SecureWorks Corp (SCWX) 2021 Q2 法說會逐字稿

Good morning, and welcome to the SecureWorks Second Quarter Fiscal 2021 Financial Results Conference Call. (Operator Instructions) We are webcasting this call live on the Secureworks Investor Relations website. After the completion of the call, a recording of the call will be made available on the same site.

Now I will turn the call over to Paul Parrish, Chief Financial Officer. You may begin.

Thanks, everyone, for joining us. With me today is Mike Cote, our CEO; and Wendy Thomas, President, will join us for questions at the end of our prepared remarks.

During this call, we'll reference non-GAAP financial measures, including non-GAAP revenue, gross margin, operating expenses, operating income, net income, EPS, EBITDA, adjusted EBITDA and adjusted free cash flow. A reconciliation of these measures to their most directly comparable GAAP measures can be found in our web deck and press release. Please also note that our growth percentages refer to year-over-year change unless otherwise specified.

Finally, I'd like to remind you that all statements made during this call that relate to future results and events are forward-looking statements based on current expectations. Actual results and events could differ materially from those projected due to a number of risks and uncertainties, which are discussed in this morning's press release and our SEC reports.

Now I'll turn it over to Mike.

Thanks, Paul. Before I go through the progress toward our strategic vision, I'd like to reflect for a moment on the past 5 to 6 months as COVID-19 has certainly made it clear that the world is changing as we all strive to have greater trust and flexibility. This has impacted all of us, our teammates, our customers, our partners, and everyone around the world.

I'm incredibly proud of resiliency, determination and adaptability that is inherent in my Secureworks teammates spirit and in our culture. It's what keeps us focused on each other and ground in an optimism, knowing that we can innovate and outmaneuver the adversary under any circumstance.

We are building deeper relationships internally and with our customers, prospects and partners as we continue to host live, remote interactions nearly every week. We are listening intently to our customers, we're listening intently or teammates, and we are listening to society and the world around us, all influencing the transformational journey we are on.

We expect that most of our workforce will continue to work remotely for the foreseeable future. While working from home was the norm for many of our teammates, the pandemic has created a new normal for others. With these changes, we are focused on all aspects of all of our teammates health, well-being and productivity. Again, I'm inherently proud of the resiliency, determination and adaptability my teammates have displayed in serving our customers and partners.

We are especially cognizant of this as we focus on our purpose, to secure human progress by outpacing and outmaneuvering the adversary. More unified, we have recommitted our efforts towards this purpose. We have events planned that will allow us to touch more customers, prospects and partners that we couldn't in-person.

And in the second quarter, a strong driver of our performance continued to be our differentiated cybersecurity offerings. So let's get into our vision and strategic priorities.

I'm pleased with our transformational progress in Q2. As we look at the overall security industry, our fundamental belief is that the ability to outpace the adversary at scale requires an integrated platform that works with point products from across the industry, enabling superior detection and remediation capabilities that are accelerated with deep learning, machine learning and workflow automation.

History has shown that point product-based security alone will never be sufficient. Through a variety of means, the adversary will evade the best intended security controls. It is therefore critical to have the ability to detect adversary behavior quickly with high fidelity to reduce dwell time and mean time to remediation. We also believe that enabling the power of the security community is a critical factor in getting ahead of the adversary. I'm proud of the steps we've taken in that direction this quarter, which I'll share more on in a few minutes.

We continue to build on our expertise as a global leader in managed security to be the provider of choice in the converging XDR market that cuts across markets from MSS and MDR to next-generation SIEM and SOAR.

Our cloud-native platform continues to: one, detect and respond to threats across the full environment, including endpoints, network, business systems and cloud infrastructures. Our integrated approach means customers benefit from the capabilities of our security platform without the need to rip and replace the existing point products and as they digitally transform and migrate to the cloud. Two, leverage our deep security operations experience to help customers transform their security operations, automate and simplify investigations, enable collaboration across security and IT functions in a single platform that sits at the heart of their security operations. And three is delivered with flexible service options for customers who have varying levels of in-house security expertise, putting choice and control in our customers' hands.

