Specialist
Former SVP at Qualys Inc
Agenda
- Qualys (NASDAQ: QLYS) and its solutions, noting cloud offerings and related enhancements and expansions
- Industry overview and competitive landscape, focusing on Rapid7 (NASDAQ: RPD) and Tenable (NASDAQ: TENB), as well as CrowdStrike (NASDAQ: CRWD)
- Corporate governance and recent CEO change
- 1-3-year outlook, highlighting opportunities and risks
Questions
1.
Could you describe what Qualys does and how it provides value for clients and end users? You were at Qualys for around seven years, and you were also at Oracle focusing on a variety of things, most notably security.
2.
Qualys seems to lead with vulnerability and compliance solutions, but the first point it makes within the confines of its 2020 10-K is identifying and managing IT assets for companies, on-premise, across endpoints, cloud, containers and mobile environments. Could you discuss the distinction between what people think of as endpoint security or XDR [extended detection and response] and what Qualys is best known for around vulnerability management?
3.
I believe Qualys’ VMDR [Vulnerability Management, Detection and Response] offering was released around autumn 2019. You mentioned that you think it has helped. Could you expand on how? Were you suggesting it enabled the company to reach down in the size of companies that it typically works with, so more mid-market companies that it perhaps didn’t have the wherewithal to work with previously? Do you think it also helped in retention or winning new business?
4.
How much of Qualys’ revenues would you say the vulnerability and compliance areas account for? Would this be half or three-quarters of its revenue base? Is it closer to one-third? How should we understand the importance of those two product areas to the company?
5.
I think you mentioned vulnerability accounts for the lion’s share of Qualys’ revenues, which I would understand as around two-thirds of revenues. After a year-and-a half, obviously there are indications of transitions from more traditional or legacy vulnerability management solutions to VMDR. How would you characterise the business model or P&L impact of these transitions? In a lot of cases, there’s a revenue cliff when companies shift over to cloud solution offerings that could impact over a period of quarters or years, and then you have a pricing discrepancy, where a lot of companies have been dealing with lower pricing in cloud environments, even though they might have higher margins over time.
6.
Qualys has indicated that its TAM will increase from USD 19bn to USD 30bn from 2020 to 2023, and goes into detail about the contributors and different growth rates for this TAM. How would you assess the work that the company does here? What do you think of how it’s discussing the TAM? It seems that some of what it’s best known for perhaps is not stand-outs when it comes to expected TAM growth – vulnerability management seems to be an area where it won’t have as much TAM growth as other areas. How should we consider the company’s market opportunity, especially around the key areas we discussed?
7.
You mentioned the notion of a must-have, and Qualys seems to be focused on broadening its portfolio and enhancing its solution’s relevance and sharpness, to ensure it’s perceived as a must-have. How do you think the company is positioned in that context? A lot of people are asking whether you could have a single vendor such as CrowdStrike, with lightweight agents that can be deployed all across an enterprise. To what extent could CrowdStrike or other companies pursuing this strategy pose a significant threat to a company such as Qualys, given it doesn’t have the entire suite and capability to address what these companies are doing or moving towards? How would you characterise Qualys’s positioning in that world? Is its offering in vulnerability-end compliance and EDR [endpoint detection and response] sufficient to hold off a competitor such as CrowdStrike?
8.
You mentioned some of Qualys’s more direct peer competitors such as Rapid7 and Tenable. How do you think Qualys stacks up against those competitors in the key areas we’ve focused on?
9.
Should we consider any other competitive notions? I was thinking about competition from infrastructure and players such as Splunk and Datadog, which are more application performance monitoring-oriented companies. There’s also Dynatrace, New Relic and AppDynamics which is owned by Cisco. Could those companies become increasingly relevant as they expand their capabilities?
10.
It seems that every quarter CrowdStrike has new modules, features and functionality where it’s building a tremendously broad and varied number of solutions that tie into each other. It’s been in vulnerability management for around four years and has released enhancements, but I haven’t noted CrowdStrike being designated as a top vulnerability management player. Do you think Qualys considers CrowdStrike a leading direct competitor? Is this looming, given CrowdStrike is providing solutions that will safeguard all aspects of your security-related needs?
11.
You’ve mentioned Qualys’s focus on expense management or profitability vs competitors where those don’t seem to be priorities. The company is very aggressively investing. With that as the backdrop, Qualys delivered 13% revenue growth in 2020. There has been a steady deceleration over the last couple of years, and 11% growth in 2021 and 2022 seems to be what’s projected. Do you think the company is investing aggressively enough? Is its being slightly conservative or oriented towards profitability and margins a detriment for its potential long-term opportunity and performance prospects? What factors would you expect to drive its growth over the next 1-3 years?
12.
Earlier, you referenced a partnership programme or network that hasn’t been performing as it should or as Qualys might like. What do you think the company could or should do differently? Is this another example of it being overly conservative with investment to build for the future?
13.
Qualys’s long-time chairman and CEO, Philippe Courtot, stepped down earlier this year and then unfortunately and tragically passed away. The company has installed new management in his place, but you referenced earlier that he was the singular force behind this company. How do you think that could affect it?
14.
What is your 1-3-year outlook for Qualys?
Gain access to Premium Content
Submit your details to access up to 5 Forum Transcripts or to request a complimentary 48 hour week trial
The information, material and content contained in this transcript (“Content”) is for information purposes only and does not constitute advice of any type or a trade recommendation and should not form the basis of any investment decision.This transcript has been edited by Third Bridge for ease of reading. Third Bridge Group Limited and its affiliates (together “Third Bridge”) make no representation and accept no liability for the Contentor for any errors, omissions or inaccuracies in respect of it. The views of the specialist expressed in the Content are those of the specialist and they are not endorsed by, nor do they represent the opinion of, Third Bridge. Third Bridge reserves all copyright, intellectual and other property rights in the Content. Any modification, reformatting, copying, displaying, distributing, transmitting, publishing, licensing, creating derivative works from, transferring or selling any Content is strictly prohibited