Tenable Holdings, Inc. (TENB) Q4 2018 Earnings Report, Transcript and Summary

Greetings, and welcome to Tenable’s Fourth Quarter Earnings Call. At this time, all participants are in a listen-only mode. A question-and-answer session will follow the formal presentation. [Operator Instructions] As a reminder, this conference is being recorded. I'd now like to turn the conference over to your host, Andrea DiMarco, VP, Investor Relations and Strategy. Please go ahead.

Thank you, operator, and thank you all for joining us on today's conference call to discuss Tenable's fourth quarter and full year 2018 financial results. With me on the call today are Amit Yoran, Tenable's Chief Executive Officer; and Steve Vintz, Chief Financial Officer. Prior to this call, we issued a press release announcing our fourth quarter and full-year 2018 financial results. You can find the press release on the IR website at tenable.com. Before we begin, let me remind you that we will make forward-looking statements during the course of this call, including statements relating to Tenable's guidance and expectations for the first quarter and full year 2019, growth and drivers in Tenable's business, changes in the threat landscape in the security industry and our competitive position in the market, growth in our customer demand for and adoption of our solutions, Tenable’s expectations regarding long-term profitability, and planned innovation and new products and services. These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. You should not rely upon forward-looking statements as a prediction of future events. Forward-looking statements represent our management's beliefs and assumptions only as of today and should not be considered representative of our views as of any subsequent date. We disclaim any obligation to update any forward-looking statements or outlook. For a further discussion of the material risks and other important factors that could affect our actual results, please refer to those contained in our most recent quarterly report on Form 10-Q filed with the SEC on November 8, 2018 and subsequent reports that we file with the SEC, which are available on the SEC website at sec.gov. In addition, during today's call, we will discuss non-GAAP financial measures. These non-GAAP financial measures are in addition to and not a substitute for, or superior to, measures of financial performance prepared in accordance with GAAP. There are a number of limitations related to the use of these non-GAAP financial measures versus their closest GAAP equivalents. Our earnings release that we issued today includes GAAP to non-GAAP reconciliations for these measures and is also available on the Investor Relations of our website. And now, let me turn the call over to Amit.

