In this episode of Industry Focus: Wildcard, Emily Flippen and Motley Fool intern Meilin Quinn discuss the cybersecurity space. The cybersecurity industry is among a handful of industries that have witnessed growth as more and more people are shifting toward working from home. They take stock of the state of the industry, investment prospects and some latest innovations in the space. They also share some stocks to put on your watchlist and much more.
To catch full episodes of all The Motley Fool's free podcasts, check out our podcast center. To get started investing, check out our quick-start guide to investing in stocks. A full transcript follows the video.
This video was recorded on June 17, 2020.
Emily Flippen: It's Wednesday, June 17th, and I'm your host Emily Flippen. Cybersecurity is an industry that has been really resilient over the past few months. As more and more people have started to work remotely, it's acted as a tailwind for companies that have been seeking to secure themselves against the inherent vulnerabilities that come with decentralized work.
Joining me today, to break down whether or not cybersecurity companies are the biggest opportunity right now or just another red herring, is Motley Fool intern, Meilin Quinn. Meilin, how are you doing?
Meilin Quinn: I'm good, Emily, thanks for having me. This is very exciting.
Flippen: Yeah, this is really exciting. And, before we started filming, or taping I should say, you said that you were a huge fan of Industry Focus and our podcast before coming on as an intern.
Quinn: For sure. I've been a longtime listener. I was introduced to it by my former boss, who was something of my trading mentor back in high school. I used to work at the coffee stand at the local farmers market. And shout out to Owen, he's a member of The Motley Fool Stock Advisor, but when I was first starting out with investing, he had suggested to me to check out The Motley Fool website and podcasts. And since then, I've been an avid consumer of your content.
Flippen: [laughs] Oh, my gosh! That's so great. I didn't know that before we just started taping this, so, yes, definitely shout-out to Owen, hopefully you're listening. I'm sure a lot of people listening will probably want to know maybe just like more about you and how you came to be an intern and how you got introduced to The Motley Fool; though, it sounds like Owen might have been that introduction.
Quinn: It was definitely Owen. And I'm a dual-major in journalism and economics, so I was very eager to apply to intern at The Motley Fool. I felt like it would be a great way to combine both of my majors and I wound up getting an internship, and I couldn't be more happy. I'm very confident I made the right choice. I have so far been doing stuff related to social media in my internship, and I have been really enjoying what I've been doing. It's been challenging, yet exciting, and I am really eager to see the impact of the work that I've been doing on The Motley Fool in more tangible ways as well as the impact of the work that my fellow interns have been doing as our internship progresses.
Flippen: Yeah, and you are an investor within your own right as well, as with many of our Fools, who aren't necessarily, you know, the ones filming these podcasts or on our investing team. I think it's fair to say that the vast majority of our employees themselves are interested investors. And, yeah, you came to me with the topic that we're going to be discussing today, which is cybersecurity, it's really exciting. What made you interested in talking about cybersecurity today?
Quinn: So, what initially got me interested in the cybersecurity industry was the innovative ways it's been deploying artificial intelligence and machine learning in its malware detection, which I'll get into later when I discuss specific companies. But lately, the industry has shown great growth potential in the wake of COVID-19 as millions of people are working from home and cyberattacks are getting more sophisticated and widespread. And the uptake in demand for cybersecurity has certainly been reflected in cybersecurity stocks, as much of them are trading in all-time-high territory. So, I've been interested in exploring whether prices are inflating to dangerous levels or whether these stocks would make good long-term investments.
Flippen: Yeah. And part of the reason I think you hear the argument that cybersecurity, in general, maybe could be a bubble right now, if you will, is because the COVID-19, you know, work-from-home trend has made it such an important issue. A lot of the cybersecurity companies that I'm invested in or that The Motley Fool really likes, they've had a really great year against a very volatile market. So, how has COVID changed the landscape for cybersecurity companies?
Quinn: So, in the rapid shift to remote access and teleworking, we've seen upticks in phishing, trolling, and malware attacks that make securing company data and communications of great importance. The World Health Organization, for example, said in April that they've experienced a five-time increase in cyberattacks since the start of the pandemic, including email and password leaks and scammers impersonating the WHO in emails asking for donations. Furthermore, the FBI reported a nearly four-time increase in cybersecurity complaints and some of these vulnerabilities have been found in apps that we've been relying on, like, Zoom and Microsoft Teams. So, we'll be counting on cybersecurity companies to combat these threats even beyond the pandemic.
