have great growth in the D&R space, like that's not a mystery. We know how to do it. The only mystery that we were solving was how to do it at the right profit margins that we actually wanted. And we think that our internal investments with our acquisition have actually tackled that profit margin challenge. So we're very excited about the growth potential there. But we had exposure, which was a headwind, which was -- it was 2 pieces to the headwind. As part of it, our historical mid-market customer base was not sort of like a growth-oriented customer base for that. But the other one was that exposure management was just had been dwindling in the priority stack. This escalates up the priority stack. It creates new demand drivers for people to actually look beyond what's good enough and now they're looking at things that frankly fall down and what we consider sweet spot is, understand exploitability, managing remediation at scale and some things we have to invest in, which our team is doing organically is how do we actually make it faster for people to respond. And so those are the areas that we actually think are catalyst. As far as time frame is, I think people are still in the stage where they're trying to understand the significance and the impact. And so we're not looking at this as sort of like a next quarter time frame because right now, customers are just trying to come in and say like, "All right, how big is the impact? What can you do for me?" And they're planning for it, but this has flipped around to a potential upside to the exposure management business. And then we're just trying to figure out like, "All right, how sustainable is the catalyst?"

Any visibility in terms of like how they're shifting priorities within the budgets? I Know, it's always been -- I know I've done surveys in the past and others have as well. It's always been endpoint network identity have been the top 3, maybe you put data security up there...

Monitoring has been up there. I think the monitoring has been at the top because people have to monitor the environments. And so I think that exposure has not been top 3 and 4, 5.

But how is the most recent environment maybe shifted? How they're thinking about changing the prioritization within their budgets?

We'll see if it ends up being true or not. Look, in some perverse ways, CICOs love public things because it gives them an excuse to ask for extra money without having to make the trade-off thing. So like a number of them are planning to actually go out and harass people like Rafe and be like, you know what, this is a global crisis, I need to actually do it. So we'll see whether that actually works or not when it deprioritizes along the way. But a number of the CISOs are trying to scope it to actually figure out, like, okay, it's a big enough like it's framed as a -- when the White House is involved, other people [indiscernible] this whole crisis like I can get extra money for this. And so that's what we're seeing in a number of people. We'll see whether that lands or not.

Yes. That brings me to maybe an adjacent point. It seems like in the spending environment, you had IT budgets where security might be a subset of that. You've had AI budgets where your Chief Marketing Officer may be pursuing an agentic coding project for an application to help them penetrates these markets and you have to secure that. In some cases, I think CISOs are saying, "Well, I'll run it for you pay for you, [indiscernible]." And then you've got incident budget, which is a little bit extra. What are you seeing in terms of access to each of those segments of spend within your customers? And is there maybe an acceleration point if you get incident budget spend across your platform?

Yes. Look, so it's clear that customers are looking to get incremental budget across. I mean, so I actually think that, that's where we are -- look, security budgets have been tightening. And this tightening is that it's not declining. It's that what we hear from our customers. They have to do more with less incremental spend. So it would be unfair to say that like the security budgets have been shrinking. They haven't been shrinking. They've not been expanding. And security teams were used to expanding budgets because a lot of their mandate is uncovered. And so they were trying to figure out how to tackle the uncovered mandate. Now they're actually -- they've been asked to actually do more with less. And -- but in this environment, like the incident budget, I think people are hoping that it can be more incremental spend.

Great. Maybe to kind of pivot on that, too. I think, Corey, you explained 3 primary modes of the business: cost efficiency at scale, exploitability context, trusted autonomous response. But how do we think about -- maybe 2 things. One, how does Rapid7 win head-to-head against larger platform players? And then second is what -- how durable is the moat around your business? I think a lot of investors looking at vulnerability management, you see Mekhos not only identify vulnerabilities, but engineer exploits and patch vulnerabilities. And they're extrapolating the speed of innovation that we're seeing on those platforms to some kind of a terminal impact to particularly vulnerability management exposed vendors. So how would you explain; one, the moats you currently have around your business; and then two, the durability of those moats longer term?

