The TL Podcast with Check Point’s Gil Shwed: Faster growth is our biggest challenge

Gil Shwed, legendary founder of cyber-security firm Check Point Software Technologies, and CEO for over thirty years, talks about why he’s passing the baton to a new leader in December, the challenges ahead for cyber-security, and his belief that  Check Point’s growth can ultimately accelerate.

Note: The Technology Letter Podcast is available as a separate sign-up on Apple Podcasts. Click here to go right to the channel. There is an additional fee, however, as Apple does not make it possible to offer a discount coupon/code: 99 cents per month, or $9.99 per year.

Gil Shwed co-founded Check Point Software Technologies thirty-one years ago based on his unique understanding of how to engineer the technology of firewalls as a robust defense in a networked age. As he turns over the baton in December to Nadav Zafrir, a career venture capitalist, entrepreneur and manager, Shwed plans to return to his roots, reflecting deeply on today’s landscape of threats to develop the next technologies that are needed.

In a wide-ranging video edition of the podcast, Shwed reflects on how he will spend his time as Check Point’s executive chairman, the challenges to Check Point’s growth, the role of artificial intelligence in cyber-security, and the continued waves of consolidation in the industry. Below is the full transcript of the podcast.

TRANSCRIPT

Tiernan Ray: Gil Shwed has been running Check Point Software Technologies, and founded it over thirty years ago. Gil, you are probably the longest-running, to my mind, tech CEO in the sense of a CEO who is deeply embedded in the technology — you created the firewall technology decades ago — and have also been managing this company, a highly successful company, for decades. So, congratulations, it's an honor and a pleasure to have you talking with me today.

Gil Shwed: Thank you very much. Pleasure being here.

TR: Let's address the most interesting thing, first of all, which is that you are soon leaving the building, so to speak. You're not really, I guess; you're going to be taking on the role of executive chairman, and you're passing the baton to a gentleman that you have selected to take over Check Point from you as CEO in December. Tell us a little bit about how you chose your successor, and why now.

GS: So, I think, first, I've been asked this question, When are you going to leave or retire?, for the past, probably, 28 years since Check Point became public — everybody's asking me that question, Why don't you retire? So, I'm not retiring now. I'm continuing to a new role. I hope that I'll be able to focus more on strategic, on technology, on things that I didn't have enough time to deal with in the last few years. The job of a CEO is, you know, ten or twenty meetings every day, handling a lot of different subjects. It's very interesting, it's very engaging, but you get very little time to think about the future of cyber, about the future of technology, about the needs of the future of the customers.

And you spend a lot of time taking care of today, next quarter, maybe next year. So, I think, for me, it's a good time to, kind of, think about the future. I was able, it took me some time to find the perfect candidate, and Nadav is going to join us as the new CEO. He is an amazing guy, he's visionary, he is very well-respected in the cyber industry. He spent the last ten years building startups, and knowing almost everyone in our industry.

TR: Nadav Zafrir is his name? And, I think of him as a venture capitalist who funds, backs, companies. Is that correct, Gil?

GS: The last ten years, he built a venture capital firm, but they have a slightly different model, which is more of incubating companies. So, his model, for example is, they built an amazing network of CSOs [chief security officers], of executives in the industry. And every new idea, Nadav doesn't just fall in love with the founders or the technologies, or the idea, he is actually spending a lot of time with the customers, understanding what they need, and how to find the right matches.

And he’s been very involved in building many companies, and, therefore, I think, is not going to be just a good leader and a good executive, but a good innovator, which will drive Check Point to even more innovation than we've done before.

TR: And this is unusual for someone. Usually, they go out of industry into this anointed position as the king-maker in venture capital. He's going into an operational role to run a very well-established, substantial company with substantial infrastructure and headcount. What's your sense that he's the right person to make that transition?

