On Varonis, Part I

In Europe, they’re about to change the rules. The new Data Protection Directive and Data Protection Regulations (EDPD/EDPR) propose fines of up to 100M Euro or 5% of global turn for EU personal data handling violations, regardless of where the processor or controller resides. (Yes, this will impact US companies who fail to protect the personally identifiable information PII of EU citizens.)

The violations of International Traffic in Arms Regulations (ITAR) can easily represent millions of dollars in fines –and possible jail time– for each instance where controlled information is mishandled. (“Controlled” might mean a data sheet for the F35 joint strike fighter or a nuclear plant design. There are dozens of categories of controlled items, maintained by the State and Commerce departments). It’s common for dozens, if not hundreds of instances to occur per violation.

HIPAA HITECH fines can be substantial for anyone who mishandles Personal Health Information (PHI). And there are many, many more government regulations. In fact, the biggest government impact on corporations today isn’t that they’re spying on everything (they are) but that businesses have so many rules surrounding the data they have to store, the security measures they have to have, the reporting requirements they’re forced to satisfy. The reason for this is governments want organizations to get control over their sensitive data, and they’re going to keep ratcheting up fines until firms pay attention. After Sony, Target and Home Depot breaches, the SEC even had a conference call for the board members of public companies where they implied that they would soon be held personally liable!

There’s also a completely separate value proposition in terms of the advantages gained by preventing valuable intellectual property from being misused by rogue or careless employees, or taken by outsiders.

These have been huge drivers behind much of the cyber spend, the hype and the bloated valuations over the last year. Now, the party seems to be winding down. China is no longer going to engage in state-sponsored espionage of commercial IP, so has the cyber threat been mitigated? Definitely not.

Sensitive data sits everywhere, on drives, devices, clouds and networks. The mandate to both protect and enable the proper use of information by customers, partners and employees in a globally distributed enterprise, in the cloud, on mobile devices the user owns is frankly, overwhelming. Firewalls, sandboxes, encryption and tokenization are critical controls, but they’re nowhere near enough.

Enter Varonis, who reports today, November 5, after the close. At the time of this writing, VRNS is down today about -8% in sympathy with FEYE because like FEYE, they share the same problems in that although their products work, there isn’t a direct compliance or governance requirement that an auditor would want to check a box for, so they lack clear budget, and their sales default to discretionary purchases.

We’ll get more specific on VRNS in the next post, look for it shortly as to decide whether or not the risk/reward probabilities are lining up.

-g

 

Comments »

Perhaps you’ve had a stock fall through a trap door on you recently. You’re eying your position with every ounce of loss aversion fallacy (nobel prize winner!) your lizard brain can muster. Your cost basis is substantially higher than where this POS is currently trading, so high in fact you’re considering doubling down, or –what the hell– going all in.

Howdy stranger, welcome to the Martingale.

A Martingale is any of a class of betting strategies that originated from and were popular in 18th century France. The simplest of these strategies was designed for a game in which the gambler wins his stake if a coin comes up heads and loses it if the coin comes up tails. The strategy had the gambler double his bet after every loss, so that the first win would recover all previous losses plus win a profit equal to the original stake.

Since a gambler with infinite wealth will eventually flip heads, the martingale betting strategy was seen as a sure thing by those who advocated it. Of course, none of the gamblers in fact possessed infinite wealth, and the exponential growth of the bets would eventually bankrupt “unlucky” gamblers who chose to use the martingale. It is therefore a good example of a Taleb Distribution – the gambler usually wins a small net reward, thus appearing to have a sound strategy. However, the gambler’s expected value does indeed remain zero (or less than zero) because the small probability that he will suffer a catastrophic loss exactly balances with his expected gain. (In a casino, the expected value is negative, due to the house’s edge.) The likelihood of catastrophic loss may not even be very small. The bet size rises exponentially. This, combined with the fact that strings of consecutive losses actually occur more often than common intuition suggests, can bankrupt a gambler quickly.

I did this once at Luxor in my early 20’s. The dealer took me from the $5 minimum bet to the $5k limit twice in less than two hours. Fortunately, I got lucky on both $5k hands. The soldiers-on-leave, sitting at our table loved the drama, and bought us rounds of drinks. My wife looked on in disgust, realizing she’d married the village idiot. My long-time buddy who we were vacationing with at the time, thought it hilarious. (Pretty sure he was disappointed I didn’t bust and that my wife didn’t ask for a divorce. BTW, this same rat bastard bet red –and won against a string of 13 roulette blacks that I had bet against– while I was at the ATM, pleading with it for more cash. Good thing he’s fast, or I’d just be getting out on parole about now. Never liked that guy.)

