
Loading summary
A
There's no going back, if you will. I mean, as an industry, agentic is going to be as disruptive as, you know, any of the tech waves have been in the past, whether it was mobile, Internet, et cetera. I mean, this is just the next frontier of how businesses will need to compete.
B
That was Zscaler CFO Kevin Rubin on the future of AI security. I'm Motley fool analyst Jason Moser. I sat down with Kevin to talk about how Zscaler is protecting the world's largest organizations from an exploding wave of cyber threats and why the rise of agentic AI could be the biggest opportunity the company has ever seen. Enjoy. Welcome to Motley Fool Conversations. I'm Jason Moser, and today I'm excited to welcome the CFO of Zscaler, Mr. Kevin Rubin. Prior to Zscaler, Kevin was the CFO at BetterUp, and. And prior to that, he served as the CFO of Alteryx, a company that Motley fool members are likely familiar with. Today, we're diving into the business of cybersecurity and Zscaler's role in this crucial market. Kevin, welcome to the show.
A
Thanks, Jason. Appreciate you guys having us on.
B
Well, really happy to have you here. And I guess the first thing I want to get into here, because when we talk about cybersecurity, most of us, whether we're investors or not, we know that cybersecurity is necessary, but we don't exactly understand what it. Ultimately, there's so many different ways to view it. So first things first, we said at the top, Zscaler is a cybersecurity company, but what is it that Zscaler actually does?
A
Yeah, thanks for the question. It really comes down to two fundamental things in my mind. Number one is preventing bad actors from getting into your corporate network and being able to access sensitive information or breaching your environment. And number two is ensuring that sensitive data and corporate assets don't escape out of your corporate network. Those are the fundamental things that we. We seek to solve.
B
Yeah, well, I can tell you just from my day to day, we use Zscaler all the time here at the Motley fool. And I appreciate that you're looking out for us. So we hear a lot about zero trust, right? That's a. That's a word that we.
A
We.
B
We hear a lot in the cybersecurity market. And Zscaler really P.0 trust model years ago, before it became mainstream. But now it seems like everybody claims to offer zero trust. So I guess I'm wondering, like, do you. Can you talk A little bit about what, what separates genuine zero trust from like what other people call zero trust. Right, Because I've heard it called zero trust washing before. Like is there, is there a unique property or quality to Zscaler Zero Trust dynamic.
A
So Zero trust is a set of principles that simply mean provide the least amount of access only for the necessary particular use for either an individual, a workload or a device that sits within the corporate environment. The concept is you should not give access to anything and everything because somebody wants to access a single application. So the principles are clear. Give the least necessary access for what it is that somebody or something is trying to accomplish with that particular request. We architected Zscaler specifically with those principles in mind. So the way that we approach zero trust and cybersecurity is through our zero Trust exchange. We don't believe in today's environment that companies need to build out large complicated corporate networks.
B
Right?
A
That was something that happened, you know, 30, 40 years ago when the Internet didn't exist and stable ability to drive traffic didn't exist. But today those are as common as is driving on the interstate. Right. If you go back probably 100 years, you had oil drillers who had to build private roads to be able to access their, their oil fields because general public roads didn't exist. Today you don't see organizations building, you know, basic infrastructure to be able to access certain assets. And the same analogy would hold true as you think about corporate access to applications and other corporate sets of data. So our approach is simple. You allow your users and other resources to access what they need only at the time that they need it. And you go through the zero trust exchange. And so think about it as a one to one set of connection. You want to access your email. By way of example, you request access to the email server. We authenticate you, we ensure that you're authorized to access that we allow you to get your email and then that session terminates when you're done using email and the next time you come in in the background, we'll go through that same process. In doing so, you don't have the ability to move laterally within the network. You have no reason or business to go to other applications if all you're doing is looking to serve email. And the same would hold true if you're trying to go to your HRIS system or you're trying to go to your CRM system. Access what you need, be able to do the work that you need to do, but then get off the network and become invisible again. So that's how we've philosophically approached Zero Trust. If you are largely building corporate networks and providing network based security architecture, your application of zero trust is likely through very complicated policy driven zero trust principles. And our argument would be, to your point about zero trust washing, it's probably not effectively zero trust, but you can brand it as zero trust and go to market. That way we are actually living, breathing and applying the principles in how we've architected our Zero Trust exchange and our cyber security service.
