Zscaler, Inc. (ZS) Earnings Call Transcript & Summary

All right. Thank you, everyone, for joining us today at the Berenberg Software Conference. We are very fortunate to have Jay Chaudhry, CEO; and Remo Canessa, CFO, in attendance with us from Zscaler. We're going to do some Q&A between myself and Jay and Remo. [Operator Instructions] So with that, first, welcome Jay and Remo. Thank you for joining us today.

Thank you.

I was hoping we could start with, first, just a high-level overview. Cybersecurity is full of different segments and subsegments. Zscaler plays in the secure access service edge or SASE market. And we and other researchers believe Zscaler is the leader here. So just a couple of questions to kick things off. Could you just, at a high level, describe what exactly it is that Zscaler does and the problem it solves for our viewers who are less familiar with the story? And maybe why during COVID has the traditional network security model been broken. And why do you think Zscaler's architecture is the vendor organization we should be turning to in this hybrid and remote working world.

Right. Andrew, thank you. It's good to set a big picture stage as we are not just a security company, we enable secure digital transformation. I'm going to use a few slides to set the stage as visually, it's a lot easier to understand what we are doing. So on this slide, what I'm showing on the lower left, every company over the past 30 years has built something called a hub-and-spoke network, different branches connecting to the data center. And the data center has essentially lots of security appliances doing castle-and-moat security. This model worked when the data center was the center of the universe. Now companies are embracing cloud. They are embracing SaaS, doing application transformations. The users are working everywhere, and data is everywhere. So for that, they need to do network transformation. There's no need for the network to be hub-and-spoke and going through the data center. But if they start going direct, they must do security transformation because people and applications are no longer sitting inside the castle on your network. So you end up doing what we call zero trust architecture. In this model, you simply look at applications as destinations and users all untrusted. They simply connect to Internet. We, as an exchange, we as a switchboard, securely connect [ outer ] users, devices and workloads, using business policies, not network IPs and whatnot. So it's the opposite of network security. We don't really do network security. We securely connect right party to right party. So that's where the difference starts between us and firewall guys and the like. This is an important slide, a little technical, but I want to make a case to show you why network architecture needs to change and security is driving that change. In early '90s, when Cisco was born, we start to buy networking gear like routers to connect our data center to various branches. So anyone sit in a branch could access any application, wonderful. Then we want to work from home. We were able to extend our network to every household with VPN. 50,000 people on VPN means your network is in 50,000 households. As we embrace cloud, we are extending a network to every cloud location. And as we want to do local breakout, all the way, you could spin a virtual firewall in the cloud and think it's cloud security, but it really isn't. Network -- firewall is a network device. So what's the issue with this? Well, in this way, your IP addresses are kind of open to the Internet. They can be discovered. They can be attacked. If 200 branches go direct through firewalls, they're all exposed and can be attacked. The bad guys want to find you, that's your attack surface. Two, they compromise you when you communicate with the internet. Through phishing and other stuff, they compromise. We, here, want to -- we want to stop any threats with Zscaler. Then they want to move laterally to really move and find high-value targets. A single infector machine on -- in some household can infect the entire network. This happens because of the network security model we have, it has to change. Four, they steal your data, and stolen data gets sent via Internet. If you're sitting in line, we can stop there. So those are the 4 things holistically you should think about. Don't think about this box versus that box. How do you prevent compromise? How do you -- sorry, remove attack surface, prevent compromise, prevent lateral movement and prevent data loss. Then out of these, people say, "How do I stop lateral movement?" I say, "Well, connect user to applications, not the network." That seems confusing, so we came up with this architectural diagram. In this model, your applications are merely destinations. They're almost like islands. Users are all untrusted. There's no network that connects the 2 together. In between is Zscaler Zero Trust Exchange, our switchboard. Essentially, users come to us, we decide whether they should be connected and then we actually connect them. A user going to Office 365 simply will hit our nearest data center and we're going to stop -- and say, "Stop. Who are you?" We check identity using Microsoft, Okta and others. Then we say, "What device profile and posture do you have?" If device is bad, we don't let you go through. "Where are you going?" You can narrow down which application they can go to. Then, "What are you carrying?" We check for threats and DLP. We check the risk score, then we connect. So this is a service called ZIA for Zscaler. For internal application, we do Zscaler Private Access, similar to left, but there's one change, using a lightweight connector, we open an inside-out connection. So your applications are hidden behind our switchboard or cloud. They cannot be discovered from the Internet. They cannot be attacked. Hence, we eliminate your attack surface. If they can't find you, they can't attack you. Big, big benefit. Number two. Remember we connect you only to particular application, not to the network, which means there's no lateral movement. These 2 things are architecturally the opposite of firewalls and VPN, which connects the network, here we don't. Then we do prevent compromise because we're inspecting for bad stuff. We prevent data loss by looking for anything that could be left out. So this is the core architecture at Zscaler, connecting right thing to right thing, not doing network secured. Now it is equivalent to -- if I could give you an example, if I allow someone to come into my office, and after checking the ID and passport, I allow that person to just go unescorted to a meeting room like 22, a user can wander around, go anywhere that's open, snoop around even adjacent buildings and leave. Not a good idea. But when your people connect to the network in this network security architecture, they can go around the network and cause damage. In the Zscaler technology, you basically get checked. You're escorted to a meeting room. And the meeting only after checking your briefcase for any dangerous stuff. And then you get escorted to your meeting room. Once the meeting happens, you get escorted out, period. Think of the building like your data center, a room like your application, connect to the right person only. So using that architecture, we have a service for ZIA to connect to the Internet, ZPA for internal applications. These 2 together allow you to access anything, anywhere without worrying about the network. Network is simply the transport. We also have a third service here called user experience, which collects telemetry of the user end-to-end. So we can figure out where the performance issues are. So those are the big high-level points I'd like to make. You eliminate all these point products, user experience goes up, security gets much better, cost and complexity gets simplified. So that's probably the highest level we will see at Zscaler. Andrew, did it make sense?

