In a special episode of Behind the Deal live from Miami from Thoma Bravo's Annual Meeting in March 2025, Thoma Bravo Managing Partner Seth Boro welcomes two prominent leaders in the cybersecurity industry, Jill Popelka, CEO of Darktrace, and Joe Levy, CEO of Sophos. Cybersecurity has been a focus of Thoma Bravo's investment strategy since 2008, driven by the growing complexities of an increasingly digital world. Jill Popelka shares a perspective on Darktrace's pioneering use of AI in cybersecurity and the evolution of AI-driven software. Joe Levy provides insights on scaling cybersecurity solutions and the future of the industry. Together, the leaders shared insights on how their companies are leading the cyber industry to protect customers from advanced zero-day threats.
In a special episode of Behind the Deal live from Miami at Thoma Bravo’s Annual Meeting in March 2025, Managing Partner Seth Boro welcomes Jill Popelka, CEO of Darktrace, and Joe Levy, CEO of Sophos.
May 1, 2025
35:07
This podcast is for informational purposes only and does not constitute an advertisement. Views expressed are those of the individuals and not necessarily the views of Thoma Bravo or its affiliates. Thoma Bravo funds generally hold interest in the companies discussed. This podcast should not be construed as an offer to solicit the purchase of any interest of any Thoma Bravo fund.
Welcome to Thoma Bravo’s Behind the Deal. I'm Orlando Bravo, Founder and Managing Partner at Thoma Bravo. Today, we’re taking a break from our usual focus on specific deals to bring you an insightful fireside chat from our 2025 Annual Meeting. The discussion features Thoma Bravo Managing Partner Seth Boro in conversation with two leaders in the cybersecurity space, as well as our portfolio: Jill Popelka, CEO of Darktrace and Joe Levy, CEO of Sophos.
As you may know, especially if you’ve listened to earlier episodes from this season, cybersecurity is a critical area of focus for Thoma Bravo. We’ve been heavily invested in this space since 2008, driven by the growing complexities of an increasingly digital world, and we now have one of the largest cybersecurity portfolios in private equity.
Today, our cyber portfolio has over $6.5 billion of revenue, employs around 19,000 people, and represents approximately $58 billion in total enterprise value. Darktrace is a company known for its pioneering use of AI in cybersecurity and its CEO, Jill Popelka, will share her thoughts on the evolution of AI-driven defenses. Meanwhile, Joe Levy, CEO of Sophos, will discuss the challenges of scaling cybersecurity solutions, the importance of operationalizing security, and the future of the industry as a whole.
So get ready for an engaging and informative session that highlights the critical role of cybersecurity in today's digital landscape, the ongoing challenges, and the innovative approaches companies are taking to address these issues. Let’s listen to this AGM Fireside chat featuring Seth Boro, Jill Popelka and Joe Levy.
MUSIC TRANSITION
Thank you both for being here today.
Of course.
We've talked a little bit about both of your companies, but just as a backdrop, I think as most people know, cyber, which is going to be the topic of our panel today, is an area that we've been heavily, heavily invested in since 2008. And internally we have a team that is focused solely on investing in the cyber space, and that's a big differentiator in our market and it's led to us being really strategic in the space. My partners Chip and Andrew and I have been working together in and around cyber really since our interest investment that we bought at the depths of the financial crisis. And you know, since that time, of course, our team has grown and has made some great investments. And you do need to be a specialist in the area. It's a very complex, very technical space. It moves very quickly. And with us today, we have two exceptional CEOs. Jill Popelka from Darktrace, which is our most recent cyber investment. And then Joe Levy, who is actually a long-time Sophos colleague of ours, an executive at Sophos, ran the technical side of Sophos for many years. And Joe in fact worked at a previous — two previous Thoma Bravo companies. SonicWall, which was a platform company way, way back. One of our first network security investments and then started a business called Solara that Blue Coat bought. So we've had a really long history together, and Joe's a cyber legend. I heard your name for years. And then finally we got to actually work together in a meaningful way through Sophos. Joe recently took over as CEO of Sophos and just completed a huge acquisition showing that you can continue to evolve even after many, many years in the portfolio and after doing great things. Maybe we'll start with an area that, Jill, if you could just give a very brief description of Darktrace and then Joe, if you could do the same of Sophos.
