The Tech Sales Newsletter #72: What does “second place” looks like in cybersecurity

Last week I did a deep dive of Palo Alto Networks and their visionary approach towards the unified security platform.

This week I'll contrast this vision with Fortinet - their primary competitor in the firewall business and, on paper, a platform player.

The key takeaway

For tech sales: Fortinet is a good opportunity for starter roles in cybersecurity or as a co-selling partner if you work for an MSP/SI. Unless you'll work Enterprise/Strat in the US, I would not recommend joining as an A player. In theory they have all of the ingredients of a platform play, but the actual product adoption raises significant questions around that story.

For investors: After a strong run YTD (+70%), Fortinet looks to be red-hot on scaling a sustainable and profitable business, with great distribution and committed, engineering-first culture. The reality is that unless there are significant structural changes both on the leadership side, as well as in terms of quality of execution by the sales teams, it's more likely for the company to turn into another Cisco than to outperform Palo Alto Networks.

The FortiVantage

Fortinet has been in the business for 25 years and it really shows. Their strategy and scale is a reflection of iterative steps taken over the decades to build a comprehensive cybersecurity platform (on paper).

The foundation of their business is their firewall software and networking hardware. Every upsell starts from here.

The logical next part of the portfolio is their SASE products, which fundamentally is about offering a balance of networking performance and security on edge (i.e. for large companies that means securing satellite offices and remote workers).

The third (and clearly not particularly successful) upsell is trying to push a variety of acquired products in a consolidation play. Their recent Lacework acquisition is a good example of such "platform growth". The strategy here is much closer to Private Equity buying up cybersecurity companies in order to try and "fit customer gaps" than an actual expansion of capabilities.

The big growth driver for Fortinet has been their significant expansion into the international markets - their APJ revenue is a clear outlier in the space, driven by cheaper pricing and significant investment in their partner ecosystem.

80% of Fortinet's business comes from the channel. The partner ecosystem is not just a growth engine for the company, it's fundamentally THE COMPANY itself.

90% of their business revolves around the networking hardware, the NGFW (next-gen firewalls) and SD-WAN (centralized management and orchestration of secure traffic). This business is predominantly sold, supported, and managed by the partner ecosystem.

While there are quite a lot of different views from practitioners, the general consensus is that Fortinet provides a relatively stable product at just the right price levels and convenience. Since fully displacing a firewall installation is a lot of hassle (both in terms of cost, as well as people capacity), for most customers the usual approach is to keep renewing their install base.

The need for change typically happens when customers take a serious look at their cybersecurity strategy and decide that underinvesting has bigger consequences.

The day-to-day cycle of Fortinet is well visualized in what makes it to the news. Repeated exploits of known, but unpatched vulnerabilities, the occasional fix and the latest acquisition of a failing company “for the portfolio”.

Let’s take a look at the latest “jewel” in the portfolio (5% quota attainment on RepVue before getting bought):

Those are some very bold metrics on the right side for what has resulted in a barely positive exit for the founders (allegedly the deal was for $100M vs $75M raised).

Which brings us to the last part of Fortinet's story - the "pump those numbers up" marketing strategy:

Fortinet really likes to present itself as "the engineering first" company. As part of this process, there is a heavy focus on constantly adding new items to the portfolio, submitting patent requests, and seeking as much coverage as possible by external research companies like Gartner:

This slide is a beautiful representation of Fortinet. On the left side we have a collection of analyst reports where the company has paid to be featured. Then on the right side we learn more about the "customer journey," which predictably starts at the firewall end. According to these scaling metrics, if they were spending $1M on firewalls, they are now going to pay another $250K for Fortinet's Data Lake which they'll be using instead of the many other security-oriented data platforms.

Now here things start to get a bit awkward. Earlier in this overview, we saw that 10.5% of their Q3 billings (which typically would mean bookings depending on their accounting approach) was in SecOps.