Thank you, Andrea, and thank you for joining us on the call today. I'm pleased to share that Tenable delivered another strong performance as we closed out 2018 on a high note. Revenue in Q4 grew 39% year-over-year to $75 million. The calculated current billings grew 36% year-over-year to $97 million. Our strong momentum highlights the rising importance of and growing investments in fiber exposure. As we talk to customers in the field, we consistently hear that vulnerability management remains a top priority for 2019. Understanding and reducing cyber risk remains a strategic C. Suite and board level issue. Tenable is increasingly recognized as the strategic and foundational component of these efforts. With a successful Q4 and 2018 behind us, we would like to highlight why we believe Tenable is a category leading security company. First, we continue to believe the vulnerability management market is much larger than anticipated by traditional market research, given the rapid proliferation of connected devices. Second, we're marching to the enterprise, adding hundreds of new logos every quarter and consistently increasing our 6-figure customer base. And third, we're reinvigorating VM and pioneering enterprise understanding of cyber exposure, including the broader attack surface and corresponding business impact. The discovery and disclosure of vulnerabilities only continues to grow in volume and pace. While there are considerable amounts of legacy and end of life applications still posing residual risk, the proliferation of connected devices increased the surface of attack and created more and more vulnerabilities. One of the biggest drivers for our success continues to be this digital transformation. According to Gartner's February 2018 forecast, IoT security worldwide 2018 said IoT endpoints will grow at a 32% CAGR, reaching an installed base of 25 billion units by 2021. As such, a growing number of our customers are expanding their deployments to include these modern asset types, such as cloud, web applications, containers, operational technologies, and Internet of Things. The rapid growth we're seeing in cloud, IoT, and non-traditional devices validates our view that the VM market is much bigger than forecasts developed by traditional market research. We extended our IoT asset coverage across both Tenable.io and Tenable.sc last year. Our coverage of embedded devices, point of sale systems, teleconference and surveillance devices and other IoT assets grew over 50% in the second half of 2018 versus the first half. Cloud asset coverage grew over 3x in the second half of 2018 compared to the first half. The momentum of cloud deployments is robust and driving strong adoption of our cyber exposure solutions. On the operational technology front, we continue to make meaningful progress. Originally, only available on Tenable.io, we've added OT capabilities to Tenable.sc in Q4. In Q4, we also sold our first 6-figure Tenable.sc industrial control system bundle [Technical Difficulty] exciting win with a major oil and gas joint venture. This example is more evidence of the increasing IT/OT convergence within organizations. We're seeing more OT security purchasing power shift to include input from the CISO suite. This places the Tenable strength in in the market and creates a broader opportunity for us to assess both the IT and OT environments. When I talk to customers, they are in various stages of their digital transformation and trying to get visibility into all the new connected devices. They recognize that VM is the foundation of a solid fiber strategy. That's why they're looking to do VM more holistically with breadth across all asset types, many of which they currently lacked visibility into. They want to do it better and more efficiently with greater depth of analytics. They want a cyber exposure solution. With that, I’d now like to highlight a few noteworthy new 6-figure customer wins in the quarter. A large European insurer purchased Tenable.io with web application scanning, PCI, and container to overhaul the VM strategy and start maturing their cyber exposure understanding. This company needed a solution that would align to their transformative global digital plan and deliver a solution in a complex environment across traditional and modern assets. This example highlights a typical customer journey from VM to cyber exposure. Another new customer win is a multi-platform purchase, both SC and IO together by a national healthcare company. This company had a very manual and unsustainable VM effort. They quickly realized the need for an enterprise wide solution to manage their growth and reduce the risk of new vulnerabilities. They ultimately purchased SC and also IO for external scanning processes. They chose Tenable due to our hybrid offering and our scalable enterprise wide cyber exposure vision. While this was a modest competitive displacement, it was also largely Greenfield because the incumbent was only used for external scanning. We’d also like to share a couple of 6-figure Nessus upsell wins in the quarter. A global e-commerce company purchased Nessus last year and was looking for a more strategic VM solution in addition to considering cloud and container security as separate project efforts. This customer recognized the value and Tenable.io’s unified strategy that included cloud and container scanning all in one platform and purchased Tenable.io plus container coverage. And another 6-figure Nessus upsell win is