Varonis Systems, Inc. (VRNS) Earnings Call Transcript & Summary

We'll get things started. So I'm Roger Boyd, I'm the cybersecurity analyst here at UBS. Very happy to have Varonis here with us here on day 3 of the UBS TMT conference. We have Guy Melamed, Chief Financial Officer and Chief Operating Officer; and Dave Gibson, VP of Strategic Programs. Thank you gentlemen.

So I think we will just start with an overview of the platform of the company. I mean, the data security problem isn't new, but at the same time, you addressed it in a pretty unique way. Can you just talk about how that kind of evolve in the background of the company? How it evolved at this point?

I think you're right that the problem has evolved. It's interesting, [indiscernible] of Twitter sitting in front of Congress, right? They have too much data. They don't know what they have, and that leads to the second problem, which is people have way too much access to too much data. And I think we've seen that's been kind of a core problem since we started. Today, when you think about how dependent people are with data or on data and how much depends on it now, and it's also where we see attackers grow or go. And it's interesting, I think, in these big breaches, you can't unbreach data. That's really where the risk is. And because you can rebuild the infrastructure, you can get a new endpoint, but you can't really take the -- put the toothpaste back in the tube, right, around breached data. So that's where a lot of the risk is. And where the data lives is a little bit different than it used to be. When I started in Varonis in 2006, there was no cloud, there was no 365 and even though SharePoint. And so the mindset was to data security was a little bit more on the perimeter. These days, we've seen that data is concentrating on these massive collaborative data stores, and really, that's where kind of some gaps and controls are. The perimeter approach isn't quite -- it's sort of hard to define where the perimeter is. The data doesn't really live on the end points right now, I think, my phone or my laptop up to a cloud data store. And really, when we look at these massive data stores kind of in the center of the data world, we see that people have way too much access to too much data, and just like the Twitter CISO said. And what that does, I think, is it makes the consequences of an internal threat or an insider a lot bigger. It also means that attackers don't need to work as hard to get access to a whole lot of data. So I think what's happened is these cloud stores have made it so easy for people to share and collaborate data. They're generating a ton of risk every day. It's very hard to see and even harder to clean up. So what we see is a natural evolution is really the automation of the process of locking data down, right, making sure you can get to that least privilege or zero trust model, and then being able to use that same information that you need to lock it down to also then monitor how it's being used. So the idea here is if you've got an insider threat, they're going to have access to far less data, right? And it's going to be easier to spot them. And then if you've got somebody that compromises an insider account or a system, they'll be able to do far less damage without having to get more accounts and more access, and that gives a lot more chances for a detective control to SaaS. So that's really where I see Varonis kind of going is automating this data protection, really getting people to a least privilege, right, locking down access and then monitoring how it's being used.

And I think, just to add to that, in its most simplistic way, we protect data. And it doesn't matter where it sits, whether it's on-prem or in the cloud. And every company has data that they're trying to protect, whether it's social security information, credit card numbers, addresses, health care information. But even if you think about top picks, top stock picks for 2023 or the worst upgrades and downgrades that you plan to have, if someone gets access to that type of information before you control it, then that could be devastating effects both on a personal level and from a company's perspective. So what we try to do is sit on the vault, analyze any abnormal behavior that takes place in relation to data no matter where it sits.

Got it. Very helpful. A lot of stuff from the quarter, but we can talk about macro in a second, but I think the biggest announcement was this new SaaS offering. And I think many people thought that was coming for a while. But curious if you can talk about what exactly that offering is, because Varonis has been touching cloud data stores for a while, but this is more about a delivery model. Why now? And what went into that announcement?