Yes. That was great and very in depth for all the investors out there listening in.

Okay.

I guess -- I mean obviously, this idea of rearchitecting the traditional network securities is resonating. Your results are showing that billings and revenue growth in excess of 60%, $1 billion in ARR now. I guess with that said, there's still lots and lots of firewalls and traditional networking security tools that are in use today. We have 5,600 customers or so, and it appears there's a lot more room still to go. I guess if we use an analogy, what inning in a baseball game are we in, in terms of adoption? Despite being a $1 billion company in ARR, it appears to be there's still lots and lots of room to run. Is that correct?

Indeed, very early innings. Inertia is a powerful thing. It kind of slows. Sometimes, it takes time to get it off things. We started on the large customers. We've done a very, very good job. But we're still only about 3-month numbers we talked with, just over 25% of -- sorry, 25% of Global 2000 companies, 35% of Fortune 500 companies. The rest of the world still has a long way to go. So tons of opportunities to get new customers. But then we've got so many new products coming, ZPA, ZDX Zscaler Cloud Protection. And even in our installed base alone, if we didn't sell to any new customer, any new logo and we sold all the products to existing customers, we can take our ARR by 6x. So plenty of opportunity. We have plenty of products. Our key focus is execution, go to market, and we're doing very well there.

And just if I think about competition, I mean, how difficult is it for a legacy player to mimic this architecture you've built? I mean we've seen some traditional firewall vendors try to piece together solutions and kind of create their own rendition of a SASE or Zero Trust architecture. Maybe if you could just discuss what is -- how critical is your advantage of being born in the cloud with your 150 points of presence throughout the world that allows Zscaler to be so close to users and applications? Just more color on that would be great.

Yes. So the number of data centers is only one piece. I think the key piece that matters, that IT architecture. Think of 7 years ago, when Siebel dominated CRM and Salesforce was a tiny company, it's a right cloud-native, multitenant architecture that really had Salesforce win, Siebel was dominant. They tried to do cloud service by spinning virtual machines out of Siebel, didn't go anywhere. PeopleSoft tried to do the same thing to compete with Workday. Workday was a tiny company. The right architecture matters. The right architecture won. In our case, it's even more complex because it's the most mission-critical application taking all the traffic. I'll give you the analogy in the SaaS world. There are thousands and thousands of SaaS applications out there. But when it comes to cloud-native, multitenant ERP, there are only 2 companies that come to mind. NetSuite was one, which got sold to Oracle for over $9 billion or so. And second is Workday. Workday did a very good job in HR systems now they are moving on to financial. Why don't you have scores of companies doing it? ERP is the hardest application. It connects to every system, everything. It's the hardest. That's why it's not easy. In the same way in the security space, what was the easiest cloud security application? E-mail. Let the filtering happen in the cloud because it doesn't matter if it takes a long time, another second or a minute. The second thing, identity. Identity is a well-contained area. It's like a phone book. You saw scores of companies come in identity, then the market consolidated. You've got about a dozen players doing reasonably well there. In the Zscaler world, we're sitting in traffic there, taking all traffic. When you take all traffic, you can't just do 2 things in your cloud and send the traffic to someone else and someone else. It has to be an integrated platform. That's what we've built over the past 10, 12 years. Building this massive platform is not a trivial task, and it's so mission-critical. If Salesforce goes down, you're out of one application for, say, 25% of the people who use Salesforce. If a cloud service like Zscaler doesn't work, nothing works because all traffic goes. And so it must be very highly reliable, redundant, and that's what we built over the past 10, 12 years. So first of all, these legacy companies are taking the firewall, spinning them in the cloud and calling it some cloud. It's like taking DVD players and say, "I got them in my data center or Netflix streaming service." And then that's one part of it and the scale, reliability, availability, functionality. And things are done very differently from architecture point of view. We think we've got a sizable lead, and we're not slowing down. Look at the amount of innovations we've done since our IPO 4 years ago, and it's not slowing down.