GS: He did run very large organizations in the past. Knowing him, and meeting him a lot in the last few years, I sensed that he is looking to go back to an operational model in his startups. He tried several times — not tried, helped many companies in running the company. So, I sense that he has this passion to not just, you know, support and fund very successful entrepreneurs, but actually do it on his own. And that's why I think it's the right match. He does have an experience running very large organizations from many years back. So, I think he's going to do a great job so far. We are in the honeymoon phase, and we think it's going to work.

TR: Do you have a sense, as executive chairman, how you expect to interface with the decisions he needs to make? Are you going going to mentor him in those choices or are you going to take a hands-off, sort of, you know, go over here and work just on the technology, and let him have free reign? How do you see that happening?

GS: It's a good question, which, I don't know the answer. I'm not looking to running the company on a daily basis because that's what I've been doing, and that's what I think I need to do differently. I've been able to come in — on one hand, I'm doing the same job for the last thirty-one years. On the other hand, I think I did reinvent myself several times during that time. You know, being a CEO of a three company, people that we were when we started Check Point, and we stayed like that for two or three years, is a very different job than running a hundred-people company, a thousand-people company, three thousand, or almost seven thousand, like we are today.

I do think I, kind of, reinvented myself in that process. And, for me, it's an interesting challenge at this time of my life to reinvent myself again. I think it's going to be a challenge. I don't know where I'm going to, and what I'm stepping into, and what's going to be my daily routine, and so on. But I've done it several times, I'm not afraid of that. The entrepreneur at heart, that's what I want to do, is, kind of, reinvent myself again. And, it's nice to go back to your roots, and focus on the technology, and have the time to concentrate on that.

TR: I'm curious to know what things you will devote your intellect to. Because from out here, the way a non-insider sees the industry, Gil, is, there's talk of fatigue across the industry, right? There's talk of a need for platformization, which I think you've spoken to as well. Too many vendors, too many technologies.

There's constant, sort of, on Wall Street, guessing about who's going to lead in SASE, is the latest thing that people are focused on. And there's also this whole new phenomenon of, you could take it any way you want, of generative artificial intelligence, and, more broadly, AI and what seemed to be entirely new threat vectors, right? Especially as enterprise adopts this stuff. And, so, it may be that none of those are the most interesting to you, but those are the things that, you know, we, out here, wonder about. Give us a vision for what's going on with those many things.

GS: So, first, you're absolutely right, and you hit on, I think, almost all the relevant points for the future of our industry — and, by the way, things that we, Check Point, do for many years. I think we are pushing the idea of a platform and architecture for the last six or seven years. We call it Infinity. It's our platform. And I think it's extremely important, and I do have a lot of ideas and opinions about how to make it. And I do think that we have today the best platform, but I think still it will take a long time before every customer adopts it or until we make it right.

I think generative AI is going to make a huge revolution. I think the general trends that are relevant of consolidation, and I also think about collaboration between different security technologies, are super important for getting better security. And take all these ideas, which I think I've dealt with in the last few years. I think I will have much more time to understand, to make them real than I had before. Steve Jobs, I think, once said that many executives think that if you come up with the right idea, and you tell it to your people, and you have good people, you've done ninety percent of the job. And the reality is that it's actually the opposite. That's maybe ten percent of the job. Taking an idea even for a good technology, and making it really work, understanding all the details, the limitations, the customer experience, what technology can or cannot do, and so on, and understanding all the needs or bits of making the perfect product, is a lot of work.

And maybe that's going to be part of what I'm going to do in the next few years, is, getting into a few different areas like that. Like, what can we do with AI, or how do we make collaboration between product really work? These are all parts of building the future platform. Maybe I'm going to have more time listening to customers.

For example, today if I deal with a customer, I, immediately, my job is not to give the feedback to somebody else, and pick a few things that I can do with the future, but take care of everything, make sure that the customer gets whatever they need and that we handle it top-down. Maybe, if I’m given more time, and I can pass the feedback to somebody else that needs to take care of the customer, but I can take the right ideas from the customer and develop the future platform, we will have more time to develop the future platform.