A fellow by the name of Edwardo Thorp is likely one of the primary reasons math & physics majors are in such demand on wall street, and why their computers algorithms now drive world markets.

Look pilgrim, I’m not going to tell you not to double down.

I am going to tell you to read this before you do.

 

More reads:

The paper that will keep you from blowing yourself up.

Taleb distribution

-g

Comments »

There’s no easy answers for longs right now. FEYE stock has bounced $.60 off the $24.4 AH (all-time) low, but the next few sessions will be important ones to watch.

A short term bounce is possible but unlikely to last. Their growth rates are coming down and for the current shareholder base, that’s the most important thing. (Their burn rate is so high, P/E conversations are not worth discussing.)

Where’s the bottom? Firewall competitor Fortinet (FTNT), which recently blew up for the same reasons, currently sports a 6x multiple, but they have a much broader and compliance-mandated product offering. 6x sales would see FEYE hit $22.5. Personally, I don’t think we’ve seen the lows yet, but feet to the fire, dip buyers should start looking for signs of a bottom and begin accumulating somewhere between here and $20.

As for being acquired, who knows. At any point the board could switch gears and agree to sell, which puts 8-10x sales back on the table as a “technology acquisition”. (10x-ish is the high-end M&A comparable that Cisco used for Sourcefire.) Rumor has it they got a $70 offer from MSFT last quarter, but who knows if its true. I think $45 is more realistic. They’ve likely had a number of interested parties poking around, but that fateful secondary from 2014 at much, much higher prices probably hamstrung their ability to say yes. That, and perhaps hubris.

If you’re in FEYE for the long haul, keep an eye on endpoint traction. I haven’t seen the transcript of the con call yet, but that’s the make-or-break product going forward. If they’re able to displace large AV deployments, then they’ll have a top 2 compliance-mandated security budget line item, combined with the rest of their offerings, that should equate to an unassailable position within the enterprise. Remember, DeWalt comes from McAfee, he knows the AV space and founder Ashar Aziz was rumored to have been personally leading the development group to rebuild the clunky Mandiant client. (But as recently as July or so they were still looking to hire a product manager. If you understand the product development cycle, that’s a yellow card, as that’s in reverse order of how things normally go.)

The other thing to watch for is a shareholder revolt, perhaps demanding Kevin Mandia replace Dave DeWalt at CEO. How the stock responds to that little bit of fun, should it occur, will yield the clues you’re looking for.

Good luck!

Comments »

[12/18 Update: the stock did end up revisiting the $120 level, where I was able to re-establish a short. I’ve closed this out today and done a 180. (Selling puts to go long.) Disney is a crowded short and the thesis depends on acceleration of skinny bundling and continued cord cutting. Apple’s TV delay suggests acceleration is unlikely in the near term. Meanwhile, being short DIS throughout most of the summer and fall, it’s clear that Disney has a long road ahead where it can drive positive-sentiment catalysts, one right after the next. There will always be a next-movie driving retail excitement into the stock. Although BTIG’s timing is bush league, it’s not that I completely disagree with their short thesis – other than acceleration of skinny bundling and cord cutting are *not* certain, and “the Force” i.e. investor psychology (sentiment) is very strong with $DIS and the high quality of their content (in an era where content *is* king) likely puts a $90-95 floor under the stock. >$120 and it might be worth taking profits, but I like the r/r selling puts down to $100, and wouldn’t be surprised if this is hovering around $110-115 again next week.]

 

With three little boys, living in Southern California, Disney makes up a big part of my life. I’ve got a DVR and two iPads 98% full of Marvel, Pixar and Star Wars movies and apps, closets full of Cars, Iron Man and Avengers clothes, and toy boxes full of light sabers, toy cars and action figures.

Shorting Disney into its last earnings report was one of my best risk/reward trades for 2015.

Sentiment and valuation had gotten a bit one-sided. Investor sentiment was high due to profits from the hit Avengers sequel and looking towards both the upcoming Star Wars movie and Chinese theme park opening in 2016. Surprise, turns out Disney gets most of its highest-margin revenue from captive cable subscribers who are forced to pay $6 monthly for a channel that perhaps as much as 80% of us don’t tune into –even once a month– and only 20% of us are willing to pay for on an unbundled basis.

Disney reports this Thursday. It was down as much as 4% today thanks to HBO reminding everyone that the kids these days are getting more of their viewing entertainment from their iPhones, YouTubes and Netflixes, and would prefer not to pay $150 per month for reruns, 20 yr old movies and house flipping reality tv.

