Greetings, and welcome to the Tenable Third Quarter Earnings Call. At this time, all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. [Operator Instructions] As a reminder, this conference is being recorded. I'd now like to turn the conference over to your host, Andrea DiMarco, VP, Investor Relations and Strategy.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's financial results for the third quarter of 2018. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued a press release announcing our third quarter 2018 financial results. You can find this press release on the IR website at tenable.com. Before we begin, let me remind you that we will be making some forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the fourth quarter and full year 2018, growth drivers in Tenable's business, changes in the threat landscape in the security industry and our competitive position in the market, growth in our customer demand for and adoption of our solutions, Tenable’s expectations regarding long-term profitability, and planned innovation and new products and services. These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook. For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent quarterly report on Form 10-Q filed with the SEC filings on September 7, 2010 and subsequent reports that we file with the SEC, which are available on the SEC website at sec.gov. In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for, or superior to, measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalents. Our press release that we issued today includes GAAP to non-GAAP reconciliations for these measures. And now let me turn the call over to Amit.

Thank you, Andrea, and thank you everyone for joining us on the call today. I’m pleased to share that Tenable delivered another strong performance in our second quarter as a public company. Revenue grew 42% year-over-year to $69.4 million and calculated current billings grew 35% year-over-year to $86.7 million. We continue to expand our leadership position as we define the Cyber Exposure market. As Steve will detail in a moment, we’re raising our guidance for the full year based on our third quarter results and positive outlook for the remainder of the year. Our third quarter saw continued strength in demand for both Nessus Professional and our enterprise platform offerings, Tenable SecurityCenter and Tenable.io which you’ll hear me refer to at SC and IO for short. Enterprise demand was strong across a wide range of verticals including strong performance in the seasonally strong fed sector as well as in each of our major geographic areas of operation. The end result was continued strong volume with the addition of over 200 new enterprise platform customers in the third quarter. We also saw the continued adoption of Tenable as a strategic enterprise platform for Cyber Exposure, as evidenced by the addition of 47 new six figure customers. We also added to our seven figure customer base during the quarter. Before we move on to customer highlights, we appreciate that many investors are still relatively new to the Tenable story. So I would like to take a few minutes to reiterate what we do and why customers choose Tenable for their Cyber Exposure strategy. Cyber Exposure builds on our roofs in vulnerability management and expands our value proposition in two key ways: The breadth of visibility across a wider set of asset types and the depth of analytics to better understand and communicate…

Thanks, Amit. Let me now dive deeper into Tenable's third quarter 2018 financial results and our business outlook. I'll begin by reminding you, that except for revenue, all financial results we will discuss today are non-GAAP, unless otherwise stated. As Andrea mentioned at the start of this call, GAAP to non-GAAP reconciliations of these financial measures can be found in our earnings press release issued earlier today. Revenue for the quarter was $69.4 million, representing a 42% growth over the same quarter last year, and it’s also above the high end of our guided range. Revenue was higher than expected due in part to better calculated current billings in the quarter as well as strong intra-quarter flow. Its also worth noting that 89% of our revenue in Q3 was recurring which is a benefit of our subscription model. As you may recall, we include revenue from subscription and maintenance contracts in recurring revenue but exclude professional service and perpetual license revenue in this definition as such amounts are not available for future renewal. Since we are on the topic of perpetual licenses, as a reminder, under ASC 606, we recognized revenue from perpetual licenses ratably over five years versus revenue recognition upfront previously. I briefly mentioned our subscription model earlier. But once again as a reminder, we sell our software primarily on an annual subscription basis with a term that is generally one year and less, although some customers prefer multiyear contracts. Substantially all of our contracts are paid upfront. The value of a contract can be based on the number of IPs or assets purchased. Now with that as a backdrop, I want to walk you through our calculated current billings. Since swings in the percentage of billings for multiyear prepaid contracts can meaningfully skew growth in total billings…

Thanks, Steve. In summary, we continue to be excited about pioneering Cyber Exposure. We’re partnering more and more with customers in strategic approach to vulnerability management. We believe the combination of our differentiated technology and strategic approach to the market position Tenable for success in this journey. Thanks all of you for joining the call today. We look forward to seeing many of you during our events coming up in November. We will be participating in the Stifel Midwest one-on-one conference on November 8th in Chicago, and the BTIG Tech Conference November 14th in New York City. We also expect to be in New York and Boston and likely San Francisco before the end of the year. So we hope to see many of you in person. We appreciate your interest in Tenable. We'd like now to open-up the call for any questions.

