 Hello and welcome to this CUBE Conversation. This segment is part of our pre-IPO CEO series. Arctic Wolf is a company that provides managed cybersecurity services that are designed to help companies protect their technology infrastructure from cyber attacks. It essentially serves as a security operation center for the many, many companies that don't have a SOC. Last year, Arctic Wolf expanded the scope of its security services by acquiring incident response startup Tetra Defense, the company's president and CEO Nick Schneider joins us today to share some expansion news and give us an update on the market and the company. Nick, welcome back to the CUBE, good to see you. Great to be here, thanks for having me. You're very welcome. So what's new in 2023? What are some of the key milestones that you've achieved this year? Yeah, so I mean, in the last few months here, we've continued to grow quite a bit in particular internationally and obviously on our base here in the US. Just yesterday actually, we announced the expansion of our incident response services into our global customers in AMIA and ANZ and we're excited to bring this new functionality to the market, a functionality that we've had now in the US and Canadian markets for about a year and a half. We've added along with that security operations warranty to eligible customers within our base, which if they meet certain milestones, they can garner up to a $1 million cybersecurity warranty. We also just recently launched a new data center in Sydney, Australia. I think that speaks to kind of our commitment to the customers and partners in that region and we had done similar about two years ago in AMIA as well. So we continue to expand into these markets and when we do so, we do so in earnest. Along with that, I think for the second year in a row we've won the Forbes Cloud 100, which we're honored to be a part of. Gartner did a peer insight review recently, voice of the customer on managed sectional response and Arctic Wolf was named as a leader in that work. And we've just continued to grow and expand our customer base and the functionality and feature set that we bring to those customers, now well over 4,000 customers globally, 2,200 employees and working with, over 1,000 trusted partners throughout the globe. So business continues to be very good and we continue to make strides to improve the capabilities that we have to deliver to the customer base, but also the geographies and the routes to market that we leverage to do so. Yeah, thank you. So we have some data that I want to pull up here and share with the audience. So this is from our data partner, ETR, Enterprise Technology Research and it's data from their August survey of emerging technology companies, ETS, is Emerging Technology Survey. It's a survey of 1,488 IT decision makers and this is a sub-sector within the intrusion detection and prevention space. And so in the vertical axis is net sentiment, which is an indicator of intent to engage and then the horizontal axis is mind share, I have people heard of you and you can see the ends that your end of 571 divided by that 1,488 informs your position that's way out to the right, kind of like a quantifiable Gartner Magic Quadrant if you will with obviously different dimensions. And so obviously, Nick, you're well known, you've raised a lot of money, you're doing a good job here. To what do you attribute to success? Last time we talked it was, the market was more in sort of growth mode, spend, spend, spend to deal with hybrid and remote work. I think you've subsequently changed your strategy a little bit to fit the current situation, maybe more of a focus on profitability, but it seems to be working. Yeah, I mean, we're constantly paying attention to the way in which we grow and the way in which we manage the bottom line. And all the way through that is the objective of ensuring that we're delivering the outcomes to our customers and partners that we promise. And the market has evolved quite a bit, over time, we kind of cut our teeth in the detection and response space. And that evolved in the market from XDR to managed XDR and effectively what we've done for the entirety of our existence has been managed XDR. So the ability to detect and respond to threats kind of regardless of the attack surface and then being able to layer in what we call our concierge approach in a curated manner to give those customers peace of mind and give those customers a voice or a conduit into the business that can answer questions of them directly with some context or business context about their environment. And kind of through that engagement with the customer what we found was a lot of those entities were looking for us to also help them understand what their vulnerabilities were. So not just detect and respond to potential incidents but also understand their vulnerabilities ahead of time. Then how do we train and enable the employee base that we have, which is continuing to be one of the most prominent vectors for attack by the bad actors, which kind of led into, hey, it would be great if we could leverage and most of this is a non-article of customer incident response services by a trusted leader in the space and then work together to improve our posture over time which then subsequently kind of led us into engagement with the insurance community and how we could leverage what we know about the market, the way in which we engage with our customers by also inviting the insurance community in to help a customer understand their overall risk and how the transfer of risk kind of within their environment may or may not take place. So it's been an evolution I think of the market in conjunction with an evolution of kind of Arctic Wolf and the way in which we've approached it. And certainly through the past year and a half customers have really been looking for opportunities to work with a more consolidated set of vendors that can solve a broader array of problems that they would typically have in a security operation and that's really what we've been after from the