Yeah, sure. I'd love to. So Darktrace is a cybersecurity software platform. We are a full platform provider. We're a leader in the NDR space. We also have cloud products. We have a fantastic email product, identity, and OT.
We are a 40-year-old cybersecurity company. We operate in all of the critical domains of IT, operating environments, endpoint security, network security, cloud security, messaging and identity. And about six years ago, we began the transformation of the company from being purely technology focused to a hybrid of technology and services, which we have deep conviction is going to be the future of cybersecurity.
Thank you. And of course you could probably talk for hours on specifics of the business, but we'll save that for another time. Jill, one of the really amazing things, and I know you're a little over a year into cyber, but of course you were sitting on the board of Darktrace and we got very lucky that you agreed to be the CEO of the company before we closed the investment. One of the reasons we were so interested in Darktrace is that the business natively had built the company on top of AI. And so today, of course, a lot of people are talking about large language models and everybody has an AI strategy, but before all of this, Darktrace, which has an incredibly deep technical expertise, really grew up that way. I'd love to get your perspective on what it was that AI enabled Darktrace to really do from day one and then how that's evolved and what you're seeing today in the market from an opportunity perspective that's driven by this next generation of AI.
That's a really compound, complex question, Seth.
You're welcome.
I could go on for the next hour. So Darktrace was originally from its very inception, founded on AI. And so multi-layered AI, we have incredible technologists based in Cambridge who looked at the problem of cybersecurity in a different way than most of our competitors. And so they looked at it as if we understand the business deeply, then we can understand what's not normal, what's anomalous, what's a threat. And so we've continued gathering data and understanding, creating new models, multilayered AI, agentic AI. We've used all of those things to ensure that we can protect a company, truly create fabric almost like your human immune system so that when a threat comes in, we see it, we can respond to it, and ensure that we prevent it from happening again.
How have you — obviously, and that's on the product side, that's how you've built the business. Maybe tell us about some of the threats that you're now seeing in your environments that are AI driven and how you're responding to those.
Sure. Well, let me back up just a little bit because I think it was really interesting when Chat GPT came onto the scene, within a month after it was launched, we saw a 135% increase in novel social engineering. And so that's just a fancy word for, like, email scam. So novel social engineering, really to kind of break it down for you a little bit more, it is often something that you can tell isn't right. Right? You've always opened an email, it says that the punctuation's not right. Right? The domain doesn't look right, you can identify those things. But recently, earlier this month we found, I got an example from our tech team. It was exactly on the same day that Trump and Zelensky met. It was an email that looked like a CNN news update. Perfect punctuation, absolutely perfect. There's no way that a human could have identified this as a threat and it wasn't trying to force an action. That's what social engineering is, right? It's something that's trying to force you to take an action. Click on a link, take a picture of a QR code. It was just a video. And it was a video that had Trump and Zelensky in it. I mean, this is relevant, real time. And it didn't say click here, it just invited you. There was malicious code behind that video clip. And so Darktrace caught that. It was a really great way for me to really understand novel social engineering and to understand that this is happening. That trend is increasing, right? 135% increase just in the first month after Chat GPT. You can imagine with all the other products out there today, how that trend continues. And I asked for a simple stat so that I could bring this to life for people that love numbers. 30% of the last 30 million emails were novel social engineering. So, the last 30 million emails that Darktrace caught, 30% of those were novel social engineering. I mean, it's a real trend and it's something that we all have to be aware of because as AI continues to proliferate, and I know Chip and Orlando, everybody's talking about how great it can be for business. We also have to protect ourselves from the danger of it.
Joe, you've obviously seen this industry, cyber industry, evolve quite a bit. What are the biggest challenges today running a big cyber company, staying ahead of these threats, and how do you manage that technical side internally to make sure that you're always innovating, especially as you get to scale, you're much bigger than you used to be. Maybe walk us through that. Or how do you instill that culture in Sophos?
So I'll start by saying that most cybersecurity practitioners tend to be pretty skeptical by nature. It's kind of a prerequisite for the job. Especially if you're on the operating side of things. And what I could say about just keeping pace with things, it first requires that you have a really close understanding of what's going on in the threat landscape. So we have a global research organization with over 500 researchers and practitioners, and they spend a lot of time dwelling in the cyber criminal undergrounds to see what's going on by the adversaries as they're staging, maneuvering, attempting to build and buy different sorts of cyber adversarial components to attack their victims.
