Tenable Holdings, Inc. (TENB) Earnings Call Transcript & Summary

All right. Good afternoon, everybody. Thank you so much for joining us. My name is Hamza, I'm from Morgan Stanley, and with me, I have the pleasure of having the team from Tenable here. We have a Stephen Vintz, Co-CEO and CFO; and Mark Thurmond, Co-CEO and COO from Tenable. Before I begin, just a brief programming note. For important disclosures, please see the Morgan Stanley research disclosure website at www.morganstanley.com/researchdisclosures. And if you have any questions, please reach out to your Morgan Stanley sales rep. With that, Steve, Mark, thank you so much for joining us.

Thank you very much. Great to be here.

Before we get into -- I'll start with you, Steve. Tenable has been going through a transition in the last few years to what's known traditionally as Vulnerability Management to a more comprehensive Exposure Management Solution. So maybe just if you could walk investors through some of the investors that may be relatively newer to the story, what that transition entails and what that means for Tenable?

Sure. Good question. And Tenable is the Exposure Management company, which means we help customers understand and reduce their risk. Our roots are in Vulnerability Management, which is a foundational market, and it's basically discovering and assessing network-based devices for vulnerabilities and exploits. But if you go back and read the prospectus or even the IPO roadshow from 2018, what you'll see is that while our roots are in VM, the focus all along for us was on what we call Cyber Exposure, which we now call exposure management, which Gartner calls continuous threat and exposure management, which is the outgrowth of VM, and it's an exponentially much, much larger market. So we're taking that core VM use case, exposure use case. And over the year -- applied that to other asset types. And the product strategy itself is really rooted in breadth and depth. Breadth in terms of -- the assessing vulnerabilities and exposures and other asset types, whether it's Web App Security, Cloud Security, looking at the configuration of those public cloud environments. Active Directory Security, looking at the configs of AD and applying that broader identity use case in the public cloud, ASM, external Internet-facing assets, OT. So going across the attack surface to be able to assess other asset types. And while that is important, what we said all along is that the bigger opportunity is really depth. Aggregating all of that data through all of those -- all of that assessment across all these asset types [ into ] a single platform to help customers understand risk and correlating vulnerabilities and threats and identities to map out a likely path of exploit. And something we'll talk about a little later is really the Vulcan acquisition, which now allows us to ingest data from third parties. So in short, Tenable over the years, has been going through this evolution of Vulnerability Management, which is enumerating CVEs and a long list of vulnerabilities to risk-based VM, which is the prioritization of those vulnerabilities with contextualization and -- threat data and other external data to now exposure management, which includes third-party data, combined with our own assessment data to drive remediating ops and mobilization, which is really important.

Got it. Got it. And you guys have definitely separated yourself as a category leader in that -- vulnerability management and exposure management space. I read a stat the other day, I think the number of CVEs, common vulnerabilities and exploits is up something like over 40% in the last year. Yet when we think about demand for Vulnerability Management Solutions or Exposure Management Solutions in general, it's not entirely clear as public market investors if that demand is as strong as it is. So maybe just explain to us just the demand environment for VM and Exposure Management in general?

Sure. Overall, we're seeing good durable growth in vulnerability management. It's a foundational market. It's not going away and we're the unequivocal leader almost by any measure there. And our Exposure Management customers are coming with us on this journey into the Exposure Management platform. So if you look at -- you kind of look at our business, what we've talked about on the public calls is this growth algo, where 75%, 80% of our business is Vulnerability Management. I think consequently, 20% of our business is the Exposure Solutions, these other asset types, whether it's Cloud, whether it's Identity, whether it's OT and then also the platform that allows us to sell that. We believe that security principally is a big data problem, and we're helping customers operationalize preventative security. And so selling the platform allows us to consolidate a lot of these security categories, assess assets more broadly across the attack surface and deliver greater insights with regard to rest. So customers can prioritize and drive remediation. So we're seeing outsized growth in Exposure Solutions, which now represents 20% of our business, that's growing 30% within that Cloud is growing over 100%. If you look at the kind of the growth algo of the business, that will naturally inflect growth up over time. But we're also seeing sizable -- we had some sizable takeouts in VM on the last quarter that we discussed. There's -- we think, strength in the market with respect to repatriating workloads from public cloud to private cloud looking at greater PCI compliance requirements and -- certainly VMs are foundation, but there's a much larger opportunity in codex management, which, by the way, Gartner is now launching a -- an exposure management MQ this year. They've never had a magic quadrant on VM. Certainly, they recognize that Exposure Management, which is a category that we've created, certainly is a big area of focus. In terms of volume of inquiries, inbound inquiries for Gartner from organizations, partners, others who are calling them, asking them how to prioritize spend. They said #1 is MDR, which is no surprise, big TAM, lots of mega cap companies there. #2 is SIM and just behind SIM is Exposure Management. So it's a market that's here to say -- stay. IDC is doing a market scape report on it a little later this year. You'll have Forrester come out with a report on VM, which I think they call Unified Vulnerability Management. So certainly have a lot of traction, good momentum. And the selling prices in the platform, we sell the Exposure Management platform are 50% to 90% higher than the stand-alone VM ASPs.