an SC win for national healthcare company. This company was also looking for a scalable strategic on-premise cyber exposure solution. They chose Tenable for our scalable architecture, our hybrid offering, and our reliable brand. We also continue to expand our leadership position in the public sector, maintaining a clear leadership position in the public sector is a priority and we strengthened that lead during the fourth quarter. Tenable was awarded an expanded 7-figure contract with the Department of Defense to provide assured compliance assessment solution called ACAS. For over 5 years, the DISA, the Defense Information Systems Agency and the defense community have relied on Tenable and ACAS as the de facto enterprise-wide solution for VM. We look forward to continuing to provide DISA and the DOD with a fast accurate cost effective and highly scalable VM platform to detect and counter known cyber threats to DOD enterprise assets in real time. And lastly, we had another large scale expansion in the Fortune 100 retailer. This retailer expanded from 500,000 assets in early 2018 to 1 million assets this past summer and then to 2 million assets in the fourth quarter and it continues to be great growth opportunity in the account. This customer is a great example of the expanding needs of enterprises to assess cyber exposure across traditional and modern assets, covering everything from lead properties to point of sale devices. To build on our market leadership we made a decision earlier in 2018 to increase our investment in research both to help our customers accelerate their cyber exposure transformation and help us focus our efforts on the rising issues that matter most to our customers. Our 2018 vulnerability intelligence report found that enterprises identify an average of 870 new vulnerabilities daily with over 100 radius critical on the common vulnerability scoring system (CVSS) which is an industry standard measurement. The current lack of rigorous privatization suggests that organizations are struggling to remediate these increasing vulnerabilities and consequently, are unable to make strategic technology decisions. In the fourth quarter, Tenable announced Predictive Prioritization capabilities for both our enterprise platforms SC and IO. Predictive Prioritization combines Tenable collected vulnerability data with third-party vulnerability and threat information and analyzing them together with the advance data science algorithms developed by Tenable search. These data science algorithms analyze vulnerabilities using machine learning to anticipate the probability of a vulnerability being leveraged by threat actors. This innovative capability enables organizations to focus on the approximately 7% of vulnerabilities with reliable public exploits and focuses resources on an even smaller portion of those most likely to be exploited by threat actors, down to just 3%. Predictive Prioritization will be made available over the next few weeks and months as a core capability for our enterprise customers. This is yet another example of Tenable extending our leadership position and differentiating ourselves with our cyber exposure vision. Looking ahead, we continue to advance the development of our cyber exposure scoring, benchmarking, and peer comparison product, Lumin. During our beta customer discussions, we receive valuable feedback that prioritization of vulnerability which was originally contemplated as part of Lumin was viewed as something that should be a core component of those based VM used cases and platforms. Given the enthusiastic feedback, we accelerated the development to build Predictive Prioritization into SC and IO to make sure all of our enterprise platform customers had access to this critical functionality. Lumin will build upon and greatly expand the value of Predictive Prioritization by providing a deeper layer of insight based on asset criticality data. Criticality data enriches vulnerability information with the assets business context to strengthen the overall cyber exposure score. Lumin will also help customers measure and benchmark their cyber exposure both over time and against their peers. We remain very excited about the opportunity for Lumin in 2019. Before I move off to product innovation, I want to note a new addition to our product organization, Ofer Ben-David joining as a new Chief Product Officer. Ofer will lead Tenable global product organization into the next phase of cyber exposure solutions for managing and measuring cyber risk in the digital era. He is one of the most respected and innovative engineering leaders in enterprise software, having built large scale, cloud-based and on-premise solutions for some of tech's most iconic companies. As we continue to push the pace of innovation in the market, we also remain focused on strengthening our reach through strategic partners and integrations. In the fourth quarter, we announced an integration with AWS Security Hub that is designed to provide users with a comprehensive view of their high priority security alerts and compliance status. We also announced that Tenable.io was now available for purchase in the AWS marketplace. This allows customers to seamlessly build VM including the automated discovery and assessment of cloud infrastructure assets to manage, measure, and reduce cyber risk across cloud environment. Now, let me turn the call over to our Chief Financial Officer Steve Vintz and then I'll come back to summarize in the end.

