CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

Good afternoon. My name is Alex Henderson. I'm the security analyst at Needham. It's a pleasure to have all the participants joining us here at the Needham Growth Conference, but it's even more of a pleasure to have CrowdStrike participating here. And we'd like to welcome Burt and Maria Riley to this fireside chat format, 40-minute slot. There are 2 ways you can ask questions. You can type it into the user interface text box that you should see on your system or you can -- alternatively, if you don't want to use that, you can e-mail me at [email protected]. I'll be monitoring both throughout the -- the conversation, and we'll happily break the conversation to get these questions in because we prefer to have your questions than my lead on the questions. And with that, Burt, welcome.

Thanks.

Great to see you again.

Yes. It's great to see you. It's great to be here and great to be talking with you today.

So as the CFO, I got to ask, can you just give us a quick summary of how your numbers have looked over the last couple of quarters and what you just reported and what your outlook is for the upcoming quarters, just remind people of what those metrics look like?

Yes, no. It's -- we're certainly thrilled with the results that we've been able to post, certainly last quarter and the quarter before. It's been quite a year for us here at CrowdStrike. And some of the things that maybe some of your audiences has heard about us is that we're a high-growth company, and that's true. But I think just as importantly, I think we've been able to provide to the world that we're more than just a high-growth company. We're a very well-run company. We've achieved non-GAAP operating income faster than, I think, most people ever thought. We achieved free cash flow faster than, I think, everybody thought we would so soon after the IPO. So we're really pleased with the results overall. Last quarter, we surpassed $900 million in ARR, which is the metric that we use to gauge the health of the business, and we're excited about that. And we posted another strong quarter on the bottom and a strong quarter for free cash flow. So we've been really excited about, obviously, the results to date, but we also indicated on the call that we've got the strongest pipe going into Q4 in company history. And so that was important for us as we look out into the future, and that's an indication to us that customers are still looking for security, a; and then, b, looking at a company just like us to help them through their security concerns. And for your audience, I think the big thing and the big takeaway is what -- why the customers look to us and what are we doing that's different. So the first thing is big picture, we're out to stop the breach, right? That's who we are. We do other things as well, but that's the main outcome we're solving for customers. That's what we're known for. And it's not just ransomware and malware. It's credential theft, it's insider threats, it's across the board, and I think it starts there. And then back to the success so far. Why? Why have we been successful to date more so than others that are in our space? And I think that's going to be part of the discussion that I'm happy to go through today with your audience because I think that's most likely what people are looking to understand.

Let me just highlight the -- some of the numbers, though. 86% top line growth and over 2,000 basis point expansion in operating margins. Those are amazing numbers. So you definitely deserve some kudos for delivering those type of results. So obviously, the environment over the last 3 or 4 quarters has been pretty unique. Clearly, the work-from-home transition has helped demand for endpoint-oriented security. Now we have the SolarWinds breach and hack, clearly impacting tons of companies. You're known for some of the best remediation skills in the industry. Those dynamics certainly suggest to me that we're seeing an acceleration in the shift to the cloud to cloud direct, and more importantly, into your -- the sweet spot of what you guys do. Has that -- have those been critical factors? Or is the growth just the growth because you guys are just doing such a good job of delivering efficacy?

