Evaluating companies, not timing

Ethan did a great job of bringing that market timing thread back to what I was discussing yesterday: not market timing, but evaluating companies (and their valuations): https://discussion.fool.com/i-don39t-think-we-should-use-short-t…

ZS- Its previous all time EV/S was 35. Today it hit 39. If you assume that next quarter will be around 60-70% growth over last year then once ZS reports in a few days they should be back down to an EV/S of 35. Personally I just see the market taking that into account and we are getting our price appreciation a little bit early. I think ZS has gotten a little ahead of itself but not horribly so.

You see the problem, right? You’re basically saying, “If we can just get a few more 70% quarters, everything will work out!” You’re paying for the growth before it actually gets here. And this is why I worry. I don’t care about the valuation in a vacuum. I worry about what it means. And it means that we’re expecting hyper-growth from Zscaler the company for longer and longer. And I’m just not sure how big it will get. Will it take over the online security world for years and years to come? Then $11 billion is a crazy bargain! It will be a $100b+ company! But aren’t we a little ahead of ourselves? In the last 12 months they’ve had billings of $330 million. They aren’t even selling to the Googles and Amazons of the world like Arista is. Zscaler is a small company. We need to remember that. The market isn’t right now.

OKTA- OKTA’s previous all time high EV/S was 26 when it was growing 60%. It is now growing 50% and its EV/S is up to 31. Lets say it has a solid beat next quarter and does a 130 million dollar quarter, its EV/S will still be around 28. Personally I think OKTA will need to accelerate its growth to or suddenly start throwing off tons of cash for it to justify that EV/S. I think OKTA is pretty overvalued right now unless it can do either of those two things.

I agree with you on Okta. I could see their growth possibly ticking back up, but why does the market seem to be expecting it will soar?

Bear

24 Likes

Bear, call me crazy but I don’t think ZS is so overvalued it should be sold. They just have too many things going on for them right now. However, in general, I get what you’re saying. It’s a foregone conclusion that all these little $250 million run rate companies are just going to zoom all the way up to $1 billion in revenue and keep going past it on their way to $2 billion, $3 billion and on as they become the next Adobe or Salesforce. OKTA is a good example of this. Pager Duty is another. Pager Duty actually has a higher P/S than OKTA.

It’s a judgment call. Nobody can predict the top. Nobody really knows what’s going to happen. Others will say in a raging bull market they tended to leave money on the table when they sold a stock based on valuation. Doesn’t give any indication what will happen next week let alone next quarter or year.

1 Like

In the last 12 months Zscaler had billings of $330 million. They aren’t even selling to the Googles and Amazons of the world like Arista is.

Hi Bear, just going through my notes I found from a year ago, that back then Zscaler had over 300 of the Forbes Global 2000 as customers, and that among their customers were: United Airlines, NBC, GE, Nestlé, the United States Marines, NATO, and the National Health Services of the UK etc (and the last three probably weren’t even on that Global 2000 list as they were governmental). As I said, back then they were a little company that had recently IPO’ed and had trailing revenue of under $190 million. Not a bad customer list for a little company.
Saul

10 Likes

Bear, call me crazy but I don’t think ZS is so overvalued it should be sold.

Wow, 12x, I’m glad you said that! If everyone was saying that Zscaler is a sure thing I’d certainly start to worry. It’s great to have people pointing out the dangers too. Of course Zscaler will have ups and downs, but I sure don’t know when. As I’ve mentioned, I truly thought everything was overvalued in April 2017, because my portfolio was up as much in four months as it had been up in the past two years.

Best,

Saul

5 Likes

ethan wrote: ZS- Its previous all time EV/S was 35. Today it hit 39. If you assume that next quarter will be around 60-70% growth over last year then once ZS reports in a few days they should be back down to an EV/S of 35. Personally I just see the market taking that into account and we are getting our price appreciation a little bit early. I think ZS has gotten a little ahead of itself but not horribly so.

bear wrote: You see the problem, right? You’re basically saying, “If we can just get a few more 70% quarters, everything will work out!” You’re paying for the growth before it actually gets here. And this is why I worry. I don’t care about the valuation in a vacuum. I worry about what it means. And it means that we’re expecting hyper-growth from Zscaler the company for longer and longer. And I’m just not sure how big it will get. Will it take over the online security world for years and years to come? Then $11 billion is a crazy bargain! It will be a $100b+ company! But aren’t we a little ahead of ourselves? In the last 12 months they’ve had billings of $330 million. They aren’t even selling to the Googles and Amazons of the world like Arista is. Zscaler is a small company. We need to remember that. The market isn’t right now.