Then in their customer journey, allegedly customers will pivot towards ingesting their security related logs from Fortinet in the "Fortinet Data Lake". The important thing is to understand that there is no such product that a customer can buy - what they might onboard on is FortiAnalyzer:

According to how Fortinet positions these:

FortiAnalyzer: Centralized logging, analytics, and automation for the Fortinet Security Fabric

FortiSIEM: Enterprise-wide Threat Detection & Response

FortiSoar: Unifies and optimizes the SOC activities that protect against attacks

FortiGuard SOCaaS: Managed 24x7x365 Security Fabric Monitoring

FortiAI: GenAI assistance to guide, simplify, and automate security analyst activities

So on their Q3'24 revenue, $166M came from a mixture of the products above. The majority of the install base is supposed to be in Endpoint but then that's actually a small portion of their supposed Q3 revenue, for which 40% is coming from the SOC platform. That platform comprises the products above which can be split into 3 traditional SOC tools (logging, SIEM and SOAR), together with a managed service and an AI assistant (that's cross-platform, so not limited to the SOC). So either their endpoint/EDR business is shrinking significantly in terms of new sales ($10-15M for the quarter), or their actual upsell around SecOps is underperforming.

In a customer journey that indicates the "Fortinet Data Lake" as the starting point of the upsell, there is no actual usable data that we can connect to the scope of how much the FortiAnalyzer product is being sold. This is actually quite important, because LLMs + Enterprise-grade ML is the foundation of what the cybersecurity platforms of the future will look like.

The Fortinet SecOps "platform" is essentially a rough patchwork of acquired products (for EDR they acquired enSilo in 2019, for SIEM it was AccelOps in 2016, SOAR is CyberSponse, which "joined forces" in 2019) together with homegrown tools that are considered rather simplistic to be competitive on their own.

So what is the FortiVantage? In a classical cybersecurity market fashion, it's cheap, somebody else will implement it for you, and the CISO will not get fired if there is a breach because "Gartner Magic Quadrant Leader".

This clearly worked well for them in the last 25 years. Whether it will translate into a viable strategy for the next 25 is a different question.

Is this a good tech sales opportunity?

There is no CRO. Of the 4 sales leaders, 3 have a tenure above 15 years and Trevor is the "new kid" on the block who joined a year ago. He seems to be there to rock the boat and improve sales execution:

John Whittle: Culture is very, very important, and Ken has really set a consistent culture at Fortinet. We've had a steady strategy. We've got the proven track record of execution. How does our culture factor into our success?

Trevor Pagliara : It's everything, honestly. So if you look at, first of all, congratulations to Ken and building this fine company because he has built a great culture. Most of the people that work at Fortinet have been here a decade, which is a testament to Ken and the culture that he's built and all the people that are on the stage with me. So inside the company, the culture is unbelievable.

As I mentioned earlier, we have people that want to come work at Ford, not only because our tech is great, because our culture is great.

We have really, really good human beings. I'll give you a little story. So as John mentioned, I live in Nashville, Tennessee. I'm on the road a lot. This summer, we had a gentleman flying us on his own dime from one of the largest home retailers in the world out of the Carolinas.

And he came to speak at an event at the 12:30 Club in downtown Nashville. Anyone been to Nashville? Yeah. It's on Broadway. It's a pretty neat place.

And so he came to speak to 2 other retailers, one who uses one of our competitors, another retailer who is a Fortinet customer we're trying to expand. Right? And he talked about his journey, ripping out Palo Alto Networks and putting in a Fortinet. So he talked about not only the great price performance that he sees in his environment with Palo Alto Networks, but he also talked about your company Fortinet that we like to do business with, right? Your founder Ken and his brother Michael, 2 of the most humble individuals he's ever met in his life.

That's great, right? You don't get that very much in high-tech and I've been high-tech 25 years and it's a tribute to Ken and his brother Michael and culture is everything.

And the other thing is winning, right? I love to win. I didn't come to Fortinet to compete.

To me, that's table stakes and I want to build upon what's been built here, but I want everyone to be thirsty to win. It's fun. It's like getting a B12 shot. I get a few of those every night because I'm tired and I travel all the time.