Thanks, Amit. The fourth quarter marks a strong finish to a very successful year for Tenable. Let me dive deeper into the quarterly results as well as highlight the full year 2018 financial results and our business outlook for the year ahead. I'll begin by reminding you that except for revenue all financial results we will discuss today are non-GAAP financial results. Unless stated otherwise, as Andrea mentioned at the start of this call, GAAP to Non-GAAP reconciliations may be found on earnings press release issued earlier today and on our website. Now on to the results for the fourth quarter, revenue for the quarter with 75.2 million, representing 39% growth over the same quarter last year. It is worth noting that 90% of our revenue in Q4 was recurring, which is the benefit of our subscription model. As you may recall, we include revenue from subscription and maintenance contracts in recurring revenue, but exclude professional service and perpetual license revenue as such amounts are not available for future renewal. Since we're on the topic of perpetual licenses, as a reminder, in 2017, we began recognizing revenue from perpetual licenses ratably over 5 years in accordance with ASC 606. With that as a backdrop, I want to walk you through our calculated current billings. We believe calculated current billings is a good proxy of the underlying momentum of our business as it generally correlates to annual contract value and that's how we manage the business. Calculated current billings defined as the change in current deferred revenue plus total revenue recognized in the period grew 36% year over year and $97.3 million in the fourth quarter of 2018. This growth in scale is a testament to the rising importance of VM and the broader cyber exposure opportunity that we are addressing. Let's discuss customer momentum, which is an important driver of growth for us. In the fourth quarter, we added 337 new enterprise platform customers with an increasing mix towards larger deals. In terms of large deals, we had at 66 net new 6-figure customers in the quarter. These are customers who spend in excess of $100,000 annually on an LTM basis. This represents the largest number of net new 6-figure customers in our company's history. This brings the total number of customers spending in excess of 6 figures to 453. The takeaway here is that we are seeing strong demand in Enterprise both domestically and abroad and are experiencing continued momentum adding new customers and expanding the value of the relationships with existing customers. I'll now turn to expenses and profitability. Gross margin was 85% in the quarter which is the same as last year and up from 84% in Q3 of this year. As a reminder, we're making investments in our public cloud infrastructure in connection with the delivery of our Tenable.io platform. These investments are scaling better than expected and having less of an impact on gross margin short term. However, we continue to add new functionality and have points of presence globally and long term, expect gross margins to settle in the low 80s to high 70% range over time. Now turning to operating expenses, we are focused on improving operating leverage in our business over the long term, but in the short term, we are investing for growth. Sales and marketing expense in Q4 was $44.5 million compared to $32.2 million in the fourth quarter last year. This represents 59% of total revenue for the quarter, down from the mid 60% range in the first half of the year. As a reminder, sales and marketing spend as a percentage of revenue is typically higher in the first half of the year due to a large number of industry and other events as well as incremental investment in sales capacity in the first half of the year which produces leverage over time. R&D expense in Q4 was $19 million compared to $15.2 million in Q4 last year. As a percentage of revenue, R&D was 25% versus 28% in Q4 of last year. Innovation remains a top priority for us across all our products, but especially around data science, analytics, and coverage of new paradigm assets including OT, IoT, cloud, and containers. G&A expense was $11.2 million for the quarter compared to $7.8 million last year. As a percentage of revenue, G&A was 15% versus 14% in Q4 2017. The increase largely reflects new cost associated with being a public company. Our non-GAAP loss from operations in the quarter was $10.8 million. This compares to a loss of $9.2 million in the fourth quarter last year. Non-GAAP operating margin was negative 14% compared to negative 17% for the fourth quarter last year. Pro-forma non-GAAP net loss per share was $0.12, which was better than our guidance of a loss of $0.15 to $0.14 per share. Focusing on the balance sheet, we finished the fourth quarter with 283.2 million in cash and cash equivalents and short term investments. It's also worth noting, we early adopted the new lease guidance in Q4, as of January 1st 2018. The new guidance does not change how we record rent expense, but required us to de-recognize the previously recorded construction and progress assets and related financing obligation with building our new headquarters. For existing leases, the guidance also requires a balance sheet gross up of a liability for the present value of the remaining lease payments and a corresponding right of use asset that is combined with the lease incentives. As such, we have 10.3 million of operating lease liabilities and 8.5 million of right of use assets at December 31, 2018. In terms of cash flows, our free cash flow burn was 3.1 million for the quarter, compared to a burn of 6.6 million for the fourth quarter 2017. As a reminder, we started our ESPP program in August, which contributed 4 million to our free cash flow in the fourth quarter. The first stock issuance will be on March 1 of 2019 and our free cash flow in Q1 is expected to be negatively impacted by 5 million to 6 million from the contributions previously received as they are re-class to a financing activity. On an annual basis, however, the ESPP is not expected to have a significant impact on free cash flow. Overall, we are pleased with the efficiency and cash flow of the business. As a reminder in 2019, we expect to incur approximately 10 million of non-recurring CapEx related to the build out of our new headquarters, which will primarily impact free cash flow for the second half of the year, although we continue to target turning free cash flow positive by the time we exit 2020. Quickly touching upon the financial highlights for the full year, revenue was 267.4 million, an increase of 42% over 2017. Calculated current billings was 326.1 million, an increase of 38% year-over-year. Gross margin was 85% compared to 87% in fiscal 2017. Non-GAAP loss from operations was 49.1 million or 18% of revenue, compared to 32.4 million or 17% of revenue last year. And finally, free cash flow burn was 8.3 million, inclusive of 6.3 million of ESPP contributions, which represents a burn of 3% of revenue in 2018. Now, let's turn to guidance. For first quarter of 2019, we currently expect revenue to be in the range of 77.5 million to 78.5 million, non-GAAP loss from operations to be in the range of 17 million to 16 million and non-GAAP net loss in the range of 18 million to 17 million and pro forma non-GAAP net loss per share in the range of $0.19 to $0.18, assuming a weighted average common shares outstanding of 93.2 million. For the full year 2019, we currently expect revenue of 338 million to 343 million, calculated current billings of 410 million to 415 million, non-GAAP loss from operations in the range of 60 million to 55 million and non-GAAP net loss in the range of 59 million to 54 million. Pro forma non-GAAP net loss per share is expected to be in the range of $0.62 to $0.57, assuming weighted average common shares outstanding of 95.1 million. As it relates to guidance, our outlook contemplates lower contribution from the US federal government in Q1 due to uncertainties surrounding federal procurements, which we believe will have little impact on the year overall. And now, I'll turn the call back to Amit for some closing comments.