We will get more information on ZS (and OKTA) in less than 2 weeks. MDB will probably report results in early June but the date hasn’t been announced yet.

  1. I’ve trimmed OKTA (to buy more MDB).

  2. I have not trimmed ZS and I don’t intend to do anything with my ZS position before earnings unless the shares drop back to the $65ish range.

  3. With MDB I’ve been adding and I’ve also place a bet on another move up after earnings.

Why did I make the above decisions?

I like OKTA and I really likely the content of their last earnings call. There may be reason to believe that their growth will reaccelerate. On the other hand, the revenue growth rate has been declining. Therefore, my certainty of of their future period of hyper growth is not as strong as it would be if the recent past had shown stability in growth or acceleration in growth. I’ve cut my position a little but not too much. I’ve currently at 8.6% of my portfolio. I may trim a little more.

ZS has demonstrated accelerating growth for the past 4 quarters in a row. This gives be more confidence of continue great growth. In addition, I also like the other information that I have received. ZS’s story of being a disruptor is very much intact. Information from the conference calls, information about Symantec’s decline in share, Cisco’s attempt/interest to buy out ZS, all the big companies that are adopting ZS. All of these things increase my confidence that ZS is winning and may well become the standard in how companies handle their data security needs. The share recent price increase is interesting. Some people get concerned about the valuation as the shares rise. The shares have been risen even as their peers in security and peers in SaaS have not matched ZS’s recent share price increases. Perhaps there is a buyout offer brewing. Perhaps there is information about ZS’s last quarter that is not public. Perhaps others have seen evidence of acceleration adoption (i.e. information that has not been made public). Perhaps there is another reason or maybe some big mutual funds just decided they want to buy a lot. I cannot know the underlying reason for the recent share price increases. But all of the above gives me a lot of confidence in ZS’s future. I currently have a 12.5% position. I’d like a little more but I’m not going to chase. I’m also not going to make a bet on their next earnings result.

MDB has also demonstrated superb revenue growth for 3 quarters now. I like the Atlas growth which becomes more and more significant as it becomes a larger and larger part of their revenue. I also like the story and the future runway. And most of all, I like their current competitive position as is demonstrated by their growth, the customer growth, and the market surveys. As I mentioned, I’ve been adding recently and now have a 16.5% position (only TWLO and AYX have a larger allocation in my portfolio). I’ve also been trading in and out of some options positions as the stock moved down and up and down and up. I have placed a bet on the earnings result (bought Jun19 $130 calls and sold Jun19 $145 calls the debit of which has paid for by sell a smaller number of the $150 puts). This trade was made when the shares were at around $130 so if the price holds then I’ll make a nice profit.

For me valuation is a factor but it’s not as big of a factor in my decisions as it is for some who have posted their opinions on this board. I care much more about my confidence in the company’s ability to disrupt and continue growth. I like to invest in companies that I think can increase 10x in market cap (and share price). Of these three companies, I rank them MDB (#1), ZS (#2), and OKTA (#3).

But I still would rank TWLO and AYX above the other 3. In fact, I also made options bets on TWLO to reach $150 when the stock was between $125 and $135 during the past 2 weeks). BTW, my confidence in making these bets was decided for the following 4 reasons: 1) my view that TWLO is a secular growth company for years into the future, 2) TWLO’s recent outstanding earnings result, 3) all the analyst PT upgrades to near $150 or above, and 4) TWLO stock price weakness in light of #1-3. My portfolio allocation reflects my ranking of the companies. But this is just my opinion and for me my opinion determines my allocation. Everyone has their own opinion and hopefully each person’s opinion is used to structure their allocation.