onset of the company. I mean, you're definitely seeing the consolidation theme in cyber generally the companies that have a strong story there, tending the public companies anyway tend to do pretty well. At least you can see that in the earnings reports. And then as part of your TAM expansion you're sort of your news earlier today, February 22 you acquired Tetra Defense really bolstering your incident response. I want to talk about that news, why EMEA and New Zealand, why now? You mentioned some data center activity there. It's when you expand overseas, obviously it's expensive. You're in that balancing with the macro, you're balancing profitability with growth. Can you talk about why Europe or EMEA and New Zealand and why now? Yeah, so we've been in EMEA for two plus years now. So we've a pretty material business in that region and that region has done phenomenally for us. So I would say we're kind of beyond kind of the early entry point there where we're seeing really good both growth but also growth in an efficient manner. The expansion into Australia, New Zealand was really around customer request and demand that we were seeing inbound and our desire to begin to expand into the APAC region. And I think we've now been in that region for call it six months, two quarters. And already we have a pretty sizable team built out both in kind of the go to market functions but also in the functions that are there to deliver these outcomes to the end user whether it be through the technology or through this concierge curated approach. And for us being able to make those investments and be able to make them on top of the investments that we're making in other regions that have pretty massive scale is something that just makes sense for the longterm of Arctic Wolf and the longterm of the partnerships that we have both with our customers and the partner community. So, those regions have the same problems the US or North America has. Those regions, I think more often than not have less optionality with regards to who they work with. And I think we had the opportunity or have the opportunity to bring a brand as we just went through on some of the data you showed into those regions in a way that can provide not just the outcome of incident response but the outcomes of security operations wholesale to a customer base that is looking for it. So I think it's a great opportunity for us. The results thus far have been really strong and I would expect that we're going to continue to see the same success that we saw and are seeing in North America to happen in the other regions throughout the globe. Let's talk a little bit about the macro. Obviously it's been an interesting year. Cyber was somewhat insulated for a period of time and then it seemed to revert to the mean. It seems like it continues to do well. It's obviously the number one priority. People talk about that all the time. There's many, many surveys out there but at the same time, the overall spending climate has been somewhat capped. And so we're seeing with the craziness we're 10 minutes in, we have to now bring in AI, Nick. So you're seeing some of the uptick in AI spend detract from some of the other budgets. As they say, cyber seems to be holding up but what are the big changes that you're seeing at the macro? And then I want to get into your thoughts. I know you've got some on the impact of Gen AI, the hype around that and some of the cautions there but start with the high level. What are you seeing at the macro? Yeah, so I mean, I certainly see that or think that we've been seeing some improvement here especially over the last several months. I think there are some macro economic indicators that would show that were headed on the right trajectory. I think there are some results especially from some of the public, only traded companies, especially in cyber that would backstop both a healthy demand environment but also a spend environment that's improving. And I think with regards to cybersecurity as you alluded to, it's just an area of the industry or an area of a company's operation where there's so much going on, there's so much new and there's so much opportunity and available change that it just can't be put on the back burner even for a short period of time. There can be some reprioritizations in the way in which you solve the problem which I think we saw through customers looking for vendors that can solve a broader set of problems for them but I don't think cybersecurity as a whole would move into position B, if you will within kind of the overall prioritization within the company. I think as new trends have emerged, AI being the one that is most heavily talked about it's been an opportunity for organizations to leverage that technology in a way that betters them as a business or betters them with regards to their cybersecurity posture unfortunately it's also been an opportunity for the bad actors. So I think while AI has come into a vogue kind of within the market wholesale AI and machine learning has played a critical role in cybersecurity for quite a while and B, I think with the advent to some of the generative AI and some of the other stuff that's happening within the space there's also been an opportunity presented to the bad actors and kind of the marriage of those two opportunities is obviously driving hype within AI wholesale. So I think the macro is headed in the right direction. I think AI as it relates to cybersecurity is both a benefit to organizations but also a detriment because of the activity that the bad actors or the manner in which the bad actors may leverage it. And I think kind of how that all plays out is still a little bit to be seen but one thing is for sure AI is here to stay and you're going to have to leverage it both in your overall business operations but also in the way in which you protect your organization from a cybersecurity standpoint. So two quick follow-ups on that in our July SuperCloud 3 event the focus really was on cybersecurity meets generative AI. And one of the takeaways from those discussions was the