I'll start with why now, and then David, you can give some color on the actual technology. We've invested over the last 2-plus years, more than $100 million in order to have this offering, a SaaS offering. And basically, the SaaS offering has a lot of benefits from a customer perspective, customer experience, the ease of doing the sales, the sales motion is very visual. So we can talk about the risk of having millions of files open to everyone in the company but until we show you data that you recognize that is open to people within the organization that you don't get that jaw-dropping moment. And we have had thousands of events where we would go to a CISO, tell them that they have risk because they have sensitive files that is open to everyone in the company, they kind of shake their head, they realize that it could be a risk. But when we show them a payroll file, that is open to everyone in the company, or we show them a list of social security numbers that everyone has access to, that's when they truly realize the risk, and that's when we get the PO. So doing the same thing through a SaaS offering simplifies the entire selling motion. The ease of use and the customer satisfaction goes up. We can talk more about kind of why that happens, but we expect sales cycles to come down with the SaaS offering. We also expect that some of the renewal rate that has been very strong under the on-prem subscription higher than 80% will actually increase through SaaS. And there's a lot of benefits that come through with the SaaS model.

Yes. It's very exciting. It's similar to the on-prem offering and kind of what it does, it find sensitive data to see where it is exposed, automatically lock it down and then track access alert on that. But we've added a few things in the SaaS product that I think are really interesting. The first is in 365, we see a lot of people sharing data through these links, either everybody in the company or to external business partners to the public. And nobody is really looking at those and cleaning them up. The average organization, I think, has 40 million of these links, and it's not like somebody wants that as a task list for this week. So we've introduced some automation that will intelligently come back behind users and kind of enforce the guardrails there and remediate some of the risk that's accumulating there. Also, it builds on our IR service. We've had an IR service that's been one of the most well-received services that our customers get for years where we help them investigate alerts. We take that to another level where they don't even need us to let them onto their system to investigate. We can essentially just call them if there's something they need to know. So that's another exciting addition with the SaaS product as well.

There's also a lot of financial benefits for us as an organization with SaaS because when you think about the risk of ransomware or the risk of any threat models, if we find a threat in one customer and we want to distribute it to the entire customer base, you can send it to the customer, but you need to actually make sure that they download it and install it and that could take time both from our perspective in terms of resources, but also you can have CISOs that are on vacation or delayed that installation. If it's in SaaS, it happens within segments. So there's a ton of benefits that we expect to see in terms of leverage in the model with the other departments, whether it's the R&D that has maintained 2 types of code. We can talk more about kind of our desire where we want to get to a point where it's only one code. We're just going to offer on the SaaS in the years ahead. But there's also the other function of professional service, customer success. Even the sales and marketing, we expect to see a little bit in the model through the SaaS offering.

Got it. Very clear and exciting stuff for the company. Maybe just moving back to the 3Q results. Can you just talk about what you saw, the highlights, the areas of caution and what your net reduce or your guidance for a...

So the Q3 results, if I take a step back and talk about Q2, in Q2, we called out more uncertainty in the European region. We saw higher deal scrutiny. And there was kind of some behavior there that we called out. But in Q3, we actually saw the results in Europe worsen. And we have about 50% of our business that comes in the last couple of weeks of the quarter. And we saw that continue to worsen -- saw that kind of happen towards the end of the quarter. We also had -- in the federal business, we had -- we came short about $4 million to $5 million below our expectation. Now both in the European business and in the federal business, we didn't lose any of these deals to competition. We were actually able to close some of the deals in Europe in Q4. And in the federal business, we also were able to close some. We won't close all of that $4 million to $5 million shortfall, but we did close some of it. And when you look at kind of that Q3, we also had the U.S. dollar continue to strengthen compared to when we gave guidance for Q3. Put all of those 3 elements together, we still came at the lower end of guidance within our guidance range, but on the low end of it, but it was below our expectations.

Okay. And then just on the macro note, I mean, you talked about sales cycles elongating in 2Q, being more impactful in 3Q, expecting that to stay the same in the fourth quarter. You provided us with an early look at how you're thinking about 2023. Can you just remind us what the assumptions are around those numbers and what you're expecting in terms of that?