TWLO: 20.9%  options bet on move to >$150
AYX:  20.2%  no options
MDB:  16.5%  options bet on move >$150 
ZS:   12.5%  
OKTA:  8.6%  no options 

Chris

62 Likes

It may be counterintuitive, but I consider relative valuation when making purchase decisions but I never consider it in decisions to sell.

To sell, I have to lose confidence in the business and it’s direction - or - gain more confidence in another business.

Just a Fool

12 Likes

I’m just not sure how big it will get. Will it take over the online security world for years and years to come? Then $11 billion is a crazy bargain! It will be a $100b+ company!

I’d like to push back on this.

Has there ever been a cyber-security company worth $100 billion dollars? In the history of cyber-security?

Let me push back further and say that Okta is also a cyber-security company. So if you hold both of these stocks, what you are saying (I think) is that the cyber-security market is going to dramatically escalate, and that these two companies are going to dominate this market (not one). So for the first time in recorded history, cyber-security will be one of those all-important, mission-critical fields that result in not one, but two companies who dominate the field in such a way as to achieve $100 billion valuations. This is in addition to Cisco, who also competes in the field of cyber-security.

But aren’t we a little ahead of ourselves?

Yes. Yes we are.

In my opinion, cyber-security is a niche market. I’m not a techie, of course. But that’s my understanding of cyber-security. Cyber-security costs money and its benefits are hypothetical, based on a fear that if you didn’t have it, you would lose money.

Let’s take the Motley Fool for example. I assume they have cyber-security. But if they turned it off tomorrow, I wouldn’t actually know. What I can tell you is that cyber-security never makes it into their pitches when they are trying to sell their service. “You should subscribe to the Motley Fool, because we have cyber-security.” Nobody actually gives a damn. (Or, rather, we assume they have some sort of network security, and we don’t worry about it). This is why the Motley Fool never advertises their cyber-security as part of their pitch. Cyber-security doesn’t bring in customers. What you are doing–if you have cyber-security–is trying to protect your company from the bad p.r. and loss of revenues if your network is hacked and your customers hear about it and they want to punish you and so they take their business elsewhere.

Analyze all that for a minute.

Do people blame the victim of a cyber-attack? Has there ever been a company that went bankrupt or was destroyed because their walls were breached and their information was stolen?

Here are some companies who have been hacked in the 21st century:

Marriott
Equifax
eBay
JP Morgan Chase
Home Depot
Yahoo
Target
Adobe
Sony

Were any of these companies ruined by the data breach? Did their customers leave? Maybe their stock took a hit. But was the business actually hurt?

In the last 12 months they’ve had billings of $330 million. They aren’t even selling to the Googles and Amazons of the world like Arista is. Zscaler is a small company. We need to remember that. The market isn’t right now.

We’re holders of Shopify, which is our #2 holding. And the way it’s going, it will soon supplant Apple in our ports and become our #1 holding. And I think Shopify has a legitimate shot at being one of those huge companies with a $300 billion valuation.

But it will not be a straight upwards climb. I suspect there will be massive drop-offs of 50% or more. And more than once. That’s what Amazon did. And Shopify is similar to Amazon.

As a non-techie, I’m more comfortable with Shopify because their network advantage is so strong now. (Amazon tried to fight them and gave up). My fear with ZScaler (and Okta) is that niche markets will never be huge. I believe that SaaS makes changing your software a lot easier and simpler, not more difficult. And there’s always somebody who builds a better mousetrap. So I would ask fans of these companies…what’s the TAM? And how strong is their network advantage?

13 Likes

Hi SaintCroix,

Just to clarify here, you can have data-breaches such as the ones you mentioned above, where restricted data gets leaked. But you can also have more serious consequences such as ransomware or other such attacks that can ruin, destroy, alter mission critical functions. Like the Stuxnet virus that not only shutdown the Iranian nuclear program, but set it back months? Years?

The WannaCry ransomeware attack on the NHS a couple years ago cost the NHS 92 million over the course of that week. No reports as far as I am aware of any patient dieing or coming to harm. Surprisingly. But it really could have been different.

