Hello. I’m Nick Gray, Cloudflare superfan and amateur blogger.
I’m writing to you from Houston, Texas today where I’m attending Cloudflare Immerse 2026.
This is an enterprise sales roadshow. I’ll describe what that means and why these types of events are the backbone of billion-dollar companies.
But first I need to get a name badge and raid the swag table.
A few dozen people are mixing and mingling in the fancy hotel lobby now. There are IT professionals, security contractors, and a bunch of Cloudflare employees.
It is a good time to note that nobody paid me to come report to you today from the front lines of go-to-market. I wasn’t even invited; I just saw the event online and signed up.
But I think these types of events- small, regional enterprise road shows– are worth taking a look at. I also like to research Cloudflare as a company. And I’m a sucker for free food, tech talks, and cool swag. So here I am.
A chime rings and they start to usher us inside. Come and let me show you what happens next. I’ll tell you why you should go to one of these Cloudflare events if you get invited, what people talk about, and why even the skeptics in the room left thinking about Cloudflare differently.
Silk Road Caravan
The traveling sales demo is an old idea. It is older than PowerPoint, older than the Internet, and even older than the printing press.
Caravans of traders on the Silk Road would set up camp at stone-walled inns called caravanserais. National Geographic called these places “seedbeds for globalization.” Merchants laid out their spices and fed anyone who walked through the gates to peruse their wares. They shared intelligence about routes, prices, and dangers. And buyers built relationships with sellers they trusted.
Regional Enterprise Tours Today
Fast forward a thousand years. The enterprise road show that I’m at today is a modern-day caravanserai.
Please clap. I worked hard on that damn analogy!
But seriously. Most major technology companies run some version of these small, regional enterprise sales roadshows today.
Salesforce has World Tour. Palo Alto Networks has Ignite on Tour (their teaser video is great). CrowdStrike and Zscaler host regional events, too.
Forrester says that 58% of marketers are planning more small, owned, in-person events. Sub-200 person regional meetups are the fastest-growing event format in B2B. I think that the big annual conference is a press moment, but regional roadshows like the one I’m at today are where enterprise relationships actually form.
Michael Coté agrees and says that these small regional events matter more than the mega-conferences for enterprise sales. When you’re targeting a couple hundred organizations in a metro area, you don’t need a convention center. You need 80 of the right people in a room.
Cloudflare’s version is called Immerse. It runs across the Americas, Europe, and Asia.
The Houston event that I’m at today is one of the smaller-tier events on their world tour. Instead of silk and saffron samples, there’s a swag table. Instead of a courtyard feast, there’s a yogurt bar, gourmet sandwiches, and lots of caffeinated beverages. Plus an open bar.
The Hand-Raise Poll
We walk inside, take our seats, and then Khalid Kark, Cloudflare Field CIO, opens the session with a hand-raise poll.
“Who’s using Cloudflare today?” he asks.
A dozen or two hands go up.
“Who’s building with AI?”
Fewer hands.
“Who knew Cloudflare had a developer platform?”
Only a few now. This is not an Act 3 crowd.
I look around, somewhat shocked, and take stock of the room. There are eighty people in here with yogurt bowls and Diet Cokes.
I quickly realize that this isn’t the Hacker News audience who argue about Workers vs. Lambda deep in the comments. These aren’t the influencer accounts on X posting about the latest AI models.
Instead, this room is filled with the people who actually sign enterprise contracts and buy things. And those things that they buy aren’t what you might think.
The Four Acts of Cloudflare
To understand why nobody in this room raised their hand for the developer platform, you need to know about Cloudflare’s four acts.
Matthew Prince, Cloudflare CEO, describes his company’s evolution through four strategic expansions. Each act is a massive new business built on top of the same global network.
| Act | Strategic Focus | Main Goal |
|---|---|---|
| Act 1 | Application Services | Speeding up and securing public websites |
| Act 2 | Zero Trust / SASE | Replacing VPNs and securing internal corporate data |
| Act 3 | Developer Platform | Allowing engineers to build apps directly on their global network |
| Act 4 | Agentic AI | Managing how AI bots and models interact with the internet |
Act 1 is the foundation and where Cloudflare started. It has a CDN to make websites load faster, DDoS mitigation to block cyberattacks, plus DNS and WAF. If you’ve ever seen a “Checking your browser” screen, that’s Act 1.