And it does look like working from home will last beyond COVID-19, at least for some, with Twitter, Square, and Shopify and others announcing that they will transition to allowing their employees to work from home whenever/forever. Not only that, but people are enjoying not having to put on makeup or wear shoes or having to commute in the morning, so. Well, in fact, I actually have a statistic from getAbstract, the business publishing company, they had surveyed over 1,200 people in April and they found that almost 43% of full-time American employees said they want to be able to work remotely even after the economy has reopened. And almost 20% said their companies were actively discussing how they could continue remote work in the future. So, people are getting used to having that time back that they'd have spent, you know, ironing or commuting to work and they want to work from home permanently even after the pandemic is over. And needless to say, in that future, cybersecurity companies and computer security and securing data access will be a priority.
Flippen: I feel so personally attacked right now, because as we're taping this, I'm sitting at home, no makeup on, and no shoes on, [laughs] definitely wearing pajama pants. You know, it's actually, that statistic you pointed out, about 43% of full-time Americans wanting to do more remote work, I mean, I'm actually surprised that's not a little bit higher. And personally, I mean, I don't own an iron to begin with, The Motley Fool is very relaxed work culture in terms of the outfits that we wear, but the kind of response I've seen from the market right now has been, if we don't need to be in-person to make transaction happen or to do our jobs, then why should we be? Like, isn't it just a waste of energy to go into places?
Quinn: I totally agree and I am surprised as well that the statistic is not higher. I wonder if maybe in-person interaction is good for our mental health and vital to our lifestyles in that respect, because I certainly feel deprived of social interaction. So, I guess that could be an argument for continuing in-person working.
Flippen: Yeah, and you're actually taping this podcast from Arlington, Virginia, you said?
Quinn: From Alexandria, Virginia.
Flippen: Oh, Alexandria, Virginia, yes. Which is right next to The Motley Fool's Headquarters, but you are not in our Headquarters, you are, in fact, reporting from home.
Quinn: No, I'm about five minutes away, but I'm not in Headquarters.
Flippen: [laughs] And I know that you're bummed about that, a lot of our interns are bummed about that, because part of the experience of interning at The Motley Fool is having the opportunity to, you know, A. meet everybody, right, see them in-person, communicate with them, but also, learn a little bit about Foolish culture from experiencing it. And we can all do our best to spread culture virtually, but it's never the same virtually as it is in-person. So, on behalf of the pandemic, I apologize that your internship experience has, kind of, been undercut by the issues that we're seeing today.
Quinn: Oh, yeah, I'm certainly bummed, and I have no point of reference, but it does seem like The Motley Fool's company culture that it's so well-known for, is still very strong in the Zoom sphere.
Flippen: [laughs] Yeah, let's hope so. We'll see if we end up getting -- we're recording this over Zoom right now, so if we end up getting Zoombombed then, you know, maybe that changes a little bit. But you mentioned Zoom when you were talking about companies that have been at the center of the discussion about cybersecurity. And so, maybe we can talk a little bit more about, you know, what the landscape looks like for companies right now. So, Zoom clearly needs to step up their cybersecurity capabilities, but they're not a cybersecurity company. How does a company even go about picking a cybersecurity company to work with, or is it multiple companies? Because the landscape right now for cybersecurity companies feels to me, as an outsider looking in, to be very convoluted. There's not, in my opinion, a ton of differentiation among the cybersecurity companies that probably trade right now. So, is this a situation where there are a handful of companies that are truly differentiating themselves from the pack or is this a rising tide lifts all boats sort of thing?
Quinn: That's a very fair point, and you're certainly right that the cybersecurity industry is crowded. It also has a reputation of being overvalued. So, it could be argued that the entire sector could be due for a correction very soon. At any rate, you'd want to be very picky. One thing to acknowledge is that -- a plus of this industry is that it's dynamic and it can keep reinventing itself. And I think there are definitely companies that, for now, are doing more than others.
This mostly has to do with a fancy tech concept called SASE, which stands for ...
Flippen: [laughs] ... wait! I haven't heard of this, it's actually, S-A-S-S-Y. Sassy?
Flippen: Oh! Okay, well, not the "sassy" I was thinking of then.
Quinn: That would have been really fun, [laughs] if it was spelled the other way, but, no, it's S-A-S-E and it stands for Secure Access Service Edge. And there's a whole bunch of articles and discussion being held around this concept. And shout-out to Fool analyst and tech expert Tim Beyers for catching me up-to-speed with this. I'll attempt to explain SASE as simply as possible, but you should know that it's regarded as the future of the cybersecurity framework. And it essentially leverages the cloud.