“Is this going to be a problem Bob?” asked the Disney faithful, when the shocking news hit last August.

“Not to worry. We’ve got our fingers on the streaming button. And, best of all, Star Wars. Marvel.” said mouse chief Iger back in August.

“Excellent!” said his investors, as they drove the stock back towards its pre-earnings high over the course of October.

I’m sorry, I see there’s a hand up over there in the back corner. Yes, you have a question?

What happens to all of Disney’s captive ESPN revenues and profits if they really get serious about streaming, and the clauses in their cable contracts kick in, allowing ESPN and the Disney channel to be de-bundled?

Why did they negotiate a termination clause in their streaming deal with Dish allowing them to pull out if a.)SlingTV gained 2M subs OR if b.) Disney lost 3M Nielsen households?

Good questions. Well, as all of Disney cable & networks revenue represents 44% of total DIS revenues, and 54% total operating income for the last trailing twelve months, and given –when compared to high-capex businesses like parks and movies– that ESPN is, by far, their most profitable revenue stream, they’re pretty screwed. If cord cutting continues on trend, we could see $80 in a year. If skinny bundling picks up steam, which is exactly what will happen if Disney does anything beyond talk about streaming, then perhaps $60.

For this Thursday earnings, shorts should consider hedging. Iger and team have had time to pretty up the story and it wouldn’t be a surprise to see the stock pop if they have any good news to sway sentiment on the cord cutting issue.

I had been planning to get short had the stock continued its ramp towards $120 prior to ER, but for now, I’m on the sidelines, hoping for higher levels. I think we’ll get it, The Force is too strong with them this close to the release. However, the probabilities favor a long term decline. Even though I, and millions of other parents will be taking our kids to both The Good Dinosaur and Star Wars 7, in the grand scheme, it won’t really matter given how outsized and important ESPN and cable are to Disney’s valuation.

(But the trapdoor will open if either movie –particularly Star Wars– isn’t a massive hit…)

Risk is high.

 

-g

 

 

Comments »

In cyber security, where I spent the better part of two decades, you discover quickly that there’s a lot going on in dynamic, complex systems. Security teams easily get buried under reams of seemingly uncorrelated data. Locating “the right needle” in a haystack of needles requires serious tuning (signal-in/noise-out) to focus on what really matters.

This is easy-to-say and hard-to-do, but without risk-based prioritization leading the way, then the controls, monitoring and incident response –your whole risk management effort–is a hot mess.

“Risk-based” means, step 1 figure out the data, machines and people that matter most; Step 2 decide out of everything that’s possible, what are your highest probability, most-likely risks? Step 3 focus your scarce resources on the high-impact efforts that mitigate the most-probable, most-costly risks.

A lot of this process translates well to trading financial markets. (Having the discipline to follow the process, well, that’s a story for another time. Risk management posts are on the way.)

I have a long history with most of the publicly traded cyber security stocks having worked with, for and against nearly all of them in one way or another. Since becoming a trader, I’ve tried to build on what I know as a basis for going long and short–repeatedly–over the last two years.

I have no positions in any cyber stocks at this time as most of them are in my “too hard” pile. FTNT blew up recently because analysts keyed in on on a slowing forward growth rate, and management had, frankly, a pretty lousy conference call. QLYS had a crazy night last night because of a slowing forward growth rate. I haven’t read the transcript yet, but I know competition (with Rapid7 and others) is taking a toll. Nearly all of the cyber stocks are trading at steep valuations because of their growth rates. If those growth rates are now declining, logic dictates that growth investors will sell and the stocks will fall until the valuations become interesting to the value guys. At their current price to sales ratios, that could be a pretty steep fall for some of these companies. PANW –who is an amazing company and probably the best name I can point to in the space– is trading at a mind-blowing 15x sales. Even after getting cut in half the last 90 days, FEYE still trades at a 8x sales multiple.

Speaking of FEYE, they report this Wednesday, November 4. I have a long and mostly successful history trading this stock both long and short.

Based on the who they are, what they do, how they’ve gone to market, buyer behavior, psychology, competition, etc…the risk/reward for FireEye –even after this decline– has me spooked. Channel partners are, for the first time, missing their quotas. There’s been a lot of employee turnover this year, putting the whole services pivot into question. They’re not making great progress on their cyber insurance initiatives.