Yes. Great. And then obviously, this is transforming the way organizations do network security. It has been a transformational sale. I guess with COVID and people kind of understanding the need to kind of change their architecture, do you view the market more as coming to you now than it did maybe a few years back before remote and hybrid work became more prevalent?

Yes. Until pre-COVID, there was an evangelism. I have been evangelizing from day 1, okay? But it got easier over time. With COVID, it was a big mindset change. People discovered that I don't need my company network. I can work from home over the Internet. Certainly, where they used to think the network transformation is so important, as one CIO said, "I used to think about transforming a network. Now I'm thinking of eliminating the network. I just don't need it." So it is interesting. Zscaler deployments picked up because I had no longer had to worry about some branch router to be configured in the office. And the lightweight agent got downloaded on the endpoint, it took off. I have -- I deployed customers, like 120,000-person company, in about 3 weeks, pretty quickly. So mindset change happened with COVID. People started moving faster. They had to work from everywhere. The mantra we have been teaching from day 1. Then cyber issue got more serious. SolarWinds was an event that shook everyone's mind. They said, "Wow, if something got on my network, it can move laterally. It's a dangerous thing." So that's where the zero trust got an extra push. And then we saw Colonial Pipeline, a few other things. And now you see Ukraine thing. All these -- I don't think there will be any war -- physical war without a cyber war. Cyber war is a part of it. A lot of need -- help is needed. I've been on the phone with so many customers lately in the past 10 days, a number of them from Europe. They're all worried, and they should be. And we're helping them make sure things are deployed properly. They don't have an attack surface and the like. So plenty of opportunity to help our customers, and we are just focused on making sure we take care of that.

Great. And yes, I just wanted to maybe dig a little deeper. I mean it is conflict, obviously, going on in Europe. And between Russia and Ukraine, it's obviously escalating and becoming more and more of an issue day by day. And we're seeing, I think, already -- we're already seeing cyber war kind of beginning there. And just -- I guess, there's a market difference in people approaching you about concerns, not only in the private sector, but potentially also the public sector as well in the U.S. and abroad as well. I just want to clarify that and make sure that both private and public sector kind of increased attention here on potential cybercrime.

Yes, absolutely, both are needed. Government has to worry about critical infrastructure, [ spy tune of the world ]. The Colonial Pipeline kind of attack. It becomes an important target of things like that. So we are working closely with our federal agencies. We are over 100 federal agencies on our customers. Now there has been stop-gap funding in the U.S. for the last several quarters. And we expect the actual full budget getting passed this month, that should open up funding more. When it's stop-gap, that means just do incremental small solutions. So we have a big opportunity in the federal space. In the public sector space, beyond federal, too, state, local, education, lots of customers in that space. And then, of course, enterprises, they're all worried about it. They need to take care of these things.

Yes. And in 2021, there was that executive order that called for more modernization of cybersecurity and implementation of zero trust strategies at the federal level, which clearly, you sit right in the middle of that. I guess how is that playing out in 2021? I know the federal space is typically slower-moving than the private sector. And I guess should we expect maybe a little bit more contribution in 2022 from the federal sector? And is this conflict in Russia maybe hastening this move by the federal market?