TR: Probably a balance of both. If you had to guess, Gil, would you say that the arms race between, let's say, AI threat vectors, and what AI can do for the security operations, that one of them will be, sort of, more dominant in the near term? Do you think we're going to be overwhelmed by automation of threat vectors before the flywheel of AI makes the technology much more astute or capable?

GS: I hope that we will have the upper hand so the ones that are, of course, defending will have the upper hand. And I think we will because I think if you look at our industry, there is a huge — I mean, on one hand, yes, AI makes building a cyber-attack much easier for the attackers, and they can, like everything that AI does, it can be faster for people that have less skills and, and a higher quality at least for these people, not necessarily for the super-sophisticated attackers. The defenders, by the way, can use AI not just to spot these simple attacks, but actually to spot the most sophisticated attacks.

And I think here there is a huge shortage of people. If you think about the job of a security administrator, their job is to analyze unbelievable amounts of information. It's a daily job of, you know, every day, you get many alerts, and you need to understand which alerts are ongoing, and you don't have to deal with them, which alerts is something you need to do something with it, and which alerts are the next big attack, and that you really need to work on. No human being can do it.

I want to be very honest: we don't have the capacity to analyze so much information. We don't have the capacity to do it 24/7. We don't have the patience to do it, and to keep the process in a constant way. And here AI can do an amazing job.

TR: Yeah, so, you need automation. Everyone needs automation in some form, right?

GS: Yeah, it's not just automation. It's really taking processes that AI is generally good at that, which is replacing human beings, and making the human beings do what we are better at, and automating our judgment process. Again, it's not going to be a hundred percent, it's not going to solve all the issues but it can take, I think, a huge percentage of the work that security administrator do and even more of the job that they can't do because they don't have the time or the mind shift to process so much data.

We really don't have — as human beings, we're very limited in our data capacity. We're super-sophisticated in our ability to spot things that are unusual. We're super-sophisticated in our judgment, and the instincts that we have, but our ability to process data is very, very limited. You know, we have a hard time remembering ten digits. Look at the cyber attacks that have hundreds of thousands of packets that you need to look into. And the computer can do that, and the AI can not just look at the amount of data, AI can also pass better judgment than we can on the data. So, I think that AI is going to help us a lot in becoming better defenders. And that's, I would imagine, perhaps could be even a multi-decade process of bringing that kinds of technology to bear. It's not going to be a short process.

TR: Is there one thing that you would say, competitively, Gil, for Check Point, gives you an edge or would give Check Point an advantage versus the other contenders out there to do some of this as well — Zscaler and Palo Alto and CrowdStrike, and all of these folks who also are going to look to some forms of processes automation, right, to deal with wherever they are in the security landscape?

GS: First. I'm sure it's going to be competitive; there's no doubt about that. And AI is not a secret. Everybody is looking at it. But I hope that we are going to be faster, nimbler in doing that. I do think that our platform, what we have in our platform, is a much better base for doing that. I think our focus on collaboration between our technologies and products is better. And again, each vendor is different. I mean, Zscaler are an amazing vendor, but I think their capabilities are very limited, in a more focused, narrow area. And again, they're doing great there but I don't think that they have everything.

Palo Alto have a very broad set of technologies and products, but I think they're much less integrated than we are. And I do think that our focus on providing, really, the best security combined with that motivation, and the skill we are developing in AI, are going to make us provide the best technologies in AI.

TR: You're continuing to acquire, and you announced, I think, last month, Cyberint, is something that is, I assume, a privately held company, as terms were not disclosed for the acquisition. What is important about Cyberint, and why now?

GS: I think Cyberint actually matches our strategy in different dimensions. And one dimension, I think, it shows the companies many of our vulnerabilities. It's found things on the dark Web, if a user account has been compromised. It shows you vulnerabilities in your servers on your network. And that's very, very important because we all know it exists, but until somebody shows us, and see that's the back door that you should close, we don't close it because we don’t know it's there, it's not tangible.