problem with gen AI is it's generative. And it gives you a different answer every time. And of course we all know about the hallucinations. So the applicability to cyber you have to be very careful about how you apply it. And as you pointed out, AI is not new. It was not like it was invented in November of 2022. And certainly many cyber firms if not most if not all have been using it but generative AI introduces this sort of new capability that folks, I think the consensus was we have to be very, very careful about how we actually apply it. Would you agree with that? Absolutely. I think that we as a cybersecurity industry and as practitioners of cybersecurity need to be very careful about the way in which generated by AI is used. Now, I think there are some outcomes or some opportunities that are maybe less in the critical path that you could leverage generative AI in a way that is, you know intelligence and smart, especially as that technology evolves. There are also ways that it could be leveraged it would be very dangerous for the average end user or the average vendor because of some of the unpredictability or because of some of the, you know acknowledgement of, you know potentially the wrong outcome being projected to the customer with high competence. So it's certainly an area of the space that I think A, the bad actors, you know will use, you know so I think they will leverage it to, you know create and to, you know propagate really high quality, you know phishing emails or phishing attempts, for example but I don't think necessarily it's quite ready for prime time with regards to being in the core of the cybersecurity, you know stack, if you will now I think that'll evolve over time and I think companies that are smart about this will find ways to leverage generative AI in areas of cybersecurity or their outcomes to the customer that are not in kind of the main stream of the outcomes that they're promising but I think we'll probably also see some that, you know take a leap a little bit too far and the outcome will be that there'll be an incident or an issue that may arise with their end user. So I think that brings me to the second big takeaway of our, you know event and discussion with practitioners and experts and since the acquisition of Tetra Defense you've got a wider capability and observation space but the consensus was that prior to chat GPT being introduced the technology vendors sort of had the advantage with AI that sort of flipped that initially now post you know the AI heard around the world that attackers maybe have a near term advantage it sounds like you would agree with that at least in the near term. Absolutely in the near term I would absolutely agree with that you know the average employee is still the number one attack vector and the manner in which a lot of those bad actors are getting in and getting to information that's really critical is via you know fishing or business email compromise and a really well written really well articulated really relevant fishing email is a very you know strong tactic for those bad actors to use to get into the environment and chat GPT just made it that much easier and on the on the defensive side as we just talked about you know you're still going to be leveraging AI machine learning and kind of building out a security operation to protect those customers but I think the benefit to the bad actors outweighs the defense mechanism you know by the vendor or the end user. Have you been able to discern a quantifiable improvement in fishing emails? I'm not sure it's quantifiable numerically but certainly and I'm guessing you have seen this as well they have improved in not only the manner in which they're written but the context is very strong they're scouring the internet especially for folks that have a profile or that have more publicly facing you know material and that just makes that content that much more robust and it makes it that much harder to weed through what is real and not real now there are still some very obvious ways to protect against that you know have a security operation that makes sense make sure you understand who the sender is like all the stuff that you typically look at in the fish but it makes it harder when the email is really well written and has strong context Yeah no question I want to ask you about sort of the IPO market the IPO drought you've seen some recent action which I'm sure you're watching you know Databricks did a some private sale it looks like it got its valuation back up prior to its last round the ARM S1 was quite interesting Softman did an internal sale and there actually looks like they're pricing the IPO below that so it was a way to maybe tease people in and create demand what are you seeing potentially you know Instacart is going to go maybe Stripe maybe Sneak you know another security player how are you thinking about IPO strategies how has that changed your operating model maybe from growth to profitability maybe you could give us some insight as to your current thinking Yeah I think much like the majority of the market as the you know growth environment has slowed a bit people are paying a close attention to the bottom line I do think what we're going to see through the you know the back end of this is you're going to have a lot of large organizations growing at a healthy clip with a really strong bottom line and I think that that's probably a positive outcome of some of the you know macro turned down and I think what you're going to see is those companies will start to accelerate their growth again but in an environment with a much healthier bottom line so I think there's some really good companies out there and I think those companies probably look you know quite a bit more interesting now and especially I think as we progress forward I think you'll start to see some of that grow growth you know tick back up for at least some of them and I think you know a combination of you know the activity that's been done within that cohort of businesses along with what appears to be a you know improving