Yes. So first of all, I think Biden administration did a few very good things. Last year, they didn't say, "Do better security." They kind of said, "You must do zero trust architecture because that's a better architecture," which is good. That's helped us because that's what we pioneered. And we got all the federal certifications. Not just architecture, but certifications as well. Now things have been moving, Progress is happening, but the budgets have still been stop-gap. Now last week, there was a new directive from Biden administration, which said, "In 60 days, each federal agency will submit a plan to move on to zero trust architecture. And within 2 years, they must complete that -- the journey to zero trust architecture." This is probably as good of a requirement or directive I could ever imagine. And we are certainly working with the government to help in this area. So it is moving in our direction.

Great. And then just to touch more on the product specifics here. ZPA, I think, is a clear beneficiary of the remote work world. I mean ZIA -- I mean Zscaler started primarily with ZIA and ZPA, it's 2 products. Can you just talk about kind of how that selling motion is? Do you lead with one product versus the other with ZIA and ZPA? Or how is that kind of playing out in a post-COVID world?

I can start with that, and Remo, you can add on. So it's [ not that work -- many were -- only ] need ZPA. You need ZIA to go to Internet and SaaS, ZPA for internal applications. Before COVID, most of the customers had only ZIA. ZPA was relatively young. So our customers immediately said, "Oh, I need ZPA." So you saw a fair amount of spike in ZPA. But lots and lots of customers then started to buy ZIA and ZPA together. Now we have a bundle to sell ZIA, ZPA together. It is work-from-anywhere bundle, which we're seeing more and more, which is wonderful. In fact, now we are seeing ZIA, ZPA and ZDX being asked for. So more and more of that. Remo, you want to add on a little more color to that?

Yes. I mean our vision is that it's going to be 1 for 1 for 1 for ZIA, ZPA and ZDX. And if you want true transformation for users to applications, you're going to know to the open Internet, ZIA; to internal applications, ZPA; and then to know if there's any bottlenecks along the way, that's ZDX. So that's what we see. ZPA has been in the high 20% range of our new and upsell and continues to do -- be in that range. ZIA continues to be very, very strong for us. So yes, it's all going well. And ZDX, also, a new product, but we're happy with the attachment of ZDX.

Yes. And just touching on those third and fourth pillars of kind of the Zscaler platform, those being Zscaler Cloud Protection, ZCP, and Zscaler Digital Experience, ZDX. So that -- is a lot of the success with those products, is it primarily coming from cross-sell? Or is -- a lot of times, are you landing with larger lands with kind of the whole platform upfront with new customers? Can you kind of just describe how that's going?

Yes. I'd say both. One, it's natural for us to go to a customer base and upsell, okay? That's one. Two, more and more deals are happening where customers are buying all 3 or all 4 products together. ZIA and ZPA has become very common. ZDX is becoming more. ZCP is relatively young. But we are seeing more deals, either together, upfront as a broader bundle or upsell to our installed base.

And I know just with regard to cloud security, there are many, many cybersecurity companies who offer cloud security capabilities in the market today, just trying to get a piece of that huge cloud security market. I mean we've seen vendors who have their roots in endpoint security, vulnerability management, now tapping into the cloud security opportunity. And I just think it's worth touching on further what -- with so many vendors in this space, with cloud functionality on their platform, what do you think makes Zscaler the best suited to win a cloud security deal for -- with the customer?

So if I share with you this slide, we think the old security segments or buckets will disappear. That the way security will look in a few years, there is a piece of security, identity is very important. That's a starting point of zero trust. Who are you? There are a number of leading players. We all work with them. This endpoint segment, management, security, and we are sitting in line as a policy enforcement engine, as a switchboard. What we do is subsume the need for any network security, that's a big chunk. And then the fourth segment is security operation. This is where all the logs going for analytics and the like. I think those are 4 big areas. And our goal is to be -- become one of the platforms because we have no desire to try to do everything. There's no such thing as god security cloud. The integrating or leading platform vendors is what our customers want. We end up integrating 5, 10, 15 products by this. Once we do this, customer doesn't need firewalls, VPNs, DLP, web proxy, none of this stuff is needed. And this is how we'll see consolidation evolving. We'll keep on growing this segment, while keeping on working with others. A lot of companies are calling themselves cloud security. Yes, so if endpoint does security in the cloud, they call it cloud security. But at the end of the day, they're trying to protect endpoint. Our goal is the switchboard, who talks to whom. That's probably the biggest market. It's the most critical market. It's the most critical location because we control who talks to whom. We have all the logs for it, for [ analytics, cell ], behavior analysis and the like. So these are the segments in my point of view.