At this time, will be conducting a question-and-answer session. [Operator Instructions] Our first question comes from the line of Sterling Auty from JPMorgan. Please proceed you’re your question. Sterling, your line is now live.

Just want to start with Steve. Is there anything to read into the current billings growth was actually a little bit slower than the revenue growth, I know they are both really high growth rates but I just want to check and see if there's anything that we should be reading into that?

No, we are very pleased with our performance in the quarter, nothing fundamentally has changed in the business. We are generating very strong top-line growth at significant scale outgrowing the market by a wide margin here. So our outlook in Q4 and our results in Q3 reflect good growth of scale. And the takeaway here is, we’re in the midst of a major market opportunity we believe, we are making the right investments in the business to drive attractive long-term growth.

Alright, great. And then just one more on the technology side. Amit, you talked about the integration with ServiceNow, are you finding that the main source of traction with that is customers actually asking and wanting that capability? Are you are actually at a point where you are seeing ServiceNow bringing you into opportunities for new customer opportunities?

Yes, I think the ServiceNow partnership is a great example where it’s really driven -- was driven initially by market demand. We have a lot of the joint customers, a lot of ServiceNow customers looking for VM solutions and vice versa. And so the sales teams ended up do working a lot together out in the field with various customer accounts. And then over time finalized the partnership and have generated a more thoughtful one top-down approach with certain marketing activities, joint account management and joint sales call. So it’s one that -- it’s a partnership that we've seen bear fruit and one that we have good confidence in going forward.

Our next question comes from the line of Melissa Franchi from Morgan Stanley. Please proceed with your question.

I just wanted to dig into the fed vertical just a little bit more. A commentary there suggests it was a very healthy quarter. So I'm just wondering was it meaningfully different than what you have seen in previous years. And if so what's driving that? And to the extent to which it was a healthy quarter, is that driven by government demand? Or is it driven mostly by -- or more or so by investments they are making in that vertical?

I think we had a strong federal quarter and a seasonally strong federal quarter, I think it’s really in line with our expectations. We saw several high profile renewals and expansions occurring and new six figure adds. We feel very good about our position in federal. We are seeing very strong demand in the federal market for vulnerability management solutions and increasingly I think for the first time we have seen the federal customer base looking more closely at the Cyber Exposure market opportunity and understanding that they have need for the capabilities that we bring to the table. So, in line with our expectations and I think continued confidence in our position in the federal market going forward.

I have one follow-up question on the technology. The Industrial Security Secure application on Tenable.io, you announced recently that you have extended that to OT devices beyond Siemens. And so I'm just wondering Amit if you could just talk about how that extends the opportunity in Industrial Security? And to what extent that was driven by customers looking for that extension and that greater visibility or is it more just getting ahead of potential opportunity?

No I think the expansion is probably more of a core requirement in the control system world. I think we’ve released a product that had pretty good coverage I think with thousands of control system devices and also simultaneously announced a strategic partnership, a global partnership with Siemens and have been working very closely with a number of very large enterprises. The truth is that in these control system environments you don't find that they have any one particular vendor brand as an exclusive provider. And so as you look at the traffic, as you look at these control system environments, they’ve got a diverse set of vendors in there whether it’s Siemens, Honeywell, GE, and Schneider and so on and so forth. And so the recent updated release of our Industrial Control System offering expands the number of devices that we can profile and understand by several thousand and we think that, I don’t want to call TableSafe, but when you're operating in these complex environments and you’re looking at it -- at the traffic, if you're looking at 75% of that traffic and say hey it’s unknown to me, that doesn’t fit well with customers. If you can identify and profile the vast majority of the devices and infrastructures they had I think that’s sort of a core requirements for customer success.

Our next question comes from the line of Gray Powell from Deutsche Bank. Please proceed with your question.

Just a couple if I may. So you guys are growing about 40% give or take versus peers at closer to 20%, in the market they call it low teens. Can you talk about how much of that is prefilled versus replacements and then just your confidence level on maintaining that gap going forward?