Great questions, Alex. I'll take them one at a time. One, the pandemic. So I think back in March when this thing really hit, I think that what it did with more than anything else was act as a catalyst to something that was already going on, which was this movement towards digital transformation, which, of course, needs security transformation for it to be successful. So I think that movement was already happening, and what I think the pandemic did was to accelerate that because there would be this bolus of laptops and work-from-home or from-wherever movement that really took a lot of folks out of their sweet spot with the old castle and moat and security folks being used to that to you need to protect anywhere. And so COVID acted as certainly a catalyst to accelerate that movement towards security transformation, which underpins digital transformation. I think a lot of that is obviously [indiscernible] in terms of folks purchasing additional equipment or setting up home office or whatever it is. And now it's more, okay, we need to continue that journey to digital transformation. I think the road map for CIOs and CISOs with respect to how to be able to move to the cloud or digital transformation has been accelerated, and so that's been helpful to our business as in the results that we've just talked about. In terms of the SolarWinds hack, I think that's early days, obviously, for it to impact any of the momentum in the business. What it does do is it does a few things. One is, again, it highlights the necessity for companies to be vigilant in terms of how they think about security. I think, again, it increases awareness at the Board level, at the Audit Committee level and puts the CIO and CISO on the -- in the spotlight. And they better have good answers. And they better have tested the solutions out there and being able to give not just a one-liner about what they're using, but why they chose it, what vendors they looked at, what's their overall strategy. And now with all the news about CrowdStrike, if we're not in that discussion, somebody on the Board or Audit Committee will likely scratch their head and say, "Why didn't you look at CrowdStrike?" And then, of course, if they did look at CrowdStrike, well, we like our chances once a company has looked at us. So I think the SolarWinds hack, in and of itself, is going to, again, put security front and center. And it just highlights again the sophistication of the bad actors that are out there. And then not only that, but it goes to -- it highlights the size of the attack surface. We've known it for years. We've been talking about it for years, how big the attack surface is, how dangerous and malicious, ambitious the adversaries are. But things like this just highlighted. And so CIOs and CISOs and certainly boards and Audit Committees have taken additional notice and are now trying to figure out, okay, well, do we have the right protections in place to prevent us from being hacked?

Well, it doesn't look like I'm going to be able to ask a whole lot of questions in this 40-minute slot because they're flowing in here. Let me start off with one of the details into what we just talked about. Question from one of the participants, "Has the pandemic pull forward demand? Would you expect a digestion phase at some point over the course of the year as a result of a pull forward?" That's what he put in the question. Let me add to that. It also came at the one window of the year when people are making budget decisions. In talking to your customers, has it resulted in a meaningful change in what they're saying they're going to spend? So if they were going to spend 15% more in '21 calendar year, are they now saying, "Gee, let's spend 30% more?" Or what are you hearing from people in terms of their spend intentions? And has it pulled forward? Do you expect digestion?

So I'll take the person's comment about pull forward. So with respect to the pandemic, we really haven't seen any pull forward per se. What we've seen is an acceleration of this movement to the cloud, and that's not a onetime event. And so I think, as I said, I've talked to many CIOs and CISOs, I'm sure you have, Alex. And they're probably talking about this digital transformation they're going through and the requirement to have security transformation. I mean folks in the industry talk about -- years past, they've talked about the refresh of their security profile. And in the old days, it used to be all about speeds and feed. Today, that's not [indiscernible]. Today, it's about, well, what we really prepared to stop the breach? And that means taking a look at new technologies and technologies that are cloud-based that can benefit from community immunity, getting stronger with every customer they get and looking at different ways other than legacy technologies, which have proven to fail in the past. So I think that's answer #1 with respect to what's happened with respect to pull forward. I don't particularly see that. I think the theme is very strong in terms of continued movement towards digital transformation and security transformation. With respect to the pandemic and increased demand and budget sizes...

Really SolarWinds, I think, is the more prevalent because it happened right at the December budgeting window.

Yes. Again, it's really too early to tell the impact on that in terms of customer spend. I mean awareness has shot through the roof, right? But does -- how does that translate into budgets? Too early to tell at this point. But with increased awareness, you think that we're in a pretty good spot to be able to take advantage of what budget is there. And so if there's some shift in budget in an overall IT spend, into security, given what's happened, that probably is likely. I think that I've spoken to many folks on Boards and many folks in Audit Committees. And it's now the pop item, certainly for an Audit Committee, what's your security profile. We'd like, at least, updates from the CIO and CISO every 6 months, if not every quarter. So I think that the SolarWinds hack, again, what it did was just highlight the fact that customers need to be extremely vigilant, do their homework, make sure they're getting the best tech out there. And it certainly put a spotlight on the fact that these adversaries, they don't stop, right? They're getting more sophisticated. I mean you just can't rely on old fossilized technology that just didn't work 10 years ago, and it's not working today.

So there's another question here, but I want to set it up before I ask it to -- relating to workload protection and identity. So you guys have talked about your opportunity in the workload space. Clearly, we think Kubernetes adoption, microservices, CI/CD pipelining and all of that stuff is a huge industry trend, probably the most powerful change in how technology has been procured and distributed since AWS was launched. If you look at the numbers, there's 700 million to 1 billion applications out there, are growing at a 30% clip according to IDC. 15% was Kubernetes in 2019. That's expected to exceed 50% by '23, '24, making that market a triple-digit growth rate. You guys have had an unbelievable penetration. Can you talk a little bit about when you launched the workload product and how fast that grew? I think it was, what, a 14x from February through October.