With SaaS becoming more and more and everyday reliability, and businesses completely and utterly reliant on cloud services, cyber-security is an absolute critical feature. It is an unavoidable cost-centre. A business could view it as an insurance. Anyone in their right mind wouldn’t skimp out on insurance. Every decent sized business transaction is covered by insurance. Example, if I order a container of xyz widgets from China worth $100,000, I’m getting that covered by insurance (perhaps up to $90,000 worth), in case of sinking, lost, damage or fraud. It may cost me 1k, but I will need to do it. It’s part of the cost of goods.

The same with cyber-security.

So when you say this questioningly:

So for the first time in recorded history, cyber-security will be one of those all-important, mission-critical fields that result in not one, but two companies who dominate the field in such a way as to achieve $100 billion valuations. This is in addition to Cisco, who also competes in the field of cyber-security.

My reply is yes. That is precisely the thesis. SaaS, internet of things, the cloud - everything integrated, with mission-critical functions requiring internet connections and thus susceptible to outside attack. Absolutely is cyber-security an essential market.

After the wannacry attacks, the NHS increased their cyber-security budget because they now realised how serious and how mission and life critical it was. And low-and-behold, we use Zscaler now.

28 Likes

My company was crippled last year for about one month and it took many months for us to rebuild our applications. For several months, we had no idea what our revenues were! This was the aftermath of a ransom ware attack. I’m certain the problem costs us much more to fix that it would have to defend properly. Who knows what lost revenues were as customers couldn’t reach us on our main telephone numbers. If they had our cell phones, then yes. Otherwise, it was lost business to a competitor.

Just because companies don’t boast about security to consumers doesn’t mean they aren’t taking security seriously and doesn’t mean the market will be a niche market. Think of all of the B2B companies that aren’t ever in consumer’s focus. Arista sells to no consumers. They have a big TAM. It can certainly happen.

Finally, there may be a reason companies haven’t boasted much about security in the past. Security has largely been shown not to work (look at the examples in this thread). It is cumbersome to manage and maintain and there always seem to be leaks. Yes, if a company can provide better security/value, there is likely a very large market.

Finally, finally, look at all of the security companies today and add them all up. That is probably a pretty big TAM though I’m not suggesting one company will take all.

A.J.

16 Likes

In my opinion, cyber-security is a niche market. I’m not a techie, of course. But that’s my understanding of cyber-security. Cyber-security costs money and its benefits are hypothetical, based on a fear that if you didn’t have it, you would lose money.

I was at the RSAC in San Francisco a few months back. It was very clear cyber-security is no longer niche. The whole Moscone Center expo full of booths touting their security solutions. Booth-babes, race-cars, wheels of fortune everywhere to give away fluff-and-stuff.

But I agree the first $100B security company still has to be built. ZS is a relatively small player in the field. Cisco, Palo Alto Networks, VMware, Dell, IBM, Oracle are some of the companies that are in the $100B neighborhood or more. But they hardly do only security. More and more security is becoming a big part of their business though.

The fact that you don’t notice it, doesn’t mean it doesn’t do a lot of damage. There are estimates it costs $450B in damages yearly. And rising fast, it will be trillions soon.

Mark

15 Likes

SaintCroix,
Cyber-security costs money and its benefits are hypothetical, based on a fear that if you didn’t have it, you would lose money.

Ever hear of a little industry called “insurance”? Seems that fear of loss in its absence has kept this business model alive for centuries (per Google, the first actual company, “The Insurance Office” having started business in 1667). Or maybe the consortium known as “The East India Company”, founded in 1600 fills the bill.

More to the point, you seem to decry cybersecurity as an important business because it didn’t exist until fairly recently. It’s hard to put a precise date on it, but with the growth of network connectivity the industry has been catapulted into prominence. How’d that happen? Well, it’s directly related to the number and sophistication of attacks having grown at a geometric pace along with the fact that more and more of the value of every major company being retained as digital assets. The company where I worked used to keep all their engineering drawings as ink on mylar. That has been completely replaced by digitally defined geometry. The reason that cyber attacks have become so prominent is not just due to bad actors that seek to do damage for the sake of demonstrating that they are able to do it. Yes, that’s part of it, there’s an ego component. But the main driver is that it’s very lucrative.