So, there's an agent software that would be downloaded onto our devices, which would work in conjunction with data that's in the cloud. So, that data as well as the agent software would look at the user's internet speed, network, and device and it would be able to decide what data does this user have access to or is this unusual behavior for the user. So, cybersecurity is more centralized in this concept, SASE, and using the cloud, it's more flexible, it's more personalize-able to whoever is using the device. And it's also much more scalable.
So, the cloud has vastly changed the way security works. There's no perimeter in the cloud and there are no physical borders, like what you'd have with the firewall. So, SASE actually deems firewall security outdated and firewall security is too confined to the workplace. And with that there are cybersecurity companies that are more poised to adopt SASE and other companies that have some hurdles to jump through as they reinvent themselves to catch up to the way security is evolving.
I'll give an example, some of you might have heard of Palo Alto Networks, which is ticker symbol PANW. So, they've primarily sold firewalls, and SASE undercuts and threatens the core business of their company. I will note, though, that they are taking steps in the right direction. They have recently agreed to acquire a developer called CloudGenix, it's a Software Defined Wide Area Network developer: SDWAN. They had agreed to acquire them $420 million in March in order to strengthen their SASE offering. But they still have some steps to take.
Flippen: Yeah, this space is so convoluted. I mean, you got so many acronyms in there. You got SASE and then, I guess, the company that Palo Alto Networks acquired individually as well. So, does that mean that the future of cybersecurity is just cloud or do you see there actually being any value of having on-premise solutions? I mean, maybe you don't know the answer to this, but this is a debate that we have a lot at The Fool, whether or not everything moves to the cloud or if there ends up being some, sort of, like, hybrid solution.
Quinn: Oh, it seems like from my research a hybrid solution would be ideal, and that essentially is what SASE is, it's primarily in the cloud but it still relies on what's called deposit agent software. So, software that you'd have to install on your device; it's not purely cloud-related.
Flippen: I'm letting my ignorance show with my questions here. [laughs] So, let's dig into some of the companies that you think are maybe differentiating themselves in this space right now. You said that you thought that there's the potential for the cybersecurity industry to be in some sort of bubble state, but are there companies that you think are separating themselves from the pack in a good way?
Quinn: Totally. I'll discuss two companies that viewers might consider adding to their watchlist. The first is called Zscaler (NASDAQ:ZS), the ticker symbol ZS. And they work with companies, like, Microsoft, Verizon and even the United States Federal Communications Commission, the FCC. It's a SASE company that will have momentum as companies move to the cloud. So, one of their products is their Zscaler Private Access, ZPA, and this allows users to securely access corporate apps without network access, so through the cloud. And ZPA was a driver behind the company's recent successful earnings report. The report saw that Zscaler's ZPA usage grew 10 times since the last quarter. And the company, in general, seems to be growing fast. And you could infer that this is due, in part, to the work-from-home wave.
Zscaler has actually seen over 168% increase in its stock price from when its stock fell at the start of the pandemic to where it is now.
Flippen: Oh, just a little bit. [laughs]
Quinn: That should be cause for alarm and prudence for sure, but I think Zscaler's strides in the SASE security infrastructure support its long-term fundamentals.
Flippen: Yeah, the question I always like to ask myself when looking at companies that have an increase in stock price really dramatically over a really short period of time is, you know, I look at the size of the company as it exists whatever day I'm looking at it, so today, versus the size of the market that they're playing in. And there are some companies that I've always felt, kind of, skeptical about because I thought, man! You know, the demand valuation that you have today, it's really making some very aggressive assumptions about the size of your audience, and how you're going to retain that audience and grow it in the future. But when I think about cybersecurity companies, I guess, I don't have that same concern, because there's no way that five years from now or 10 years from now, cybersecurity is less important than it is today. I think the question is, does Zscaler become the company that ends up being the framework for which cybersecurity measures and policies are made in the future? And not that anyone can know that, but it certainly is a really well-run company that's carving out a strong niche for itself.
Quinn: Yeah. I think a lot of the high stock prices and the inflated stock prices might have to do with the fact that people have been, kind of, taking refuge in cybersecurity, and tech stocks in general, during the pandemic, because there is no supply issue with cybersecurity stocks and there are no, you know, physical locations that they're having to rely on like other companies.
Flippen: Yeah. And I want to talk about the other company that you called out. I think I'm not sure if you've mentioned it yet, I don't want to take it away from you if you haven't mentioned it, you said, Zscaler, what's the second one? [laughs]
Quinn: Second one is CrowdStrike (NASDAQ:CRWD), ticker symbol CRWD.