Yes. So first part of the question, I think we’re confident that there’s significant untapped potential in the VM market. We’ve done a fair bit of in-depth analysis and our finding is that about 50% of the customer base out there is still immature in their VM efforts in terms of how they're approaching and thinking about VM. So there’s lot of maturity that we can help customers go through as their needs -- as they recognize the sort of increased need for VM as a core part of their security processes. We also see -- we’ve done some analysis, and we see that about a third of the enterprises out there are -- have not yet embraced an enterprise wide VM solution. So there’s no doubt they’ve got regulatory requirements, they’ve bought, they’ve deployed VM solution for a PCI or some other one data center, one business unit, some portion of their infrastructure. But they have not embraced VM as an enterprise wide requirement and understanding of what their overall cyber risk looks like. So we have got great confidence in ultimately the size of the opportunity in front of us in VM, the growth potential for the VM market, and believe that we can build a very successful enterprise focused on that. Now our strategy includes a superset of VM. VM is a core building block and requirement for this broader vision around Cyber Exposure, so it’s not just VM, it’s also understanding the control system, the IoT infrastructure, the cloud environment, the DevOps containers and web applications and also in helping to do a much deeper job of analyzing that exposure data. So from a risk metrics perspective, from a prioritization perspective, from a benchmarking. So when you combine all of those, we have tremendous confidence in our ability to deliver growth over an extended period of time.

And let me just sneak one more in just really quickly. Can you just help with any early feedback on Lumin and how quickly you should expect that to ramp-up once it goes GA next year?

Yes I think we continue to operate Lumin in beta mode. We've gotten lots of great feedback and continue to get lots of great feedback during the beta program, it's been very positive and we remain extremely confident that the type of insights that we can provide in terms of understanding risk benchmarking it across peers is incredibly important to VM and ultimately our Cyber Exposure strategy. Our data science and as Steve mentioned our data science team is -- has been contributor and differentiator in the analytic space and we anticipate that we will go to GA with Lumin in 2019.

Our next question comes from the line of Gur Talpaz from Stifel. Please proceed your question.

So Amit you talked about your first ICS deal with the US Fed and I want to ask within that dealing more broadly speaking, how important is having a broadly holistic platform that can span both traditional VM and non-traditional use cases in winning such deals?

So I think it's a great question and obviously highlights I think some insights that you have. We've seen a lot of interest, I think broadly the markets sees a lot of interest in the control system world and the critical infrastructure world. These are critical business processes that are automated and now at risk. What we've found over the last couple of years is that it's not only just sort of digitization of the control system world that makes it exposed but it's also those control system environments have been invaded if you will buy other general purpose IT components. And so, when you're looking at control systems, when you're looking at industrial systems, it is very difficult or I would say it would be incomplete to look at those control systems without understanding the IT systems on those same networks that the control systems rely upon. So we believe it's a critical component and a strategic differentiator versus some pure play point products which might only look at the OT components in isolation.

And then in the commentary you talked about a set of customers using both Tenable.io and SC in conjunction. Typically, I would've thought about kind of being separate solutions either you pick one of the other, but it sounds like there are the use case for both in conjunction. How typical is that, are you seeing more of that and can you walk us through that use case?

Yes, it's actually I would say the number of customers and the frequency with which that happens is probably far greater than I would've originally anticipated, although now in sort of hindsight and as we experience the growth, it does make sense. Those customers frequently have already deployed SecurityCenter, they are already customers they are already confident in Tenable as a provider to help them gain insight into their environment, but they have need for their hybrid -- their operating hybrid environments. They have a mobile workforce that they don’t want to punch holes in the firewall to be able to maintain vulnerability status for those mobile workforces. They want to assess their networks from the outside and see what their exposure looks like from an external perspective, where they have other cloud-oriented requirements. And so what we have seen is even in the SecurityCenter customer base there has been an adoption and expansion, if you will, in leveraging the new technology that we made available in the cloud platform in Tenable.io. And so we are seeing an expansion there and we are also seeing it with new customers which select to go with a hybrid approach right off the back.

Our next question comes from the line of Jonathan Ho from William Blair. Please proceed with your question.

I just wanted to start with maybe some thoughts around your commentary about where we are in terms of the adoption of some of these newer assets. Can you maybe give us a sense of what inning we are and where you're seeing maybe more rapid adoption happen relative to the assets that you kind of listed off?

Yes, I assume it’s a nine inning game and not an 18 inning game. I would say we are still in the early innings. I don’t know if it’s in inning two or inning three but my gut feel is that we are in that first period. So we see growing adoption, we see customers sort of moving in this direction more now landing six figure transactions in these new asset types. We are seeing existing customers start with modest deployments but increasingly talking about more broad deployments in their modern asset types as well. And so even in customers which are making the selection to become Tenable customers, even where they are not purchasing modern asset type coverage yet, we are hearing pretty consistent feedback that the ability to expand their plans and designs to expand and they have a need for those modern asset type -- visibility to those modern asset types. So we are seeing that as a consistent theme that the strategy aligns with their security program point of view, and align with where they want their programs to head. So I would say we are still in the early innings, I mean somewhere between the second and third inning, but we are confident that the direction and the trends are well aligned with the customer requirements, and the market.