So talking about 2023, when we gave guidance for our Q4 2022 numbers, we assumed that some of that European deterioration in macroeconomic conditions will spill over into our U.S. business. Now when we gave guidance and as we look at things today, there aren't any indications from a KPI perspective that we would see that spillover. But again, when you have 50% of that business closing in the last 2 weeks of the quarter, the expectation is that there will be spillover from the European kind of slow down into the U.S., and I think it was the right prudent way to guide our Q4 numbers. The other impact, the other color we gave regarding 2023, was factoring in the SaaS announcement. So in 2023, we baked in continued deterioration in the macroeconomic conditions, both in Europe and in the U.S., but there was also the element of introducing the SaaS offering. And whenever you introduce a new offering and you change the comp plan, and we plan to change the comp line at the beginning of the year in January of 2023, there's always some sort of friction with the sales force. We saw that friction when we moved from perpetual to on-prem subscription, and we can talk more about that. And we wanted to bake that in. So we wanted to take all of the things that could go wrong and kind of put them out there, set the expectation. And hopefully, not all of them do go wrong. I don't know if we'll have the same friction with our sales force. But we did bake in a 6-month ramp-up time, which is what we saw when we moved from perpetual to on-prem subscription.

Right. Okay. And then just broadly thinking about budgets. I mean, Yaki, on last call made this comment and this theory that a lot of the success we've seen in the cybersecurity market has been, to some extent, a pull-forward catch-up from COVID spend. When you talk to customers, and what are your expectations for the broader cybersecurity budgets going into the calendar '23?

I don't think we benefited from any pull forward when you think about kind of COVID. When you look at kind of the results, and even if you go back to 2016, 2017, when breaches just started, there was an emergency spend that we didn't benefit from. We are much more part of that thoughtful process. Because if you go back to 2017, companies invested hundreds of millions of dollars on defending the perimeter defense. It was the notion that if you protect the border, you're going to be okay. But then they still got breach. And then they started thinking about what they truly need to buy in order to protect their data. So we kind of live under the assumption that somehow, someday, someone will be able to get in through that border. And not only the outside threats, think about a bank, an investment bank, where there's 10,000 employees, do you truly believe that all 10,000 employees are going to be ethical and won't save some of that information on their hard drive and might give it to a competitor or just use it for their own good? So we can protect from the outside, but we also protect against the insider threat. We're part of that thoughtful process. Obviously, I think that the digital transformation can help us and become a tailwind long term, because there's way more files out there. I think there's way more risk that we can help protect against. But overall, I think the benefit will come over time, and I think we'll be hopefully be one of the benefits there.

Got it. Just to clarify, I mean, baked into your assumptions around [ counter point 3 ], and I guess there's some company-specific impacts with the model transition and SaaS offering. But is your assumption, say, call it, flat-type of security budgets probably next year? How granular do you get when you think about the macro?

No. When we built 2023, we baked in continued deterioration in the macroeconomic conditions. Obviously, on the European side, that would be an additional 2 quarters that are baked in compared to 2022. We baked in spillover from Europe into the U.S. And on top of that, we kind of built in the uncertainty with a SaaS offering, not because we don't believe in the SaaS offering, but because we believe that every time you introduce a new model and a new concept, there is some sort of friction, and we wanted to allow ourselves kind of that freedom and to maneuver through that transition as we've done in the past. So that was the thought process behind that.

Got it. Very clear. And Guy, I mean, you've always pitched this balanced growth versus profitability dynamic, and that's always been kind of critical to the Varonis operational stature. But how do you think about growth and profitability beyond calendar '23? I don't think that's changed much. I mean, there could be some disruption in the near term as you switch models to the SaaS. But what's your overall view on how to balance growth versus profit?