I am (or was) a techie, but you don’t need to be one to see what’s happening. And you’re right, none of the businesses you noted have gone out of business. Just like most companies that lose a manufacturing facility or their home office or other valuable physical assets to a flood or or fire or earthquake or pick your act of nature. But that doesn’t mean that it’s not costly. The answer is “yes” their business was hurt. Often costing millions in lost revenues, lost customer confidence, brand degradation, etc. These avoidable attacks can be just as damaging as any physical loss. Depending on the type of attack and the subject data breached, the costs can be extraordinary. You mentioned Equifax. They bought a year of credit monitoring for every individual in their database - that wasn’t free. Target lost a bunch (wish I had a better measure) of customers who closed their accounts. I don’t know the number of lost customers, but the cost of the breach was estimated at over $160M. And it was 100% avoidable. The IT department knew they had been breached but the CEO hadn’t named a new CIO and didn’t personally think the “computer problem” was all that serious so he ignored it. This probably comes as news to you, but there are a number of options when it comes to handling a breach. Immediately shutting it down is usually not the first action. Doing so alerts the intruders that they have been discovered allowing them to escape without being traced.

As for OKTA and ZS ruling the roost, now that’s a more interesting question. And there’s a ton of variables, the specific technologies they offer being just one of them. But, first of all, I’d venture that as disruptors (they both are) it will take a significant disruption to dislodge them. Might there be other important cybersecurity firms? I’d venture a yes to that. But I would also venture that the new entrants won’t be direct competitors, the unplowed ground is too fertile, there will be, I’m reasonably confident, related product offerings.

The company where I worked (great big Fortune 50 aerospace firm) used what they called a “layered” approach to cybersecurity. This approach is nearly universal among big companies. They had perimeter provisions (ZS target market, mainly as the “perimeter” has pretty much evaporated), device provisions, network provisions (ZS is here too), user provisions (mostly in the OKTA arena), file provisions, application/database provisions (OKTA is also in this space), record level provisions and in some cases data provisions and even provisions that applied security requirements based on the value of certain data (for example, Accounts Payable could not issue a single signature check above a certain value, and both signatures were tied to specific device via MACS ID which was kept in a physically locked room). I may be missing some provisions, I wasn’t in the computing security department, but I worked closely with them. The company where I worked fended off hundreds of attacks every day. And one more point, the vast majority of successful attacks never make it to the press. Companies (and government offices) in general don’t like these failings to be broadcast to the general public. You are only aware of a small number of occurrences.

And actually, both of these companies have quite a number of pretty significant customers. As for the “better mouse trap” argument, what works for mice doesn’t necessarily work for software. A better mouse trap is easy to implement and comes with virtually no additional cost other than the device itself. Swapping out your cybersecurity system for a better one is a costly and disruptive exercise. This is precisely why these companies are so focused on land and expand. Customer acquisition and expansion of business with existing customers makes them all the more “sticky”, which is a nice word for driving up the cost of switching.

32 Likes

I’m pretty sure that any bank that decided that cyber-security is non-essential would have their banking license revoked. Similar for any company in a regulated industry.

1 Like

To quickly interate brittlerocks point, cyber-security is such a core necessity of our modern world that a company like Zscaler - a mere provider of security services, but in a different manner - is enabling an entirely different network framework that is far more efficient and useful than what exists.

That is because what exists sits behind all the security necessary to enable the reasonable operation of the network. Move where and how the security is delivered and boom, you can change the entire network.

There seems to be no more core and essential technology today, that is more important or more essential (to doubly use the term - essential - lets triple it) than SECURITY.

It is not always easy to follow what is going on in security, but security companies have systematically been great investments over the past decade, for the most part. And the leaders extraordinary during their hey days.

You cannot run a business today of any scale without serious security - period. Heck you cannot even run a home website showing off baby pictures without keeping the wolves at bay. Your iPhone, Android phone, Alexa unit, etc., can all be attacked. And those are the lowest value units on the totem pole. Your entire business can be destroyed, demolished, without security.

But security that encumbers you is almost as bad. That is what makes OKTA and Zscaler so successful. They not only secure, they simplify and unemcumber you.

Tinker

12 Likes