So, I think Cyberint makes it much more tangible, and that way can elevate the level of security. Of course, our focus is to take it and automate it so it's not just we are showing you the vulnerabilities, but I'm talking about collaborative security. We will identify a security threat, and hopefully trigger the fix to that. So, if we see that the user credentials have been exposed, we will force the user to change credentials immediately, and not just, you know, send an alert that may be overlooked.

That's a simple one. Of course there's many more, many more of that. So that's one vector of exposure for the security, and letting our customers do a better job. Second is providing much broader set of services to our customers, and I think customers needs that, and they want that. And I think it's going also and addressing, taking all the technologies that we have, and bringing them to the SOC, to the security operations centers, that will have better tools to do their jobs.

So, I think it addresses our need for more services, better proactive security, more collaborative security, and demonstrating the value of everything we have, and turning it into prevention in a very good way. And even if we play one or two of these vectors, and not all three, I think we'll have an amazing offer for the future of cyber.

TR: And they're not development-stage, they already have product out in the market, Gil?

GS: They already have products, they have many customers. It's one of the things I'm looking at, is customer experience. There are competitors in that industry that have very broad architecture, but it takes weeks and months to implement there. In Cyberint, it's twenty minutes. You type your company name, and you can get an initial report, and I think that's very important. I think that customer experience is very, very important, and I think it's also to get to the scale. You know, some vendors will focus on small number of very large customers. My goal is to bring the best security technology to every customer, not just to the largest ones but also to the smallest one. And with Cyberint, we found the platform that does both. It's very rare, by the way. Many technologies that we look to acquire—

TR: It's enterprise or it's down-market, yeah…

GS: Yeah. Some are very down-market but don't have enterprise customers. Some are very high-end. It's hard to scale them and take them to hundreds of thousands. With Cyberint, we found something that you can show the value in twenty minutes on one end, and on the other end, they do have some very large customers that are very happy with what they get. It's a good combination.

TR: Did you say to yourself at any point, did you take a look at the technology, and say, Oh, yeah, we could build that ourselves, we could do that in-house from scratch?

GS: You know, that's always the case — that's, by the way, the biggest challenge for the software industry. If you look at other industries, you know, a car engine engineer doesn't think that they can build the tires or they can build the car seat. They understand, or they think that there specialties in one area. Software engineers, almost every software engineer, I think the good ones, think that they can solve every problem. And by the way, in many cases it's true. I mean, I built in my career user interfaces, and I built medical software, and I built software for the printing industry, and I built cyber-security software, and some of these things were within a year or two, not over twenty years. That's all before I started Check Point, even.

And so it's not incorrect. but, to some extent, it's somewhat incorrect because when you need to understand the problem, and the customer, and the market, you need to develop not just the engineering skills but also the deep understanding and experience with the customer, with the market, with the specific deployments, and so on. And this takes time. This is not just the engineering.

So, almost on every acquisition that we do, if I look at the cost of engineering, it's obviously easier to build it in-house, but the cost of, but the time to get the deep understanding of the customer, it takes much longer than we anticipate. By the way, many markets, before we acquire a company, we start an in-house development knowing that it has a low chance of success, but also knowing that once we get — after we start struggling with the challenges, if we evaluate the companies in the marketplace, we've invested, you know, a few man-years — not that I underestimated, few man-years of good people is a lot.

But let's say we invested two to five years, man-years, to understand the market deeply. And, now, when we analyze the hundred years that the startup invested in building the technology, we can much better understand if a technology is deep enough, strong enough than if we just come and see, you know, a screen and a demo and a few numbers.

TR: You've been through that process once you've done that.

GS: Yep.

TR: I want to ask you a little bit about investors and what they want. What I hear from folks is, right now, Street consensus estimate for the next few years for revenue and free cash flow growth is single-digit, and seems to be mid-single-digit. Is there a prospect, with your newly installed chief, that some of those numbers can come up, the growth rates can come up in coming years, do you think?