So when we -- obviously, there's a different accounting treatment for the on-prem subscription and the SaaS offering. And therefore, the higher the SaaS mix will be, the more headwinds we'll have on the revenue side and the operating margin. But that's why we gave kind of the 2 KPIs that we expect to be the North Star in terms of the indication of how the business is doing, which is ARR and free cash flow. So the guidance that we gave for free cash flow was positive $20 million to $25 million in 2023, because we're collecting those deals the same way annually in advance. The expectation is putting aside the SaaS transition, operating margin should have been higher, because we've always believed in showing improvement on the operating margin side and not just investing a dollar to generate with defense. The true concept is to invest the right way where you continue to grow, it's very important to us to continue to grow in good levels, but bring some of it to the bottom line. So the expectation going forward is to continue to show leverage, everything being equal with kind of the SaaS -- putting aside kind of the SaaS transition. And you'll see that through the free cash flow that hopefully should continue to improve over the next couple of years because we truly believe the company should generate profit and should generate cash.

Okay. Dave, maybe turning back to you. I mean, you talked a little bit about this before, but can you just expand on the benefits you expect to see with this new SaaS offering? And do you have to change your strategy, your ability to penetrate a larger addressable market going forward?

Sure. I think I'll let Guy talk about the market opportunity there. I think speed is a theme that we've talked about before with SaaS as one of the key benefits. I think everything gets faster, right? It's easier to deploy, it's easier to maintain. It's easier to distribute upgrades. It's also because we see everybody were able to kind of aggregate behaviors. We're able to potentially see what needs to be, where we can innovate and get that out more quickly. And then that's also, I think, in addition to the direction, which is to be coverage and automation, right? So we've followed the data. We keep rounding out the functionality for DatAdvantage Cloud. And I think the vision there is really -- I think, the thesis is, in order to protect data, you need to understand who can access data, who is accessing data and where the most important stuff sits. And once you've got those 3 dimensions, you can see where you have risk, see where people are accessing data, see where data scale, see where you've got sensitive data in unexpected places. And it's not enough really to just see, right, you also have to be able to fix the issues that you uncover, right? And so that's where a lot of the automation comes in. And I think we've got a really exciting start there with 365 and cleaning up the risk there. And it's -- I think it's just the beginning there. In terms of opening up the markets.

So there are a couple of ways where I think the SaaS offering opens up the market for us, both in terms of new markets, in terms of new customers. The Varonis offering, which we just introduced to SaaS gives us the ability to enter into market. Basically, customers that wanted to buy the product through SaaS, and I think that will increase our ability to increase our TAM in that sense. But there's also the offering that we introduced a year ago, which was kind of through the acquisition of Polyrize, which was our first acquisition in our history, that happened in Q4 of 2022, we came out with the product after working and improving it internally. And that opens up additional applications that we have never had. So whether it's S3, Salesforce, GitHub, there's a list of additional...

Okta, Zoom.

Yes, there's Okta, Zoom. There's additional applications that we didn't that we didn't support before. And through that offering, we can tap into these new customers and provide protection on those applications.

Okay. Just on selling and price in motion, I mean, you went from perpetual term license a few years ago, and I think a lot of that was driven by wanting to allow customers to get more of the platform upfront. And now shifting to SaaS, you launched some bundles earlier this year. Can you just talk about the customer demand? How the customer views the platform and the initiatives you're taking to make the whole Varonis platform more consumptive?

I think in the forefront of everything we do is trying to make good with our customers, basically give them the best offering that they can have. And obviously, kind of have the financial benefits that we think we can generate with that. So the move from perpetual to on-prem subscription was very much driven by customers wanting to consume more of the platform. And with the move to on-prem subscription, it gave them a lower entry point, we saw that they consume more of that platform, which really helped us from a financial perspective, and it was a very successful transition. The offering of the bundles at the beginning of this year was again very much driven by a desire to simplify the whole selling process, allow our sales force to talk more about the platform as a whole and not about specific applications within the platform. And that's been received very well by our customers. As we think about that, we want to double down on that. We want to make sure that customers see us as a platform that can protect them. And that's what we're planning on doing. And I think it will be a win-win both our customers can benefit more because the more licenses they have, the better protection they get, but it also allows us to simplify the whole selling process with our sales force, and that's always good.

