Matt Cohen: Yes. Thank you, and thanks for the support. I think we always have had enterprise grade is how I describe it, sales cycles. We’ve always had to sell over multiple quarters even when we were just selling PAM, because it was a big program, and it was a significant sale. And so I think we are pretty used to longer sales cycles as we moved to a platform selling motion, broader portfolio. We haven’t seen any real elongation in our overall sales cycle. On the flip side, we haven’t seen it kind of really dramatically come down in its time lines, either even though we’ve moved to a SaaS sale, which traditionally might bring some of those sales cycles in. So I think we are operating consistently with what we’ve always done, which is expansion sales cycles are shorter.
New logo sales cycles take a little bit more time. In the early part of the year, especially in the Q1, as we talked about, sales cycles for new logos were a little bit longer. We’ve continued to see our ability to firm that up over time here. And so I think when we look at the Q3 performance as a whole, it’s consistent with a firming up environment. And again, I know I say this a lot, but they’re near and dear to my heart. Our go-to-market team continues to execute at just phenomenal rates to be able to make sure that they bring the deals in when they say they’re going to bring the deals in.
Operator: Your next question comes from the line of Junaid Siddiqui of Truist Securities. Your line is open.
Junaid Siddiqui: Great. Thank you for taking my question. You highlighted secure cloud access that you just launched recently. I was just curious about some of the other new products that you launched that impact like Secure Browser. What’s been a positive surprise to you in terms of how quickly they’re being adopted by customers and contributing to growth?
Matt Cohen: Sure. So on Secure Browser, we have not released that for general availability yet that will come out towards the end of this year here. We continue to have really, really strong conversations with customers about it, both has a more secure way of browsing and also as a front end user interface for the identity security platform that we offer out into the market. And by the way, we see — and you see it in some of the recent breaches, that the notion of session hijacking is one of the most risky new attack methods that’s accelerating in the market and our Secure Browser, which allows for cookie list browsing really protects against session hijacking. But I would say on the browser front, way too early to comment in terms of — it’s not even out in the main market yet.
As we talk about secure cloud access, I get kind of unbridled enthusiasm here. And why is that? Because it’s bringing the best of PAM, the best of the idea of privilege controls, session management, session isolation [indiscernible]. It’s bringing that to a brand new population. And what we need to understand about the cloud security market overall that everybody is talking about is most of what’s being done in the cloud security market is around posture management, it’s around discovery, it’s around visibility. It’s because over time, as these developers have gotten so many extra privileges, people want to understand what’s going on. It’s the Wild West and that’s a good first step, and there’s a lot of really, really strong companies that are focusing in that area.
We are unique in the cloud space in that we are not all that concerned about visibility and about discovery. Other people can do that. What we want to be able to do is lock down control in the cloud. We want to take all of these thousands of developers who have unfettered access to the AWS or Microsoft, cloud services, the platform itself. And we want to make sure that those users can still innovate, they can still build. They can still troubleshoot, but they have privileged controls applied when they’re doing it. And we do it uniquely with this idea of 0 standing privilege so that the actual account of the developer, their account, federated account has no privileges, for example, in the AWS console. So when it’s sitting there on the side, it’s secure.
When they go to log into the console, that’s when the privileges are applied just in time. They’re able to execute their work and then it’s removed immediately as soon as they log out, and it’s controlled with workflows with time bound access. Now I went a little deeper there on that because I love the question, but I also went a little deeper there for people to understand the opportunity that arises for us as everybody thinks about cloud security, for us to bring what we do best, which is privileged controls, locking down access to this entire population that needs to be secured. And so that’s really an exciting motion for us. We had some great wins actually in the quarter. Still very tiny business. It’s only 1 or 2 quarters in, but you can hear the optimism for me around this piece of our business as I’m describing our unique approach.
Operator: Your next question comes from the line of Adam Borg of Stifel. Your line is open.
Adam Borg: Awesome. Thanks for taking the question, and again, I offer my thoughts about the entire Israeli team and the communities of Israel more broadly. Real quickly on the government opportunity. So it was 8% mix of ARR in the quarter. Maybe just talk a little bit more about how federal played out in the quarter and how you think about government more broadly over the next 12 months? Thanks.
Matt Cohen: Thanks, Adam, and thanks for the support, Adam. Listen, I think when we — and we’ve been talking about this for a little while here, right? We are very happy with our position within the — within federal government here in the U.S., the global government where we see a lot of momentum even in the state and local government that falls up into our SLED business. What we see across the board is whereas in the past, a lot of the budget purchases were at the point of kind of year-end budget flush. We’ve seen because of the criticality of identity security that the actual purchases are much more spread out throughout the year. And they’re coming in conjunction with need and actual deployment plans to get them into place.
That actually is a much more exciting place for us to be in. It allows us to be able to have a thriving and healthy global government business all year around. And it allows us to be able to invest in the ability to bring new solutions to that customer population, including our investment in getting our EPM and identity and [indiscernible] into the Fed ramp process over time here, it’s our ability to be able to actually expand beyond our strong PAM footprint in a lot of these agencies and accounts. And so when we look at government, in fact, we highlighted a government account in the script that actually is outside of the U.S. But when we look at government, we see the threat landscape actually expanding on them exponentially even more than some of the private sector and their recognition of the need for proper identity security solutions continues on.
So we think there’s a long runway of growth within the government sector. And we are really happy with our results from that perspective.
Operator: Your next question comes from the line of Brian Colley of Stephens. Your line is open.
Brian Colley: Hey, guys. Thanks for taking my question here and certainly like to echo my support as well for the team in Israel and [technical difficulty] Israel more broadly. I’m curious if you saw any divergence and demand trends this quarter between the enterprise and midmarket segments of your business. We’ve heard some other cybersecurity companies say they started seeing some softness in the third quarter in the midmarket. So I’m wondering if that’s something you saw materialize in any way.
Matt Cohen: So we didn’t see any change in that environment. I think we’ve talked about the idea that the midmarket is more affected by macros than the enterprise space. But we haven’t seen any real change or diversion — any change in that from that perspective. I think one of the things that we have to keep reminding everybody around and it’s different than some of our other cybersecurity peers is that we are really not playing in the low end of the midmarket. And I know I said it a couple of minutes ago, but I’ll say it again. Our midmarket, what we call corporate customers are $500 million to $1.5 billion. CyberArk would be a “midmarket account for CyberArk”. And so I think those organizations, especially the ones in the upper end there kind of mirror in their behaviors, what we are seeing in the enterprise space, and that continues on in the third quarter.
