Cybersecurity (Zero-Trust Network)

Zscaler

Role in PCA SOF: AI Security (network). The Zero-Trust network leader, it secures traffic between users, apps, and the cloud, complementing CrowdStrike's endpoint coverage to give the fund the two halves of modern security.

Ticker: ZS
Role: Compounder
Position: Satellite
Geography: United States
Cyclicality: Secular-steady
Moat: Switching cost + scale (proxy network) + data

Executive Summary#

Zscaler pioneered cloud-delivered Zero Trust network security: instead of backhauling traffic through corporate firewalls, it inspects and routes traffic through its global cloud (the Zero Trust Exchange), connecting users directly and securely to applications. As enterprises move to cloud + remote work + AI, the old castle-and-moat network model breaks, and Zscaler's architecture becomes the replacement, a structural shift away from legacy hardware (Palo Alto, Cisco, Fortinet appliances). For PCA SOF, Zscaler is the network half of the AI-security thesis, paired with CrowdStrike (endpoint). Its processing of trillions of daily transactions gives it a data/scale moat, and AI both expands the threat surface and powers its detection.

Investment Thesis#

Zero Trust is a secular re-architecture of enterprise networking driven by cloud + mobility + AI; Zscaler is the category leader with a hard-to-replicate global cloud (latency-sensitive scale) and high switching costs once deployed. It is expanding beyond core secure web/private access into data protection, segmentation, and AI security, extending the land-and-expand runway. The thesis: a structural share-taker from legacy network-security hardware, compounding ARR as Zero Trust adoption deepens, with AI as a tailwind to both threat and product.

Why PCA SOF Owns This Company#

Role: AI Security (Zero-Trust network).
Theme: Cybersecurity → Artificial Intelligence.
Layer: Layer 5 of The AI Value Chain.
Portfolio logic: the network-security complement to CrowdStrike (the explicit "Zscaler complements CrowdStrike" edge), together they cover the modern attack surface. Sell trigger: billings/NRR deceleration, Microsoft (Entra/Global Secure Access) commoditising SSE, or platform consolidation favouring rivals.

Company Overview#

US cloud-security company; founder-CEO Jay Chaudhry. Subscription/ARR model; the Zero Trust Exchange is its global cloud.

Business Segments#

Single platform: Zscaler Internet Access (ZIA, secure web gateway), Zscaler Private Access (ZPA, Zero-Trust app access), plus Data Protection, Zero Trust Segmentation, Risk360, and AI security modules.

Revenue Breakdown#

(Directional) Subscription ARR; ZIA + ZPA the core; emerging-products mix rising. Billings + NRR are the key metrics.

Geographic Breakdown#

US-majority, expanding international; large-enterprise + government (FedRAMP-authorised).

Customer Base#

Large enterprises + government modernising networks; high-value "$1m+ ARR" cohort growing. Competes with Microsoft in SSE/SASE.

Supplier Relationships#

Operates its own global data-centre footprint (the Exchange) + cloud interconnects; light external supply chain.

Strategic Importance#

The network-security leg of the fund's "secure-the-AI-estate" cluster.

Competitive Advantages#

Global cloud scale: latency-optimised, hard to replicate (proxy network effect).
Switching costs once Zero Trust is deployed.
Data/scale: trillions of transactions → better detection.
Architecture lead vs legacy appliance vendors.

Competitive Threats#

Microsoft (Entra + Global Secure Access bundling SSE). → Competitor Software Platforms vs Microsoft
Palo Alto, Netskope, Cisco, Cloudflare: SASE/SSE rivals.
Platform consolidation favouring suite vendors.

Industry Position#

The SSE/Zero-Trust leader (with Palo Alto and Netskope as main rivals); the reference cloud-security network platform.

Key Products#

Zero Trust Exchange, ZIA, ZPA, Zscaler Data Protection, Zero Trust Segmentation, Risk360, Zscaler for AI/data security.

Management Team#

Founder-CEO Jay Chaudhry (large insider ownership, alignment); strong vision + execution on the Zero-Trust transition.

Capital Allocation#

R&D + sales-led; FCF-positive; SBC a watch item; bolt-on M&A (data security, AI).

Historical Growth#

Rapid ARR growth; some deceleration with macro/sales transitions, then stabilisation; new products extend the runway.

Historical Earnings#

Strong FCF + improving operating margins; GAAP affected by SBC. → Zscaler Earnings Analysis

Earnings Quality#

High, recurring ARR, strong FCF; watch billings linearity + SBC.

Margin Analysis#

High gross margins (~80%); strong FCF margins; improving leverage.

Return Metrics#

Strong FCF returns; capital-light.

Balance Sheet Strength#

Net cash, minimal debt.

Cash Flow Analysis#

Robust, growing FCF; billings seasonality creates quarterly noise.

Valuation Discussion#

Premium security multiple. What you must believe: Zero-Trust adoption deepens, NRR holds, and Microsoft/rivals don't commoditise SSE. → Valuation Framework

Major Risks#

Microsoft SSE bundling pressure.
Competition (Palo Alto, Netskope, Cloudflare).
Billings/NRR deceleration.
Valuation / rate sensitivity → Interest Rate Sensitivity.
SBC/dilution.

Major Opportunities#

Zero-Trust adoption displacing legacy hardware.
Data security + segmentation + AI security expansion.
Government/FedRAMP wins.
Emerging products lifting NRR.

Important Acquisitions#

Bolt-ons in data security, AI, and risk/exposure (e.g., Avalor, Airgap, Canonic).

Important Divestments#

None material.

Industry Trends#

Zero Trust / SASE / SSE adoption, cloud + remote work, AI threat surface, network-security platform consolidation.

Macroeconomic Sensitivities#

IT/security budgets + deal-timing.
Rates (growth multiple).
AI threat landscape (tailwind).

Future Outlook#

Base: steady ARR compounding on Zero-Trust adoption. Bull: data/AI security + segmentation extend the platform into a much larger TAM. Bear: Microsoft + SASE rivals compress growth/pricing.

Why It Matters To PCA SOF#

Zscaler secures the network between users, apps, and the AI estate, completing, with CrowdStrike (endpoint), the fund's full Zero-Trust security coverage. Both run beside Datadog and Snowflake in the software cluster and both face the same Microsoft bundling tension. → Competitor Software Platforms vs Microsoft, AI Ecosystem Map.

Linked Notes#

Related Holdings: CrowdStrike · Microsoft · Datadog · Snowflake · ServiceNow
Themes: Cybersecurity · Cloud Computing · Artificial Intelligence
Maps: The AI Value Chain · Competitor Software Platforms vs Microsoft · AI Ecosystem Map · Knowledge Graph
Risks: Interest Rate Sensitivity · AI Monetisation Risk
Earnings: Zscaler Earnings Analysis

Linked from 19 notes

mapsAI Ecosystem Map mapsAI Supply Chain Map mapsCompetitive Landscape Map mapsCompetitor Software Platforms vs Microsoft constructionCore vs Satellite Holdings mapsCross-Holding Read-Throughs Cybersecurity (Endpoint / AI-native)CrowdStrike Cloud Observability / AI MonitoringDatadog fundFund Overview fundHistorical Portfolio Evolution mapsKnowledge Graph Cloud Computing / Enterprise AIMicrosoft AI Compute & AcceleratorsNVIDIA constructionOverlap & Diversification Map mapsOwnership Network Map constructionPosition Sizing Framework constructionReturn Drivers vs Hedges AI Data LayerSnowflake themesThe AI Value Chain

Back to holdings