Yes. Okay. Just thinking about comparing transitions. I mean, you went through that perpetual transition in record pace by all accounts of success. How do you think about that compared to the shift to SaaS? I mean, you've recognized on one hand that the original shift was primarily a billings financial shifts, and this is more architectural deployment methods. But what lessons are you going to carry forward to this next shift? And how might it be different than a professional [indiscernible]?

You're right. The perpetual to on-prem was a financial engineering exercise, and we were able to move very quickly within 5 quarters. I don't think anyone wants us to move that quickly from on-prem subscription to SaaS. We don't because I think there's a lot of things that you have to learn in terms of the technology and in terms of the cost structure, because now you're hosting things and there's an associated cost with that. We gave out a framework in the last earnings call, where we want to move within 4 to 6 years. Now let's define what is a move. Some companies define it as just selling to new customers. We're thinking about that 4- to 6-year period, and being able to sell it to new customers, but also convert our existing customers to SaaS. And when we think about what a conversion will include, it's anywhere between 70% to 90% of our ARR being under SaaS. That's kind of the framework as we think about it. Initially, we want to sell to new customers the SaaS offering. We'll start with the smaller companies, then we'll go up market and sell SaaS to new customers that are larger. And eventually, after we kind of go through that process, we'll go back to our customers that have maintenance of perpetual, we'll convert them to SaaS and we'll do the same with customers that are on-prem. So eventually, we'll get -- at the end of this journey, we'll get to a point with the vast majority of ARR is under the SaaS offering. As I said before, it provides a lot of benefits from an R&D perspective, keeping 1 code, provides a lot of benefit from the different departments in terms of the financial scalability of our model.

Yes, I think it makes sense to be a little more accommodative on that transition. And to your point, you mentioned going after different customer cohorts of different sizes that have more interest in SaaS. If you think about that on a vertical perspective, are there verticals you think about that are asking for a SaaS delivery data security platform? And conversely, are there verticals or cohorts that you think would want to stay on an on-premise version for longer?

By and large, I think most prefer SaaS. There will be a few -- if you're on a cruise ship, for example, and if you have to host it yourself, there might be a few of these examples. But for the most part, I see most people go in SaaS.

I just want to talk about competition. I know this comes up a lot. And Varonis has continually talked about a fairly innocuous competitive environment. There's not too many companies that overlap on what you do. But have you noticed any changes to that over the last few quarters? And I think you talked a little bit about this, but shifting to SaaS, moving to the cloud, how might that maybe benefit your competitive advantage?

I would say there's no massive change or no big change really that we've seen in the competitive market. I think there's more awareness, as I mentioned before, of the problem of data protection. And so I think we'll see more people talking about it and coming at it from different angles. For example, you might come out of them of looking at a classification perspective or one of the other dimensions, maybe collecting access activity. But by and large, if you come back to the thesis of understanding who can access data, who does access data and where the sensitive data sits, we're very much alone. As we went into the cloud, we expected, we might see some new players. And we thought would we see CASB more, would we see maybe CSPM or some of the other posture management technologies out there. And the names come up. But still when we look at the outcomes that people are trying to achieve, right, which is make sure that the right people have access to the right data, that the data is in the right places, that I have control over it, and then I can spot when somebody is misbehaving or when an account gets taken over, those outcomes are really ours, especially on these large collaborative data stores, whether that's a 365 or on-prem or a Salesforce. That's really where I think we're showing.

Got it. Okay. And then some of the -- you sort of mentioned this, but some of the functionality you're embedding in the DatAdvantage Cloud product, I would argue the blurs on the lines of, as you said, like CASB or CSPM, or we're talking about data security posture management now. Do you view those as opportunities? And is that a space that you think that is viable for you to move into?

We do look at configurations in SaaS applications and in infrastructure. So we do kind of come into the posture management space a little bit. I see less coming from the other direction. I don't really see anybody looking at, okay, what data does somebody have access to across these stores, right? Or who has access to these data stores from a permissions perspective? And then combining the classification and the activity, you were saying, okay, who's accessing sensitive data in an unusual way, right? What else could they touch? Kind of those outcomes. And then remediating the commissions, I also don't see any overlap there at the moment.