Got it. That -- i will definitely be on the lookout for those. And maybe just remind me, I think you were alluding to Tenable One the full platform. Roughly what percentage of the base has migrated to that?

Yes. So we have roughly 40,000 customers, roughly 15,000-plus enterprise customers. We have piece of software called Nessus. It's one of most ubiquitous products in all of security. It's a $2,000 to $3,000 scanner. And so we have roughly, call it, 30,000 customers approximately using the Nessus paid version of the product. That is a cost-effective on-ramp into a larger platform sale. That creates a flywheel into the platform itself. But we have roughly 15,000 enterprise customers. And of those enterprise customers, roughly 10% are using the -- Tenable One platform today. So certainly, big opportunity, lots of green shoots there for us, and it's approximately 40% of our new sales. So 40% of all of our new dollars -- this most recent quarter came from the platform. And about 1 year ago, it was less than half of that. So certainly, a lot of market pull for Exposure Solutions. The ability to assess assets more broadly across the attack surface. Now -- now going forward, we'll include third-party data, working in just data from other security providers as well.

Got it. It's a good segue into the next question on Vulcan Cyber. Mark, maybe I'll bring you in here. So just -- a big acquisition. It seems like a game changer for Tenable. Just maybe explain why -- that is and what's your value props are?

Yes. So a couple of things that we are very, very excited about Vulcan. More important than Tenable being excited. Our customers are very, very excited. So this is a customer-driven acquisition. And when you look at what we've been discussing with customers around exposure management and really talking about all of the different issues and challenges that customers have. One of the biggest parts of exposure management is being able to look at and assess third-party assets. It's also being able to automate your remediation and improve your workloads. And so we've been positioning Tenable One in the marketplace. And one of the big areas that now we can deliver on is this third-party ingest. And I think for -- the Street, one of the most exciting things from a perspective of monetizing something is we've never monetized third-party assets ever at Tenable, right? So this is the first time that we'll be able to go out and look for customers that have CrowdStrike, have Wiz, have Palo Alto have any type of asset type that we've never been able to charge for or monetize. And now we can do that, be able to ingest that asset type into Tenable One and be able to improve their overall security posture, visibility, risk scoring. And so our customers have been asking for this -- their technology is phenomenal. We did a massive amount of diligence looking at every player in that space and then end up choosing Vulcan. They were just with us last week at our kickoff meeting in Florida. And I think it was probably the most enthusiastic round of applause was when the Vulcan team got announced and started talking about some of the customer success stories and wins. So yes, we're very, very excited about this one.

Yes. And I mean, Steve alluded to earlier, you've got 40,000 customers. I think millions of user downloads because obviously, Nessus and Tenable have a big installed base. So from a monetization standpoint, you're monetizing the third-party assets and you're integrating with other security companies, but vice versa, what's been -- what's the upside of other companies integrating with Tenable?

