CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

Perfect. Thank you so much, everyone, for this afternoon session. We always say that we keep the good part to the end. This time, I can probably say that I kept the best part to the end almost. And CrowdStrike is one of the most successful companies in my universe. And here today, I'm very pleased to host Burt Podbere, CFO, CrowdStrike. And I have -- I prepared a long list of questions. As always, there is a website that -- Veracast that you've got a link to. And if you have any question you want me to relay to Burt, please let me know. Just send me a text over there. So with no further ado, I want to welcome Burt and also start with the first question.

And the first question goes to the evolution of the company. I had the privilege to take you public and be part of the group that took you public. And since then, you evolved. You basically -- the addressable market went up. You addressed new opportunities. Can you take us actually through the last few years' expansion? How did you start? And let's just -- I mean let's start with the IPO because it's an easy day. How did you start when you went public? And then what did you do since then in order to increase the addressable market?

Thanks, Tal, for the really nice and kind introduction. Really happy to be here. Really happy to talk to you and your investors, and I'm excited to go through the questions by you and your investors. So it's a great place to start. So -- but it's not a surprise that the TAM expansion that you've seen us talk about has a direct correlation to our portfolio expansion or the more modules that we brought out. And the reason that we've been able to do that and bring out more modules at a pretty good clip is that it goes back to our premise where we collect data once, and we're able to use it many times over and over again, I mean, that's the core to our vision. And this was designed at the beginning. The whole idea was to go get data, put it in some technology. We call it our Threat Graph. So we can use it and understand it in ways that nobody else can to ultimately stop the breach. And so what we were able to do, since the IPO, if you remember, we had 10 modules, and we were across 5 markets. We grew to about -- we grew to exactly 19 modules -- cloud modules today across 7 markets. And we did that through a variety of things, right? We did it across our core endpoint security. We did it through cloud security. We did it through identity protection and log management. And the majority of those modules that we added were inorganic -- sorry, organic, and then some were inorganic. Like we acquired Preempt, and we acquired Humio, one in the Zero Trust space and one around XDR log management. And in that same period, when we added all those modules, you saw that our TAM has expanded from about $25 billion at the IPO. It's at $36 billion today and then estimated to grow to around $44 billion in 2023. And then in our webinar that we did not long ago, we outlined a more ambitious path to potential $100 billion plus TAM in FY 2025. And that included normal organic TAM growth. It had current road map activities, future initiatives, and of course, the cloud security opportunity. So that's kind of how we've seen it since the IPO.

Got it. What makes -- what is so unique in the architecture that enables you to grow the TAM on the basis of a single infrastructure?

Yes. This is the core to who we are. So when the company was founded, it was founded by a guy by the name of George Kurtz, who came from the security space. He came from a company, a McAfee that was in the antivirus space. And he saw all the things that were inhibiting it from becoming something bigger than it ever became. And that was -- it wasn't cloud delivered. It helped scale. It helped getting more data faster, utilizing data from different sources in a way that was never been done before. So number one was born in the cloud. It was cloud native from the beginning, clean sheet of paper. And back in 2011, when the company was founded, remember -- and you remember this well. Cloud security was not invoke, right? It was [ evolver lacking ] at George at the time, not so much anymore. So number one was born in the cloud. Number two, this single lightweight intelligent agent that didn't require a reboot and had technologies like smart filtering, which we're able to contract and expand based on what you saw, was extremely important because the single lightweight agent meant that you're able to do some consolidation, right? You have one agent, and it was able to land at the -- we call [indiscernible] property right at the endpoint. And you're able to kind of then consolidate a bunch of agents, make it easier to use, more cost effective, all of that. And there's not one customer, over my 6 years that I've been in the company, that didn't talk about wanting to reduce agents. So having a single lightweight rebootless agent with smart filtering was number two. And number three was the data, creating this data lake, creating a data-driven platform where with every customer you get, you become smarter or better. And you enable it in a way to number four, which is the Threat Graph that I talked about. It's organized in a way that's easily identify some potential threats, and then we're able to do what we set out to do, which is basically to stop the breach. And that's what the outcome was, yes.

Got it. Other companies in your space are -- they're doing the processing on the endpoint instead of doing it in the cloud. They may do analysis in the cloud, but then they send it back to load up the endpoint. And what they're saying, they're saying the benefit of that is that if there is an attack that disconnects you from the world, that disconnects you from cloud, you can still process threats. I understand these are 2 -- are 2 sides of the coin, but talk about your customers' -- and this is maybe an old question. But talk about your customers' willingness to actually process all the information in the cloud and do very little on the endpoint versus the other scenario.

