This land-and-expand strategy is evidenced by the company's dollar-based net retention rate, which has historically been strong though moderating from 125% during the COVID-19 period to approximately 114% in recent quarters. This margin expansion comes from operating leverage as the fixed costs of platform development and data center infrastructure are spread across a growing customer base. The company's customer growth has decelerated from 24% in 2021 to approximately 12% in 2024, reflecting market maturation and competitive pressure. The international opportunity is substantial: while the U.S. Remains the primary market, EMEA and APAC are growing as the company invests in regional data centers, localization, and partner capacity. The SLED (state, local, and education) and healthcare verticals represent growing strengths, with the company achieving U.S. Department of Defense CMMC Level 2 certification and becoming the first ISV to earn AWS ISV Competencies in Healthcare, Education, and Government. Zscaler operates in the cloud security market, specifically in the Secure Access Service Edge (SASE) and Security Service Edge (SSE) segments, which are valued at approximately $15 – 20 billion globally and growing at a compound annual growth rate of 15 – 20% as organizations accelerate migration from on-premise firewalls and VPNs to cloud-native security platforms. This margin expansion demonstrates the operating leverage inherent in the cloud security model as fixed infrastructure costs are spread across a growing revenue base. The price-to-sales ratio of approximately 8 – 10x and enterprise value-to-revenue ratio reflect the market's premium valuation of Zscaler's growth and recurring revenue model, while the forward P/E on a non-GAAP basis suggests expectations of significant earnings growth as margins expand. While Zscaler has launched AI Protect, AI Guardrails, and acquired Red Canary for AI-powered security operations, competitors are investing comparably in AI capabilities. Zscaler's growth strategy rests on four pillars: AI-powered security innovation, platform expansion through acquisitions, international market penetration, and managed security services monetization. While North America generates the majority of revenue, EMEA and APAC are growing as the company invests in regional data centers for data sovereignty compliance, localization, and expanded partner capacity. The land-and-expand strategy remains central: new customers typically start with ZIA for internet security, then add ZPA for private application access, ZDX for digital experience monitoring, and AI Protect for AI workload security. The dollar-based net retention rate, while moderating, remains above 100%, indicating that existing customers expand their spending over time. The company's customer count growth has decelerated, suggesting that the strategy must shift from new logo acquisition to deeper penetration within existing accounts and upsell of new modules. The M&A strategy is selective and capability-focused, with acquisitions typically in the tens to hundreds of millions of dollars range — small relative to the company's cash position but adding critical capabilities that would take years to build internally. This bet is already materializing: the August 2025 acquisition of Red Canary adds managed detection and response capabilities that, when combined with Zscaler's 500 billion daily transactions, create what management describes as the 'AI-powered SOC of the future.' The company is investing aggressively in AI security capabilities, including Zscaler AI Protect for securing generative AI workloads, AI Guardrails for enforcing policies on AI applications, and agentic AI for autonomous threat response. The financial outlook is guided by revenue growth of approximately 22 – 23% and non-GAAP operating margin expansion toward 22 – 23%. The international expansion is a priority, with EMEA and APAC growing as the company invests in regional data centers, localization, and partner capacity. The long-term vision is a platform where AI agents autonomously detect, investigate, and respond to threats across the entire attack surface — from user access to cloud workloads to AI applications — with human analysts focused on strategic decisions rather than alert triage. The hours were long and the strain on the family was difficult, but in 1998, SecureIT was acquired by VeriSign.