Thanks, Steve. In summary, we continue to be excited about the opportunity and vulnerability management in pioneering cyber exposure. We're partnering more and more with customers interested in a strategic approach to understanding their cyber risk. We believe the combination of our differentiated technology, even stronger now with predictive prioritization and our strategic approach to the VM market positions Tenable to successfully aid our customers in this journey. We now like to open the call up for any questions.

[Operator Instructions] Our first question comes from the line of Melissa Franchi with Morgan Stanley.

Amit, you had a very good enterprise customer adds this quarter. I'm just wondering if you can talk about the runway that you have within your Nessus space in terms of upgrades. I think the last metric we had was maybe 19,000 Nessus’ customers and now you have over 6,000 enterprise customers, so what's a reasonable conversion rate in terms of that base going into a SC or IO and then have you seen any change in the conversion in the most recent quarter?

Hi, Melissa. This is Steve. I’ll take a shot here. So, we have a total of 27000 total customers as a whole and most of those are Nessus Pro customers as we mentioned before. Nessus is a cost effective way to seed the market, but it's also on a ramp to a larger platform sale on average as much as a third of our total enterprise sales can come from the paid Nessus customer base. With that as a backdrop, over the past couple of quarters, we’ve made a point of emphasis here to highlight the growth momentum in enterprise and we think the growth momentum in enterprise is reflective, a, of the product set, b, of the go to market that we have, somewhat unique in the sense that we have produce that exceeds the market, plus we’re building out the enterprise capability and distribution. So overall, the pull through that we're gaining from Nessus does lift enterprise and then once we land the customer, whether it's a new logo or upsell from a paid Nessus customer, we have a history of course as you know expanding the relationship with our asset based pricing model.

Yeah. I think the only thing I would add to there is, recent efforts in the product organization to add new and innovative capabilities to the Nessus product line as well. First is the addition of live results to Nessus, which we think is very innovative and very compelling where as new vulnerabilities are discovered, a lot of times, you don't have to go out and do a rescan, which environments can be very complex, but you have very good telemetry already collected and visibility and understanding to a vast majority of new vulnerabilities whether or not you have them before you even conduct a new scan. And as well as a series of capabilities which we will be launching in the near future, which we believe will increase our Nessus pull through. So, some ties between the Nessus professional customer base and uplifted capabilities they can get using those products in conjunction with the enterprise platform product. So we think that there's a compelling opportunity is not yet really been tapped into or monetized in a strategic way.

And then just following up with Steve, Steve, your comments on federal for Q1 were helpful. I'm wondering if you could just elaborate a little bit specifically if you saw any disruption in Q4 from the federal closure and then if you could maybe quantify the extent to which you're assuming some disruption in Q1 and if you're seeing the backlog starting to open up already?

Sure, well, first and foremost in Q4, it was an area of outperformance for the company I think versus the guidance, it was calculated current billings, little more than 4.5 million. We're pleased with the results for Fed in the fourth quarter. So, the uncertainties surrounding Fed had no impact on the fourth quarter for us. For the whole Fed represents less than 15% of our total sales with a sizable percentage of that coming in the third quarter as you know due to the fed’s fiscal year end. We do close new business though throughout the year, new and renewal business and the outlook today, as I mentioned earlier, contemplates lower contribution from Fed in Q1 with offsetting amounts in Q2 and Q3. So while we believe uncertainties surrounding Fed will not impact calculated current billings for the year as a whole, it does more modestly impact revenue and therefore profitability in Q1, just due to later quarterly flow. In that side, our guidance reflects strong outlook in Q1 of the year as a whole and we're pretty excited and confident about our US federal business and believe long term, it's a significant compelling opportunity for us.

Our next question comes from the line of Sterling Auty with JPMorgan.

Wanted to follow-up on, I think the comment you made in the prepared remarks about some of the deal size within probably enterprise and the 100k plus ARR accounts, just wondering are you seeing bigger initial deals as well as expansion deals and specifically within the expansion, how much of that are you seeing coming from customers, as you mentioned, just adding more devices and broader coverage within the company versus adding more feature functionality to their relationship?