Perhaps worst of all, FEYE lacks the same compliance-mandated buying drivers that Firewall and AV –the top 2 security budget line items — have. This is frustrating for FEYE, because even though AV & FW clearly have shortcomings in catching never-seen-before threats, if companies want to continue processing credit cards or be compliant protecting their patients’ private health information, well, that 25-year old auditor has to check the box that FireEye’s competitors are installed. This is a screwy feature of the cyber space, compliance drives the security budget. Unfortunately for FEYE, there’s really no compliance check box that requires sandboxing technology. Every purchase is a discretionary purchase, the hardest of all for salespeople to close. Unless your hair is on fire from a recent breach. Then, you buy whatever Mandiant tells you to buy in order to make the pain go away. (You see how that works?) It’s great to be the sales guy picking up the red phone when the breach happens, but that model is vulnerable to lumpy results, and that’s not the way Wall Street likes it. As their quarterly numbers get bigger and bigger, the risk grows that these nice-to-have but not mandatory discretionary purchases will lead to a miss. Then the trapdoor opens and FEYE investors could be looking at a -30% or more drawdown.

Although FEYE is trying to replace McAfee (Dave DeWalt sold McAfee to Intel) and Symantec AV deployments with their endpoint solution, it’s still early days and there are dozens of endpoint companies out there trying to do the same. I won’t go into all their managed services and pro-services offerings, but employee turnover and unclear SLA’s have not helped customer satisfaction. That said, FEYE has amazing sandboxing technology. Too bad that everyone from PANW to FTNT and CSCO now have their own me-too sandbox tools, that they’re, um, giving away as a feature of their firewall platform. This ends up confusing the marketplace, and if buyers can’t tell the difference, asymmetric information markets theory (nobel prize winner!) tells us they’re going to buy what ever is cheaper.

And then there’s the newly appointed FEYE CFO. Will he kitchen-sink 3Q and reset forward expectations as most new CFO’s are want to do? Or did they win a massive government contract and will that will save the day?

My point is if you’re long FEYE, at this heady 8x sales valuation and with -50% earnings (they spend $1.5 on every $1 of revenue for sales, marketing & R&D)- you want (you need) a triple play, which is a beat on earnings, revenue and a forward guidance raise. With what I’ve listed above, does that seem likely to you? If it does, stay long. If you’re short, you better hope that the quarter was bad, and that the rumor of a big DHS contract is just a rumor. Along with the constant rumors of an imminent M&A takeout (IMHO, highly probably over the next year)…because this stock has come down a long way in a short time.

I get that this is maddening. That’s my point. As an investor, I want to wait until most of the probabilities are lining up in my favor. Right now, for FEYE –and many stocks–it’s tough to say that’s the case. Ergo, the “too hard” pile. Good luck to you, whichever way you lean.

 

Remember, if it was easy, then no one would make money.

Comments »

“The most important thing is to keep the most important thing the most important thing.” – D. Coduto

The most important things to me as an equity investor are future earnings, valuations and what might change them.

S&P500 earnings are split 50/50 between domestic and international:

• The Emerging Markets have not been having a good couple of years, growth is in decline, as is direct foreign investment (at least until recently) and currency reserves. One of the reasons the market may have celebrated Halloween early this year in August and September are that ~33% of S&P500 profits come from Emerging Markets, specifically the BRIC. (More on the EM in an upcoming post.)
• USD strength continues its climb relative to other currencies. A stronger USD hurts US export profits.
• Wage inflation is still low, but the more the job market continues to tighten, the greater the probability wage increases are on their way. The more labor costs increase, the lower profits go.

Over the last two months, analysts have been dropping their future earnings projections like they were Canadian pharmaceutical distributors. Currently, S&P 500 total estimates for 2015 are roughly $118-120 and 2016 are projected at $118-$130. Within that range, the S&P500 forward multiple is 16.8-17.8. That’s not the most historically expensive stocks have ever been, but its close. The more expensive it is now, the theory goes, the smaller the return will be going forward. In terms of what might negatively impact valuations, here’s a small list:

• Interest rates have been going in one direction for over a decade, but now the biggest and most important economy, the US, wants to go a different direction and raise rates. With the USD as reserve currency, and EM having borrowed (a lot) in USD since the financial crisis of 2008, this is a big deal.
• The Central Banks of the world have been engaged in what’s known as Quantitative Easing (QE) monetary policy. Europe and Japan have been trying to pick up the slack since the US exited its QE program one year ago. Since exiting, the S&P 500 is flat.
• Commodity prices have fallen radically, including grains, iron, copper, precious metals and of course, oil, coal and natural gas. Consumers pay at the pump, and a big chunk of the money gets collected –and put to work in the form of loans and investments– by the petro-state Sovereign Wealth Funds. Going down the list of the world’s largest SWF is a who’s-who of the world’s oil, gas and coal exporters, and with commodity pricing in the tank, (well beneath where they need it to be for their own domestic spending programs) they’re selling and making withdrawals at a rapid rate. SWF redemptions were a big deal for hedge funds and the big asset managers (ie Blackrock) in 3Q.