GS: I think, from a business perspective, that's our number one challenge. I mean, I've been saying it long ago. I do believe that we have much higher potential to grow in all dimensions, in broadening our technologies, and getting deeper with our existing customers in acquiring new customers. I think we have an amazing brand. Customers do know Check Point. They like Check Point. Many, many of the people that are not even our customers, when I meet with the chief security officers for companies, many of them said, You know, I have a very warm place in my heart for Check Point because I started my career twenty, twenty-five years ago, and I was a Check Point FireWall-1 system administrator. That's the most common one. And you know, meeting you as the guy who wrote it, it's kind of—

TR: It is like being at a Taylor Swift concert —

GS: Some people tell me that and, and yet we don't see enough of Check Point. So, when we see you now, we think that you have an amazing platform and amazing technology, so we want to see more of it. So, yes, absolutely, that's one of the biggest business challenges that we have in years to come, translating that technology, brand and expertise that we have into higher growth. And I think we can do it, and I think there's, as I said, there's no better person than Nadav  to lead that process because he developed not just an entrepreneurial spirit, but he has, he built an amazing network of people that he knows in the industry, and knows him, and I think will take it an extra step to make them closer to Check Point.

TR: How high is it fair to perhaps extrapolate? Is double-digit growth of some kind, on the top line, possible?

GS: That's our goal, yes. I mean, I hope we're going to get there, and I hope sooner rather than later, but that's the goal, yes.

TR: I've noticed consolidation continues to be a theme. There have been a lot of private equity takeouts in your marketplace of smaller companies. Do you think that's something that continues, and is that an important dynamic in the industry?

GS: I definitely think that will happen. I think the market has too many startups — not because they don't have good ideas. Many of them has amazing ideas, but there's too many of them that customers cannot absorb. Customers cannot even listen to all the pitches of all the different segments in cyber-security. I think, also, unfortunately, if you look from an investor perspective — and I do believe in the future of cyber-security, and so do investors — but that caused investors to pour so much money into the field that over the last decade there's been a full generation of, sort-of, companies, not just in cyber, but specifically in cyber, that have great technologies, a lot of good skills, too many for the market. And what they lost, is, they don't know how to turn it into profit. And that's a big challenge, and many of them are too big for the size of their business, which makes them lose money. And I think that will change because investors at the end do want to see these companies turn into high profits. That's why they invest in high valuations, and spend a lot of money, and I think that's a market correction that will happen.

And I see it in every company. Every company that I meet with now are saying, You know, our goal is to turn into profit. We don't know how to do it. Help us or teach us or give us some few tips in that.

TR: A part of the larger landscape of software having to get real about valuations in just the past two years, basically…

GS: Yep. But, again, it's not just about — it's living into the valuation. When you've been, you know — if somebody invested in you $2 million, and you turn into, you make a million-dollar profit, it can be a great — again, I'm going to the basics economy of investment — it can be a terrific investment if somebody invested in you a hundred million dollars and you will be able not to turn it into loss, but to turn it into a million or a $5 million profit. It's still a problem. It's still a very hard time to get a return to your investors.

And that's a true challenge that companies will need to face, and investor will need to face, getting the returns on that investment. In the process, we will see some acquisitions, and, by the way, some of the companies that will get acquired early, I think have a good chance of getting some, maybe not all their dreams, but they’re getting a good return on their investors. The last companies that will remain will have a much harder time.

TR: Yes, it's always that way. I wanted to transition just for a moment. Gil, are you able to tell me a little bit about any impact that there is of the war on the team? Because you're in Israel, you have a lot of team members, I expect, who have to do service in the army there. Is that, does that have an impact on day-to-day operations for you?

GS: First, it does have an impact on the morale. I think we all want the peace to return. We all want the war to end. It's not a great place to be in.