Sterling, it is a great question. I think very clearly for us, the answer is both. We're seeing larger, as we become more enterprise oriented in our go to market motions, our messaging, our positioning, moving up scale in the enterprise, we're seeing larger initial lands and bytes and I think that's also reflective of organizations with very mature, largely greenfield in their understanding of cyber where we’re stepping in in a meaningful way as well as continued being in the wardrobe and expansion in our existing enterprise accounts and moving down that journey from tactical VM to much more strategic motions. I don’t know if you have any additional comment?

No, we have a land and expand model. So, it is a combination, reflecting higher lands and also more attractive expand. And we have 27,000 total customers, even though we added a record number of net new 6-figure customers in Q4 and clearly we're demonstrating momentum in enterprise, the total number of 6-figure customers is 450. So, we have a substantial opportune right in front of us within our own customer base even though we're adding hundreds of new customers a quarter.

And then one follow up, you mentioned the momentum in the go to markets. How would you characterize the ramping of the resources that you added as you’re coming public and kind of where do you stand now and how should we think about the incrementals as marketing investment that you outlined, how much of that is really going to be headcount driven to add capacity versus maybe some of the marketing aspect to drive awareness?

Well, it's a combination of both. In terms of, we've been clear about our investment strategy and new dollar investment has a pretty short payback, on average, it’s 12 to 14 months for the company, gives us confidence, conviction to continue invest in sales. So we’re adding sales capacity. I will say headed into 2019, we have a more mature sales force now than we did this time last year, over 50% of our sales forces in some phase of ramp, but we have a higher percentage of reps that have been here 12 months or longer, so we're pleased to see that. The other lever, so we're going to continue to add sales capacity, given the paybacks and the strong unit economics. You know the level for us is channel. We’re the only company in the VM space that has 100% commitment to the channel. We think that's important. We are seeing continued increases in channel and business, years ago, 4% of our sales are inbound from the channel and today -- and that continues to increase to a very meaningful percentage. So, there is a lot of leverage we can point are go to market, one is in assets in terms of ability to see the market, create awareness two, is in terms of building up distribution with feet on the street and adding sales capacity and the third thing is pulling the levers on the channel, which we think is really important.

Our next question comes from the line of Jonathan Ho with William Blair.

I just wanted to start with Lumin. Can you give us maybe a little bit of an update in terms of the timing for release and maybe what the expectations are in terms of billings and revenue that are maybe built into your 2019 guidance?

Yeah. I’ll start a little bit with the Lumin timing. As you know, we've -- throughout the later part of 2018, embarked on a beta program with a number of significant customers, processed that feedback. We actually took what many of our customers told us was very compelling capability in the Lumin data, but capability as they felt was really a core use Case or a core capability for the VM use case, the vulnerability management use case. And that was this concept of predictive prioritization, the hundreds of new critical vulnerabilities discovered every day and you're just using CVSS scoring and how do you prioritize, what matters most, the inclusion of credit, Intel and exploitability in using a lot of data science models that our team has built and the feedback we got was a, hey, that's great capability. It's compelling differentiation, but because it’s the prioritization of vulnerabilities, our customers felt like it was really something they'd like to see in our core VM platform. So we've moved to add that predictive prioritization to both Tenable.sc and Tenable.io and so we've accelerated those motions in the enterprise platforms. We've drawn a line, if you will, honing in on the Lumin capabilities to extend outside of core VM use cases, specifically to assess and understand the criticality of assets, the business context around those assets and then all of the capabilities that we've been developing around benchmarking and peer comparison, which are really business types of analytics outside of the core VM use case and we're confident based on the beta feedback that those are products or those combinations of capabilities form a product that we can charge for separately in Lumin and we anticipate that being delivered as we said previously in 2019.

And then in terms of our guidance today, it does not reflect any meaningful contribution from the sales of Lumin.

Thank you. Can you, also as a follow up, just give us a little bit of a sense of what Ofer brings from the Chief Product Officer standpoint and maybe what potential changes this could signal in terms of your product strategy?