Act 2 protects internal company networks. It replaces old-school VPNs and Cisco hardware and makes sure only authorized employees can access corporate data. The product suite is called Cloudflare One, and it bundles everything an enterprise needs to delete VPNs, filter traffic, protect data, and lock down SaaS apps. If you’ve heard the acronym SASE, this is Cloudflare’s version of it.
Act 3 is the developer platform. Now you’re running code and storing data directly on Cloudflare’s global network. Act 3 competes with AWS by letting developers build apps at the edge with Workers. Shopify runs a huge chunk of their storefront hosting platform on Workers. Your code runs wherever your users already are, not in a data center you picked on a map.
Act 4 is the newest frontier and is still to-be-determined. Agents, Workers AI, and Pay Per Crawl fill this bucket for now.
Nick’s Note
Those are four separate multi-billion-dollar opportunities, all running on the same global network. No other public company I follow is building this aggressively across this many fronts. And this is why I’m a Cloudflare investor.
If you get your Cloudflare news from LinkedIn, you only know Act 2 and maybe Act 3.
If you follow the Cloudflare digerati on X, you definitely know about Act 3 and maybe even about Act 4.
But this event is all about Act 2. And I think Act 2 is where Cloudflare plans to grow the most in near-term enterprise sales.
The Talks
What follows are a series of technical talks that double as a sales pitch. The sessions are hosted by Michelle Mezger and Michael Tarsha, two Cloudflare sales directors with good banter and practiced timing. Each speaker covers a different slice of the Cloudflare platform.
If you’re already a customer, you learn what else is available. If you’re not, you get a compressed education on how enterprise security is evolving, taught by people who build and sell these tools for a living.
Khalid Kark, Field CIO
Khalid lives in Dallas and joined Cloudflare about a year ago. His pitch: Cloudflare is one programmable network, not a stitching of acquisitions. When Cloudflare acquires a company, they refactor the entire product into their core fabric. It takes longer, but everything runs on the same network.
He asks how many security vendors and tools the average Fortune 1000 company runs. Somebody guesses 10.
The answer is that the average Fortune 1000 company has 39 security vendors and 83 tools. Cloudflare’s pitch, and this is important to remember, is to help you reduce that complexity.
Warnessa Weaver, Senior Product Manager
Warnessa Weaver owns data loss protection within Cloudflare One. Her talk is called “Built, Not Bolted” and it walks us through how the old data center model dissolved when remote workers and SaaS apps blew up the network perimeter.
She puts up a diagram of what most enterprise networks actually look like. It is a spaghetti mess of point solutions from dozens of vendors, none of them built to work together.
“Imagine having to manage 39 vendors,” she says, calling back to Khalid’s stat. “That is insane.” Then she asks the room: “How would you design your network if you were starting from scratch?” Someone yells “Cloudflare!” before she can finish. She laughs, we laugh. I like that answer.
Todd Murray, Manager, Cloudflare One
Todd Murray gives the meatiest talk of the day and the one that I think connected best with the audience. He tells us about the three phases of SASE adoption. It was a bit over my head, but I’ll try my best to summarize it like this:
Phase 1: Modernize Remote Access. Cloudflare checks your stuff at the packet level, not the session level. Client examples include Indeed (13,000 users on Zero Trust), Canva, Delivery Hero, and EQT.
Phase 2: Simplify Workplace Security. One company replaced Zscaler with Cloudflare in a week. Todd’s words: “It was a piece of cake. I love to replace Zscaler. It is one of my absolute favorite things to do.” The room laughs.
Another customer cut malicious emails by more than 50% and eliminated hours of daily email triage. Todd’s take: “People have come to accept a 20% fail rate on email security, and it baffles my mind. What are you paying for?”
The biggest audience interest of the day is AI shadow controls. Todd shows us the MCP Gateway for governing agent access. It blocks employee access to unauthorized AI providers. A lot of people liked this.
Finally: Phase 3: Eliminate Private Circuits. Replace MPLS with commodity internet. Cloudflare has branch connector boxes that you ship, plug in, and you’re done.