at least macroeconomic climate you're going to see some folks enter the market I think it's still probably a little bit TBD on exactly how that's going to all shake out not just you know for the launch of the IPO but also how that plays out kind of over the subsequent quarter or two and you know I think if a few of those you know go well that you'll see the IPO you know markets start to open up in a more material way here you know after what has been you know quite a quite a drought in the IPO market so you know I'm you know positive in my outlook as to the direction in which that's headed and you know we'll continue as a business to keep a close eye on it and obviously when it makes sense for you know Arctic Wolf and if there's a you know willing dance partner with the market you know we'll take a hard look at it as well but right now we're really focused on building a strong business and executing for our customers yeah and you did a convertible I think a $400 million convertible so the balance sheet presumably is still pretty looking pretty good that's correct yep we did that roughly a year ago do you think I mean I know it's situational but do you think I mean given the current situation does a company have to be break even or you know cash flow positive to to go IPO is that kind of the assumption right now though the working assumption in the operating model yeah I'm not sure they have to be you know break even are profitable to go public I think the window post IPO with which folks have to be kind of in that window is a lot shorter than it used to be you know so I think you know whereas it used to be you know maybe a year or two I think you're going to be looking at you know quarters with regards to at least your ability to move into free free cash flow positivity so you know so I think you know the the manner in which these businesses are run kind of the offset against the the real growth that they're seeing and then the kind of market that they're approaching how much Greenfield is in that market what the opportunity is for them and the balance between you know going after that growth and you know staking your claim to new geographies or new product sets against this balance on the bottom line is going to be a top of mind for for most folks that are looking to enter the the public markets and I think those that have been paying attention will be in pretty good shape because they've you know had time over the past year year and a half to really formulate their their their plan and execute against it my last question for you is when I first was introduced to Arctic Wolf I was under the impression that you guys really served almost exclusively the small mid-sized market I think there's still some of that sort of latent DNA associated with your brand but when I first interviewed you Nick you told me no Dave that's not true we're actually moving upmarket and so when I go to all these events now you know whether it's uh I've seen you at reinforce obviously saw you at RSA I'll go by your booth talk to your salespeople see what they say because salespeople love to talk and it seems like you actually are moving you know upmarket you're having some good success there it seems like the repeatability of the business I'm sure you measure your NRR you know seems to be going in that right direction of course then when I talked to the GSIs they sort of poo poo Arctic Wolf you know the big you know big giant firms give us the update on your your target markets and the success that you're having not only an SMB but in what you call enterprise yeah so you know we continue to serve and work with customers kind of all throughout what I would call the SMB mid-market small enterprise but we've also made significant traction in the true enterprise and and even into the large enterprise with you know the Fortune 500 accounts I wouldn't say that we target the you know Fortune 500 I think there are specific you know instances where that really makes sense but we certainly have seen an uptick in our ability to work with and engage with you know larger organizations than certainly that we're engaging with you know a few years ago and I think that's just again a function of the way in which the market has unfolded it's gotten more and more complex and I think for the normal manufacturer or financial institution or healthcare organization even if they are of size you know building out a fully staffed security operation with all that's involved technologically or through you know the the human aspect of that build out is just not you know their their swim lane and they're looking for a trusted partner to help them build out you know the entirety of their security operation and that's why you know we've kind of built out our operation to ensure that we can deliver on that promise of a security operation I think security operations is going to end up being one of the largest if not the largest overall market within cyber security and as a result of kind of some of those trends and some of the way in which we built the business over the last few years you know over half of our business at least from a spend you know perspective would be viewed as you know enterprise customers and that's continuing to trend up quarter over quarter so so I think that perception is one that was built you know on the onset of the company in the first few years of the manner in which we attack the market I think that was due to the way in which the market was built at the time I think the market itself has changed and Arctic Wolf has evolved quite a bit and therefore we're seeing some good traction in larger customers you know in history of IT shows it's easier to go from small to large than it is the other way around so Nick congratulations on your success so far I know you got a lot of work to do but really appreciate your time and thanks for spending some time on the Cube you got it thanks for having me all right you're very welcome all right and thank you for watching this is Dave Vellante for the Cube Conversation we'll see you next time