Our customers are telling us they choose us for the following reasons: deep security expertise; our understanding of threat active behavior, derived from our security operations, incident response engagements and counter threat unit research. The insights we gain in our advanced data science techniques enable higher fidelity analytics to reduce noise and find the unknown-unknown. And we've enabled our platform with automated workflows, powered by best practices refined in serving thousands of customers. They also choose us for ease of deployment, providing faster time to value, simple, predictable pricing and chat-based access to our security experts real time.

We've achieved several milestones in our go-to-market efforts and our software product road map, resulting in increased differentiated customer value that drives us forward towards our vision to be the essential cybersecurity company for a digitally connected world.

Let me share some highlights from Q2. First, I'm pleased to report we surpassed more than 200 customers on our new cloud-based security analytics platform with a mix of new logos and existing customer migrations. The growth rate was over 100% in both number of customers and ARR in the first half of this year. We also increased non-GAAP gross margin by 340 basis points to 60%, the highest in our company's history.

Here are some example of new customer wins from across the globe in the last 90 days. First, in North America, a premier global consumer and commercial services company, that provides pest control services to more than 2 million customers. They chose our Red Cloak Threat Detection and Response application to consolidate network, endpoint and cloud security events into a single analytic platform and help improve the investigative efficiency and collaboration between their security operations staff, resulting in improved visibility for finding and removing threat actors, while quickly understanding the scope and risk of threat activity across their environment.

Second, in EMEA, a company that designs and manufactures infant products and luggage systems sold in 50 countries around the world, experienced several spearfishing attacks. As a result, they decided to partner with us and selected our Managed Red Cloak TDR, cloud-based application, to gain visibility and proactively detect and rapidly respond to attacks.

And finally, in Asia Pacific, a medical device technology provider, initially called on us to help with ransomware attack. The success of this engagement expanded to include Red Cloak TDR. Quickly, Red Cloak TDR machine learning capabilities resulted in less time chasing false positives and workflows that automate routine tasks, allowing limited resources to be prioritized where they matter most.

The common theme. These are all customers that needed their technology solutions to work together, scale as their business needs change and provide actionable insights across their environment. We have over 20 years of historical attack data and security operations expertise across thousands of customers around the globe which has informed the capabilities that we are continuing to build into our security analytics platform.

The 3 strategic areas of progress that I'll discuss today are: first, our platform and investments; second, our go-to-market efforts; and third, I'll wrap up with more specifics on our long-term focus areas.

Beginning with our platform and investments. We have been investing in building out the platform and applications in addition to exploring technology acquisitions. Today, I'm excited to announce our intention to acquire Delve, spelled D-E-L-V-E, Laboratories, Inc., which will extend our product portfolio. Delve delivers a cloud-based SaaS product based on artificial intelligence and machine learning, which automates asset discovery, asset classification, vulnerability assessment and risk prioritization across the network, endpoint and cloud environments. The addition of Delve addresses our customers' needs for accurate and prioritized data about the assets in their various environments and provides better threat detection, orchestration, automation and response capabilities. By integrating Delve into our portfolio, we see increased opportunities to expand our footprint to meet our customers' security needs. I look forward to welcoming the Delve team to our SecureWorks family, and we expect to close the deal soon.

So let's talk about go to market. We have made great strides on our go-to-market efforts, starting with the launch of our global partner program in May. In the last 90 days, more than 100 partners selected us for our collaborative network effect approach to cybersecurity. We have closed several new Red Cloak TDR SaaS applications and MDR deals via these new partners this quarter. One example is Condo Protego, a UAE-based IT infrastructure and information management consultancy organization. They joined our partner program in July to help address that region's $22 billion cybersecurity market and closed their first deal in just 3 days.

Also during the quarter, the addition of Arrow Electronics, which expands our reach with one of the world's largest distributors and value-added services providers. The North American distribution agreement makes our TDR cloud-based application available to Arrow's partners for their customers. These partners find our program to be simple, easy and see large growth opportunities. I'm excited about the long-term opportunities of our global partner program.

Another example of deepening and enhancing our relationships. This quarter, we also hosted our first Virtual Global Threat Intelligence Summit. More than 1,200 customers and prospects attended. The SecureWorks Counter Threat Unit unveiled research that has subsequently been featured in major media outlets around the world, covering a variety of important cyber threat topics such as Iranian nation-state threats, cyber espionage as part of state craft and ransomware expertise and knowledge such as the WastedLocker breach.