Yes. So basically, we definitely started with everything going up to the cloud, speed, efficacy. Because at the end of the day, customers are looking for efficacy, right? They want to make sure that you're stopping the breach. So being able to organize it, throwing the AI at it, machine learning, all this data makes your AI better, right? It's a training ground. So coming up to the cloud at first, as we talked about, was really hard. Like a lot of customers really weren't comfortable with the cloud. It definitely was a hurdle back in the early days, 2011, 2012, 2013. Today, it's a completely different story, right? We've turned it on its head. Everybody understands the benefits of cloud. And the thing that people don't realize is that this Threat Graph technology that we have in the cloud, we have, I'll call it, mini Threat Graph on each of our agents, right? So it's not like we don't do any work at the endpoint itself. We do. And so even when we're disconnected, it still does its job, right? And so we have the benefit actually today of both. And I think that's really resonated well with our customers. And they got really comfortable with our technology because we -- obviously, we have the cloud where we house all our data, which is in our Threat Graph. But we have these mini Threat Graphs at the endpoint itself.

Got it. I want to take you to the numbers because I'm getting e-mails from investors about the numbers, and I'll go back to my fundamental questions. And I know what people are asking about.

Sure.

If I look at your outperformance over the last few quarters, you predicted, you guided for a certain number, and you was able to outperform your own guidance. The outperformance has seasonality. Second quarter -- if you look just in the last 3 quarters, it looks like it's slightly going down on a dollar basis. But if you expand it beyond that, you'll see it goes up and down. It doesn't have action in this kind of trend. So -- but there is still the question, the #1 question, which is can you continue and report something like 70%, 65% to 70% ARR growth? So I want to come back to you with an answer, and I know that you're limited in what you can say. But I want to come back to you with an answer to -- with the same question to say, first of all, how surprised were you in the last few quarters when you grew 70% when you clearly didn't guide for 70% ARR growth? And number two, what do you think is going to happen over the next few quarters and months to your ARR growth? What are the pluses and minus, basically, to ARR growth?

Yes. So first, just to remind your audience, we don't actually guide to ARR. We disclose it every quarter, but we don't actually guide to it. We do guide, obviously, to revenue and earnings. And revenue spend is really a by-product of ARR. But -- so the point about how we think about ARR and its performance in the past, obviously, we're quite pleased, right, coming off a record Q1 where it was higher than Q4. Granted, there was a little bit of acquired ARR in there, but it kind of roughly -- at the end of the day, we delivered Q2 [ for us ] in a row, which we've never really -- we've never done that before. And most software companies don't. Usually, there's a dip from Q4 to Q1 in terms of sales or bookings, whatever you want to call it, ARR for us. And so we think about the overperformance, and obviously, that leads and translates into how revenue was. And so for us, we were happy to report, obviously, that we beat the guidance. A lot of it had to do with running the tables in terms of the deals that we're able to secure. We really had 2 outstanding quarters in a row. And then when you think about Q2 and beyond, certainly Q2, when you look historically, it's kind of roughly in that same neighborhood as prior Q4. That's kind of how we think about it. And then beyond, at these numbers, right, it goes back to where is the fundamental growth going to come from, right? And for us, when I talk about the pipe being its strongest it's ever been going into Q2, it's because we're thinking about things like the tailwinds, right, secular tailwinds, whether it's what you see in the news every day, right, the proliferation of the ransomware tax and just tax in general, I think, fueled a little bit or enabled really by digital currency crypto. I mean that's been a big reason for some of the attacks that you're seeing and the proliferation of these attacks moving to the cloud and then obviously the digital transformation and security transformation. So on the backdrop of all of that, then you throw on tech that's the most effective in the world to stop the breach. And then you add on to that a go-to-market engine that's been built with the same eye and focus as our tech, and you basically have us, right? And so at the end of the day, it's not just one thing. It's many things. And many things have to work in harmony, and we work relentless-y to make that happen. Even when you think about our unit economics, right? I have a focus on unit economics. It's been fantastic for many, many quarters. Last quarter, we put up on the board a Magic Number of 1.4, which says to me, we're very, very focused, but it also says, hey, you have some room to continue to invest aggressively. And that's what I'm trying to do, right? So when I think about ARR, I think about, okay, let's go capture -- how do we capture more, right? Well, international, right? We've done a great job, I think, to date, in our international splits. We're roughly in that 27%, rest of world; 73% in America, but we have room. Ultimately, I'd love to see that 50-50, right? So to invest internationally, which is generally less efficient than the United States, that's one area. The second area is, hey, let's look at specialists in our sales force, right? So as we think about cloud and the opportunity in the cloud, let's go bring in some cloud specialists as an [ overlay ] team. It's less efficient, but I'm going to go capture more ARR. And so those are the things I'm playing with. It's a slider. But clearly, because we have been so effective in our efficiency, it's allowing us to be aggressive in our investments. So that's how I think about it.