If you’re still wondering why I’m long on Cloudflare, this talk is another answer. The product actually works, and the customers who adopt it don’t go back.
Customer Panel
Khalid Kark comes back up to host two security leaders on stage. I’m anonymizing both of them for event etiquette.
A Deputy CISO from a major healthcare system has been at his organization for over a decade. He runs SecOps, incident response, and biomedical infrastructure.
A CISO from a large hospitality conglomerate also joins. He oversees data, development, and security across a diverse portfolio of business units.
Some quick highlights:
- DNS filtering. The Healthcare CISO turned on prevention for non-business-relevant categories and saw a 90% reduction in attack signal. “This was very low-hanging fruit.” The result was high-fidelity signal in his security monitoring, and his security analysts stopped chasing shadows. He describes this as “just the beginning” of their Cloudflare story.
- AI agents as interns. The Hospitality CISO develops eight apps simultaneously during meetings. “They are the smartest interns I’ve ever had.” He calls AI revolutionary, not evolutionary.
- Advice from the Hospitality CISO: “Get really good at IT hygiene or get really good at incident response. Pick your poison.”
- Advice from the Healthcare CISO: Ground your AI in sensitive data with strict access controls. Collect and preserve your data now. “What’s relevant today trains the models of the future.”
We take a 30-minute break to get some snacks. Then head back inside for more talks.
Q&A
This is my favorite part of the afternoon.
An audience member asks how to justify growing their Cloudflare spend to leadership after the November 2025 outage. It is a fair question, but I think some people bristle at the ask.
The Cloudflare team walks through their response: a Code Orange initiative called “Fail Small,” canary deployments, plus AI models that are now reviewing merge requests before they ship.
It’s a confident answer that the team doesn’t hide behind. The IT guy who asked the question takes the mic again. “I took your post-mortem blog post and gave it to my leadership as a shining example of what a post-mortem should look like.”
Heads nod. And the host, Todd, gives the guy a Cloudflare-branded water bottle.
I raise my hand to ask about on-site demos. Cloudflare offers hands-on workshops tailored to specific customer environments. They run virtual test drives too, with engineers who help show you how Cloudflare products can work in your organization. If you’re reading this and considering Cloudflare, that’s a good next step.
One audience member asks about building on Durable Objects while being deep in AWS. It is an Act 3 question at an Act 2 event, which I love to see. The Cloudflare rep suggests using KV and caching as a parallel layer rather than attempting a full migration.
Ayush Kumar, Principal Product Manager
I have a hard out at 5PM and have to miss most of Ayush Kumar’s roadmap preview. It looked very interesting. I love how much Cloudflare is innovating.
One story I catch before leaving: he tried using a Chinese AI model to write code for a malware testbed after a US model refused. The Chinese model asked, “Are you using this for good?” He said yes, and it complied and wrote the hacker code. He could have easily lied and used it for malicious intent.
A Conversation with a CISO
The heavy wooden door closes behind me as I slip out to the hallway. It’s cooler out here, and a lot brighter. I came out to find one of the CISOs from that customer panel who seems sharp.
I hope to ask him a few questions about Cloudflare, but I also wonder if he’ll bother talking to me. He’s the most token-burning, forward-thinking guy here. I’m a relative nobody with zero enterprise sales contracts under my belt.
I decide to lead with some AI model questions. I see him near the coffee table and walk over to say Hi.
“What skills are you using for your agent interns?” I ask. We riff on the difference between Opus and Sonnet, and I tell him what I read on some new model rumors. His eyes light up like a freshly racked server as he tells me about an AI agent he built that caught a cyberattack his monitoring tools missed. At this point he settles in to chat and refills his cup.
He’s been at his job for 18 months. It is a very large enterprise with 25,000+ employees and a multi-industry portfolio. He pushed for a Zscaler contract when he started his job.
This guy is a practitioner, not a suit. He builds things and he codes. He knows what’s good.
So I want to know why he’s not buying more Cloudflare.
I ask him: What’s holding you back from spending more with Cloudflare?
He looks resigned to what he’s about to say and quickly glances around to see who is listening.
“No one gets fired for picking Zscaler,” he tells me. It reminds me of the old line about IBM.