We also know the importance for the security community come together, to combat the threat actors who already work well together in a coordinated and organized underground ecosystem. One way to get ahead of the threat actors and better serve CISOs and security practitioners is to share consistent threat actor naming convention profiles. That's why we published threat actor profiles on secureworks.com, providing Rosetta Stone of who's who in the cyber-criminal world, inviting the cyber community to participate and better collaborate.

We're pleased that the industry analysts are taking note of our strategic progress. SecureWorks is noted as a leader in the Forrester Wave for Global Managed Security Service Providers[1] (reference added by company) and a strong performer in the Forrester Wave for European Security Service Providers[2] (reference added by company). The global report noted and I quote "SecureWorks strengths include threat intelligence research and system criticality and alert context, which client references mentioned." Forrester also noted in the European Wave that, and I quote, "SecureWorks has recently augmented its MSS offerings with its software-driven Red cloak Threat Detection and Response Application release, which remains an option to customers."

We were also noted as a leader in the 2020 IDC MarketScape for worldwide managed securities service vendors. Not only did they acknowledge our history of MSSP leadership, but they also recognized our software transformation and its benefits for customers, noting in the report "a great deal of time and monetary investment has been put into the SaaS product Red Cloak Threat Protection and Response Capabilities, moving it into a software provider, shifting SecureWorks into a product plus MSSP hybrid category over the last 24 to 36 months."

In my opinion, this kind of validation acknowledges our history of MSSP leadership and recognition of our software transformation and its benefit for customers. I'm extremely excited about our progress to date.

This is a multiyear evolutions for our company, and we'll continue to focus on 3 key areas: one, advancing the delivery of our SaaS security analytics platform and applications; two, delivering a differentiated experience for our customers in innovating in our go-to-market; and three, driving our platform to bring the community together and accelerate the benefit of the network effect across our customers and partners. We will continue to reimagine the future of security. And we continue to be the company to outpace and outmaneuver adversaries on behalf of our customers and partners around the world.

Finally, I'd like to thank our customers for continuing to partner with us and keep them secure as we together shape their digital future. I also want to, again, personally acknowledge the hard work and dedication of my teammates around the globe. Thank you.

And now I'd like to turn it over to Paul to take you through the full financial results.

Thanks, Mike. We are pleased with our Q2 financial results. Some highlights include record gross margin percentage, record EPS and record adjusted EBITDA, now our ninth consecutive quarter of positive adjusted EBITDA and $26.4 million of positive cash flow from operations delivered in that quarter.

Maneuvering within a dynamic global environment, we maintained our strong financial position, we continue the significant growth in our new SaaS solutions, we exited the quarter with annual recurring revenue of $441 million, and we made progress with our channel program, as you just heard from Mike.

In the second quarter of FY '21, revenue of $138.5 million exceeded the top end of our guidance range and represents a 1.4% increase over Q2 FY '20. The composition of our revenue continues to reflect our shift from less-custom consulting and staffing-type MSS work to more software-driven threat detection and response services that provide differentiated value.

Revenue from our managed security solutions, including increased revenue from our TDR, MDR offerings, grew 3.4% year-over-year and comprised 76.7% of total revenue. In contrast, consulting revenue decreased 4.8% year-over-year.

Gross margin totaled $82.6 million in the second quarter of FY '21, or a record 59.7% of revenue. While gross margin did benefit some from reduced travel-related expenses, our performance this quarter reflects our shift to new solutions and deemphasis on low-margin services as we transform.

Of note, our cloud-based SaaS security analytics platform now represents 5% of customers, 17% of Q2 ACV sold, 36% of ending Q2 pipeline. And although we're in the early phases, we're encouraged by initial customer reception and feedback, particularly regarding speed to value for customers.

Moving to OpEx. Second quarter operating expenses totaled $72.7 million compared with $79.3 million last year, largely driven by reduced travel.

Research and development expenses improved as a percent of revenue, totaling 16.6% of revenue in the quarter compared with 17.5% in Q2 FY '20. Sales and marketing expenses were 25.1% of revenue in the second quarter compared to 27.2% for prior year Q2.

General and administrative expenses totaled 10.8% of revenue in the second quarter compared with 13.4% for the same quarter last year. Adjusted EBITDA in Q2 was a record $13.1 million compared with $1.3 million last year.