And one thing that we've observed particularly on the use of generative AI is that even they're skeptical. Like, they're saying it's not quite ready for prime time at this point. And we are seeing the industrialization of generative AI for the purpose of social engineering attacks, but we're not yet seeing it driving the creation of novel malware, or driving autonomous hacking or vulnerability discovery operations against their victims. So that's good news. But that learning is so essential to us understanding what it is that we need to do operationally, both in terms of the managed detection and response service that we deliver to protect over 28,000 customers globally now, as well as building the actual technology that the practitioners themselves are going to use. So that I would say is a very essential component.
And then scale I think is probably the next most important one. The platforms that we're building when we're operating at the scale that we are, we have about 600,000 total customers globally today, hundreds of terabytes of data, of sensor inputs that are being consumed. And you need to be able to reason with this in an efficient way and your operators expect that they're going to get Google-like responses when they're issuing queries. So building your architectures to be able to do that and then to be able to do it profitably. Of course, like, you hear about so many cybersecurity companies, somewhere around 7,000 estimated cybersecurity companies in the market today, and the vast majority of them are still finding a path to profitability, being able to build these architectures in a way that allow them to scale, perform, and operate in a way that is also profitable. I think these are some of the hardest challenges in the industry, and that's why there are so few companies that are actually doing it this well at this scale.
Yeah. One of the things that Sophos has been so incredible at over time is delivering enterprise grade cyber to companies of all sizes. What is it that has allowed the company to do that? Because that's not easy, of course. You just mentioned most cyber companies and there are thousands, one of the things we like about the market. But it is, um, there’s a lot of growth at all cost businesses. There's a lot of R&D being spent, but you've been able to build great product and deliver it to companies of any size, which is not easy. And also, it's a big theme of the market today that regardless of what size you are, you need enterprise grade protection. How have you been able to do that?
I think this remains one of the biggest challenges in cybersecurity. The vast majority of those companies that I mentioned, 7,000 of 'em, they're all going after the same customer base. They're all going after the global 2000. So there is a vast overinvestment of dollars and attention going toward this very small segment of the market, which leaves this vast unaddressed component of the market. 98, 99% of the market is categorically mid-market or SMB, and there are very few good cybersecurity solutions out there that are designed to address their needs and their needs need to be addressed in a variety of ways. Certainly at the technological and the operational level, you can't expect them to possess the expertise that you would a large multinational global bank, for example. So the technology and its operation needs to be more accessible, but it's more than just that. It's also the way that you build a company itself.
In order for us to be able to address the needs and provide attention to 600,000 customers globally over the years, we've built one of the best channels in cybersecurity as well. We have about 28,000 global channel partners that we work with. And then there's this one segment within the channel community called MSP, Managed Service Provider or MSSP, Managed Security Service Provider. They’re I think the linchpin for the way we actually do a better job for consumers of cybersecurity, because they're at the coalface providing the interfacing with the customer and ensuring that they're actually extracting the value from the investment that they've made in cybersecurity. And that's been a problem in our industry for a very long time. We've done a great job producing good technologies. We've done a terrible job actually operationalizing those technologies, and it's the operationalization that makes the difference.
Jill, how in this market where customers have a lot of options, there's tons of best of breed solutions out there, there's platform providers. How do you think about that in terms of where the industry is today? When you're talking to customers, are they interested in best of breed? Do they want big platforms? Where's that pendulum that always seems to swing back and forth right now?
So what I've seen, Seth, is that segmentation matters. So if you're looking at the lower end of the market, they're looking at something different from the upper end of the market. And I'd say the customers I'm talking to on a regular basis are generally in that large enterprise and strategic space, and they have all enjoyed the ability to buy many cybersecurity products in the last 10 years, and now they realize that that doesn't always serve them well. They actually need a fabric. They need something that truly connects to one another. Their cyber solutions need to connect in the same way that they want their business applications to connect. Our strategic customers really want vendor consolidation. While they love having their best of breed, they need to minimize a little bit to get to that fabric and to get to the best in class in a lot of these cyberspace.