Yes. I would say -- I mean company via a simple API, you can do that. I think what makes Vulcan different is a couple of things. Number one, when we ingest data from other security providers, we also include the meta data. So we enrich it in a way where -- when we obtain the data, it's not just the IP address or even the findings that come with that, which is the vulnerabilities, but it's also the network information, the compensating security controls and the owner. So there's a lot of rich data that kind of -- that comes in. And once we get that data, it's the normalization engine, which is really important, which is a bit of a complex problem, which is, okay, looking at that asset, that particular device. Is that a unique device? Because Vulcan covers 5x the number of assets that we assess. So we have -- dozens of overlapping customers. And if you look at the customers that are using us to do maybe traditional VM or even cloud but they're also ingesting assets from Wiz. They're one of the largest asset contributors to Vulcan. You also have things like CrowdStrike and even Palo Alto. But it's the normalization engine. What's a unique asset? What's a duplicate asset? That's really important to customers. So you can get complete visibility with regard to your assets and your inventory of those. But the big value add is really on the back end, which is taking all of that data, combine it with our first-party assessment data to be able to enrich it and to drive the remediation ops. So for example, you may have a vulnerable code in a publicly facing EC2 instance on AWS, and then we can take that, combine that look at the entitlements and the privileges in terms of who has access to that, both human and machine and we can map out a likely path of exploit. So -- and then it integrates bidirectionally with Jira and some of the ticketing systems, so you can assign the task of remediating it through Jira. And once it's done, it's closed loop back into the platform itself. So there's a lot of enrichment that takes place. It drives a lot of remediation, which is really important. And if you even talk to Gartner I mentioned them earlier, what they said is like certainly a major area of focus, major spend category will be Exposure Management and kind of the pieces under that are not only scoping and discovery and privatization, but also includes mobilization. That's a big piece of it. It's taking all that data, prioritizing it and doing it in a way where you're able to automate and solve some really -- and automate some painful manual processes for customers.

And maybe just on the integration. I mean it was a recently announced acquisition. Not sure if it's closed yet even, but how has that been going so far?

Yes. No it's a closed transactions. So they're all full Tenable employees. We've got a road map all sketched out where we will have first integration done in the early part of Q2. And so it's an engineering org that is phenomenal based out of Tel Aviv, so very much integrated with a lot of other acquisitions in Israel.

Okay. Maybe shifting to Cloud Security. You did some investments there in the last year as well. To me, selling Vulnerability Management, Cloud Security [ posture ], it seems like a natural adjacency, right? Both of them are -- you're trying to basically assess security posture in various different ways. So I'm curious -- in the last couple of years as you've really expanded your efforts in this market, what's been some of the cross-sell that you're seeing there?

Yes. So I'll just hit on that briefly. A couple of different areas actually. So one, where we've seen a lot of success is in that commercial mid-tier space. Within that mid-tier space, think of companies that are 500 employees to, say, 2,500 employees. Sometimes they don't have a separate distinct cloud security team, right? The one VM team is actually managing it all. They don't have a broken out succinct separate team. And so when we're able to go in there and talk about Tenable One right, as the Exposure Management platform and also have full-blown CNAPP capability, and now one or two users can actually look at both hybrid environment, looking at a on-prem, looking at traditional classic VM, but also cloud, we see phenomenal velocity there. The second is in the enterprise space. So those larger big customers that might have a separate cloud security team. What they're looking to do is to consolidate, right? So they're saying we've got a pretty defined budget. We've got pretty defined resources. If there is technology that can scale, and we're already using it in the enterprise, say, looking at VM perspective or an identity or operational technology. The value of being able to now ingest all of their cloud assets into one platform, is a game changer. And we did our first large 7-figure deal in Q4, and we're starting to see the pipeline grow for 6-figure deals. So we do think both of those trends will continue in 2025.

Another sort of market that I'm hearing more about is AI security posture management, right? And I think, again, similar sort of use case that the Tenable could solve for. Is that something that's also expanding the attack surface area and something that you're helping with as well?

Sure. Yes, we have a product called AI Aware and with a -- so we have over 5,000 customers that use Tenable today to discover Saas in close AI exposures. And what AI Aware does, it detect vulnerabilities in AI software and libraries, internally developed web applications, in the browser plug-ins and certainly, it's an important part of the attack surface. As we think about AI more broadly, we think about it really threefold. Number one, it will be part of the attack surface, right? And the future what you will -- what we believe will differentiate on is not so much features and functionality, yes, that will be important in software. But it's really the exposure data that we have. We have one of the largest customer bases in all of security. We have Nessus, one of the most ubiquitous products in security with 3 million cumulative downloads, tens of millions of agents that have been deployed all collecting data. And now we combine that with third-party data via Vulcan. So hands down, we believe we have the broadest set of exposure data, but it's the ability to train that data to deliver greater insights. That will be the real competitive moat in security -- unequivocally. So we believe AI will help us, number one, deliver greater insights to customers. There will be a force multiplier on the kinds of insights that we can deliver with regard to risk. Number two, it will be a part of the attack surface. So we just talked about AI Aware discovering Shadow AI. We also have something called an AI-powered APA Attack Path Analysis, which is sending more customers into the platform where they can go and provide inquiries and seek remediation guidance. So securing the attack surface, securing those large language models and even the code that eventually is written in the future that deploys a lot of these AI -- a lot of talk about a Agentic AI -- but deploys a lot of these AI agents. And then last but not least, AI will make us more efficient as a company, right? A lot of the AI that's out there in the market today is knowledge-based AI. So if there's support, and Mark overseas that organization. He's doing some great things with automation in there. So less reliance on tech -- on support engineers and more reliant really on the automation, customers looking for information on how to do certain things even things like our go-to-market efforts, R&D, you've listened -- I think Mark Benioff was on record of saying "this is the first year in this company's history where they're not hiring engineers" instead, they're expecting 30% productivity gains with flat head count because they're deploying agents to help write generative code. And certainly, it requires little -- some human touch. But certainly, AI is here today, it will make organizations a lot more efficient.