So culture is so important, right? And as I mentioned earlier, we have so much momentum in the market. I get lit up every single day on LinkedIn, my cell phone for people who want to work at this fine company. And that's what's so exciting, especially about the U.S. market because we have so much white space market take away from our competition. So winning in culture is everything to me and it's not only a Trevor and Fortinet thing, it's also a customer thing as I indicated in that story about that retailer.

Trevor Pagliara: And then specific to enterprise, there's 4 things that I'm working on. I'll talk what for our focus, urgency, accountability and fun. If I look at focus, if you look at enterprise, the Global 2000, a major account manager day has 12 accounts. Next year, it's to 6. Mid enterprise or named enterprise, the average number of accounts is 60 today.

It's going to about 35. And this will provide us focus. It will provide us the ability to hire more direct order carrying sales reps. If you look at the US, that's where the opportunity through my lens sits. I'm obviously biased because I lead the US, but just from a market share perspective, we have an unbelievable opportunity to win market share in the US.

So if I look at urgency, early on in my career, I spent time at Parametric Technology and a company called EMC Corporation. I assume everybody knows who those companies are.

Those companies gave caffeine a scare, if you will. When I was at Parametric Technology, I used to get to the office at 6 o'clock in the morning to read through a book of lists when I carried a bag as a sales professional. So that's what I'm trying to institute inside of Fortinet from a sales perspective.

I want hunters. I want people out on sales calls, sales meetings, 8 to 12 meetings per week. And so I'm instituting that inside of Fortinet. It's very, very hard, but it's also a lot of fun. So urgency is a huge thing for me.

And in my 13 years at EMC, Michael Rutgers was a CEO. If I look at accountability, Michael used to say, we have 2 types of sales people. We have A players and we have new hires. Right? And so accountability is paramount to me. So I'm pushing that very, very, very hard inside of Fortinet and the fun, right?

VP to SVP to EVP within a year of joining is an interesting shift of dynamics, particularly when the rest of the sales leadership has been there for close to 2 decades. If I were a betting man, he will either be out within 12 months or a CRO.

Joe Sarno: I was just going to say why I think that is, is customer first, customer obsessed.

We've always been that way. That's really our ethos as a company. And, I can think back, I can probably give a thousand examples over the years, of some of those situations that we find ourselves in. Technology is just inherently hard, right?

So, but it's about how we support our customer that makes a huge difference in us being available as a team. I think what you'll find throughout the entire Fortinet team is that we're anyone's available at any given time and everybody wants to be available. And I think that really translates to our customer and they feel that authenticity from us in a very unique way, but really customer first, customer obsessed, you can't go wrong if you leave in that position.

Yeah. Yeah. And it's it's an engineering company, right? So we we we are all more or less engineers working every day in and out. And the other the other great thing that I I found over the course of the last 2 decades is that we have a really flat a little bit of what Matt was saying, have really a flat organization.

Matthew Pley: So when you're speaking to the customers, if there's any type of problems, any type of request, any files, whatever it is, that the hops to get to where it where it should go, where that that request should go are very short. It's not a complicated organization, extremely flat. Everybody is available, humble and reactive. So I think that's a little bit what I said at the beginning speed to market.

Pedro Paixao: And to me, I think a lot I think you guys see on stage, the tenure here is very long, right? We've been almost 20 years here. And that to me means that, we honor our commitments because we're we sit in front of the customers today and tomorrow and the day after. So when we promised something that we're going to deliver, we will deliver, right? So we're not mercenaries and trying to do a sale one time and then disappear.

And if you go around in the industry, it's very common to someone to stay, especially at our levels, couple of years and then move on. This doesn't happen at Fortinet. It's not very common that it happens at Fortinet. And so we've been here a long time supporting our business, supporting our customers. We honor what we say.