C
They say leadership isn't just about where you're going. It's about the conviction it takes to get there. For those who demand the world and possess the drive to claim it, there's a vehicle of equal distinction. Dynamic by design and engineered for pure impact, the Range Rover Sport rises to meet you the moment you take the lead. This is the most advanced Range Rover Sport yet. A masterclass in uncompromised performance and unbridled agility. Inside the innovation is seamless. You'll find an elegant 13.1-inch touchscreen that puts total control of the vehicle's systems right at your fingertips. But it's the refinement that sets it apart. Sculpted 22 way heated seating with built in massage function ensures every journey is defined by peerless comfort. Whether it's through unique interior finishes or custom wheel options. The ways to personalize your Range Rover Sport are nearly unlimited. Command attention and experience. Ultimate luxury in motion. Exclusive offers are available now. Explore further@range rover.com well, I'm going to
B
get into some numbers here as the cfo. I think you'll like that. But you set a target of $5 billion and beyond in annual recurring revenue here over the next several years. You're guiding for $3.75 billion in revenue this year as an investor. That's, that's an exciting growth prospect. But I wonder what are the drivers that will get you there?
A
Yeah, thanks. Thanks for the question. So we have a series of growth levers that are available to us as we think about our path to 5 billion and more. First off, you know, we started with zero trust for users. So the ability to protect user communication traffic between users and applications. We then extended that to zero Trust cloud. So being able to provide the same zero trust principles to workload to workload communication. So think about that as an application talking to an application. And then more recently we extended that to zero Trust branch. The idea that organizations have, you know, branch offices, you can think about a bank and having branches around the country. All of those branches need to ultimately connect into other systems and resources. And we don't think that they all need to connect to each other and form kind of a mesh network as is traditionally thought. But connect each individual device in a branch to only the application that it needs. So if it's a door sensor to monitor access, have it connect to the application that monitors access, it doesn't need to connect to other applications and it certainly doesn't need to connect to other branches as is the case today. And if one of those devices were to get breached in the traditional sense, it has the ability to infect your entire web network. In the zero trust branch situation, if one particular device gets breached, it's limited the attack surface to that particular device. The other area of growth opportunity for us is data security. So we have seen significant momentum in our ability to protect data as a service. We sit in the path of traffic and so we have an ability to inspect that traffic as it's going back and forth. We have an ability to apply policy. That's how we determine what is and isn't acceptable use. And on top of that, now we can also provide data security. So looking at the data that is being transacted back and forth and what is and isn't acceptable to go in and out of the organization, as we kind of talked about at the upfront of the conversation. And then lastly, AI. AI is a very significant tailwind for us from a couple different dimensions. First is we're going to be extending zero trust for users, branch and cloud into zero trust for agents. So the ability to orchestrate from a cybersecurity perspective the communication between an agent and another agent, or an agent and an individual, as well as machine to machine communication and ensure that the same principles of one to one communication lease permissioning is adhered to. We think that's a, that's a huge opportunity you have. You know, today we protect more than 50 million users and tomorrow that could be millions or billions of agents that are doing work on behalf of organizations. And if one rogue agent got breached or hacked, imagine the damage that they could produce in an organization if it had the ability to move throughout that corporate network and have access to things that it never needed to. So again, applying those zero trust principles to agents is something that is near and dear to us. Lastly, and you know, we've all heard a lot about Mythos and these frontier models that have been introduced more recently and just the proliferation of vulnerability identification. Palo Alto was identified just this week as having, you know, a vulnerability that had been unknown for years that got exposed by one of these models. And it just reinforces the fact that companies today have got a backlog of vulnerabilities that they need to patch. And that's just what's known on their plate today. These models are identifying vulnerabilities at a rate and a pace that is at machine pace. Right. So we're talking about volumes of vulnerabilities that, you know, we can't even solve the vulnerabilities that were already identified previously, and now we're just piling on significantly more vulnerabilities that were unknown for decades. And it's overwhelming IT organizations, they can't possibly keep pace in terms of their ability to patch and address these things. So our solution is very simple. Hide your applications behind zscaler, Exchange what you can't see, you can't breach. And so in our architectured approach to cybersecurity, you hide your applications and you only provide access to what is needed at that time. And so your blast radius gets minimized to a single device.
B
This is a great segue. I'm glad you got us into the AI conversation, because that's really where I wanted to go next. And one thing I noticed in this recent earnings call, you talked about joining the partnership with Anthropic via project Glasswing, and I think that's a really interesting concept. We're seeing tech companies of all walks joining, joining into that, that, that consortium, so to speak. I wonder, what kinds of opportunities does that partnership offer Zscaler?