Maybe shifting a little bit to -- following up on Cloud Security. Just could you give us a sense of what the ARR for that is today roughly or percentage of sales around that? And then when you think about some of the emerging cloud security players, there's been consolidation in that market, but to what extent is Tenable separating itself as a top 3, top 5 player in this space?

Yes, it's a very good question. And like I said before, we're seeing outsized growth in Cloud. It's growing 100%. We believe we can grow cloud, double it each year-over-year for the next 3 to 5 years. That's an internal aspirational target. Obviously, the guidance isn't set to that, but we certainly have that kind of momentum. We talked about the growth algo of the business where 20% of our business is in these newer asset types, newer areas for us that's seen higher growth. That's about $200 million. And so Cloud is certainly a part of that. So call it, certainly sub-$200 million, sub-$100 million, at least last year it was. And so Cloud is certainly a big part of it. But -- it's one area of the attack surface. So we have the ability to sell the broader CNAPP offering in the market and compete head to head with a Wiz or with a Palo or even some of the others out there. If there is a -- Wiz obviously gets -- has a lot of brand recognition and certainly has a lot of momentum in cloud. Where Wiz is deployed in the larger enterprise market, we sell -- we have a leading KIM, which is the Entitlement Management Solution, Just in Time. So it looks at the combining identities with vulnerable code and the configurations of those public cloud environments. So there's a specific use case there. We're having tremendous traction. And Mark and his team have pulled out 6- and 7-figure deals is in that mid-market. And when I say mid-market, it is not SMB because usually, it's -- people think of [ S ]. It is midsize organizations, 500 employees up to 2,500. I mean we're 2,000 employees, $1 billion roughly in sales. So sophisticated organizations that are seeing quicker time to value that are buying the broader CNAPP offering itself. But increasingly we're selling Cloud as part of the broader platform. And what customers are telling us is, look, they can they can co-source cloud or sole source it with Wiz whatever they want to do, but it's connecting the dots with Cloud. It's the gap and the silos within your security stack, which is connect the dots for me for all my vulnerabilities, all my threats, all my exposures across these different asset types and then combine that with access. Who has privileged access? Who can make lateral movements? And then tell me where my real exposure is? Which -- with regard to a likely path of exploit. So that's the problem we're helping solve for our customers. It's one of the reasons why the platform is getting great traction.

Mark, just Tenable has always had really strong -- traction with the channel. You've got a very large channel partner ecosystem. When you think about selling the broader platform, is this -- is the channel enabled to do that? And is there a change in the incentive structure or the strategy on that at all?

Yes. So the channel, I mean, one of the very cool things about Tenable, one of the few companies that is 100% channeled. So we do not do any direct business. So that decision was made coming out of the IPO, and it's been phenomenal in regard to getting leverage and traction with the channel, right? One of the biggest reasons that certain channel partners will invest in training and enablement is they're worried that towards the end of the transaction, maybe the vendor will take that deal direct. So they don't put all the resources around it. With Tenable, there is no fear. They know that we will always, right, stick with our partners and then transact through the partner community. Our competition doesn't. So our competition takes a bunch of business direct. And so when you look at Tenable, they are very, very well trained and organized around exposure management. So think of Tenable One, right? We've been out in the marketplace positioning this technology and this platform for 2 years and seen phenomenal growth. Steve has highlighted the growth numerous times. Now they've been trained on that and you're actually seeing partners, some of the larger partners change the name of their VM employees to Exposure Management practices. So you're seeing this shift whether the channel community of not just ACM, but exposure management. And it's a great story for them because they can go in and have a very strategic discussion around consolidation. They can talk about multiple asset types. Tactically, if you're a partner, you don't have to train your SEs and your reps in 5 or 6 different products. You can now train them in one product, which is Tenable One the platform. And then that's where OT flows to Cloud Security, Web Application Scanning, Identity, Attack Surface Management. So we saw a phenomenal results in Q4. We had one of our best quarters ever of channel-in-business, meaning the channel partners are bringing us the transaction and the deal. And yes, the leverage is phenomenal.