Another question I get a lot is where does Varonis fit into the budget. And it's maybe not as need of an item as endpoint or e-mail or web security, but how do you think about that? Are there areas you can draw off of? I mean, we talked a lot about insider threat, user behavior, the SIM market. Is that where you think about Varonis fit in? And how do you think that maybe changes in the future?

I think what Guy said about the importance of doing a risk assessment, that really comes into play here. If people look at their data and look at the kind of the world that we're able to uncover for them, and we're able to show them where they've got data risk and active directory risk and cloud configuration risk, there are a lot of projects that we can attach to. And also when we show people how unprotected, their data is, it kind of changes the question a little bit. It's like, well, what are all these other projects for if they're leaving our data unprotected? And so typically, we can find a compliance project and active directory cleanup project, the data migration project. There are all kinds of insider threat project. There are a lot of different projects that are adjacent enough, but I think we can start to talk through that.

I think one of the great stories, and we have a lot -- one of the great stories that we've had is it really fits with the fact that initially, when we show up, we don't have a line item that says Varonis, the red carpet is not ready, and it's not like, oh, where's the deal? It's through that risk assessment. And one of the great stories is [indiscernible] event that on the CISO, is we tried to have a risk assessment with. And they said, no, I think we're all set, have everything covered. And the rep is pretty persistent and said, just give me a shot in doing the risk assessment. If we don't find anything, I won't ask for you again. And we did that risk assessment. We start gathering kind of the -- all the events. And then they had a conversation, and the rep said to the CISO, the receptionist has access to the CEO's salary, COO, CFO and your salary. And the CISO says, no way. So they started talking about it, they have a friendly bet and they walk over to the receptionist computer to click the link, and a full file that has the entire list of payroll, bonuses, equity is there. Now you would think that HR has payroll coverage. But this payroll file to be sent to the FP&A team, they can write click it and put it somewhere else. And it's very, very hard to track where that file is once it gets out of the hands of HR or even sometimes within the HR, it could be a lot of issues that they don't cover it properly. So I think it's a good story in terms of we never show up with a line item that wait for us. But as we do that risk assessment and as we show CISOs the risk and the level of vulnerability that they have. They will find that line item in the budget. And we can tap into different items. It could be security. It could be analytics. It could be -- there's so many different ways that we can tap into those budgets. We just need to do that risk assessment to show the vulnerability, and we find that vulnerability whenever we do it. It's just showing it to high enough people within the organization that would have their name on the front page of the Wall Street Journal if something happens. So that's we target on to show those vulnerability.

Yes. I've had partners telling that when they do risk assessments, when [indiscernible] risk assessments, the win rates jump exponentially. And I think to your point earlier, moving to SaaS allows that to be a little less reduced friction in that process to get to the successful time.

Yes. That's the intention.

Thinking about the cost side of the model, I think you announced a slight headcount reduction, stock price is down. How are you thinking about attrition in this environment? And relative to the comment, how are you thinking about your hiring plans going forward? And how does that affect your building to grow?

So over the last 2 years, we've hired pretty aggressively. So when you look at kind of the reduction in headcount, I don't expect that reduction to hinder any of our growth plans. I think it was just the reprioritization in terms of allocation and headcount to generate great returns. As I look forward, obviously, it depends on how the market kind of behaves. But I think as you look at the market today, in terms of the employment side, it has gone down a bit compared to where it was a couple of months ago, which in a way is healthier for organization. So I think we have the ability to retain talent. I think we have the ability to hire as needed. But as of now, we kind of wanted to make sure that we match our level of expenses to the expected level of top line growth. And that was part of the reason that we made that headcount reduction. In our Q4 guidance, we reduced our expenses by about $7 million. And I think that when you talk about companies that talk about the importance of operating margin and improvement, I think we put our kind of money where our mouth is and actions reflected that, I mean, we will continue to focus on top line growth, but also on managing the expenses in the right level.