This record performance is driven by a combination of gross margin gains from the ongoing mix shift described earlier with continued automation in our service delivery as well as from reduced OpEx as we navigate the current environment, and the business continues to find creative, efficient ways to engage our customers and collaborate. We will continue to invest prudently, balancing the R&D investment mix in the new software platform, expansion of our partner program and leverage in G&A to grow cash flow and expand profitably.

I mentioned earlier, cash flow provided by operating activities was $26.4 million in the second quarter. This compares with $16.3 million of cash provided by operating activities in Q2 FY '20.

DSOs improved to 71 days from 75 days in Q1. We finished the quarter with cash of $181.5 million, which increased from $156 million in Q1 and from $117.7 million at the end of second fiscal quarter last year. CapEx was $700,000 in the second quarter, and our $30 million credit facility remains untapped.

Now for guidance. In the third quarter of FY '21, we expect both GAAP and non-GAAP revenue to be in the range of $137 million to $139 million. And we expect non-GAAP net income per share performance to be between $0.04 to $0.06.

For FY '21, we expect the following: GAAP and non-GAAP revenue to be in the range of $554 million to $558 million; adjusted EBITDA to be positive for the full year in the range of $29 million to $33 million; non-GAAP net income per share to be $0.19 to $0.23 per share; GAAP net loss per share to be in the range of $0.28 to $0.31. For modeling purposes, we estimate that tax benefit rate will be approximately 27% for the remainder of the year.

Cash provided by operations to be between $55 million and $60 million. And we expect second half cash flow to be weighted more towards Q4, given the expected collection of the tax receivable from Delve in that quarter and CapEx to be in the range of $3 million to $5 million.

Before we move to Q&A, I also want to share that we're hosting an Investor Day in early December, and we will provide details on that virtual event soon. Additionally, to learn more about Delve Laboratories Inc., you can visit their website, which is delvesecurity.com.

Finally, I want to reiterate Mike's thanks to our SecureWorks' teammates for their dedication to our customers. And on behalf of the entire SecureWorks team, we appreciate your continued interest and support. Wendy Thomas will join Mike and I during the Q&A session.

Operator, please open the lines for questions.

(technical difficulty)

I think there's a couple -- this is Mike. I think there's a couple of folks teed up to ask questions. We're trying to see if we can contact the operator to make sure the lines are open. Sorry, apologize.

As we're trying to work through this -- this is Mike again, maybe what I'd suggest is, if you want to text the question you may have. I think, Sterling, you look like you were first in the queue. If you want to text in a question, Paul and Wendy and I can try and respond while we see if we can figure out what's going on here.

Our first question comes from Sterling Auty with JPMorgan.

Mike, good patience. No big deal, all is well that ends well. So I did have 1 question and 1 follow-up. In terms of the first question, looking at the results in the quarter. Last quarter, you had a really strong incident response quarter relative to expectations. But we are seeing some of that SRC revenue decline. Just can you update what's happening with incident response versus the rest of the consulting piece, not only in the quarter, but what did you factor into your outlook? And I have 1 follow-up.

So, Paul, do you want to take that? Wendy?

Yes. So the -- as we approached our year, we were looking at how do we continue to focus on our software offerings, how do we get our focus toward where we're growing our business. And as you see in our numbers, the percent increase in our MSS overall revenue to the total revenue year-over-year. And that reflects the mix as we're selling more of what provide more value to the company and additional profits for us. And so that's what you're -- we're seeing in our margin, improving our margin. As well as there's some small benefit from travel -- reduced travel in those numbers, but the larger is the composition of our revenue.

All right. Got it. And then in terms of the acquisition of Delve, it looks like it's a VM tool, vulnerability management tool. And what I'm curious is as you become more of a product company, how has this impacted some of your third-party relationships? So as you've rolled out endpoint, I know you have the strong partnership, obviously, with -- where Carbon Black is part of VMware, how did these new product introductions impact the overall business for you? And what does it do for your partners revenue? Because I think about the VM space, I think Qualys has been one of your largest partners on the VM side for many years. Just kind of curious how this will unfold?

Sure. It's Wendy. I'll take that one. So you're right. We have a long history of really providing customer choice. And we do see different segments of customers choosing sort of integrated one-stop shop with us. And then others want to select certain security products and still have us bring all of that together in terms of a holistic security program. So this is really just a continued extension of that same approach. There's no change to how we support our current Qualys customers with today's announcement similar to the way we worked with partners like Carbon Black and others before.