Maybe just one question, I'd love to open up to the audience as well for any Q&A. Public Sector. DOGE -- I know, Steve, you've gotten a few questions about this. I believe public sector overall, state, local or worldwide is about 15% of Tenable's business. Just curious, you're close to DC and do sell a lot to the Federal government, just -- what you're seeing there in light of some of the recent news coming out of that vertical?

Sure. I'll start, and i know Mark has some color to add here. Well, as you mentioned before, U.S. public sector is about 15% of our total sales, roughly half of that is Federal. So we obviously do a good number of business with a lot of the states and local jurisdictions. We're absolutely very bullish on public sector globally as well as U.S. Federal. We know the Administration is committed to strengthening our cyber defenses. Trump in his first term passed one of the largest -- the large cybersecurity budget, spending budget that we've seen in the modern area. And he's done a lot of good with regard to consolidating like U.S. Cyber Command rolling that under the Department of Homeland Security. And he even established the CISA organization, which is overseas a lot of -- is responsible for securing critical infrastructure. We have a CR, which is like continuing resolution, which is likely to expire in 1.5 weeks. I doubt The House will pass the new spending bill, which means that, that will likely to get extended. It could get extended into April but it could possibly also get extended into September. And the significance of that means that you're -- while that -- while we have a CR you're not likely to see a lot of discretionary spend on new projects. You will -- customers will continue to -- the Fed will continue to renew subscriptions and software that's mission-critical, of which security and Tenable is one, but discretionary spending could go sideways for a little bit here. Look, I think there's a lot of work and a huge undercurrent here that's taking place. There's major opportunities for us and large deals in the pipeline. And certainly, we're very bullish on the Fed.

Yes, without a doubt. And when we gave kind of guidance a few weeks ago, we were very specific, and I talked to our Federal team multiple times throughout the week. We are very optimistic about what Federal is going to do in 2025 for Tenable, right? No projects and we're very specific. No products have been canceled, no budgets have been canceled. No agencies are coming to us saying "Hey, we're not renewing or we're not going to do an expansion" It's more the gray area. What the agencies are struggling with is how to actually transact and get deals through procurement. So you could look at an example with DOGE where they remove some procurement people or some contracting people. There is not a person, a human to actually transact a purchase order. And so our champions and coaches are saying, "Hey, we're still moving forward. We still obviously need to make sure we're securing this asset type". We just have to figure out how to get the transaction done. And so that's every week. We're trying to get a little more clarity on that. And that's why we gave the guidance. We're still extremely optimistic, especially second half of the year. As Steve said, we do think this Administration is going to spend a lot of money on cyber. It's really working through the first half of the year, just getting some of the drama and some of the people backfilled where you can actually get operationally efficient and be able to transact -- the purchase orders. And so that's why we gave the guidance that we gave.

Any questions from the audience? We got one here.

Thank you team for coming for the conversation. Well, first of all, my condolences again for passing of Amit, the industry lost a Titan. I guess two quick questions, one is, how is the search process going forward, the CEO role? And then two is -- you mentioned that 20% of the Exposure Management business is growing very healthily, like 30%. Cloud is doubling, which is great. Just wondering what kind of growth rate profile do you imagine the 80% of the more core VM business going for the next 3 to 5 years? And then take it like 3- to 5-year point of view, where do you see the business mix will look like? Like is it going to be half and half, VM versus -- VM versus EM? Or it's more like going to be even more Exposure Management versus VM?