Got it. Okay. I think most people are bracing for this recession, and you talked about your ability to kind of cut cost out of the model. But the opposite side, I mean, how do you think about returning that cost if things ease up a little bit? And maybe talk about COVID as an example, you're very quick to kind of to remediate that and very quick to get back on it. How do you think about that dynamic?

So you always have to have that level of flexibility. And I think that we will continue to invest in a way that will allow us to take advantage of the longer-term opportunity. So we've talked a lot about our desire to get to $1 billion of ARR. I think that some of the moves, including the introduction of the mass offering, allows us to get there in a cost structure that will be much more beneficial than the on-prem subscription offering. And I think we have the flexibility to make adjustments when needed. But the framework is always to grow top line, bring some of it to the bottom line and generate improved levels of cash flow. That's been the framework for years, that will continue to be the framework and I think the model allows us to generate that leverage going forward.

Okay. How do you think about your channel strategy as another lever? And I think for a while, you've been shifting professional services to those partners. And how do you think about that channel strategy in calendar 2023? And maybe to what extent is the SaaS offering maybe make you more attractive to your partners?

But there won't be any major change in terms of the channel partnerships. We sell through channel, but we have our outside sales team that does all the heavy lifting. So channel introduces us to those CISOs and the high-level executives within the organization. We do the risk assessments with our outside sales team. And then the channel helps us close the deal and make footprint of paper. That will stay the same with SaaS. But with the ease of that risk assessment, I think it makes us even more attractive to our partners because if it's stickier and it's less of a lift to do that risk assessment, I think that speaks a lot to them, and I expect and hope that we'll see that in the years ahead.

Two last ones, and we're a little short on time. But you announced $100 million share repurchase authorization. Can you just talk about the framework that went behind that announcement and just generally how you think about capital allocation?

So we ended Q3 with approximately $800 million of cash on our balance sheet. And with the announcement, and we talked about the macro challenges in Europe and some of the spillover to the U.S. and the introduction of SaaS, I think the announcement on the buyback was a clear indication of how strong we feel the business is. And I think it was basically the financial conditions and the strong balance sheet we have, together with our guidance on free cash flow being positive for 2023. It gives us that flexibility. We always assess what would make the most in terms of capital allocation. We felt that this was the right time to announce the buyback.

Last one, I mean, we've talked a lot about the opportunity in SaaS, but what's 1 or 2 things that really excite you about the future of Varonis? And what gives you the confidence you can execute through a tougher macro transition?

I think the transition -- after going through 1 transition in a very successful way, we're not shy of challenges. And this transition, I think, there's a lot of lessons we can take from the previous one. I think the guidance that we gave kind of bakes in a lot of things that can go wrong. And hopefully, not all of them go wrong. But I think we know how to transition. There are basically 3 components that will allow us to go through a transition in another very successful way. And those 3 pillars are the technology. That's #1. I think the technology is there. We talked about the customer satisfaction and kind of the, hopefully, ease of use of selling through the SaaS offering. So I think that would be one pillar that will allow us to go through this very, very well. The second pillar is the commission plan. You can talk to reps about changing behavior, but if you don't put money in the direction that you want them to go, they won't move. And we have spent a lot of time in the last transition to work through the comp plan to align the company's strategy with the direction we want the reps to go. We've done the same this time. So we've been working on the comp plan, I'd say, for more than 6 months now. And we're -- I think we're going to set it in a way that will be very beneficial for the company in moving the reps in the right direction. So that's the second pillar. And the third pillar is management's commitment. You can have those 2 pillars, but if company management is not focused on driving that change, you won't get a change. I think we proved in the first transition that management was very focused on the transition, and we plan to show that we're just as focused on that transition. It won't be the same pace, but we'll be very focused on moving the company in that direction.

Well, I think it's a good place to end it. So thank you all for attending. Thank you, Guy and David, for being here. Great start.

Thanks, Roger.