And our next question comes from Saket Kalia from Barclays Capital.

Okay. Great. Paul, maybe first for you. Great to see the better gross margin. I think you've touched on this a little bit earlier. But can you just maybe talk about the relative gross margin differences between traditional MSS versus some of the newer software offerings like TDR and MDR? And how that perhaps contributed to the better gross margin? It sounds like there was definitely a mix effect. But I'm curious of the magnitude of the gross margin difference between 2 like -- like TDR, for example, and sort of your traditional counter act MSS?

Yes. So let's just talk in the bigger sense about consulting, our SRC margins are lower than our MSS. So that's the overall mix as we mix more into MSS. Then within MSS as we're driving to more software-only type offerings, and of course, there are some services that could be offered along with that along the way, but we have greater margins in that mix. And as we get to more, and obviously, it's not a large percent right now, software only, but it's growing, and that's what's slowly tilting this. As we grow over time, we'll have more improved margins as more and more software-only type offerings are provided.

Got it. That makes sense. And for my follow-up for you, Mike. Great to see the customer traction with MDR and TDR. And also, by the way, some of the distribution agreements like you mentioned with Arrow. And maybe just on that broader point around go-to-market. Can you just talk about how SecureWorks is sort of managing the sales force in terms of selling both MSS -- traditional MSS and software? And how that transition within the sales force is perhaps playing out?

Sure, Saket. Thanks for the question. So as we talked about earlier, and I'll try and deal with this regionally, we changed the model at the beginning of this fiscal year in North America back to, if you will, an acquisition of Hunter and Farmer model. So in North America, we have continued to incent through the compensation plan and add a fair amount of training with the sales organization on software and on the new TDR platform direction that we're heading. It's allowed the acquisition team to focus on the target market for the application, the TDR -- MDR application, if you will, or the TDR and then the managed aspect of it. And the traction has been good, particularly considering the COVID situation this year. And I would say the improvement, as Paul alluded to, in size of the pipeline growing from the new software applications that we have.

And outside of North America -- or let me actually hit the account management team in North America because they've created sales plays and resolutioning plays to go through the current installed base to show them the increased higher value that we have with the existing -- or with the new platform, the new TDR application. So the conversion, as we talked about over 200 customers, part of that is resolutioning and conversion with existing customers, and a big portion of those new customers are through the acquisition side of things. So we've seen great receptivity to the sales team members who are getting into selling the software, both from new ones that we've hired, the existing people that had software experience and the training of sales within North America.

Outside of North America, most of our sellers are more, I'll say, hybrid, where they have existing account teams and do hunting. And many of them had prior software experience. So we've seen great -- and you saw some of the examples that I gave in my prepared remarks, we've seen great traction in APJ and EMEA from a software growth. And I really feel like we're hitting a bit of a tipping point here as we head further into the back half of this year. So there's -- hopefully, you heard some of the optimism and excitement, Paul and I have in the way things are moving along.

(Operator Instructions) Our next question is from Brian Essex with Goldman Sachs.

Mike, I was just wondering if maybe you could dig into a little bit what you're seeing in the market as you kind of shift your go-to-market strategy, both from a -- I guess, maybe more from an existing customer perspective? And I guess where I'm going with this is what are you seeing in terms of potential headwinds due to maybe the percentage of SMB exposure? Is it purely seat loss? Is it budget reduction? And then maybe compare that to what you saw last quarter, are we seeing any relative improvement? Or are we kind of like running at a steady state here in terms of your ability to penetrate the market with existing customers as well as the other projects you've made on the new customer front?

Sure, Brian. Thanks for the question. There was a lot in that. So let me know if I did -- don't adjust it with my response because I was trying to get a sense. First of all, I would tell you that I think second quarter and the momentum we're feeling right now from an overall market perspective is continuing to increase and feel good. We are not seeing headwinds, if you will, from the SMB marketplace. Actually, the traction from a software perspective, particularly the managed aspect of TDR, has been very, very good in our, what we term, commercial space in -- so there's not been anything -- I think Paul mentioned earlier some of the industries, but we don't have major exposure to the industries from a COVID perspective or from an economic development perspective at this point in time. So we've really seen -- we have seen increased demand across all segments of the customer base that we're focused on, both our existing customers and the new acquisition customers that we're focused on going after.