A
Yeah, I mean, I think we're still uncovering all of the opportunities, to be candid.
B
Right.
A
These are models that weren't specifically developed initially to identify vulnerabilities, and yet they were doing so at machines, speed and at scale that nobody anticipated. We were an early partner with Anthropic and Glasswing. We're an early partner with OpenAI on Daybreak. And it really does give us an opportunity to understand these models. We get to apply those models internally and understand how it would affect us. And then we get to learn and be able to apply those learnings to our customers and prospects so that we can provide the best cybersecurity for them and their environments. And so being a participant has obviously been very important for us. And we have a great relationship with the frontier model companies.
B
Okay, so this is obviously a very competitive space. You've got incumbents out there that are building integrated security platforms and just really going all in. Zscaler is not the most acquisitive company in the world, but you recently made a fairly big acquisition in Red Canary. I wonder if you could just talk a little bit about why y' all did that and what you think the challenges and the opportunities there are.
A
So one of the areas of opportunity that we've seen for a bit of time is the fact that we sit on an incredible amount of high fidelity, rich, security oriented data. We process a half a trillion transactions a day through the Zero Trust Exchange, orders of magnitude greater than even Google searches in a given day to kind of put a context to how much volume of traffic goes through our security cloud each and every day. And we believe we have a unique position to provide our customers with an understanding and a perspective and a context around that data that is unique to us as a vendor. The rationale behind Red Canary was they had a decade plus experience doing detection and response. They had taken that experience and established dozens of agents that we're being able to scale that experience across a wide population of data. And if we could pair that with our rich data set, that does provide a very unique set of information and insights to our customers. And that was the ultimate approach and philosophy. Red Canary, after evaluating a variety of vendors in the space, surfaced as the right partner for us in being able to integrate their technology into what we will ultimately launch in the near term, which is our integrated SecOps solution. And the goal is to migrate legacy Red Canary customers into this new integrated solution as well as offer it to existing customers. And we think it's a very differentiated opportunity to provide that insight.
C
Summer always changes how I get dressed. I want pieces that feel lighter and more breathable. Things that are easy but still put together. That's why I keep coming back to Quint's. They focus on high quality essentials that feel and look amazing. Think breathable linen and soft organic cotton. Well made basics, but without the luxury markup. It's that rare balance where everything feels elevated but still effortless. Quint's European linen pants and shirts are perfect warm weather upgrades to add to your rotation. Starting at just $34. Their tees are soft and easy to wear and their lightweight cotton sweaters are perfect for cooler summer nights. Everything at Quint's is priced 50 to 80% less than similar brands. They work directly with ethical factories and cut out the middlemen. So you're paying for quality, not brand markup. Quint's goes way beyond clothing. Custom upholstered sofas, ceramic cookware, premium bedding. It's the kind of brand you'll end up recommending to everyone for everything. As the Summer is heating up. I'm really loving my Flknit Breeze performance tees and my Pro Tech golf pants. My son is a huge F of the kids. Organic cotton ankle socks elevate your summer wardrobe. Go to quints.com motley for free shipping on your order and 365 day returns. Now available in Canada too. That's Q-U-I-N-C-E.com motley for free shipping and 365 day returns. Quints.com motley study and play come together
A
on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college deal, everything you need to study and play with select Windows 11 PCs.
B
Eligible students get a year of Microsoft
A
365 Premium and a year of Xbox
B
Game Pass ultimate with a custom color Xbox wireless controller.
A
Learn more@windows.com studentoffer while supplies last ends June 30th terms at aka Ms. CollegePC.
B
I want to go back to AI for just a second because I think one of the headlines that we're seeing a lot these days is companies starting to question the return on investment in regard to AI. Right? Token usage is eating up budgets left and right. You're starting to question whether what's cheaper, the employee or the AI. And it used to be that that was the argument is AI is going to make it cheaper. But now the employees are starting to look like maybe that's not a bad option after all. I wonder, do you feel like zscaler, are you recognizing clear ROI on these AI investments today, or is this more of an investment in the future that you are sort of have faith that it will pay off?