The list goes on…Debt levels, leverage, contagion, war, social upheaval, the fossil-based economy the world has followed for 150 years getting turned on its head by new climate regulations. Some of these are tougher to track, but make no mistake there’s a lot on the radar of your average money manager.

I mentioned yesterday Tepper has pulled in his bullish horns. He’s done this before, but he’s now being joined by a rather large number of super-investors like Ray Dalio, Stan Druckenmiller, etc… Its not hard to see why. We’re trading on the richer side of valuations, profit estimates are falling and the number of concerns that valuations might come down (rapidly) are growing.

Tepper likes to say, “There are times to make money and times not to lose money.” I agree. I also think the markets have a tendency to frustrate the maximum number of participants. Hedge funds and speculators were net short through the entire ramp in October. They are only now showing signs of capitulating shorts and going long. With the market up again today, indicators are starting to flash that we’re short-term overbought, but it wouldn’t surprise me if the squeeze continued for a bit further.

Be cautious.

I’m going to be experimenting with the blog a bit. You already have the genius of Fly’s realtime commentary, so even were it possible, (its not) I don’t see much value in trying to duplicate him. These longish posts take a bit of time to craft, so hopefully you’ll be ok with a slower production rate.

-g

Comments »

At the Ira Sohn conference in May of 2010, David Tepper bounded up on stage to give his now-legendary presentation to go long beaten down financials. He began with an anecdote from 19th century New York:

“In 1898, the first international urban-planning conference convened in New York,” he said. “It was abandoned after three days because none of the delegates could see any solution to the growing crisis caused by urban horses and their output. In the Times of London, one reporter estimated that in 50 years, every street in London would be buried under nine feet of manure.”

At the time, the looming threat that the world’s premier cities would drown under a tidal wave of horse manure seemed pre-destined. Historians estimate as many as 220,000 horses in New York City alone produced a total of 24,000 tons of excrement per week.

Substitute carbon for horse$h!t, and you have a sense for what the modern urban planning delegates are worried about. Greenland and the Antarctic are melting. Sea levels are rising. Climate Central estimates 147-216 million people are at risk and the most populated countries including China, Vietnam, Japan, India, Bangladesh and Indonesia top the most-impacted list.

COP21 is 2015’s version of the 1898 urban-planning conference. It will be held in Paris this December. You can read a bit about it here and here: Fossil fuel companies risk plague of ‘asbestos’ lawsuits as tide turns on climate change – Telegraph

There’s a lot in there, but investors in fossil fuel-related investments should focus on this: “Although contours are still unclear, Paris is likely to sketch a way towards zero net emissions later this century. It implies that most fossil fuel reserves booked by major oil, gas and coal companies can never be burned.”

The impacts of this statement are potentially so great, it’s hard to take it seriously. It’s like someone telling the 1898 version of you that modern sewers, trash collection and yes, the gasoline-powered automobile would save the day and all the horses around you and the countless piles of doo would be disappearing in just a few years.

But let’s imagine for a moment that COP21 might be real. The first derivative impact of can never be burned: all oil, coal and natural gas companies, their lenders and supply chains are immediately (or mostly) bankrupt.  (Market valuations, debt loads, credit risk, cost of capital, future revenue/profit projections can all trace their way back to discovered reserves…)

It’s the second derivative impacts where the real disruption might occur. Where does the cost of energy and carbon go, and how will it impact the economy?  What do the transports do, including trucking, railroads (most car volumes are coal/oil) and airlines? What happens to e-commerce if the cost of shipping changes? How are Utilities, Industrials and Consumer Discretionary impacted? What does a move away from fossil do to government budgets as tax revenues radically change?

In his presentation, Tepper’s point was that many of the popular fears of 2010 –hyperinflation, depression, bankruptcy– were improbable. His belief was that markets adapt and that most of what they worried about was never going to occur because the world is just too complex and dynamic a system to accurately predict. History has proven Tepper correct, markets and people do adapt. This first blog touches on just one major change that you and I are potentially about to live through, but it isn’t the only one. In future posts, I’m going to try to make my thinking process public in terms of how one might invest in an environment where even the solutions being proposed have the potential to reset a great deal of what we take for granted.

And as you know, Tepper has reigned in his bullish horns recently. More on that shortly.

My immediate takeaway: still wouldn’t buy energy here…

 

Comments »