Flippen: Oh, that's great. So, selfishly, I'm a big fan of CrowdStrike. I think it's one of the handful of cybersecurity companies that I'm familiar with; I don't want to steal your thunder, but it's really doing something unique in this space, maybe you can tell us more about its business?
Quinn: Sure. So, some of their clients include Goldman Sachs, Credit Suisse and Sony, among many others. And they use what's called an endpoint security system, wherein the agent software that I had mentioned earlier, it communicates with the cloud to protect the data that you're trying to access. And their cloud architecture, similar to Zscaler, allows users to scale their workload protection and protect their data at a greater capacity.
So, I think they're particularly interesting for the way they've been using machine learning, through that they use data to have its software build upon itself, so that it can identify malware in devices without prior knowledge of the malware. So, in other words, as hacking tactics constantly evolve, so does CrowdStrike's software.
Flippen: Go for it.
Quinn: Oh, I was just going to read a quote that I have from CrowdStrike, it's, "Machine learning works because it can understand and identify malicious intent based solely on the attributes of a file without prior knowledge of it, without signatures and without needing to execute the file to observe its behavior." So, I think this particular integration of AI gives CrowdStrike an advantage over traditional endpoint vendors.
Flippen: Yeah, it's such an interesting company. I kind of hate, like, machine learning, AI, because they're these buzzwords that get investors really excited and then oftentimes in practicality it's meaningless, but CrowdStrike is actually doing something or is working in a business, in an industry, that can really benefit from combining the intellectual work of professionals alongside machine learning and artificial intelligence to prevent and treat hacks before they happen.
Quinn: For sure, yeah. And I have another fun fact. Google's [Alphabet] private equity firm, CapitalG, has invested hundreds of millions in CrowdStrike and is one of their biggest shareholders; if that adds some more credibility to the company.
Flippen: Yeah, I actually didn't know that. That's awesome. [laughs] And when I think about a company like CrowdStrike, it's obviously made for the crowd environment -- cloud environments and the crowd environment, if you will. [laughs] Virtually every company out there needs some sort of cybersecurity protections. But I've heard this machine learning almost described as a network effect, and I'm not sure if I'd go as far as to say CrowdStrike has a network effect. But when you think about the vulnerabilities and the threats that are learned throughout integrating the data and knowledge from, you know, hundreds of customers and hundreds of clients, combined into one system, it means that as they get more clients, they get more awareness about the vulnerabilities that exist, which would tend, presumably, to drive more people to want to use their platform, because it is a better platform. So, I think that's an interesting argument I've heard for it. Again, I'm not sure if I'd go as far as to say that's the case, but I thought it was an interesting take.
And before we wrap up here, I kind of -- we started off with the question of, you know, cybersecurity companies in this COVID environment, you know, they've been one of the really well-performing industries, but it could be a bubble. Do you personally think that cybersecurity companies right now are in a bubble? Like, if you were going to play the cybersecurity industry for yourself, is it, I avoid the entire industry, I buy an index fund or an ETF of just cybersecurity companies, or I just try to pick one or two that are the really good ones? How would you play it?
Quinn: I might agree that the cybersecurity industry is in a bubble, but I wouldn't avoid it entirely. I would pick just a few solid companies, companies that are growing substantially and are kind of spearheading the cybersecurity and cloud computing evolution. And some of those were the companies I had just mentioned.
Flippen: Well, Meilin, this has been an absolute pleasure for the last 20 minutes or so, getting the opportunity to talk to you. I love using Industry Focus as a platform to feature a lot of our young voices and new voices, because you are obviously way more educated and aware of the [laughs] cybersecurity space than I am right now, with your SASE conversation. I'm "sassy" in a different way clearly, but I really appreciate you taking your time out of your day to join me for this episode of Industry Focus, it's been a total pleasure.
Quinn: I really appreciate you being open to having me on and for your support, and I really enjoyed our conversation. Thank you so much, Emily.
Flippen: And we'll definitely do it again sometime. And you know, I do hope you enjoy the rest of your internship. But, listeners, that does it for this episode of Industry Focus. If you have any questions or just want to reach out to say "Hi!" you can always shoot us an email at IndustryFocus@Fool.com or tweet us @MFIndustryFocus.
As always, people on the program may own companies discussed on the show, and The Motley Fool may have formal recommendations for or against any stocks mentioned, so don't buy or sell anything based solely on what you hear.
Thanks to Kyle Carruthers for his work behind the screen today. For Meilin Quinn, I'm Emily Flippen, thanks for listening and Fool on!