What are you seeing in cyber budgets right now and how are you selling ROI?
I think most of my CISO counterparts would, they'd say that they're not increasing fast enough because there's so much to protect and so much to do that their budgets aren't increasing quite fast enough, but they're still seeing some increased budgets, right? Because obviously with the prevalence of large language models and AI, we need to continue to protect.
Yeah, one of the things we love about the cyber space is that almost through every cycle we've seen growth in some pockets, if not all spend. And as people now push out all of this, these gen AI apps and the infrastructure to support them, you need cyber on top of that. And Joe, you just made a really meaningful acquisition of a company called SecureWorks, and there's a lot of themes in that. Maybe just walk us through why you were so interested in that. What are the big customer themes that you're seeing that are driving that, and you know, what's your big integration there? What do you have to get right to make that work?
Well, first thank you for your support on this one. I think it was a really big deal in the cybersecurity space. SecureWorks is one of the best known brands in cybersecurity. They've been around for about 26 years now. They were one of the first MSSPs in the market and one of the best known brands providing that kind of managed security service. Over —
Maybe explain what an MSSP is for those who don't know.
MSSP, Managed Security Service Provider, it's a specialized application of a managed service provider that strictly focuses on security rather than a broad spectrum of IT services like unified communication and telephony and other sorts of access. And what they've done over the past five years is they've started a transformation of their business from non-recurring service revenue to recurring revenue on this platform that they've built called Taigus. And the name is a portmanteau of technology and Aegis, and I think they did a phenomenal job just manifesting all of the knowledge that they built over 20 something years of providing these kinds of services to the market. And the result of that was that the Taigus platform was one of the best XDR platforms. XDR is extended detection and response. This has become the sort of go-to technology platform for running cybersecurity operations. And you'll typically hear of XDR referenced in SIEM- security, information, event management.
The two of them are still unique categories today. The market is beginning to use them somewhat interchangeably just because of the overlap and the functionality between the two of them. And there are some predictions that they're going to converge at some point, but for right now, they remain fairly distinct. And this Taigus platform is just a great XDR operating platform and it enabled them to deliver that superlative technology to their most discriminating enterprise customers as well as to use it as the basis for delivery of their own managed detection and response service. So they've been going through this transformation of non-recurring service revenue over to recurring service revenue, and they were about 95% of the way through there. We're going to take them the rest of the way on that journey, of course, and we're going to be using that Taigus platform as the centerpiece for the way that we do cybersecurity operations going forward.
Yeah, congratulations on that because I know you had your eyes on that company for a long time, but it was your financial performance that allowed you to do that. So you don't need to be thanking us. Thank you for putting the company in a position to, you know, to create a lot of value for all of your investors. I mean, it's a really awesome acquisition. I dunno how many people are watching Zero Day on Netflix right now. It's kind of a really interesting, incredibly scary show about a cyber threat. And we've been talking about it a little bit in terms of how realistic it is, but how realistic is that? How scared are we right now?
Joe's the pioneer in cybersecurity. I think he needs to give us his answer.
It's real. This stuff is actually happening. Not perhaps quite to the dramatic effect that we saw in that miniseries. And if you haven't watched it, I do highly recommend it. But the premise of it, no spoilers, is that there are successful attacks against our national critical infrastructure. Power, transportation, food services, water, et cetera. And it manages to just incapacitate the nation for a very, very short period of time to get everyone's attention. That's how the show kicks off. And these things are possible. We've certainly never seen them in the real world at this scale, but we've seen isolated instances of them, which certainly demonstrate the capability of nation state adversaries when it comes to their presence in our critical infrastructure systems and their ability to launch a successful attack, a coordinated successful attack at some point in the future, should there be a campaign that they wanted to be able to kick off with that kind of a cyber offensive. So yeah, this is something that we all need to be exceedingly concerned about. And if you take into account the fact that our critical infrastructure sits primarily in the private sector, meaning that it's a supply chain of independently owned businesses that have no kind of uniformity in the way that they run their cyber hygiene or their cyber programs, it is something that as a nation we should all be taking very, very seriously.
I feel like we need a comedic break right now.