And then there have been a few acquisitions that have been made particularly in the cloud vulnerability market by some of the bigger competitors and the broadly security space maybe not traditional VM providers. Can you talk a bit about how much overlap you might have there? And maybe how you can compare and contrast your offering relative to some of the newer acquisitions that have happened?

I think there certainly is some overlap, in other words I would describe it as 15% or 20% overlap. I wouldn’t describe it as a 50% overlap, I think it’s significantly lower than that. And if you look at the company that have made acquisitions there, it is really the larger, more established firewall vendors that to some extent have the perception or they’re taking some criticism for what their strategy looks like and how relevant they will be and what their future looks like in primarily a cloud-based world. And so I think a lot of the features that they’re focused on, a lot of the functionality that they’ve really tried to embrace is a firewall like functionality for cloud environments. Now those -- the companies that have been acquired are I think primarily focused on that control plane but they did have some assessment capability. So like I said there’s some overlap but I think the use case, the mindset, the customer base and I think the development path for those acquired properties is likely kind of divergent with where Tenable’s capabilities and future capabilities will look like in the cloud world specifically. And so we view it as a visibility, so when you turn to us for understanding your exposure on the network you want to understand that in the cloud and I think that’s the firewall vendors are also thinking hey you want the control of your network, you want the control in the cloud environment. So there’s some overlap but I think it’s diverging strategies, not one that are converging or likely to conflict more going forward.

Our next question comes from the line of Daniel Ives from Wedbush Securities. Please proceed with your question.

So may be like to the point before about -- again inflection point, larger deals, obviously product expanding in terms of portfolio and to maintain with Lumin. Maybe you could talk anecdotally how your conversations with customers have changed, is it -- as obviously you become a bigger piece of the solution of the cyber risk exposure, maybe you could just talk anecdotally what we think we were six months a year ago?

Yes. I think there’s a couple of things worth noting here. One is the Tenable journey. The other is the customer journey and maybe the third is kind of like how the market is evolving. I think the Tenable journey is we -- this company grew up as a very technology-oriented company. It was all about the accuracy of the scan, the flexibility of the technology, how we achieved better results. There wasn’t a whole lot of emphasis on the enterprise go to market notion, the account management aspects, the enterprise support aspects of the relationship. And so we’ve been on this journey over the last couple of years and continue to make great progress. And so that enables us to have more strategic conversations with our customers than we’ve had historically. And customers are on this journey understanding the importance of VM and Cyber Exposure. If you go back and look at where we were two years ago, vulnerability management was kind of a little bit of a tired market, there was a compliance driver, but many enterprises didn't view VM as a strategic component into their security program. As you’ve seen a lot of high profile breaches whether it's sort of Equifax, the WannaCrys, and NotPetyas of the world, the things that became very costly in news to many large enterprises, you see corporate leadership asking questions of the security program, hey are we susceptible to that, how are we managing risk, how exposed are we? And those questions point to the VM program and have increased the prioritization, the customers and the strategic view that customers have of their VM programs. And so I think there is a couple of trends here which really become tailwinds and enable us to have more strategic enterprise-wide conversations with our Chief Information Security Officers and Senior Executives, and I think Lumin and the types of analytics that we have developed and are working on going forward, I think play too in our results of some of those conversations.

And I just have a question, I mean I was hearing before but obviously you guys are doing extremely well in the field, spending well right on R&D perspective. And maybe this is for Steve. Like how do you sort of balance going into the next year in terms of growth and start and then look at profitability relative to now being in such position of strength? Thanks again.

Hey, Daniel. This is Steve. With regard to 2019, we aren’t specifically commenting on 2019 at this time. We will provide our outlook for the year on the upcoming call in February. That said, we feel very good about the momentum in the business and how we are executing. And given the positive market trends that we highlighted on the call today and Amit also underscored earlier we are at the early stages of a multibillion dollar market opportunity. We’re confident we can deliver strong growth for the time to come. That said, when you look at our top-line growth while we’re growing and doing good growth on good scale, we’re not growing at all cost. We are very mindful of the bottom-line, but continue to make progress on the operating margins on a year-over-year basis, you can see even some of the leverage that we are demonstrating here today on this call. And a good leading indicator of that I think will be -- is the cash flow burn. It's been fairly modest this year. So our focus is to kind of lean in on the top-line growth, all while we march towards positive cash flow and profitability. And what we've commented on earlier with regard to the cash flow is that we expect to be cash flow positive by the time we exit 2020. The great results for delivering today only reinforces that, that notion and we’re excited about the opportunity ahead.