Great. Yes. And thanks for showing that slide, just to kind of visually show it. I guess if we talk about the customers and breaking them out into segments that you serve, primarily focused on the high end of that enterprise segment originally and continuing to have strength there, I mean, it's evidenced by 85% growth and customers with over $1 million in ARR. But also important is that lower end of the enterprise segment, like 2,000- to 6,000-seat segment. You've called that out in the past being a very fast-growing segment for the company. Can you just speak to what you're seeing in each of these segments? And maybe any investment that you're putting back into the business? Is it addressing one of these segments more so than the other?

I'll take that. Yes. I mean all segments did well. The last quarter, the large enterprise segments and majors grew the fastest. But we are continuing to invest in all segments. The focus going forward also is going to be probably investing more in the lower segments as we go forward. Not saying we're not going to invest as much in the upper segments, we're going to put more investment in the lower segments as we go forward.

Great. And then I know that there was a plan initiated kind of right before the pandemic hit, where you're planning to increase sales headcount and it ended up working almost perfectly in that you were adding headcount ahead of what ended up being a significant pull, a driver in the market for you with COVID and remote work. I guess can you just talk about your plans for hiring now, what that looks like today, specifically for the sales team? Is it just continuing to hire on to meet this increase in demand?

Yes. I mean it's a -- I mean, our focus is growth. We've talked about that. This is a huge market. It's in the -- as we talked about, early innings for the entire market, both the -- and the 4 pillars that we sell into. Our focus is going to be to continue to invest in sales and to the entire company -- throughout the company. We added over 1,000 people in the company. In the first 6 months, we've gone from 3,000 to 4,000. Our plans are to keep on driving growth. The most important thing for Zscaler, where we feel we are the leader in this market, we feel that we have an unfair advantage, quite frankly, with the architecture that we've created. The best interest for ourselves and our shareholders is to drive that top line growth, be mindful of the operating profitability, which we are. And you can see that we've been increasing our guidance on our operating profit. Free cash flow has been outstanding also. So we'll keep an eye on things, both Jay and I, but it's such a large market opportunity. We have such a great position. We're going to continue to invest throughout the company and also, in particular, in the sales organization. Sales organization also when you think about it, it's not just the field quota sales reps, we have CXOs, they play a very important part. CXOs like talking to CXOs, so we have a large team there. Solution architects, we have a large team of solution architects. The key thing is having these professionals make the transition to cloud and really transforming their networks. And so we'll continue to invest. And as Jay mentioned, the selling is becoming easier. We're becoming a bigger brand. People are understanding the value of a cloud-based solution as we have.

Yes. And so -- I mean things really do seem to be firing on all cylinders. You have a clear market-leading product. I think just -- the market today is understanding the need for this transformational sale for a Zscaler-like product. I mean there seems to be little competition. I mean -- I guess, if that's all the case, what is it that keeps you up at night, Jay? I mean like what do you need to continue to focus on to maintain this leadership and continued growth at these great levels?

I think that's a very good question. So this is all -- I holistically think -- first, I think, do we have enough market ready to go? The answer is obvious, yes. 3 years ago, people could debate it. No -- there's no debate today. Two, do we have the right platform with the right architecture that scales? It all works, great architecture, doing 10 million, 20 million, 30 billion transactions a day. Three, do we have enough customers? Happy customers who've done the stuff? NPS score of over 70. Fortune 500 companies, Global 2000, it's wonderful. So I think that the biggest thing I need to make sure is as we grow, we don't become complacent, we don't become arrogant and -- which means we need to keep on executing, being paranoid. So we are hiring people. I know investors generally ask about how many RSM did you hire, it takes a lot more than RSMs to really grow your business, customer support, engineering, building cloud. We're doing very good. Over 1,000 people hired in the past 2 quarters, training them remotely, working them. They're doing pretty good. But I do worry about keeping the focus, keeping the start-up spirit in the company. We have it. It has been serving well, and we're making sure we're taking all the steps during the hiring process, after hiring, engaging with our sales leaders or other leaders to keep the momentum and sense of urgency going. That's what I focus on. It's more of the human aspect of it than a lot of other technology aspects.

Got it. And if I kind of just shift gears here, I mean, cybersecurity for a lot of investors is pretty confusing just as there are so many different subsegments. There are so many acronyms that are kind of always being tossed around. Gartner has talked in the past about secure access server edge framework, also known as SASE. And Gartner recently kind of broke it down a little further to SSE and WAN Edge. So Zscaler was recently named a leader in the top right quadrant there for the SSE Magic Quadrant. I mean can you just help us understand what those acronyms are and just what that jargon is better? And what's the difference between SASE and SSE?