I think it's – there really isn't a strategic change in the product strategy, it's sort of an increase of scale and capability, as we step onto a larger stage of a larger development organization or committed to both the on-prem customer base, the cloud based capability and really what we found is the hundreds and hundreds of customers, which have chosen a hybrid based approach and think that that accurately reflects how customers most frequently live in their IT environment, so something Ofer brings a very strong experience base to the table, both for on-prem enterprise software for cloud based SaaS architectures and delivering these capabilities at scale. So we're really excited about his add to the strength of the team.

Our next question comes from the line of Gur Talpaz with Stifel.

Amit, you talked about servicing new vectors like IoT containers and cloud and you also talked a lot about the continued success in pushing upstream to the enterprise and I guess what I wanted to ask first was, are these two functionally interrelated, meaning, are you seeing better success in the enterprise, because you're able to service these nontraditional environments about the peers?

Yeah. I think the answer is both. I think that there is a -- and I think the market and some of the analysts out adjusted guidance as to the attractiveness of the core VM markets. So I'm a firm believer that there is still continued attractive growth opportunity for Tenable and to all VM providers in that core VM market. That said, we do see I think significant differentiation in our strategy and our investment in this broader cyber exposure categories, so it's a meaningful capability, we're seeing increased adoption of these new modern asset types among the enterprise platform customers. And even for those customers that are not yet adopting those modern asset types, they're asking informed questions about our capabilities in those areas, because they're signifying that while the CECL might not yet have responsibility for the OT environment or for the IoT environment, they know that these things are coming and they want to be prepared and having a provider that gives them the visibility and the confidence to assess those infrastructures I think is a critical differentiator.

That makes sense. And maybe an extension of that question, you said something on the call that I thought was interesting, talking about sort of IT, OT convergence and the increasing importance of the CSO [ph] in some of these OT environments and what I sort of want to know was, does your breadth of coverage, I mean, your ability to service both IT and OT, is that a differentiator versus the kind of the new startups that are coming out that only do OT environments or a pure play in nature and can span across the spectrum like you can?

Yeah. I think it's critical and that's a great question. I think it's critical in two different aspects. In one aspect, OT environments today are almost never pure OT. By definition, there are convergence of general purpose computer, all of the traditional IT assets have completely invaded even standalone OT environments. So, our ability to assess both IT and OT in an elegant fashion gives us a much better understanding of the true risk of those operations as opposed to a kind of points of -- point product that is strictly focused on the OT componentry without a in-depth understanding of the IT that is part of that environment. The second dimension that I think is a strategic advantage for us is that unlike previous years where you saw operators keeping the CSO and the IT departments at bay, saying, hey, these are OT, this is operational technology, it's very different, you guys go play in your IP sandbox, we've got this covered, I think you know the recent awareness of cyber issues in the OT world has caused those operators to turn to their CSO and say, hey, can we get some help here and so we're seeing great, over the last year, an increasing influence of CSOs in helping operators understand their OT environments and so it is a position of strength that we have this brand, that we have the trust, that we have the customer base and the confidence from the CSO, so that when questions come up about discovery and understanding of the level of exposure in OT environments, how do you assess as the beginning of this journey. That trusted relationship with the CSO is really a leg up for us.

Our next question comes from the line of Gray Powell with Deutsche Bank.

Just a couple on my side. So to start, can you talk about the pace at which you see customers developing more formalized vulnerability management programs? I think at some point last quarter, you mentioned that about 40% of new customers did not have a formalized program in place before signing with you. So is that correct and is that a good proxy for the portion of the market you think is a Greenfield opportunity?

That's one that we measure pretty consistently coming especially from our largest deals or largest accounts. We have a couple of dozen largest accounts every quarter where those deals coming to us from and understanding who are we displacing or not displacing and some quarters, it’s 40%, 40 percent plus, some quarters, it's 25% and so it does vary quarter to quarter, but I think order magnitude, roughly a third of the enterprise customer base comes to us, our new customers come to us from what we characterize as Greenfield and by Greenfield, that doesn't mean there's absolutely no VM, it means that our enterprise wide VM program, so they might be looking at specific PCI systems and compliance requirements, maybe particular data centers or architectures or types of systems or business units, but it's really not an enterprise VM program and so in any given period, about a third of the new sales come to us from what we characterize as largely Greenfield market opportunity.

And then just to follow up on the predictive prioritization comments, so is there an impact at C and IO pricing of adding predictive prioritization to those products and then just how big of a differentiation is that versus your closest competitors?