Yes. So let's take a step back and just talk about the cloud. And I think when we think about the cloud and cloud protection, I think the biggest challenge that company faces is misconfiguration. I think that's the leading source of breaches in the cloud. And at the end of the day, we took the approach that we felt that security needs to be tied into DevOps, and legacy solutions just can't get there. They're too heavy, too clunky, they're too ineffective. And we believe we have an opportunity to unify DevOps with security, right, called DevSecOps, and this is an area we've been investing in. We announced a new Falcon Horizon module in October, and we think there's a real opportunity there. We've given out some numbers with respect to how big that can be. We talk about in 2023 being 10x what it is today and be in that $12 billion TAM range. The good news there is that it's a greenfield [ play ]. There's no one playing there today. It's not like you have the non-cloud environments all of a sudden, taking all the tech and putting it into security tech and putting it into cloud. You need to have specific type of software to be able to prevent those breaches that are in the cloud. And with respect to the 14x, the 14x' containers protected, not specifically tied to revenue. But eventually, the 2 will catch up at some point, my view. That's one person's view. But time will tell. What we do know is that security is -- the cloud -- the workloads in the cloud are being underprotected. And we think that we're the ones that can provide that run time protection, which is needed in the cloud. We feel that we're by far the leader in terms of protecting those environments. And we think that we're pretty much the only ones, right? And that's the interesting piece there.

So the question that the customer wanted to ask is, when does it make sense to partner versus build your own solution within identity? And in the long term, do customers think of workload protection and identity as the same problem to be solved?

Well, I think they're related. I think identity -- I think that there are 3 big avenues of overall security. One is workload -- endpoint workload, endpoint being a subset of workload protection, and that's clearly where we play. Then there's identity, and there are 2 pieces to identity. There's the identity brokers like Okta, Ping. And then there's folks like us who can purchase a company in the Zero Trust base called Preempt, and I'll talk about that in a minute. And then there's data protection. I think those 3 things are the 3 fundamental building box out there for -- as we see it. And for us, when we think about identity, I think that what's important to us as we thought about what are we going to build, what are we going to buy, what are we going to put in our store, Zero Trust was front and center. We didn't have a lot of user data. So when we bought Preempt, it really filled that hole for us with respect to Zero Trust. And the difference between what we do in identity and Okta and Ping, I don't know how many of your listeners are actually using either one of those solutions. But Okta, which is a customer today, they -- you're logging in and you're logging into a certain application. What Zero Trust does is it does -- it's out there to make sure that you are who you say you are and looking for lateral movement. So what we benefit from with the purchase of Preempt late last year was this user data, and it really solves 2 things. One, it's solving this whole piece about where folks are going once they're in the environment. So we would know that there's somebody in finance, why are they looking in the engineering files? That would be a massive red flag, and we would stop it. Two, it's kind of like when we think about it, it's an EDR for active directory. For those who are not familiar with active directory, that's fundamental in terms of who your users are in your environment. So it's a complete visibility into that. And then how we play with the Oktas is we'll provide an identity score to them, which brings in all this information and enables them to be better in what we do. So for us, we've got a really nice partnership. It complements what's going on with Okta and Ping and others. Yet, we feel it's a market that we can serve given our technology, given what we can do to bring on Preempt onto our platform. So that's how we think about identity, which we think is one of our fundamental building blocks for overall security.

It's a good question. Identity is the kingpin for workload and cloud protection because that's -- and the Zero Trust, identity is the core. And I think it's worth pointing out that if you go to the SolarWinds hack, what happened in the SolarWinds hack was the Russians move further left, got into the code-in before the identity stamp of approval, approval from -- SolarWinds was actually attached to the files before they were [indiscernible]. So another question coming in from the audience, again, do you view observability as a natural adjacency to enter? What unique value would you be able to bring customers versus traditional monitoring tools like Datadog, [ Noor ] and SD?