Yes. So I'll invert the risk because I'll answer the question around me because it's important to understand like exactly what it is and this will go to like the durability and how we actually think about it. So one, it is vulnerability discovery at scale. It's incredibly powerful. It's incredibly cost-effective overall. Just to be clear about what it would mean to actually do vulnerability management at scale running Mekhos or some version of Claude across your whole environment, which is typically, when you run things generically across your environment, you want them to be self-contained and tightly controlled. So the idea of like having like AI -- general AI, when ramp after across your environment, is not actually practical for most organizations. It's not wise for almost any organization. By the way, Anthropic would say -- I mean, if you go -- I mean, I don't know how many you have it, but like if you go log in to Claude Cowork right now, it is -- they say explicitly, you can auto run all the instructions, you should not do this. And that's not going to change any time soon. Like the even minor errors can cause catastrophic damage. So they don't recommend it either. They're not suggesting it. And so it's an extrapolation without mirror is what I would just say. It's just like it is something that will be both dangerous and something that neither OpenAI or Anthropic suggest that you should actually do. So that vector about like running it rapidly across the environment and having it do the operational things, you want things that are operational to be tightly controlled and well managed. So that's just -- just to be clear about that. Now let's actually get to what the actual core modes are. First, let's just zoom out like the simple mode in the world is that customers want people that are just going to task off of security. So our goal is to actually be the #1 security outsourcer, like we want to actually use technology to actually run -- allow people to run and scale their security operations program. People are hungry for that. It requires both technology. It requires the use of AI and technology. And it also requires deep services expertise. We are one of the few players who have, at scale, established service expertise leveraging technology, increasingly leveraging AI, and people want to actually get a great outcome of security management at lower cost. Just to be clear, our whole mission and ambition is a moat in and of itself, it's that like most organizations are not actually marrying the best of services with the best of AI in a technology infrastructure that lowers people' cost over time. So that's one. Now when you actually get to -- and I think your question is in regards to the moat around the general Frontier models and what -- because I think there's a different moat in security versus the Frontier models. But on the Frontier models the reason that we think that it's a misunderstanding of it, there's a couple of things. So one is that we're designing to actually run and allow people to have an outsource-centric AI security program at scale cost effectively. The Frontier models aren't designed to actually do that cost effectively. In fact, we use a lot of the Frontier models. And half of what we're actually doing is adding deep knowledge and context and actually making things cheaper and more efficiently where it doesn't make sense to use a model for something because it's inefficient from a cost perspective. The second thing is our technology runs ramping in customers' environment. So we have to actually do that safely and securely. And so the second piece of the equation that we're actually heavily focused on is like how do you actually use AI at scale across customers' environments safely and securely. The third thing, which ties into it is that like increasingly, people have to respond in machine time to both exposures and to incidents. And we're building a framework that allows sort of like, yes, it leverages AI, but it's not just AI, safe response. And then the third thing, it's an incredibly complicated complex world is we -- there's not a world where we can just trust just technology for cybersecurity. So we're building the people and expertise to actually -- and we already have it today. We're doing this at scale today to actually augment the technology. They're providing knowledge, insight and depth, but they're also like handholding customers through incidents. They're dealing with the politics in our customers' environments about where to prioritize their security, defense and spending. They're helping people with their remediation. They're actually talking to the management teams. And when people are outsourcing a business is you can't just -- because security has issues along the way, you can't just be like, oh, I'm the CISO, I outsourced it to a company that's just AI, and I have a crisis is I can go through a chatbot. People actually want to actually -- they actually do need to actually do it because it's complex. You have to engage with incident responders, you have to engage with lawyers, you have different compliance regimes across the world. People do matter there. Now we're scaling the people in an order of magnitude better than we've actually ever done before, but that matters.

Great. That's helpful. And then maybe to switch gears a little bit. So Rafe, we knew each other at Mimecast. You did a great job there. What brought you back to Rapid7? I mean, what was that process like? And what do you see as the opportunity with the company?

Yes. Thanks, Brian. Well, first, I'm coming up on my 6-month anniversary, right? So now I've gotten onboarded and cranking away. Look, I mean, to be honest, I try to look at these things not so differently than our investors that come to an organization. And I think it stems from, first, at the highest level, are we happy with the markets we're in? And I'm -- not just cyber, but the MDR market, the exposure management market, both are very large, both are growing, and both we have a right to win and compete and play in. But also, I felt like one of the things that was really important to me, there was obviously a lot of changes going on in the business and -- which have only accelerated over the last few months with everything Corey was just saying. But at that earliest day of evaluation, I really wanted to dig in and see is this a management team, a leadership team that's ready to dig in, make changes and not fight yesterday's battle, but to dig in and see what's coming next and how to get ahead of that, right? And I feel very comfortable with that. Under Corey's leadership, we've got also a number of new leaders on the team or people in new positions. Allan leading the sales organization, Julian leading the customer success organizations. It's people who are passionate about the opportunity and frankly, in some cases, frustrated about what some of the things they needed to knock down and take out to accelerate our business. And so that's the environment I'm looking for. This is the team that -- I think it's a great company to work for, but it's also a team that's just determined to win and to grow. And if you're in a context with great products, great history, great market, you can figure that out. It may take a few quarters, right, and that's what we're living out. So that's where I started. And I think it's only just played out -- the people often ask what surprise me. I mean, what surprise me is just how much things are changing, how quickly things are changing with the developments coming from the platform providers. But if anything, I think that could be an opportunity for us, right? So in areas where we might have ordinarily been playing catch-up, we can say, well, we're not even -- that's not the fight anymore. We're going to just try and accelerate what we're doing and get out there and serve our customers and make sure we're helping answer tomorrow's problems. And all of that, I think, sets us up for, first of all, a lot of work and -- that we need to do to deliver on that, but there's tremendous opportunity for us.