Got it. When I look at the chart that you presented recently, you presented a chart of your TAM. There is a big jump from 2023 to 2025 from $44 billion to $106 billion, from memory. And big part of it is cloud workloads, protection of cloud workloads. Can you elaborate on this opportunity? And can you also discuss why you are positioned to address this kind of demand or future demand?

Sure. So first, we think about cloud workload protection to be in its infancy. I think that there's a greenfield opportunity there. That's where we're starting from. Number two is in terms of us, we were built in the cloud for the cloud, right? So there's no one better positioned to be able to protect the cloud than us. We run one of the biggest platforms in the cloud and develop technology to protect our cloud that exists today. And we believe that we have the expertise that other vendors do not have, and we've got history -- a lot of history behind it. And then we have integrated attack, which really, really matters. And so we've created really the, I would call it, the gold standard in cybersecurity. And as you've alluded to, it's no longer just about the traditional endpoint security market. It's about the cloud. It's protecting cloud workloads. We believe today's cloud workloads are massively under protected and with spend estimates at 1% of IaaS and PaaS spend, right, so a long way to go. We still think it's early days. It's still greenfield. But we did disclose that we more than doubled cloud module ARR quarter-over-quarter, still small, but we doubled it. And it's important to remember that we have a large amount of customers using [ EP ] in the public cloud. So we think that there's a tremendous opportunity for us in the cloud. We think we're first movers to protect workloads in the cloud. We think we have the right tech. We have the right architecture based on all the things we talked about to take advantage of, I think, a massive opportunity.

Got it. Great. We spoke about throughout your presentation -- or throughout our discussion, we spoke about modules. And you highlighted 19 modules. Can you talk about the upsell opportunity? And give us some stats on your performance over the last few years.

Yes. So module adoption has just really taken off, right? We're -- 64%, 4 modules. We're at roughly 50% of all of our customers have 5 or more modules, and we're in the high 20s in terms of 6 or more modules. If you think about companies that have more than 1 module to sell or an upsell opportunity, if they're at 10% on their second, they're pretty happy. And when you're at 64% on your fourth, I mean, you just see the power of what we're able to offer our customers. And the customers are happy, right? At the end of the day, customers' security environments are complex. They can be fragile. And for us to come in, offer an integrated platform which lowers their total cost of ownership, I mean, that's just fantastic for our customers. And when we think about module -- more modules, we think about bringing roughly around 2 more modules to the market every year, 2 or 3 depending. And then you've got the inorganic course as well. We've shown the world that we've got the ability to go and look at other technologies. And if we feel that it's not right for us to build it or if it's not right for our store, we can go buy it. And we certainly have the balance sheet to do that. I think we've been really successful in our 2 acquisitions post being public in both Preempt and Humio, both offer new TAMs for us, both integrate extremely well into our platform. And so module adoption or adding additional modules becomes multi-pronged. It's the 1 or the 2 that we offer organically in a year, and then we add in 1 or 2 inorganically. I mean then you're really starting to provide use cases across the board for your customers, seamlessly under one console, easy to use, simple to manage. I mean you can just think about that for a moment and think about the challenge that companies would have, if they didn't start out the way we did and built our architecture the way we did. And so for us, we see this as still as a massive opportunity to go after and seize those dollars -- those budget dollars from our customers that are spending with other vendors and consolidating us.

I want to go back to cloud workloads. There was another question I forgot to ask you, which is, competitors are going after the same opportunity, but they are not competitors, really. They're coming from different areas of security, Palo Alto, just to name one of them. What makes you -- meaning your position in the endpoint market or with the clients or position in the cloud, what makes you better positioned to address the opportunities and work in the cloud workloads versus people that come from SASE, from firewalls, whatever. But I see some kind of convergence over in this point where everyone is addressing the same opportunity.