Now with that, I would say that there is a little bit of -- some of the -- and Paul said this in his prepared remarks as well, some of the things that we're doing and have historically done, we are moving to higher-value solutions, higher value -- higher differentiated value from a customer's perspective. So with our existing customer base, our account management team is really focused on trying to show the customer and resolution so that they can see and experience the incremental value with the new software platform that we've developed and the new applications that we're putting on top of it.

Got it. That's helpful. And then maybe if I could just kind of circle back on billings seemed a little bit soft. Is that primarily due to terms and duration that you may be seeing within your customer base? Or is there something else there that we need to kind of consider as we evaluate what steady state kind of post-pandemic billings rate might be?

No. There's no systemic issues going on in billings. As a matter of fact, we're finding collections are continuing to run along on the collection side of that, which would be an early indicator. You've got concerns over how do you bill in the future. So our collections, our DSOs, as I indicated, dropped down to 71. So that we don't see any systemic problems there. They are early indicators that people are trying to prolong their payments. We were concerned about that going into this, but doesn't seem to be an issue.

We'll take our next question from Hamza Fodderwala with Morgan Stanley.

My first question was on the SaaS security analytics platform. I'm wondering where you guys are in sort of building the ecosystem around that in terms of third-party integrations? You talked a little bit about the global partner program. How important is that to having a competitive solution in this marketplace, which does have a number of vendors competing in this category going forward?

Sure. It's Wendy. I'll take that one. So we are really pleased with the progress in terms of the platform and the ability to bring visibility to customers across a variety of existing point products in their network. And then also to be expanding access to folks to build APIs into the platform themselves, either through our own professional services team or on their own. And when we think about that sort of technical functionality in relationship to expanding the partner ecosystem, those really go hand-in-hand. So the program that our Chief Channel Officer, Maureen Perrelli, is building out really wants to be able to work with partners in a variety of business models. So whether they are a traditional resale of our entire portfolio of both services and software, now extending into new relationships where they provide value-added services on top of the platform, and frankly, can build out capabilities on that platform whether -- as we roll out orchestration capabilities and playbook building capabilities, to automate workflows or even to build out additional analytics on the platform. Supporting that kind of flexibility and interaction with partners who have different models is absolutely part of the strategy here.

Got it. And if I could sneak in a follow-up. Just curious how the quarter shook out in terms of renewal rates versus new business? And then on the operating margin be -- to what extent was that just better operating leverage versus some COVID-related savings? And that's it for me.

Yes. Renewal rates continued to be something we focus on. We're not happy where they are, but they are where they have been trailing in the prior quarters. So it's not a concern other than a normal. I don't know if that addresses your question?

Were they sort of consistent, I guess, with the prior quarter or maybe slightly better? Just curious.

Yes. It's consistent. Nothing that's overly concerning, but certain -- we're always focused on we want to keep every customer.

Of course. Right. And then on the new business side?

Yes. New business, as the pipe continues to be -- continue to grow in the direction we want to grow related to our new product offerings. And operating margins associated with that will clearly reflect that as those deals close over time and continue to report into our results. So from an operating margin standpoint, it is reflective of that mix change in our business.

We'll now take our final questions from Gur Talpaz with Stifel.

This is Blake on for Gur. I was curious if you could talk about what you're seeing so far in Q3, specifically with regards to customer visibility into their budgets? And if some enterprises are deferring purchases into the fourth quarter when they might have better visibility into their 2021 budgets?

So this is Mike. Appreciate the question. We have not seen -- let me just answer. We've not -- we are not anticipating or seeing budgets being pushed from Q3 to Q4.

And I'm showing no further questions. I'd like to turn the call back over to Paul Parrish.

That wraps up today's call. A replay of this webcast will be available on our Investor Relations page of secureworks.com, along with our Q2 FY '21 web deck with additional financial tables. Thanks again for joining us today.

Ladies and gentlemen, that concludes today's call. You may all disconnect at this time.

[1] The Forrester Wave™: Global Managed Security Services Providers, Q3 2020, Forrester Research, Inc., 27 July 2020

[2] The Forrester Wave™: European Managed Security Services Providers, Q3 2020, Forrester Research, Inc., 3 August 2020