Right. And how would you describe, I don't know, either both for Corey or for you, the magnitude of changes or the breadth of changes that you had across both sales and operations over the past year or so? It seems as though it's pretty significant. And I think investors here are starting to feel for -- kind of feeling for a floor. Where are we at the stage of change, and when can we expect kind of like a baseline where, all right, well, now that the organization is in place, we're seeing the productivity, we see the opportunity in front of us, and then we're just like executing on a bigger pipeline now.

I mean, we will tag team it. So one, I've been heavily focused on, for lack of a better term, I hate to use the term upgrading, but like is getting the right management team for the moment that we're actually in. So that's been a heavy focus over the course of last year. And by and large, I think we actually have done that, and I feel very good about where we are there. The second thing is we've got to do some work to actually just be clear about our target model, which the team is coming in, Rafe, Allan, Julian and others have coming in and be clear about like, all right, what's the target model, what does it take to get there? And then the execution velocity to actually move to that target model. And we've activated the company to actually the pace of change. Now -- and that's happening fairly quickly. The nice thing that I feel good about and Rafe commented about in the earnings is that we're already seeing some yield and benefits of that overall. And so I would say, from an operational perspective, we know where we're going, we know what needs to be done. We're in the process of executing on that and driving the -- and driving the change on that. I actually think that's all going to be net positive for the business. I think the question is where is the floor on the growth dynamic? I think that part of why we actually broke out shows that we have positive growth in the core, a lot of visibility and we're very comfortable with that growth dynamic. We're addressing how we actually manage the noncore, which, while smaller, it actually impacts total growth, and we just want to be transparent about that, and we'll talk more about that later.

Yes. And Brian, what I would add, there're some of the changes, especially for investors who would see it on the financial statements, right, that started before I joined the company, right? There was some prioritization of headcount additions that happened in 2025 and those costs obviously carry over to this year. But there're things like improving our coverage in the SOC. Corey was just talking about how we're going to automate a lot of that work to be able to maintain and improve margins over time. But we had to make some additions there just to deliver great customer experience. And likewise, we've built out a low-cost center for engineering and for some of the other functions, right? Some of those come with costs that came on board in 2025 and obviously, carry into '26. But we're now getting to the point where we can start seeing some efficiencies from that work paying off for us. So there is that part of the transition that I would say we're several innings into, but then there're some things that are much newer, like, for example, the Kenzo acquisition that's, frankly, accelerating our AI SOC development journey that we were already on, that's fairly new. So there is a bit of a combination, but I think what we're really prioritizing around is making sure we're providing great value to our customers, that we're meeting today's challenges and that we've set ourselves up to have the balanced growth. And I think that's really key for us as we think about our financials over the years. We want to see our core products growing, period, right? And we're working to make that happen by good investments in products and good prioritization of resources across that. And then we want to see margins improve over time. And you can see it a little bit just in our guidance between our current quarter guidance on non-GAAP operating margins and the full year. And what we've talked about is we're just very relentless in all of our internal planning of looking, not just at '26 deliverables, but '27 margins and how do we manage margins as we go across a longer time frame managing that run rate, if you will.

Great. Great. And maybe, Corey, what have Allan and Julian done within their organizations in terms of the magnitude of change? And are all those changes complete at this point?