A
So it's a little bit of both, if we're being completely candid. I mean, we're at early innings as an industry around AI. We have seen significant productivity using AI in areas like engineering and product development. We've seen significant benefits in customer support and, you know, some of the other areas that, you know, early successes have been realized by others as well. So those are real, tangible benefits that, you know, that we have been seeing and taking advantage of. Our approach internally to AI is not human or AI. It's really human and AI, right? How do we best pair agents, excuse me, AI and agentic technology, with our existing workforce to provide the best productivity and outcomes for customers? And that's the lens at which we look at AI use. It certainly is exploding internally in terms of the various different teams that are using it. We are very focused on how we balance between token usage and what those outcomes are. Right. Certain models are much more expensive in terms of tokens than others. So we're trying to be very mindful in what models we use for what use cases and what outcomes. But there's no going back, if you will. I mean, as an industry, agentic is going to be as disruptive as any of the tech waves have been in the past, whether it was mobile, Internet, et cetera. I mean this is just the next frontier of how businesses will need to compete.
B
Yeah, I like that. AI plus the person. Right. It does seem to work really well. Just speaking as an analyst here at the Fool. I mean I use those tools every day. I mean they are absolutely helpful. I mean, I still like to do my own writing, but it's like Search 2.0. Right. I've always kind of viewed it as sort of this evolution of search and we're just have access to more information than ever before and, and it can put things together so much more quickly. So yeah, I like that. The AI plus the person. That's a good perspective there. Okay, so as cfo, right? Cybersecurity budgets are one of the last things that are ever cutting a downturn. Right. I mean this is just mission critical stuff. You can't go without it. But by the same token, I mean we're seeing a macro environment where I think CFOs across the board are having to scrutinize every dollar that's going out the door. So I just wonder, how's this macro environment affecting your company's decision making over the past years? Is it something that's keeping you up at night?
A
Well, there's two dimensions or two ways in which I think about it from a commercialization. Zscaler is an incredible value proposition to a large organization that has built its cybersecurity based on traditional network based security hardware and the like. So if you look at the ROI of deploying zscaler in a large network infrastructure, it is significant. You are deprecating a bunch of firewalls, VPNs, SD, WANs, MPLs, devices, and you are replacing those with a service that provides you with your traffic and your inspection and your security. So those customers who have deployed zscaler benefit from a significantly lower total cost of ownership under zscaler. So as I think about the opportunity in this environment, it's only becoming more evident that customers and prospects need to be looking outside the box, both figuratively, literally, in terms of how they approach cybersecurity. And those conversations are incredibly compelling when we sit down with customers and prospects and spell out what they can get rid of in their corporate network by deploying zscalers. So it's a highly cost efficient way to provide, frankly, better service. Right. If we think about, again, this idea that vulnerabilities are being identified faster and deeper than ever before, your best defense of that is being able to hide behind a service like ours. And we're uniquely positioned the largest security cloud in the world. We operate a security cloud across 160 points of presence. So there's a deep amount of expertise and scale that sits behind Zscaler internally. We also benefit from the fact that our entire business runs on zscaler. So my cost of cybersecurity is going to naturally be less than a competitor or another vendor that is using traditional cybersecurity. The other tension point today is, as we talked about, it's AI and the cost of AI relative to your overall financial model. And those companies that are best able to manage that balance will be the most competitive companies in, in, you know, in the market today.
B
Yeah. Well, let me. Clearly, your customers like what you're giving them. I mean, I, I saw in, in this recent earnings call, I mean, your customers that are generating over $1 million in annual recurring revenue that grew 18% from a year ago to 748. So I just, I, I think that's really encouraging. We'll leave it there. He's the CFO of Z Zscaler. Mr. Kevin Rubin. Thank you so much for joining us today.
A
Thank you for having me. I appreciate it.
B
As always. People on the program may have interest in the stocks they talk about, and the Motley fool may have formal recommendations for or against. So don't buy or sell stocks based solely on what you hear. All personal finance content follows Motley fool editorial standards and is not approved by advertisers. Advertisements are sponsored content and provided for informational purposes only. To see our full advertisement advertising disclosure, please check out our show notes for the Motley Fool Hidden Gems investing team podcast. I'm Jason Moser. Thanks for listening. We'll see you next time.
Date: June 7, 2026
Host: Jason Moser (Motley Fool analyst)
Guest: Kevin Rubin (CFO of Zscaler)
This episode explores the evolving landscape of cybersecurity through the lens of Zscaler—a leading cybersecurity company—highlighting its unique approach to Zero Trust security, the impact of AI and agentic technology on corporate defenses, growth levers propelling Zscaler’s business, and insights on the company’s recent acquisition and industry partnerships. Jason Moser interviews Kevin Rubin, who offers an in-depth perspective on how Zscaler is shaping the future of digital security for the world’s largest organizations.
