Absolute’s CEO Christy Wyatt On Leading A Cybersecurity Company And The Power Of Resilience
Christy Wyatt’s career exemplifies what you would expect from a high-performing tech leader who thrives on turning challenges into growth. Showing persistence, resiliency, and tenacity – she has a long history of scaling high-growth technology companies and infusing them with greater creative energy, ingenuity, and intensity for results. As CEO of Absolute, she’s leading the company through an evolution that is shifting its focus from simply being known as a ‘track and trace’ company to becoming the world’s most trusted security company delivering endpoint resiliency to businesses of all sizes.
Previously she served as CEO of Dtex Systems, a user behavior intelligence company that grew revenue by 321% last year. Before Dtex, she was Chairman, CEO, and President of Good Technology, the global leader in mobile security where she defined and delivered an aggressive growth strategy before its successful acquisition by BlackBerry. Wyatt began her career as a software engineer and rose through the executive leadership ranks at Citigroup, Motorola, Apple, Palm and Sun Microsystems. She was named one of Inc. Magazine’s Top 50 Women Entrepreneurs in America, CEO of the Year by the Information Security Global Excellence Awards, and one of Fierce Wireless’s Most Influential Women in Wireless.
Insights From Absolute’s Latest Earnings Call
On August 13th, Christy Wyatt and Errol Olsen, CFO of Absolute, hosted the company’s latest earnings call with financial analysts. A transcript of the call is available here. Key insights from the company’s latest quarter and fiscal year-end were shared and included the following:
- Total revenue in FY19 was $98.9M, representing an increase of 6% over the prior fiscal year with the ACV Base reaching $98M as of June 30, 2019, up $6.5M or 7%, over the prior year.
- Enterprise sector portion of the ACV Base increased 11% year-over-year. Enterprise customers represented 55% of the ACV Base of June 30, 2019. And the Government sector portion of the ACV Base increased 15% year-over-year, now representing 12% of the ACV Base as of June 30, 2019.
- Incremental ACV from new customers was $5.2M in FY19, compared to $3.4M in FY18.
- Adjusted EBITDA in FY19 was $19.3M, or 20% of revenue, up from $9.2M or 10% of revenue, in the prior fiscal year.
- FY19 Net Income increased 144% over the prior fiscal year based on continued Enterprise market growth.
- In Q4, Absolute signed a new financial services customer with an ACV just under $1M with their service being delivered by a Managed Service Provider (MSP) that maintains the customers computing infrastructure.
- Absolute has provided product-level enhancements to make it easier for MSP partners to use their products to support multiple customers, with the strategy paying off with more deals globally.
Christy Wyatt On Competing In Today’s Cybersecurity Industry
I recently had the opportunity to interview Christy and learn more about how she sees the cybersecurity industry today and where it’s heading, in addition to gaining insights into her and her teams’ goals at Absolute, one of the top 10 cybersecurity companies to watch in 2019. Absolute serves as the industry benchmark for endpoint resilience, visibility, and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications whether endpoints are on or off the corporate network, and the ultimate level of control and confidence required for the modern enterprise.
The following is my interview with Christy:
Louis: Coming into a new company environment and establishing yourself with credibility in the role is key. What are the things that you’ve gone after immediately to address how the company is doing and where it’s going? In essence, what’s been your 90-day plan, and how’s that going overall?
Christy: Most incoming CEOs join a company with a thesis about why this is an interesting opportunity and how they can invest significant intellectual capital into it. And then that first 90 days is really about vetting out that model and seeing if the opportunity is real. With Absolute, my thesis was here is a company that very few people understood, with an amazing install base and partner community built around unique self-healing capabilities. If you juxtapose that against the security industry today, you’ll see the glaringly huge problem. There are start-ups after start-ups all claiming they can protect businesses from breaches – so organizations keep buying more and more technology – all while breaches are accelerating. And those businesses keep asking themselves, “Are we more secure? How do I know if my business is more secure?” And the answer is they don’t know.
When I talk to customers, they say, “I have more than ten agents on every laptop in my device fleet. User experience is suffering, and the complexity is mind boggling.” As a CEO, I want to be able to fix that, right? How do we effectively deploy security controls in a way that is healthy and productive for both the laptop and for the user? That’s a massive opportunity, and that’s what gets me excited about Absolute.
Louis: In your last few earnings calls, you referenced wins in financial services, healthcare, and professional services. What do you attribute the success of Absolute moving more towards the enterprise?
Christy: The initial transition and increased focus on the enterprise market predates me. Over the past year, however, we’ve expanded our discussions into all the sectors you mention, and more, to better understand what they’re doing around enterprise resilience.
In April, we published original research that examined the state of decay and exposure points around endpoint security. Once we quantified that, we then spent our time with customers talking about what’s happening within their unique environments. What we found was that they had a false sense of security. They have encryption, malware security, and VPN all checked. But based on our research and new analytics, we were able to show them there are gaps in their protection when those agents became un-installed, missed a patch, or conflicted with other controls. That is the rate of decay we are talking about. How to make their existing controls more resilient to decay. We highlighted how their existing deployments degrade, weaken and fail over time. We also showed them some simple strategies to heal and even boost the immune system of their environment. That’s very powerful, and as a result, customers are leaning into our resilience story – it helps them capture the value of the investments they have already made.
Louis: Regarding your product roadmap and the direction you’re going in, what are some of the plans that you’re looking to be able to capitalize on that presence that you have on billions of devices?