Yes, it's a good question. About 3, 4 years ago, when Gartner talked to many customers, they found most of the customers who did cloud security was -- they're done with Zscaler. And on the networking side, they're doing SD-WAN. So they kind of said, "Security and network together, let's call it SASE, secure access service edge." How do you provide secure access to the network part of it, service edge for the security part of it? And then they kind of felt it was a broad thing. Almost like a kitchen sink, SASE is everything. And when I was asking them, would you do an MQ for SASE? They said, "No, I can't because it's too big." Then they kind of said, "Let's break network part as wireless LAN edge," which is where the new Magic Quadrant. All security we talk about, ZIA, ZPA and ZDX and all is part of SSE. So basically, SSE says, "I am service edge," which really means that I am going to -- I'm going to show you this slide that makes it easy because SSE has all the security pieces. Wireless LAN edge, how do we appoint connectivity to SSE? What is SSE? It is security functionality built on top of zero trust architecture. It is in-line inspection, what we do with ZIA, ZPA type of stuff. It's API-based scanning, CASB, CSPM-like stuff, and it is analytics and visibility, reporting and all. All the security happens here, connection from a branch or a user home come through WAN edge and the 2 together is called SASE. I think a lot of networking companies are looking for a hook, so they all became SASE overnight. Every SD-WAN company became a SASE company. But overall, if you look at true zero trust, network and security are decoupled. Network is simply the transport and plumbing. Security needs to be done as an exchange. So that's really what we do. I get asked, "Hey, are you going to buy a SASE company to offer something?" My answer is, "No. We are not a networking company. [ Intranet ] is becoming the network." And on the -- staying very true to them, I have customers now who are saying, "I'm doing SD-WAN," but SD-WAN enables natural movement. Remember WAN is like a highway system. Once you get on it, you can go anywhere. It's like getting on Interstate 80 in San Fran. I can reach New York, Miami and Dallas without hitting a single light. Okay. So zero trust connectivity will be the next phase. It may seem new right now. I can guarantee, in a couple of years, you're going to hear every customer talk about, "Oh, zero trust connectivity without doing SD-WAN." I'm not saying don't do -- you'll need SD-WAN boxes. They're cloud managed. They're good. But you don't have to create a route table network. That's the next big change you'll want to see coming in the networking world, and we are leading in that space. It's a young model market, so you won't hear it from many customers, but wait for a few quarters, you'll start hearing more and more of it. In the same way, you're going to start hearing more and more cloud workload security. Today, workloads are largely secured with virtual firewalls in the cloud because that's the only way it's done. They build a mesh network by connecting point to point, and then it puts a bunch of virtual firewalls here and there. Hard to manage, don't really do much security on zero trust. We took our zero trust user technology, applied it to zero trust or workloads, similar stuff. Workloads talk to Internet like users. Workloads talk to other workloads. So ZIA, ZPA applied to it is a powerful thing. And you'll see us disrupting that market as the next phase, that's a big focus. We are excited about it.

Great. Thank you for that explanation, very detailed. And then just one last one, I know we're getting close up on time. We've talked about kind of the plans for the business, reinvesting back -- to just continue to further the growth. I mean you have just -- I guess this is one more for Remo. You have $1.6 billion in cash on the balance sheet. Can you just kind of maybe discuss what are -- kind of the strategic capital allocation? What are the priorities to do with that $1.6 billion on the balance sheet and cash?

Remo?

Yes, we're in a great position because we have positive free cash flow. Last year, our positive free cash flow was in the low 20% range. And for the first half, it was low 20% range also of revenue. So we don't need it for operating reasons. I mean from an operations perspective, we've got plenty of cash and we're generating cash. It's really there for just strategic reasons. If we see things strategically that we're interested in -- that's why we did the convert about 1.5 years ago or so, it was to basically put cash in our balance sheet. If we see something attractive, which we feel will get us to market faster or -- and really help our company, that's what it's there for. Anything we do with that cash or any acquisition we do will be strategic and won't be for revenue, it will be basically for technology.

Perfect. Thank you. And I know we're up on time here. So I just want to thank Jay and Remo again for joining us here today. It's been really insightful. So thank you guys so much.

Thank you. Take care.

Thank you. Goodbye.

Goodbye. Goodbye.