Hold on. I'll do it. I'll do it. Give it up. So here's what I'll balance that with. Just behind the scenes in the cybersecurity industry, I think there are a couple of things that are really interesting. So first of all, we are working with governments, Darktrace just being in the UK, we work primarily with the UK government. We're working to build some relationships in the US. In addition to that, we serve state and local municipalities. Our OT product serves a lot of water municipalities. And so these are all really good things, right? These government agencies are paying attention and they know that it's important. But secondly, the cybersecurity industry actually works together. If we see a vulnerability, if Darktrace sees a vulnerability in one of our competitors' products, we call them. We don't call the media, we don't call, I don’t know, CNN, and let them know that this is happening. We call them. Because the best way for us to keep the world safe is to let them know that this vulnerability exists and let them have time to solve it. Zero day actually means that there's no time, zero days, between the vulnerability and the bad actor exploiting that vulnerability. And so if you can prevent that vulnerability from happening in the first place, then that zero day will have much less ability to do what it has done in the movie so far. So that's my balance to Joe.
How big is that — the industry calls it OT, but this non-traditional connected device now everything, critical infrastructure, embedded devices that sit around your home, how big is that market opportunity for each of you? How do you think about that and how nascent is that today relative to traditional cyber protection?
I'll start by saying that OT, operational technology, which is the counterpart to IT information technology, it's relatively under invested. We just have not seen a lot of investment focused on the cybersecurity needs of OT. There's maybe a dozen companies that are targeting that sector specifically. The reality is that there typically isn't a lot of isolation between the two networks and the kinds of controls and monitoring technologies that you would deploy on your IT environments are generally also suitable for certain components of OT environments. There just has not been a lot of good synergy in the way that we've been addressing the requirements. This is changing pretty rapidly though. And Jill, I know you've got some exciting technologies that you could talk about there. We do as well with the acquisition of SecureWorks, and we're excited to have access to the segment of the market now with that recent acquisition that we did, Jill.
Well, seriously underpenetrated. I think the opportunity in the OT space is massive, especially oil and gas, water, utilities, all of our critical infrastructure needs this kind of support. I think we're only starting to truly understand how it can be valuable and how it can be deployed more quickly.
Yeah, Jill, for those who don't know, Darktrace is originally a UK company. The company was founded in Cambridge. One of the really incredible attributes of the business is that the cost of R&D in the business is really efficient, which was sort of a surprise to us when we got to know the company.
Mmhmm.
But the innovation out of your CTO, Jack, and others who have worked with him over the years is quite remarkable given that, so it's a great UK success story. I'm just curious regionally, what you're seeing right now. You know, you obviously have a lot of business activity in Europe as do Sophos, actually, Sophos another originally —
Oxford.
Oxford.
Cambridge, Oxford.
I know, I think every cyber asset out of the UK is here. Pretty amazing. But just maybe what are you seeing in Europe? What are you seeing in the UK? What's the business environment like? Lots going on in the world.
I find lots, always lots going on in the world, Seth, but I do think there's some major differences between what's happening in Europe and what's happening in North America, just in the conversations I'm having. So this is not a broad survey, Joe. This is a six month survey. You might have to balance this for me. In Europe, I see a lot more conservative approach, just their approach to innovation is a little bit more conservative. They are still really buying NDR, our network product. They're very focused on that.
Great product.
It is a great product.
They should be.
20% market share. We're pretty happy about that. And so Europe, that is really the focus. In the US, my customer conversations are primarily around cloud. Every CISO that I'm talking to is trying to figure out — it's like speaking a whole new language — when you used to just try to secure an on-premise network and all of a sudden now you've got a multi-cloud environment, you're trying to understand where your data's going, where your transactions are hosted. You're trying to figure out exactly how to secure this very complex cloud environment. And the SOS and the CISOs are really struggling to figure out how to do that effectively. Again, with not a massive increase in budget, but what they see is relatively small. And so those two differences mean that we start our conversations actually with cloud in the US so that our customers can see that innovation that we're driving toward, how we protect a multi-cloud environment, what we're doing in that space. I agree with Joe, that service is going to be really important because customers navigating that are going to need to understand how to do both all at the same time. Are you seeing something similar?