Well, I think if you're thinking about observability in the sense of giving visibility into the network, we're already there. And we've got a really robust solution. That gives CIO, CISOs that visibility or observation ability, whatever you want to call it, in a way that nobody else can. And that's because of our technology, right? One of the separations that we have from everybody else is that our data is resident in one place, right? It's resident in something called the threat graft, which is homegrown. It's built by us. It uses graft technology. When George Kurtz, our CEO, when he was over at McAfee and he was the global CTO, one of the things that drove them nuts was that there were all these different areas where McAfee store data. And so to be able to utilize that data and put it all together and make sense of it was basically impossible. And so one of the fundamental principles he went to when he built CrowdStrike, other than being in the cloud and having a single agent, was making sure the data was resident in one place where you'd be able to utilize it in a really seamless way and it can be viewed as source of truth. So that visibility for him already became human, but to do that, it had to be resident in one place.

Okay. Now just several financial questions. What was the rationale on the $750 million [indiscernible] cash balance sheet? Is this [indiscernible]? What's the rationale?

There's a lot of feedback, Alex. But I think I got your question, which revolves around the rationale behind the $750 million bond offering. And we also, by the way, did a $750 million, well, credit facility, a revolver. So I think together, the 2 of them combined are about $1.5 billion. And the rationale for, certainly, the certainly, the bond offering was the following. We really looked at how our balance sheet is looking today and are we leveraging our balance sheet appropriately, and we realized that we were wildly under leveraged on our balance sheet. And so we look at our balance sheet as a competitive advantage. And so in order to get the most out of that competitive advantage, we went to the markets and brought on some leverage into our balance sheet. And we looked at a variety of things. We looked at a high-yield bond, which is what we did. We looked at things like convertible offerings. We looked at equity. And at the end of the day, the high-yield bond offered us really, really low cost of capital, no dilution to our shareholders. And we were very, very happy with the results. The coupon rate that we were able to achieve, I believe, was the lowest coupon rate ever for a debut offering in the high-yield space. And we're going to obviously use it for the bigger picture of general corporate purposes. But within that, there's a probability that we would use it for M&A. And so as someone who's been acquired a few times in my career, I can tell you that we look at the balance sheet of who's acquiring us and the wherewithal of who's acquiring us. And so as we go out there and we compete for valuable assets, we think it's a strategic advantage to be able to show our strength and be able to show the target that we can, a, afford you when we go after and try and acquire you, but then also support once we -- one you've been acquired. And so once you've been brought into our fold, you were able to -- we're going to take care of you. That's part A, and I think a lot of people get that. I think part B, equally as important to me as I look out into the future. This is the first step that gives us access to very, very deep pools of capital in the rated debt market, right? So today was our first step. This is our first interaction with the rating agencies. They're getting to know us, the debt holders are getting to know us. So that in the out years, pick a year, I don't know, 2, 3, 4 years out, when there's a potential opportunity that is too good to be true but it's billions in the cost, well, then it's going to make it all the more easier to go out and raise a significant bond raise. So it's getting that -- getting everybody aware of who we are today, right, and so that they'll be there for us tomorrow. That's the idea.

So I just logged out and logged back in. My audio a little better?

Yes. Perfect now, Alex. I had to kind of try to decipher the code when you were talking before to ask that last question.

It's not -- sure what the issue is. So the next question that came in is Crowd has built a tremendous security platform. It's very well positioned to benefit from multiple secular tailwinds, and those have only accelerated over the last 12 months. A statement, not a question. But he went on to say, "As we think through some of the key risks for Crowd, what are the 3 or 4 or 5 top risks that investors should be worrying about?"

Well, I think what I worry about -- I'm not a particular investor, but what I worry about certainly is the continued execution, which means that we have to hire the appropriate folks at a pace that's going to be commensurate with the demand. And so that's what keeps me up at night, for sure, is the continued pedal to the metal, executing at the highest levels and bringing in the right people as we continue to grow in scale. We've shown the world, I think, today and investors today that we've been able to scale to who we are today in a very efficient manner, and we're showing the world that we can run a best-in-class company. So that's the good news today. And what keeps me up at night is being able to continue to do that. We're doing -- we're fighting what we -- all the things that we need to do to continue to do that. We've got a lot -- obviously, we're a much more mature company post public than we were pre. But we flighted it even before we went public. We -- it wasn't like, okay, we're going to go public and let's go figure everything out. We started years before we went public to make sure that we understood all the right control points, all the right business processes, all the right, I'll call it, internal IP to understand what it's going to take anything from the sales and the capacity plannings to our road maps, to our velocity of releasing new modules. All of that inner workings started well before we were public. And now we're -- as a public company, we're building on all the things that -- all the internal IP that we have throughout the years. And so far, so good. But I do worry, of course, as any CFO would, we do worry about being able to continue to keep up with the demand.