So I'll break it down in each case. So Allan has brought in a primarily new management team. And he did that fast. He did [ that in ] Q4. He had like the structure the team, the comp plans in place, the ICP clarified and the focus on alignment done as we enter Q1. So I would say that is -- I never want to say they complete a CEO. So I'm never going to say that because he might be listening. But I would say that is substantially done in lots of ways. And now it's about the execution and yielding the results on that. Julian is a bit different because Julian had 2 mandates when he actually came in. One, he had -- well, 3 in a way. So one, he had to scale the service so that we can actually be a best-in-class partner, and he's still working through that. Like he -- our brand is going to be people are differentiated to technology as they actually rely on technology to do more and more of their workflows and they outsource more and more of their workflows. So best-in-class team, best-in-class customer experience, but to really make the customer experience thing. He's still in the process of that. The second thing is he has to actually do more of that at lower cost. And so like it's a challenge, but like it's a -- we have to deliver extraordinary customer service and experience, and we have to do that while improving our margin profile over time. So he's still in the middle. And he does need some technology to do that so that people do the things that they can do uniquely, but technology actually provides some of the scale behind the people overall. And then the third thing that he'll do, which is not a this year thing, which is a go-forward thing is that we are going to be offering AI security services across more workloads over time. Primarily, it's detection and response today. But we will be sort of like taking that very successful MDR strategy and doing it on exposure vulnerability and risk management. We'll be doing on compliance. Those are the 2 next big workloads that we've got massive amounts of feedback that customers want to be able to outsource to our AI center services. So he's got that mission mandate, too.

Got it. And how much of the growth that you anticipate is from existing customers versus new logos?

That's a great question. And so, this year, we're looking at primarily, I think, centered on new logo growth, although it's always been a balance just to be clear. So it's a tilt, not a -- it's a tilt like this, not a tilt like this [indiscernible] say it like that, although I did it backwards for you all. The -- as we go forward, though, as we deliver more of the AI services workloads, we do think there's a big opportunity to sell more to existing clients. And we've got lots of interest in how people can -- especially in Mekhos [indiscernible]. Some of this is like, okay, I can't hire more people. And so like when are you got to -- some people are gambling like, hey, you're looking to actually allow us to outsource more of the exposure management services, when can I do that? And what's the readiness for that? Likewise with the compliance services. So again, it's early there, but like I think over the next year, in 2027, I think that starts to change a little bit.

Got it. And for both of you, I think you mentioned the Kenzo acquisition. And I think you're clear that it's more of a -- more an IP acquisition than a revenue acquisition...

Yes, and lots of revenue. Great technology, but they were just going -- like they had a couple of nice really marque customers that [indiscernible] scale, but it wasn't substantial revenue deal.

Yes. So how would you describe what it brings to the table? And then when can we expect the impact to financials from that effort?

Yes. So I will take it. What it is, it's actually -- it's an AI technology base that allows people to actually to monitor environments at scale using AI with incredible efficacy rates and accuracy rates. So that's what it does. And actually, monitors for attacks at scale, processing all the security alerts and telemetry and allow -- and it does that incredibly accurately. We were so impressed with the accuracy and efficacy of that. What are the benefits of it? The first is a ICP, TAM benefit, so ideal customer profile and TAM. One of our biggest drawbacks on growth in the MDR space was that customers wanted us to actually monitor more and more of their environment because they have to have full coverage of scale. And doing that with just technology and just people would pressure gross margins. So we actually contained ourselves to the parts of the environment that we could actually do that fit our gross margin profile. So we essentially capped our TAM and MDR to things if the TAM that fit within our gross margin profile. This removes that cap. So it actually opens up the full TAM and it opened up sales force. And so not just you, but our sales force is just like when can I actually start being uncapped. So we're doing the integration work, but that's a big deal because that's actually a tailwind to growth. That's why we feel good about the growth potential there because it's not like I have to go something new. We just have to stop saying no to actually the types of deals that we can actually do. So that's a big one. So that's the tailwind to the company. The reason we love this acquisition because like we look at it, it's like, all right, where do we want to spend money is it was a double whammy. The other side of it is it allows Julian and the team to run the SOC more efficiently and allows our people to do more strategic work for customers. So it actually improves our gross margin profile on the MDR business. And so like when you can address -- improve TAM and improve your gross margin profile over time, that's a big deal. So that's why we're doing rapid scale because it was early stage, we are like we're making sure it scales and meets all of our needs. We have proof points on it. We're integrating it right now, modifying it, merging it with some of our technology. But as we exit this year, those are the 2 big things that actually impact. And we love things that actually have that dual impact on both profitability and growth.

Got it. Super helpful. Maybe for Rafe, I think a lot of people focused on the dynamics of core versus noncore, so thank you for breaking that out. I think it's very helpful. I think we get the core business and what's happening there. With respect to the deterioration in noncore, how should investors think about that? What are the drivers? And at what point does that become maybe an immaterial fact to growth -- overall growth of the company?