Very similar. I think the historical trend in the industry had been that the market in Europe lagged the market in the United States in terms of technological adoption by three to five years. Seeing that shrinking now and that gap is closing pretty rapidly. Maybe it's two years at this point, continuing to shrink. Also seeing a lot more aggressiveness, a lot more rapid expansion of growth in our MA business right now as a result of that. It's a trend that will probably continue. There are other geopolitical factors I think that are going to be influencing some of the buying motions of Europe going forward. There's a greater appetite of course in understanding what the privacy and the data sovereignty implications of adopting certain technologies look like. I think there's much more scrutiny happening right now around how companies are building their infrastructures, what their supply chains look like. If we are going to become a cybersecurity provider to a customer in Europe, for example, they're asking a lot more questions at this point about how we're going to be good custodians of their data, how we're going to use their data for the purpose of training AI. It's changing the dialogue between cybersecurity vendors and buyers. And I think it's actually an advantage to us to have European roots because it allows us to navigate those conversations with a little more facility than some of our US only counterparts.
Well, and we've developed with those expectations, right? Along the way. So the journey has been founded in that kind of data privacy world.
Joe, we touched on the AI opportunity earlier, but you were one of the first executives at least who I spoke with. Of course, everyone in the organization, all of our companies were thinking about it, but you were all over this idea that now that we have gen AI in the market, developers now have this new tool that could be quite dangerous to generate code and that we need to make sure we have policy around it. So actually you've been working very closely with us organizationally to build policy around what that all looks like. Where does that sit today? How are you thinking about the efficiency side versus the security side of the product development piece? And that specifically as it relates to code development?
It's rapidly evolving is what I would say. And it's in a very different place today than it was a year ago, than it was two years ago. Having a framework, having a governance policy is absolutely essential. But the thing that I think we should all keep in mind is that you can't keep it out. Your employees, your users, they're going to adopt AI on their own. Same way that we used to talk as an industry about shadow IT. Now with shadow AI, you can try to stop them. You're not going to be successful. So if you can't beat 'em, join them. And a governance framework is absolutely essential so that you can understand how it's being used within your environment and how it's being used to interact with your data and your customer's data. And that's something that we invested in very, very early and it gave us an ability to ensure that we had a good understanding of how it was being used.
It also gave us a handle on the adoption of AI across our business. And so like in our CRM and in our ERP, everyone is investing in AI and their platforms today. We need to understand as a consumer of these technologies, how our data is being used as well. So we're on both sides of the table in this respect, but we also need to ensure that we provide a good vocabulary to the buyers within our business units so that they can have the conversations with the vendors, because not all applications of AI are created equal. In some cases the claims exceed the realities and we just need to make sure that they have the tools to be able to measure that effectively on their own.
What's your expectation just in terms of 10 years from now, will all of your developers be twice as efficient with gen AI? Like is there, how do you think about that?
That's a great question. The industry is spending a lot of time trying to measure this today. We've adopted GitHub copilot within many of our development teams, and there's a variety of different AI assisted IDEs that are out there today. So there's going to be a lot of competition in that space. They're good at this point. They actually provide a lot of efficiency gain for good developers, and that's a very, very important caveat. A generative AI co-development tool in the hands of a bad developer is going to produce bad code and that's going to produce security vulnerabilities. So you have to begin with the knowledge of what good code looks like in order to be able to know whether or not to accept what the AI is handing you. So this is a classic Dunning Kruger problem. It's the knowledge that is required to produce good judgment is also required to recognize good judgment, and it applies more than ever to code that's being produced by artificial intelligence.
Yeah, we talk about that a lot, that gen AI is really an enabler of talent. So you do need the talent to get the multiplier effect on it, and I think development maybe is where you see it the most in the early days. How are you, Jill, just across your organization as you look operationally, where do you expect to see the biggest uplift in the near future? I'm curious. Asking for friends.
Everywhere. [chuckles] No. There's a lot of operationally across the business. Well, I don't feel like we've done what we need to yet to be known in the US market. And so I think we have a lot of work to do in sharing our value proposition across the US. So there's some operational, just sales, got to market challenges that we're addressing here. I think we have a lot of opportunity right now in our product team, and Jack is an incredible genius, like Joe, kind of a legend in this space. And so, Jack Stockdale is our CTO. And he's reorganized our product team and he's done it in such a way that there's product management engineering standard teams that you would want to see. And then he has an innovation team that's going to rotate out of his product and engineering groups into the innovation group and really start to test the limits of what our technology can do. Because when you've got multilayered AI and agentic AI that we've been testing, we have Beijing probability models, we have all of this incredible technology. What we can do from an innovation perspective is really, really exciting. Jack spends more time with the innovation team than he does with the core teams, but I love it because that's his gift.