Sure. Well, the Board is -- with regard to your first and foremost, thank you for your condolences on Amit. And the Board is actively running the search. They've retained an executive search firm. They're considering a number of external candidates. And there's two internal candidates, the two that are here today. A couple of things to note there. Number one, Mark and I have a lot of history with this company. Mark has been here for 5 years. I've been here for 10. Amit, while he was battling cancer, was working under a modified schedule and then took medical leaves and the co-CEO structure that you see here today really reflects how we've been operating the company. And we've been operating the company I think, quite well, given certainly in the market and given what we've seen. We're acquiring companies. We're driving greater efficiency in the sales org. We're investing in R&D 25%, nearly double the growth that you see in revenue. We're walking the margins up. We can -- we have a public -- we have a credit rating, public credit rating, where we can add more firepower to the balance sheet. So I think we're managing the company quite well. Obviously -- the focus really on growth. So making investments, we actually believe we have the potential to accelerate growth. To your second part of your question, the -- 80% of business is growing kind of high single digits, 7%, 8%. Certainly is growing faster than some of our competitors, which we've done really over the course of the years. So if you look at the growth algo, just combine kind of 7% to 8% growth for our VM business and 30% growth, in other areas of our business, that gives you 11% growth, which is what we grew in Q4, which is what we grew in Q3. Our guidance assumes growth moderates in VM, which we think is the right expectation to have. But there's also no reason why growth in VM can't accelerate for the reasons I mentioned earlier. However, if you look at Exposure Solutions, it's growing 30%. We think we have the potential, given the investments that we're making and the markets we play in and the momentum to be able to drive that 40% even 50% growth. So you just kind of look at the growth algo, do the math and what you'll see is that growth will inflect up over time, good durable growth in VM -- plus continued outsized growth in Exposure Solutions with the potential to accelerate that with even the potential for VM growth to go higher. We think we'll -- certainly create the acceleration that we're focused on, on the top line.

We got one more here. Just wait for the mic.

Comment on the Federal side and the DOGE impact is very helpful. But what are you guys kind of seeing on the SLED side, is there's some kind of comments around like the industry about kind of what's happening on the Federal side, having like a downstream impact to higher education and state and local that kind of relies on government grants and given the uncertainty there, you're just kind of seeing more pull back? So kind of curious whether you are seeing on the ground, any change feedback from the SLED side?

Yes. Just from the kind of the day to day interaction, there hasn't been any really significant changes. It's somewhat similar to federal, where, again, they've got budgeted projects budgeted requirements that they want to be able to move forward. I think for them, it's the same type of story. They're just trying to figure out how the budgets get allocated, if there are going to be any type of cuts or how this is going to look downstream. But again, the resiliency of that business is you've got certain states that are very aggressive in their budgeting and in their cycles that are very promising -- where I am very confident what we're seeing in pipeline build. And I do think once the Federal government with the DOGE initiatives get somewhat cleaned up in a little bit less gray area, I think it will make state and local extremely easy to navigate and get done. They're really just looking for the funds. They're just looking for where the budgets are coming from. There's not the real challenge of the head count reductions and some of the other things that we're experiencing in the Federal space right now.

Maybe just one final question. Steve, just some of the profitability improvements in the last couple of years have been pretty significant. 30% free cash flow margins hopefully. And -- as you think about Tenable going forward, what's the -- how do you balance that -- those very high margins would still growing double digits? How are you thinking about that?

Yes. I think short answer is, very careful. And we've always been a very balanced grower and not a grow at all cost company. And if you look at some of the things I've talked about earlier, which is making sure that we're investing in innovation, making sure that we're continuing to invest, put more wood behind Cloud Security, where we're seeing great traction. Putting more investment into the platform, which is where we see this market going to Exposure Management. The market, we believe, is turning to us, certainly talk to Gartner about the level of interest in Exposure Management. We think that certainly, it's a category that we've created and we're well positioned there. So you have to continue to invest. That's really important, right? We're a growth company, and we're driving certainly for higher growth. And so that's a big area of focus for us. And the other thing, too, is that over the years, we have built a global distribution capability, selling to 160 countries. We have feet on the Street in 40. Over the years, we have abandoned our direct sales or going into new markets, some of the major sectors of the economy. We have thousands of channel partners. In 2023, we spent 42% of our revenue in sales and marketing. Last year, we exited the year with 36%. And as we said on the earnings call, that will continue to moderate lower. But in sales and marketing, first time in over 1 year, we're adding more capacity. So we certainly see a great return on investment, which gives us the confidence to be able to add capacity. So in running the business in a way where we're able to walk the margins up in a very gradual fashion. Lean in, invest in areas where we're seeing outsized growth. Higher levels of productivity and efficiency in the sales organ and we think the balanced growth approach was really important. And we're generating like really strong cash flows, and we see a lot of leverage. You talked about the kind of the circa 30% of levered free cash flow margins, we believe we can drive cash flow margins up over what is my official guidance, 35%. We think it has the potential to be 35% plus, which is what I think I said in the earnings call.

Longer term. With that, for what it's worth, in our opinion, I think you've managed the business exceptionally well. Both you and Mark, so under pretty tough circumstances. Thanks for making it out to our TMT conference. It's always a privilege and honor to have you both, and thank you for the investors for joining us.

Thank you.