Timestamp: 01:13–02:08
“It really comes down to two fundamental things... preventing bad actors from getting into your corporate network... and ensuring that sensitive data and corporate assets don’t escape out of your corporate network.”
— Kevin Rubin (01:40)
Timestamp: 02:08–06:22
Zero Trust Principles:
Unique in Approach:
“Our argument would be, to your point about zero trust washing, it’s probably not effectively zero trust, but you can brand it as zero trust and go to market that way. We are actually living, breathing, and applying the principles in how we’ve architected our Zero Trust exchange.”
— Kevin Rubin (06:01)
Timestamp: 07:23–12:29
“Today we protect more than 50 million users and tomorrow that could be millions or billions of agents that are doing work on behalf of organizations.”
— Kevin Rubin (10:17)
Timestamp: 12:29–13:51
“These are models that weren’t specifically developed initially to identify vulnerabilities, and yet they were doing so at machine speed and at scale that nobody anticipated... it really does give us an opportunity to understand these models.”
— Kevin Rubin (13:07)
Timestamp: 13:51–16:05
“If we could pair [Red Canary’s] experience with our rich data set, that does provide a very unique set of information and insights to our customers.”
— Kevin Rubin (15:03)
Timestamp: 18:00–20:22
“Our approach internally to AI is not human or AI. It’s really human and AI... How do we best pair agents, excuse me, AI and agentic technology, with our existing workforce to provide the best productivity and outcomes for customers?”
— Kevin Rubin (19:13)
Timestamp: 20:22–23:43
“Those customers who have deployed Zscaler benefit from a significantly lower total cost of ownership... When we sit down with customers and prospects and spell out what they can get rid of... it's a highly cost-efficient way to provide, frankly, better service.”
— Kevin Rubin (21:30)
Internal Use:
AI Cost Management:
Timestamp: 23:43
| Timestamp | Quote | Speaker | |-----------|-------|---------| | 01:40 | “It really comes down to two fundamental things... preventing bad actors from getting into your corporate network... and ensuring that sensitive data and corporate assets don’t escape out of your corporate network.” | Kevin Rubin | | 06:01 | “We are actually living, breathing and applying the [Zero Trust] principles in how we’ve architected our Zero Trust exchange.” | Kevin Rubin | | 10:17 | “Today we protect more than 50 million users and tomorrow that could be millions or billions of agents that are doing work on behalf of organizations.” | Kevin Rubin | | 13:07 | “These are models that weren’t specifically developed initially to identify vulnerabilities, and yet they were doing so at machine speed and at scale that nobody anticipated.” | Kevin Rubin | | 15:03 | “If we could pair [Red Canary’s] experience with our rich data set, that does provide a very unique set of information and insights to our customers.” | Kevin Rubin | | 19:13 | “Our approach internally to AI is not human or AI. It’s really human and AI... How do we best pair agents, excuse me, AI and agentic technology, with our existing workforce to provide the best productivity and outcomes for customers?” | Kevin Rubin | | 21:30 | “Those customers who have deployed Zscaler benefit from a significantly lower total cost of ownership... When we sit down with customers and prospects and spell out what they can get rid of... it's a highly cost-efficient way to provide, frankly, better service.” | Kevin Rubin |
Zero Trust ‘Washing’ Callout:
Rubin candidly calls out competitors who market 'zero trust' solutions without truly implementing its principles. (06:01)
Agentic Threats & AI Frontier Models:
Highlighting the existential risk and scale posed by rogue automated agents in the enterprise, which Zscaler sees as both a challenge and an opportunity. (10:17–11:50)
Red Canary Acquisition as a Platform Shift:
Strategic move into next-generation integrated security operations, leveraging Zscaler’s data and Red Canary’s detection expertise. (15:03)
This episode reveals Zscaler’s philosophy and architecture behind true Zero Trust security, its strategy to address an evolving cyber threat landscape driven by agentic AI, and how their strategic decisions—including unique partnerships and acquisitions—position them for long-term growth and industry leadership. Rubin’s candid insights make plain that Zscaler’s competitive edge depends on both technological innovation and a clear-eyed approach to security’s future.