In terms of the daily operation, we operated very normally in Check Point. In the first month or two of the war, last October, November, there has been some percentage of people that drafted. Now, it's back to normal levels, and we do operate. And I think the commitment that we took upon ourselves, starting in October 7th last year, is to commit to all our deliverables, so our customers don't feel that we are in an unusual state. And I think we lived up to that expectation, full force. The first week of the war, in October, we were supposed to have few product launches. And back then, by the way, Israel was under attack. Everybody was in a state of shock. And we decided at the end to go out and launch the new products. Even though, you know, for a technology company, launching a new product is a big celebration, and we didn't feel like celebrating in October 10 or 15, last year.

And we did decide to launch all the products. I think we did all of that. And that was a very important signal to all our employees around the world, which are not affected by that, let's remember that, and to all our customers, that we are committed to them, and we will deliver.

And, I think, since then a year has passed, life in Israel — again, it's not normal from what you feel because you want peace. It is normal from the day-to-day operation. The level of people at the office is the same way it was before the war, maybe a little bit higher. The level of deliverables is of course the same or higher. And, I think, we learned how to live with this unfortunate situation.

TR: Amazing. I commend you. That is incredible. Exit question for you, Gil. My favorite question for a CEO. At a recent price of $191, Check Point stock trades for about eight times this year's Street consensus revenue, seven and a half times next year's, and 21 times expected Street consensus EPS, or 19 times for next year's Street consensus estimate. Is that a good stock buy?

GS: That's a question I can't answer, you know. I'm, unfortunately, as the CEO, and as the largest shareholder, it's a question that it is hard for me to answer. I do believe in Check Point, and I do believe in its future, and that's the commitment that I have for a very long time. I didn't sell the shares that I own in Check Point, and I'm holding them. I think the last — I mean, I sold some stock options that expired, and I needed to sell them.

I, by the way, held most of my stock options almost until expiration. And, by the way, that was a very smart investment decision for me. And my stocks I do hold almost since founding Check Point. The last time I sold some stock was, I think, in 1998. Now, I'm not saying I'm not going to sell in the future, but that shows you I do believe in the future of Check Point. And, so far, by the way, that was — it's not just a belief, it was also my smartest investment decision as part of a big investment portfolio.

TR: That's what I like to hear. Anything else that we haven't mentioned, before we close, that you'd like to add that you think is important for investors to know, for CSOs to know, for anyone who's interested in your field?

GS: I think cybersecurity is very important, and I think in the world, we need to find better solutions, and invest more — invest more, by way, I’m not just mean money and dollars; I think, invest smarter in how to make cyber work, and how to defend against the threats we are seeing. Unfortunately, we are seeing every day more and more threats and more sophisticated ones. We call it “Gen Five” of cyber attacks. I think we coined the term about five or six years ago. Back then, it was kind of the futuristic attack, today, it’s the day-to-day attack. They're super-sophisticated, they are hard to detect, they're even harder to prevent. And that's our job. Our job is to stop them. So, if you are a security officer, security administrator, remember, your job is not just to keep the network running. Your job is to make it with the highest security profession. And it's a real, real need. We see it every single day.

And I hope that that can be translated into a good investment for investors as well. But I think we have a big task in our hand. It's not a trivial task, it's not simple. We do have to make it simple, by the way. Security is very complex, and one of my main task is take this, you know, fifty different sub-segments of cybersecurity, and hundreds of technology terminology, and thousands of security attacks that no one in the world understands all of them, and make them simple.

So, you click few buttons, and you prevent them. That was my vision thirty-one years ago. I think we've gone through different, several iterations, several generations of that, and made it real, and there's a few more generations that we have to live up to.

TR: I hope that you will come back in, even in your executive chairman role, and be willing to talk with us. You'll be freed completely of talking about the quarter, and just give us whatever insights you're arriving at in your new role.

GS: Thank you very much. Really appreciate. You had some very, very good subjects and questions. Pleasure.

TR: Thank you, Gil. Till next time.

Disclosure: Tiernan Ray owns no stock in anything that he writes about, and there is no business relationship between Tiernan Ray LLC, the publisher of The Technology Letter, and any of the companies covered. See here for further details.