Yes. So wanted to talk a little bit about the business model as opposed to the end markets. So clearly, the ability of CrowdStrike to deliver 2,000 basis points expansion in margin, the way you just did, is a function of the frictionlessness of your model and the ease of downloading the agent and adopting the technology. Can you talk a little bit about those parameters that allow you to be so efficient to deliver that kind of growth without having to scale your staffing at that rate?

Yes, no. It's a great question. I think it goes back to when George hired me back in the day when he talked about his model, and I said that is the right model. I came from the SaaS world, and that's something that will really serve us well, no perpetual license. And I told them that at the time to be best-in-class with respect to being a SaaS company is you need to think about how we're going to expand our gross margins, how are we going to get operating leverage out of our OpEx, and we did the following thing. So one is there was a tremendous focus on gross margin expansion when I got here in 2015, right? We were in the low 30s on a non-GAAP basis for subscription in terms of gross margin percentage. That was extremely low, and there were a lot of reasons for that. And then today, we're in the high 70s, and there was a massive focus to get those margins up to where they need to be, which will help many of the other efficiency metrics. And what we did there is basically 2 things. One is we knew that more modules was going to help us because after a company -- a customer buys the first module, which has all the compute and all the storage, after that, every module is virtually pure profit. And so when you're up to over 60% of your customers having 4 or more modules, well, those last 3 are virtual profits, so that's going to add upward pressure onto your gross margin story. And then, of course, we started to have a move to a hybrid model, right, which is on the cloud side. So we use and we partner with and we enjoy our partnership tremendously with AWS. But at the same time, we built our own private clouds to help us scale and reduce costs. And so optimizing the relationship between our private and public clouds and within the public cloud and within the private cloud have allowed us to virtually more than double our gross margin percentage in just over 5 years, which is incredible. And then you look to the OpEx. Why have we been so efficient? What's worked in our favor? Why are we showing strength on the bottom faster -- and cash flow faster than I think a lot of people expected? And it goes back to the relationships that finance has with sales or engineering. And if you think about sales, one of the metrics that we give out every quarter is magic number, which takes a look at your prior quarter sales and marketing versus this year's revenue. In general, that's what it is. And we're right at the best-in-class, best-in-breed at 1.4. Many companies are very happy with 0.8. 0.9, they're in a good shape. But 1.4 is really at the top end. And it goes to looking at the sales force, helping the sales force build out their capacity plans, how they want to go and where they want to put their folks and what are the efficiencies and the different geos. Then after the bottoms-up is built, then it goes into our machinery and finance where we take a look at what is the magic number that spits out. And so long as it's within a certain region, there are other metrics too, LTV to CAC and Rule of 40, we look at all of it. So once we've taken all that information and put it through the finance engine, then we're able to see if we're in the ballpark of where we want to be. And the same goes for the discipline that we have within all the other businesses. Finance meets with all of our business partners. Every single month, we go through variances, we go through all the anomalies, we go through all the puts and takes. And the cadence and the information that's brought out is not resident with just a few people, it's within the groups that are managing to their budgets and their efficiencies. And so it's been wonderful to watch a company that's so well integrated internally just really buttoned up, really tightened up. And that matters when you're thinking about efficiency, and it leads to being able to keep up with what you talked about, which is the frictionless go-to-market in terms of being able to allow customers to find us, to try us, to use us and to buy us in a very, very easy and efficient manner. All those things come into play when we think about the OpEx leverage that we're seeing. That frictionless go-to-market, I got to tell everybody on your call here that we spent as much time taking out friction from the front end in terms of sales contracts, in terms of -- we have a deal desk, in terms of allowing people to try our products and then buy and even when they're a customer to be able to easily buy additional modules by using the same data. It sounds really easy, and it sounds like it's a no-brainer. I got to tell you that the more simple it is, the harder it is to build. And so we're at that point where we're in the -- still in the early innings in terms of what we can do with flighting the front end and making it easier for customers to buy, but we feel that we've done a pretty good job so far.