We stand behind our product and we're convinced that we're continuing to do it. So I think that was a key ingredient because at the end of day, sometimes it's hard for the customers to distinguish between feature A and feature B and in PowerPoint, everything works beautifully well. But at the end of the day, people make a difference, right? And as Joe, Matt, Trevor said, we are the people and we're the ones behind the machine and we'll be here when things go well and when things don't go so well. We will stand behind the customers that trust us.

One of the repeated comments across conferences and earnings calls is related to "getting the reps up to speed" or "comfortable" with new parts of the product stack. This has multiple dimensions, between having most of the revenue being partner-led, the engineering-focused culture, and the heavy focus on networking hardware and software.

Now let's see what the reps are saying:

Speaking of the rock star:

Matt De Zort: I guess, what sort of pricing and discounting behavior have you seen in the market

in the second half of this year? And how do you think about financing vehicles given most of

your competitors have shifted gears towards that? Any new progressions on that front?

Keith Jensen: Yes. We continue to encourage the sales team to make use of discounting to get deals across the finish line. It ranges about 1 point up or down in a given quarter, but we're not standing in the way. Maybe one way to think about the business is kind of the eighty-twenty rule. We want 80% of the business to go through the channel, stand in discounts, rebates and incentives.

But where we have the opportunity, particularly in the U. S. Enterprise space to be very aggressive on customer acquisition, I think that's where we want to keep our where we want to deploy our dry powder into the discounting. And I think that message in the U. S. is resonating out there as we look forward. There was discounting was and then financing.

Better when we look at the U.S. Enterprise that we're really targeting is we want to provide capital strategies, if you will, that are designed to bring the customers across the finish line. That could be extended payment terms. It could be financing to the channel or what have you.

Since there is no CRO, other C-levels are stepping in, with the CFO clearly being very opinionated on how to sell these platform deals (DISCOUNT MORE, DELAY PAYMENTS).

Bringing in a playbook EVP in their highest-growth potential market of North America indicates some willingness for change, but whether that will be sufficient - yet to be seen.

Keith Jensen: What we really saw was something unusual, which is this cohort of refreshes in 2026. And more specifically, it's products that we announced in 2021 that we're going to go end of service in 2026. We've done some math on that. We look at the unit count. We provided that number, 650,000 units. And then as we converted units to dollars internally and then some of our commentary, we took certain haircuts. We looked at those units that are no longer pinging homes, I recall, and we excluded those as part of that conversion.

We made certain assumptions around how much of that refresh has already started for a variety of reasons and how much churn we have. And then we quietly uttered a number of $400,000,000 to $450,000,000 for the 2026 cohort.

I would encourage everybody in the audience to do your own math. I mean, I think there is a fair amount of assumptions that go into it. But keep in mind also, there's another cohort for 2027 that follows after that. And also that we're talking here only about product revenue. We're not talking about the run rate for services nor the expansion for these other parts of our business now, these other pillars, whether they're SaaS or SecOps solutions.

The strongest pitch out of the recent earnings call and analyst day was... "we have a lot of hardware refreshes coming up!" 25% of all FortiGate units will be retired, leading to refresh + churn.

The main focus for anybody in a sales role there over the next 12 months will be to maximize the renewal opportunities of hardware, less so to upsell aggressively software (unless you work for Trevor, who'll want to do both).

At a time when companies such as Palo Alto Networks, CrowdStrike and Wiz are offering best-in-class products, strong sales execution and compelling long-term vision, Fortinet is an obvious second-place company.

From a purely financial perspective, they've run a solid business and invested heavily in expansion. The problem is that all of that investment looks more like Private Equity activity than actual thoughtful expansion. Rather than buying up key players and utilizing them to expand aggressively in these areas, they acquired underperforming orgs at a discount, in order to fill out "spreadsheet gaps" in their portfolio.

As the sales teams get squeezed further (bad comp plans, push from leadership to sell at any price, lack of control over their book of business that's mostly partner-driven), it's difficult to see how this will remain a strong opportunity.

The last payday around the hardware refreshes is coming. What happens afterwards, in this dynamic market, is yet to be seen.