There is no currently contemplated price uplift from or to the security center and Tenable io customer base. We think it is a compelling capability, it's a compelling differentiation and we've heard that in the beta cycles, when this capability was originally part of the Lumin product and so we anticipate pretty broad adoption and we also think it will help set the stage for broader adoption and more up sell capability.

[Operator Instructions] Our next question comes from the line of Dan Ives with Wedbush Securities.

So my question is when you're taking a typical customer lifecycle and trying to convert them to more of the VM suite, take us through maybe the opportunities and, but even the challenges in that progression from a sales cycle perspective.

Yeah. I think the opportunity can be externally driven, can be brought in through marketing activities, it can be brought in through broader awareness of activities happening in the security industry. So typically breach a curse, audit risk committee chair, CEO, Board of Directors, CIO, they start asking questions, well, how secure are we, how exposed are we, are we vulnerable to that and when you ask those types of questions, the foundational system of record for answering those questions ultimately is the VM program and so there are an external set of activities, whether they're driven by sales, marketing or other market activities, which could spur maturation of the VM program as well as internal based drivers. So, new CSO comes in, new CSO comes in, wants to -- new program gets launched, company wants to embrace new technologies, whether it's cloud, OT, digital transformation, automation, robotics and manufacturing or warehouse and inventory management, all of those types of initiatives can frequently spur questions around security and the need for an enterprise understanding of risk associated with embracing those transformations. So I think both those external and internal drivers exist.

So just on the government, because obviously we're getting a lot of questions from investors on it, how should we think not exact breakout, but in terms of the government, about DoD, so obviously, none of the military affected, but on the civilian side, how should I think about the government business in terms the exposure to civilian and homeland security versus DoD and military?

We would characterize it as really all of the same. And look, 15% -- approximately 15% of our sales come from the Fed. We have a very sizable footprint within the Fed. We serve most 3 letter federal agencies and it's a source of pride for the company. That just said, just giving some of the uncertainty surrounding it, we chose to take a more cautious tone, specifically in the first quarter and what we commented was that probably flow from Fed would be more modest in Q1, but we view that largely as timing and as a result, we think from a billings perspective, we’ll offset that in Q2 and Q3. But, less of it, I guess, less of an impact on civilian and more so really on the DoD side of things.

Our next question comes from the line of Josh Tilton with Berenberg.

In regards to the IT/OT opportunity, are you seeing situations where a Siemens or a Rockwell will automate a factory or do some type of IoT build out for a smart connected factory and then bring Tenable in to the security side or maybe just some high level commentary on what's driving the deals on the OT side?

Yeah. I think the OT side is really coming to us from one or two different motions. It’s either our engagement with the CSO and a CSO having an increased role and responsibility in OT environments, and going through our strategy, our vision for cyber exposure and the market opportunity, just kind of talking them through the requirements and the capabilities there tends to uncover requirements that are not currently being addressed by existing providers or new responsibilities being picked up by the CSO. The second, as you suggest, comes from a more OT focus discussion. We announced about a year ago, a strategic global partnership with Siemens. The first phase of that partnership was really focused on helping us refine and expand the capabilities of our products in OT environments, so you might imagine these are extremely complex environments, getting access to the types of datasets and systems deployed there, making sure that we understand both the protocol, the applications, we can identify the assets as well as their vulnerabilities. The second phase of that partnership involves a stronger combine, go to market motion that's primarily driven by Siemens where they have a lot of engagement with the operators themselves.

And then maybe just more specifically on the go to market strategy, on a scale of 1 to 10, how ramped would you say your sales force is behind the new strategy?

We're aligned -- our core sales team are by no means OT experts. This entire category of cyber exposure, the complexity, the differentiation we bring to the market in terms of VM, selling to the CSO, I'd say that's the primary focus and core capability that we're building our sales go to market motion around. It helps identify OT opportunities. We then have a limited number of focused experts that bring a much greater depth of OT experience and understanding to the table to assist them in those motions. We otherwise rely on partners like Siemens that are more actively engaged with the OT side of the house as opposed to the IT and the CSO side of the house where our sales team has primary engagement.

Ladies and gentlemen, we have reached the end of the question-and-answer session. This concludes today's conference. You may disconnect your lines at this time. Thank you for your participation.