Maybe as our final question, we're getting a lot of questions on really two things. One is are there any demand changes in this current tariff environment? And with the efficiency initiatives going on in government, are you seeing any demand changes in that channel?
Yeah.
We haven't seen any. I mean, we're still seeing lots of new conversations, lots of interests specifically again, in the cloud space, right? I mean, so many CISOs are trying to get their arms around the complexity of cloud. And so in order to do that, we're having lots of educational conversations about what our product does versus what others do. And we just take a different approach. And generally, customers are really excited about the balance between having cybersecurity providers that do known threat prevention and then some cybersecurity providers that have novel threat prevention. And so the latter is where Darktrace has a handle on those things, and we're really excited about those new conversations that we're having here.
Yeah, I mean the positive and negative is that generally noisy environments are good for cyber. It's just the reality of the, and right now we're in a very noisy environment
That’s right.
An understatement. Joe, what do you, just demand wise? Are you seeing anything out of the tariff discussion, anything coming out of the government efficiency initiatives or is it business as usual?
We haven't seen the impacts of it yet. There are more inquiries at this point about how data is being managed, how role-based access control auditing. I think there's a greater sensitivity around just the way that data is being used and the privacy of the way that you've built your architectures as a vendor of these kinds of technologies. And cybersecurity is a very resilient industry, and you're absolutely right. I think volatility, if anything, it's going to help to sharpen the focus on the outcomes of the investments more than on the underpinning technology itself. And this is why we continue to see this growing interest in the services delivery model. Customers don't just want to buy good software, good cybersecurity software, and then throw it over the transom to the security operations team if they even have one, and then hope for the right kind of an outcome. They want to be able to better understand the ROI and the straight line from the dollars that they're spending to the outcome that that investment will be producing for them. And again, this is one of the reasons why I think that this fusion of technology and services is going to become more important to cybersecurity than ever before.
So unlike the stock market, volatility in cyber does mean things are increasing. It's good for revenue.
That's right. There should be a VIX for cyber. Yes.
Well, thank you both for being here in person at the annual meeting and also for taking the time to do the panel. We appreciate it. You're both exceptional leaders running incredible companies, and two of the most important companies in cyber, which we of course all don't collectively take lightly. They're very, very important businesses, keeping a lot of people safe, a lot of companies all over the world. So thank you, and it's been a great discussion as always, and really, really appreciate your time.
Thanks Seth.
MUSIC
Behind The Deal is brought to you by Thoma Bravo in partnership with Audacy’s Pineapple Street Studios. Join us next week for more stories Behind The Deal. Thanks for listening.
Certain statements about Thoma Bravo made by portfolio company executives are intended to illustrate Thoma Bravo's business relationship with such persons rather than Thoma Bravo's capabilities or expertise with respect to investment advisory services. Portfolio company executives were not compensated in connection with their podcast participation, although they generally receive compensation and investment opportunities in connection with their portfolio company roles, and in certain cases are also owners of portfolio company securities and/or investors in Thoma Bravo funds. Such compensation and investments subject podcast participants to potential conflicts of interest.
110 N. Wacker Drive
32nd Floor
Chicago, IL 60606
+1 (312) 254-3300
1925 Cedar Springs Road
Suite 205
Dallas, TX 75201
+1 (214) 971-7777
Norfolk House
31 St. James’s Square
6th Floor
London, SW1Y 4JR
UK
830 Brickell Plaza
Suite 5100
Miami, FL 33131
+1 (786) 785-5800
375 Park Avenue
Suite 3603
New York, NY 10022
+1 (212) 292-7070
One Market Plaza
Spear Tower
Suite 2400
San Francisco, CA 94105
+1 (415) 263-3660
Thoma Bravo UK Advisers LLP is authorised and regulated by the Financial Conduct Authority (Firm Reference Number 1016286).