He knows that Cloudflare’s technology is better, faster, and less expensive. But Zscaler is the devil he knows.
He wants to test Cloudflare at the app level, tunneling applications outward through Cloudflare’s network. He sees the potential, especially for Zero Trust at the application layer. But he can’t justify a full migration right now. There are too many other fires to put out and too much organizational inertia with the existing setup. He’s the exact customer Act 2 was built for, and he’s still stuck.
He tells me that he didn’t talk to his favorite Cloudflare rep for three months after starting his new job. “You guys are great, but you’re not the fire I need to deal with right now.”
Nick’s Note
This is the honest reality of enterprise sales. The technology from one company can be better, the pricing can be superior, but you can still lose to inertia. I think that’s useful context for anyone wondering why Cloudflare’s Act 2 revenue growth isn’t even faster than it already is. Thirty minutes ago, the room laughed when Todd said he loves replacing Zscaler. Out here in the hallway, it’s more complicated.
Running a Good Roadshow
I have a hard out at 5PM so I sneak back inside the conference room to grab my things. On the ride home, I type up some notes that might be helpful for anyone running an event like this.
What worked well:
- Personal fun-fact intros for each speaker. It made them human. Khalid is a Dallas transplant. Humair’s five-year-old daughter won a 5K. Ayush does Muay Thai.
- The hosts did recap segments between talks, pulling out key takeaways and riffing on salient points. This is classic craft of a trained Master of Ceremonies.
- Lanyard color system for identifying who’s who.
- “Ask an Expert” engineers in the hallway. Cloudflare doubled that number from the Dallas event a few weeks prior.
A few suggestions, mostly about breaks:
- The Q&A didn’t start until 4:05 PM and had to be cut off early. But this was the best part of the day when the room felt the most alive. I suggest you start Q&A sooner and give it more time. Or split to two brief Q&A sessions.
- For a four-hour seated program, consider two 15-minute breaks instead of one 30-minute break.
- Don’t announce a break and then stay on stage. The survey segment after the break announcement felt like a false release that could be smoothed out.
The Caravan Moves On
The next stop for Cloudflare Immerse is New York on April 14, then São Paulo, then Montreal, then Minneapolis. Then a dozen more cities through the end of the year.
I wait with bated breath for every new Cloudflare product announcement. I’m a small investor in the public stock and I follow every launch, every blog post, and every developer preview. But the reality of the average IT professional in that room is very different. They’re dealing on a daily basis with someone who just needs to restart their computer to fix their WiFi. They’re chasing a virus threat that popped up on an old Windows laptop. They’re managing tens of thousands of hourly employees across dozens of business units, each with a different risk profile.
That’s a different world from the bleeding edge of Act 3 and Act 4 that I follow.
Cloudflare is a massive company with a huge product suite. I know that I can’t summarize a business like that from one afternoon at a traveling sales demo for a very specific audience. But I think I got a look under the hood at something I don’t normally see: the everyday people at Cloudflare who are in the trenches, grinding for enterprise sales, and landing contracts one city at a time.
Just like the caravanserais of yore.
Look, the inertia in large organizations is real. But so is the Cloudflare product suite. Every CISO I talked to today knew Cloudflare was better. They just haven’t made the switch yet. Cloudflare is built for a world that most Fortune 1000 enterprises haven’t arrived at yet. But they will. And when they do, the network is already there waiting for them.
If you get invited to one of these, you should go. The next Immerse events are listed here.
Additional Reading
- Michael Coté, “Tech companies should do regional events more” — Coté makes the case that small regional events matter more than the big annual conferences for enterprise sales. When you’re targeting a couple hundred organizations in a metro area, you don’t need a convention center. You need 80 of the right people in a room.
- Forrester, “The Global State of B2B Events: 8 Key Findings” (2024) — 58% of marketers plan to run more small, owned in-person events with fewer than 200 attendees, the fastest-growing event format. Cloudflare Immerse, at roughly 80 attendees per stop, sits squarely in this trend.
Want to talk Cloudflare stuff? Or did I get something wrong here in my reporting? Reach out to me. I’m always happy to chat and appreciate the feedback.
More Photos