Yes. No, this is again just for everybody's benefit. We talked about on the call that over 80% of our business is core, right, which is the D&R and the exposure management side of the house. And so this noncore, which by default is less than 20%, that's a piece of the business where there's actually several different products within that. And we wanted to separate that out because as some of these good things that Corey is talking about continue to play out, we want to make sure everybody has good clarity on that and what we're doing there. But when we look at the noncore side, we do see it's driving, based on our guidance, the sequential decline in ARR is really centered in this noncore piece. So what we're actively doing right now is going through and looking at each one of those products. And I think once you fall into a noncore or other bucket, you have to have a stated strategy for each product. And we have to evaluate them and look at how that impacts our customers' experience overall, but also evaluate against what we need from an internal perspective, make sure they're contributing good cash to the bottom line, make sure if they're older products or whatnot that they're funding the new investments that are going on. And that's a piece of it that we're very much in the midst of right now. Actually, the -- what we've shared with investors is came out of how we've been thinking about our business about really having strong priorities. Now even at less than 20% of the business, it's still a meaningful amount of the ARR. And so we think there's ongoing opportunity there to make sure contribution margins are really solid, make sure we have really clear mandates about what salespeople can and can't sell or we do tend to incent our sales people to sell core more than these other things. But I think this is one of those developments over the last few months as I've come up to speed that first having this breakout, then diving into each one of those solutions and making sure we have a clear strategy. The reality is it's not a one size fits all solution within them. Some of them have much more crossover to customers between customers that are big platform owners also have some of these. So we -- it's going to take some work to pull this apart. We want to make sure we're really clear on how they're growing relative to each other, make sure that you can shine a light always and see how we're doing with our core because that's what's going to drive long-term value in the organization and then make sure we have a clear strategy for each one of these. And we can add color on that over the over the coming quarters.

Got it. And then how are you thinking about balancing growth and profitability over the next few years? I think it's certainly great that you're showing us profitability. I think investors would prefer growth as long as you don't deteriorate the level of profitability that you have. But how do you throttle the 2? And how do you think about the trajectory over the next couple of years?

So I think what's really important for us is to have growth in core, right? That's the #1 priority. I'll take growth everywhere it wants to show up. But like how we're thinking about that business is we need core to be growing. It was growing 2% on -- when you take D&R and net it against exposure management, we'd love to see that accelerate. And we think there's great opportunity to accelerate that business. And so that's priority 1 plane and simple. But I think on the bottom line, we have to see margins improve over time, right? We want to make sure we've got good solid cash flow. We've got to make -- we've got to take care of our debt obligations. We've got to make sure we have the capacity to invest as opportunities come up. And so it is a balance, right? So I think what we're going to be seeing is making darn sure core is growing and invest accordingly, making sure overall that we have margins improving over time.

How much of an improvement over time? I don't know that investors really want to see 100 basis points of improvement per year, but -- because they know that you have the leverage to do that. So as long as you can give them a little nugget...

Yes. I mean, investors can see like on our bottom line guidance, we expect margins to improve as the year goes on, right? I think the overall framework is we want to make sure, first and foremost, that we have the cash on hand to pay off our debts, that we have the cash on hand to run the company and make investments as we're going along and then make sure we get return from the investments we're making, right? And I think, like you said, if something really is taken off, the smart thing to do is invest in that growth trajectory. So it's, again, really getting in there and have that control over the dynamics of the business on a micro area, so you can have that situational awareness to make those decisions. I think that's what's going to play it out. So in a context where you got margins improving over time, it's almost on the micro is more important than what we're doing.

Got it. And then how do you think about it? I mean you mentioned servicing your debt, so you've got a big convert coming up next year and plenty of cash to service that debt. You have an undrawn revolver and then you've got a tranche later on. How do you think about the level of flexibility that you have to service that debt versus what you have to invest in the business to grow?

Yes. So -- and just for everyone's benefit, we have a convertible bond that matures in March of 2027 of $600 million. We have -- this quarter, we finished the quarter with $670 million on the balance sheet. It's all in a current position. So we feel really good about this first maturity, and we have the line of credit and our ongoing cash flow, I think puts us in just a really solid position that we can pay that debt and have the cash to run the business, right, to make sure we're in a very comfortable space there. When you stretch it out to the next convertible maturity, that's out in 2029 of $300 million, just our ongoing annual free cash flow build, we're comfortable with our plans that we'll be able to take that and again, maintain that position of pay off the debt, make sure you've got cash on hand to run the business. But like tuck-in acquisitions like the Kenzo acquisition that came up, you always have to be mindful of those and prepared to take advantage of opportunities. And so I think that's important and that's why it helps to have that $200 million undrawn line of credit on top of it. But I think take -- managing cash is the first part of the job for the finance team. So I think we've got a great line of sight on taking care of the debt and then it's making sure we have the cash to run the business and make strategic investments, whether it's organic or a tuck-in acquisition or something like that.

Got it. Thank you for that. With that, we're out of time. So Corey, Rafe, thank you so much, really appreciate it.

Thank you so much, Brian.