Zscaler Looks Like Another Cybersecurity Winner

Originally posted Apr 8, 2023. Updated Sep 4, 2025.

The cybersecurity space is an attractive one, with excellent growth prospects and highly "sticky" products and services. As the number and complexity of cyber-attacks continues to increase year-after-year, businesses must adapt to protect their customers as well as their internal systems and data.

Zscaler (ZS) is another attractive Green Screen name in this space. Let's take a deeper look and see if this is one to buy right now.

One "Sassy" Company

Zscalar is a "security-as-a-service" company, who's primary offering is access to their cloud security platform called SASE (secure access service edge, or "Sassy").

Traditional organizational network security revolves around the "walled castle" model. The castle is the company or organization's intranet - the "company network". All important network assets live in here: applications, data, etc. Surrounding it (the "wall") is the company's tightly controlled, network firewall-based security perimeter. To get inside, an employee, vendor, or customer has to be granted access via an on-network computing device, or by using a VPN.

This offers reliable protection, but the mobile device revolution and proliferation of software-as-a-service (SaaS) tools over the last 2 decades has blown up the model. SaaS software like Workday or Salesforce is often hosted by the vendor and cannot be brought in-network. VPNs are a clunky solution (especially for mobile), and employees tend to prefer to use their own devices. A new security paradigm is required.

This is what Zscaler's SASE platform is designed for. It sits between end-user devices like smartphones or laptops and corporate assets like SaaS instances (Zscaler Internet Access or ZIA) and even internal applications and networks (Zscalar Private Access or ZPA, a VPN alternative). Externally exposed network routes are sent through Zscaler's Zero Trust Exchange, which is essentially a proxy to enforce protections like access control, URL blocking, virus protection, file type controls, etc., before allowing access to the target asset. See the diagram below:

This model has a lot of advantages over traditional security models. Obviously, it solves the key problem of needing a security layer to access SaaS applications. It also allows continuous and immediate updating. The company applies thousands of security updates daily, transparently and immediately to all of its nearly 9,500 customers. The immense amount of traffic (500 billion requests daily!) sent through Zero Trust Exchange allows sophisticated AI/ML modeling to quickly identify threats and immediately block them for everyone.

Zscaler's Revenue Model and Growth Opportunity

Zscaler makes money by charging companies subscriptions to its platforms. There are various subscription tiers, offering gradually more security features for higher prices. Pricing is primarily on a per-user, per-year basis.

You know I love subscription revenues as they are fully recurring. Once customers sign up, they pay Zscaler year after year until they cancel. Generally, clients pay more year-to-year as their user base expands and they require more security features (not to mention modest price hikes that Zscaler may enact). The firm's net revenue retention rate is over 115%, meaning that not only don't customers leave, but they spend on average 15% more year-to-year on subscriptions.

Zscaler has delivered some pretty impressive top line growth. Its 3 year compound annual growth rate (CAGR) is a spicy 35%. For fiscal 2025 (ending in July), growth came in at 23%. Analysts expect continued 20%+ growth for the next several years.

Looking at the big picture, there still looks to be a lot of runway for a firm generating $2.7 billion in sales at present. Only about 45% of Fortune 500 companies use Zscaler, and 40% of the Global 2000. Its current customer roster of 9,500 is less than half of the estimated 25,000 firms with more than 2,000 employees that the company considers potential customers. SASE networks have become very popular, with the adoption rate growing from 25% in 2023 to over 65% in 2025 amongst large companies. This creates a built-in base for continued internal growth.

It is a big opportunity that management estimates could be worth $96 billion dollars. If that is accurate, Zscaler has currently only penetrated about 4% of its opportunity. That leaves a lot of space for continued 20%+ annual growth for many years to come. The growth outlook is very strong and supportable here.

A Look At The Moat

As any consistent readers of this site know, enterprise software enjoys one very prominent moat factor: HIGH SWITCHING COSTS. It is expensive in both time and money for large companies to put an enterprise-spanning solution like Zscaler in place, and once it is being used successfully, switching vendors is highly unlikely for a long period of time. This gives us strong confidence that a recurring revenue firm like Zscaler will not rapidly lose a lot of its sales in a short period of time.

Certainly, Zscaler isn't losing many customers. As we mentioned before, its 115% dollar-based net retention rate points to the opposite - keeping and growing business with its existing clients. Its gross retention rate of over 95% is super-impressive in the overall SaaS world.

As for winning new business, Zscaler has all of the cards right now. It carries a Net Promotor Score (a ratio of satisfied to unsatisfied customers) of 70-80 - compare that to the SaaS average of just 30! In the Security Service Edge space, Zscaler is unrivaled, winning Gartner's coveted "Leader" title for 13 straight years. For the segment of cybersecurity it deals in, the company is far and away the #1 choice.

That's not to say there isn't competition, or that it won't get stronger. SASE offerings are hitting the market from many of the traditional software (Microsoft), networking (Cloudflare, Cisco), and security vendors (Symantec, Palo Alto, Check Point, Fortinet, etc.). But those firms will have a tough time dislodging the clients Zscaler has already captured with its early mover status and focused product offerings.

Management and Financials

This one hits the mark on management. Jay Chaudhry is the CEO and Chairman. He founded Zscaler in 2008 after an already-impressive business career that included founding AirDefense, CipherTrust, CoreHarbor, and SecureIT (all of them acquired by larger firms). With 17% ownership of the company, Chaudhry's stake is worth over $7 billion!

Under Chaudhry, Zscaler has thrived. We've talked already about its explosive growth over the past 5+ years. More impressively, it has generated that growth almost totally organically, while producing positive free cash flow (30% FCF margins), and strong cash returns on invested capital (over 50%). Of course, the stock price hasn't suffered either, beating the market by 6x since going public in 2018.

Employees back Chaudhry almost unanimously, with an impressive 97% rating on GlassDoor. It is extremely rare to see such widespread support for leadership.

Risks

Cybersecurity firms are always exposed to the risk of a major, high-profile breach that can destroy trust with their customer base - just ask FireEye how damaging this can be! Zscaler is no exception. A widespread failure could cause many clients to consider moving their security trust elsewhere.

Like many growth stocks, a successful investment in Zscaler is going to require continued rapid growth. If Zscaler cannot keep growing at a rapid rate, the current fair value estimate will prove to be too high and investors may lose money.

Another reasonable concern is CEO Chaudhry's age. At 67, he is nearing the point where many CEO founders consider retirement, or at least stepping down a bit. As a founder and major shareholder, his leadership is a key part of the investment thesis.

Conclusion

Zscaler has performed well for us, appreciating almost 200% in just over 2 years. It continues to have all the hallmarks we look for in a "green dot" stock: strong and sustainable revenue growth, recurring revenues, good economic moat protection, proven and reliable leadership, and an attractive financial model.

That said, the stock's strong performance has out-run its underlying fundamental metrics, to the point where it looks a bit overvalued right now. A conservative fair value estimate puts its intrinsic value at about $194 per share, vs. a stock price over $270 at present. Given that, the stock will remain on the Hold List until and unless we get some better pricing on it. If you own it, hold it. If not, watch it.