Yes. I think it goes back to the architecture and where we're starting from. We started from protecting the endpoint, right, the traditional endpoints, whether it be a PC, a server, what have you. And then it's a similar process to go into cloud, although it's more complicated. And so -- but we've got the technology already. We found the right path to be extremely effective in terms of being able to protect the endpoints, whether they're in the cloud or traditional. The advantage that we have, right, is we are sitting on the endpoint itself, right? We're where all the action is, right? We're protecting where all the action is. And the ability to scale that with a lightweight agent is second to none, right? And being able to -- be able to show the value by having a lightweight agent that's not rough on your PC usage,and that has this ability to be put anywhere, whether it's on the traditional endpoints or in the cloud, is a massive opportunity for us. We still also think that because we were born in the cloud for the cloud and being a first mover, we have that first bite of the apple to take the bigger market share in the cloud. We already think that we're gobbling up ARR on the traditional endpoints but we see taking that technology and moving it over into the cloud is very seamless for us versus others who have to come at it from different angles, different dashboards, different consoles, and it gets really complicated for the end user. Whereas for us, it's one console, one single dashboard across all the public clouds, and that's a massive differentiator for us. And customers want it. They want simplicity, and that's what we offer.

Got it. I have another high-level question, which is why now? Meaning, I've been following this market for 20 years maybe. It used to be other companies that didn't grow for 15 years. And suddenly, we see growth. Why now? And we spoke already out -- up until now, we spoke about why you. What I want to ask now is why now. What are the underlying industry drivers that increases the [ miles ] for your kind of solution?

Yes. It's a great question. I think at the end of the day, we were built to stop breaches. And I think you're seeing in the world today that the breaches have been more pronounced, more prolific than ever before, right? We came out of the gate, stopping -- with the idea to stop the breach, right? But we've seen this backdrop of increased nefarious activity on a scale we've never seen before. And for us, I think that customers are looking for that modern architecture. They're looking for how do we stop the new type of adversaries. The old guard, we've already seen, can't do it. Even some of the new guard or the so-called new guard can't do it. But we can. We were built for modern times. We were built in the cloud, starting from the cloud. We're enabling this successful digital transformation, which requires, obviously, security transformation. And I think that because of this proliferation of attacks, we were -- we came in at the right time. The other thing is, as I said earlier, these digital currencies have really helped the bad actors in terms of getting paid and not being caught with respect to the ransomware attacks you can see in the news. And so as that's gone forward, that's accelerating, that's had an impact on how the bad actors are out there. And if you go back to us and you take it back to CrowdStrike, I mean, it goes back to our simple solutions, easy to deploy, simple to manage. We're cloud-delivered with a single agent. We reduce complexity. We're reducing the agent bloat. We're reducing the burden on the endpoint with our very lightweight agent and a single dashboard, right, making it easy for our customers, whether it's on the deployment side, whether it's on the usage side, and ultimately, being the most effective cybersecurity company out there really matters right? It's not like I'm going to go down the street and go pick up the fourth or fifth or sixth best -- or even the second best technology out there. Customers want the best. It's a necessity these days, right? And pick up a paper any day, any paper, any day, right, and you're going to see a section on cyber, right? Even on my feeds on my phone. The general piece I get across the board, entertainment, sports, whatever. There's a whole section on cyber every single day, right? It's not going away, and I think that that's what's changed.

I have a question on sales effort. If you sell a switch or you sell what's called ADC, F5. These are both 2 networking companies. They have different buyers completely in the organization. You have 19 modules. Are the buyers the same for all 19 modules? Meaning what did you have -- it's -- the question is about what do you have to do to your sales organization when your TAM started to grow? Did you have -- is it the same buyer? Or you had to address different buyers within the organization or channels? We can talk about buyers. We can talk about channels.

That's a great question, right? And so traditionally, on endpoint security, we sold to the CISO. And at times, the CISO reports into the CIO, oftentimes actually. So there was always the connectivity between the 2. And then as we branched out beyond just endpoint security and we've been into some of the adjacencies, they go into the CIO. And a lot of the time, the CIO will have the budget for both cybersecurity and IT. And so what we saw, I think, in the past, as we saw budgets in the old days, we saw budgets being pulled from cyber into IT. Well, now you're seeing the reverse. You're seeing budgets going into cyber from IT. And so we do sell our security, obviously, primarily to the CISO. Having said that, they're very often connected to the CIO. And very often, the CIO has the bigger budget and looks at it and says, "Oh, wow, I can actually use CrowdStrike technology to help reduce costs and technologies that I have on the IT side of the house because they do it already." And so that kind of really exemplifies the power of our -- of what we do and going across security and IT and on SecOps or whatever term -- or DevSecOps, whatever term you want to coin. But having said that, at the end of the day, we do sell to the CISOs and CIOs. And a lot of the times, they're connected.