So the next question comes in is actually something I hear question on a lot, and I think it's somewhat to demonstrate the lack of true understanding of the architecture. But it's, do you compete with or are you compatible with or are you exclusive against Zscaler? And I think it's worth pointing out that you guys are a centralized architecture, and they are a very decentralized architecture. It's very different structure of the 2 companies. But could you talk about what you do versus what they do? And are you compatible? Or is it competitive?

So I'll hit it right out of the gate. So we are compatible. We partner with Zscaler, and we can go to market together. Zscaler plays on the network side of the house. We're on workload, endpoint, where all the action is. Think about what Zscaler does or other network players as the highway of data moving towards the endpoint, which is where the entry point is to -- or workload, which is the entry point for the bad guys, right? So we -- there are things that they can do, which are helpful for sure, to prevent bad things from happening, but -- and that's why we can play together because we're not overlapping. But really, the action is at the endpoint. Everybody wants to get to the endpoint or to the workload, and that's the entry point. And so to answer your question, we feel that Zscaler is a good partner with us. And we know Jay and the team and Remo, the CFO, I know him quite well and we talk on a quarterly basis, and it's been a really healthy relationship.

The next question coming in is relative to the idea that you borrow all this cash, and do you have some holes in your product portfolio that you need to fill? And if so, can you give us some sense of what those might look like?

There's always things that we can do, right? I mean the great news for us is, yes, we were known as -- early days, we were known as that endpoint security company, core antivirus visibility in our detection & our Overwatch, which is our threat hunters. We're known for that, but we've been able to move to adjacencies like identity, right, like IT hygiene, which goes and tells you what do you have in your environment. So there are a lot of adjacencies available to us, and we're constantly looking at them and understanding how well they will fit within our platform as well as increasing some of the spend within some TAMs that were already there. Look, we just made our first entrée into identity with Preempt, but there's clearly a whole lot more in identity that we can do that can complement what the folks like Ping and Okta do. So there's just a tremendous amount of things that we can do to, not only help the CISOs of companies but also the CIOs of companies. And I think that's something that I'd love for your audience to leave with is that we're more than just a workload or endpoint protection company, right? We're much more than that.

As we get down to the last 2 minutes, more of a quick answer, if we could. One of the things that clearly benefits the company is there are remediation capabilities. And clearly, with SolarWinds, remediation has come to the forefront. Could you remind us how that translates into additional business after you brought in to help remediate?

Yes. That's a great question and probably a good one to end on. So we have a smaller business, our professional services business, which is not implementation of software, it's the -- it's a group of folks that get called in once somebody has been breached using somebody else's technology. So we would come in. We would do the investigation work. We would do the forensics. We'd do the remediation. And then once it's all cleaned up, then our whole go-to-market is we leave our tech behind. So others in the space, they want to come in and leave their professional services people there forever, right? And that's not our model. Our model is get in -- get our professional people in and out as quickly as possible but leave our tech behind. And so that's been a tremendous lead gen for us. And I think we announced at the end of last year, we talked about for every dollar of professional services business we get, it translates into just under $4 of net new ARR. So I mean it's clearly the tip of the spear. It's our strongest lead gen that we have out there, and that's very, very strategic for us. The cross-sell that we're able to get from our professional services business, the men and women who serve in there really are that front end of spear, and they're the ones who have that first contact with a customer. And we become that special adviser on the security side, and so they always know that they have a phone number to contact if they need it. And then once they've deployed our tech, you can go all the way. You can go all the way for purchasing our complete offering, which basically is the MSSP for our own offering, including remediation. So we can do it all, which is very, very exciting for us. And hopefully, I leave everybody on that up note.

Yes. So we got to end here. I think you can hear from the answers why we've been having a buy rating on CrowdStrike since they came public, and it's been our single best idea in security since they came public and continues to be. With that, thank you very much for joining us. Thank you, Burt and Maria, for joining us. And I hope everybody has a great day. Thanks.

Thank you.