Christy: Critical to our success has always been our partners. If you look at our Resilience product, which is our enterprise product, we can heal other third-party applications. So if the average enterprise has ten plus security agents deployed, there are probably at least three to five that they care about. They say, “Look, I feel exposed from a compliance perspective or a risk perspective if I don’t have, for example, encryption turned on… and it’s not okay with me that my users can delete something or turn it off.” Our data tells us where and how we can serve, and better secure, those enterprise IT architectures.
There’s a growing list of things within our platform today that we already heal. Broadening our resilience capabilities is something you’re going to see us invest significantly in. And then there’s work we have to do for our customers’ security and IT organizations, pointing them to the specific, critical things that need their focus right now. So if there’s a gap or something has gone offline in their security fabric, I want to bring their attention to it; I want to heal it and fix it. Absolute excels at solving those challenges for our customers.
Louis: You mention endpoints often, and it makes me think about ‘Zero Trust’ security and the proliferation of IoT and industrial internet of things devices and how that’s flourishing across manufacturing and other distributed based industries like supply chains. What are your long term plans in these areas?
Christy: We’re doing a lot of work in that space. With 5G quickly evolving, this is going to have a significant impact on the enterprise, and the ability to have similar controls on anything that’s connected to your network will be critical. I think there is a lot of credence in Zero Trust model as one of the many security architectures, but any one of these has to be rooted in something. So even if you’re trying to manage security from the cloud, your efficiency and your effectiveness are only as good as the data that you’re getting. If you don’t have visibility on what’s connected or what’s happening on the endpoint, your ability to diagnose it or fix it is relatively is impacted. My view is whatever you think your security strategy is today, the controls you think you need are going to be completely different 18 months from now. And so the five things you care about persisting and healing today are not going to be the same five things you care about in that timeframe. Our job is leverage our BIOS enabled foundation that allows enterprises to get reliable data, see the things that are protecting their environment, and heal them if something goes wrong – regardless of what their stack looks like.
Louis: So Absolute becomes a system of record because it is the definitive record of all activity coming off of that laptop or that device that’s enabled at the BIOS level with your technology.
Christy: I think we’re a big part of that. We’ve talked to a lot of customers, and there are other visibility solutions on the market. A lot of times somebody says, “Well, I have a fill-in-the-blank-security-product, and so I think I see everything.” My answer is the thing they are relying on is likely one of those ten things that are sitting in the stack that has a rate of decay – because it is not rooted in the BIOS so, therefore, it has some inherent vulnerability. So we should be instrumenting that and ensuring that we protect that critical control, ensure it is always running, and heal it if it goes offline. Our customers rely on us because they know that we are giving them the complete picture.
I don’t see the vast ecosystem of security products as competitive to what we are doing. I see those as complementary. Whatever is in your security technology stack, let’s make sure it’s always there, let’s make sure it’s always turned on, and let’s heal it if it goes offline.
Louis: Regarding the designed-in win you’ve achieved with being embedded at the BIOS level, do you spend time OEMs? How is that all orchestrated at the platform level, or at the OEM level, to ensure that you continue to have that as a competitive advantage?
Christy: We’ve had very close relationships with our OEM partners for well over a decade. We spend a lot of time looking at both the technical architectures and customer challenges. Every one of our OEM partners has a unique strategy for how they are delivering unique security services to their customers, and we view ourselves as an enabler of those strategies.
Louis: When you visit customers, what are they most excited about? What’s their burning need right now? What are they focused on?
Christy: Right now, we’re spending a lot of time with our customers focused on simplifying their experience and making these new capabilities easier to use, and easier to integrate into their environments. A lot of our customers have been with us for a long time and get very excited about how we make their jobs easier with more automation using things like our constantly expanding library of Reach scripts, enabling their IT teams to automate a lot of their endpoint tasks.
Where we also see a significant change in behavior is when we show them the power of some of our Resilience capabilities, paired with some of our analytics pieces. When we show them the state of the endpoint as it applies to their unique environment, where the gaps are, and demonstrate how we can help heal those gaps, I often hear, “Oh, I didn’t know Absolute could do that…” It’s a big departure from where we were ten years ago. So I think we’re going through a period of reintroducing ourselves to our customers and showing them that, even with the technology they already have, they could be doing so much more.
Louis: How do you build the business case for Absolute?
Christy: I think it depends on the customer. I think that if they’re a customer that’s talking to us about our visibility and control products, which are really about trust in our BIOS level visibility and control, management and tracking and locating and taking fine grain view at their assets, then I think the conversation is really about return on investment around the asset itself. Using their data to give them valuable insights about the state of their assets, as well as their posture. It’s a conversation about protecting the investment you’re making in your computing infrastructure.
When we’re talking to a customer about resiliency, it’s really about how much they are spending on security and how do we help them get back the return on investment of the dollars they’ve already spent. I believe the frenzy around security spending has put a lot of IT managers into a position where they have deep stacks and are not getting the full return on investment from those controls. We want to help them close the gap.
Louis: How do you enable innovation of culture and be able to turn out the next generation products?
Christy: So, I’ve done it a bunch of different ways, and I believe that what is most empowering to people who love to build great products….is when individuals get to see their stuff, their unique idea, their new concept go to market and be used by customers. We are fundamentally builders using our tools to solve customer problems.
What I like is a little bit more of the startup energy. Where people can bring forward ideas, and if we agree this is a cool idea – we invest. We give them a team and a timeline. We can give those ideas an opportunity for commercialization. And by the way, that’s what engineers and innovators and entrepreneurs love the most. That’s what they want. They get passionate about pointing to a product and saying, “I did that. That’s super cool. It was my idea; they gave me a team. I learned a lot, and I got to have an impact.” And I think that impact is really what fires or fuels the innovation culture.