Got it. Is there any margin difference between the modules?

Not really. It goes back to collecting the data once, reuse many times architecture, which means really after the first module, each additional module is almost pure margin, so not so much.

Got it. I want to talk just about one module or one area that you highlighted before, vulnerability management. Can you discuss this particular area? How do you see the product competing against the incumbent, if there are?

So we've seen a lot of traction with Spotlight. Customers are really adopting it at a rapid pace. In our April webinar, we noted that it's growing significantly higher than overall customer growth. So we're really excited about the traction that it's been gaining. And it goes back to -- this is an easy one in terms of you bought 3 or 4 modules or you're buying a bunch of modules upfront. This one is an easy fit, right? The founder, George Kurtz, he came from this space. He came from vulnerability management. For those folks on the phone, we're on the [indiscernible] call. You remember Foundstone. That was where George brought his first foray into this world, and it was a great technology. Then obviously, fast-forward, when we went to this collecting data once, we use many times, you were able to then see the ability to move quickly into vulnerability management. And hit out of the gate, knocking off 70% of what customers wanted out of the gate. And then as we added new revs, you get to 80%, 85%, 90%. And so we're really, really excited about what we're seeing with Spotlight. And we think it serves a specific market that everybody understands, analysts, customers, everybody else, but it's an easy flick of the switch. And I have to tell you I've been with many CIOs in regulated environments and nonregulated environments that tell me, "I need consolidation. My architecture is brittle. My security posture is brittle. You need to help me." They've actually used those words. And I say, "Okay. Let's go through it. And let's say, where do you think we can help?" And I would show the consolidation that we do, and we would go through their pain points and I would share with them, "Okay. This is what we have. This is what's coming out." And you can come to us, and you're going to solve that brittleness problem and efficacy problem, and ultimately, the cost problem. So it's kind of one of those -- this is amazing, and vulnerability management is one of those that shines brightly in our portfolio.

Got it. You have a very high-ranking incident response franchise or incident response. Can you discuss how important is this business to drive new business to CrowdStrike?

Yes. Thank you. I agree. We do have a top-ranked incident response franchise, and I've been close to that part of the business since I've got here. I'm very close with the leader in that space. It is small compared to whatever that's really out there that's best in class, but it's strategic. It's a best-in-class team. We show up. We fixed the issue caused by some other technology, and we leave our tech behind. That's our motion, right? Our motion is to get in, fix the problem caused by somebody else and leave behind. Whereas another company would like to come in, stay there and just keep churning the mill. That is not our go to market. That's not how we win our customers. And then just to give you some idea, among organizations who first become a professional services customer, after February 1, 2019, the average subscription ARR derived for every $1 spent on initial incident response or proactive service engagement grew to $5.51. This is up significantly we compared -- when compared to $3.73 when we reported that last year. So you can see the might that takes place from our services business. And it's not like you just can go hire these folks and they become great. I mean it takes time, training, also training on our products. There's a whole bunch that goes into it besides just going out and spending a bunch of money on headcount. We have a specific formula of the type of person we want to hire, the training program that we have in place for that person, the understanding of our tech, how it works, how we talk to customers, how we differentiate ourselves. It's a whole -- it's very formulaic. And so that's what separates us from everybody else.

Got it. What are the puts and takes -- I'm going now through the course of discussions with the CFO of the company. So what are the puts and takes of your margin evolution? And how do you see it evolving over time?

Yes. Margin evolution. So I think when you look -- it starts with gross margin, right? So improvement of gross margin over the last few years has been great, right? 30s -- we were in the 30s in non-GAAP subscription gross margin in FY '17 to the high 70s today, right? That's almost unheard of, right? And it goes back to the collect once, reuse many times. Every module that we add is virtually pure margin to us after the first. So that's a big piece of it. Second piece, of course, is optimizing our public and private cloud usage, right, and turning the dials to make that really effective and cost effective for us as well as effective in terms of usage and our ability to use it. And I felt so confident that we're going to continue our expansion of gross margin. I raised the long-term target -- market target for gross margin in April to 77% to 82% plus,from 75% to 80% plus. And that's because I think that more modules, more efficiency on the back end, all that's coming together, and I think we have more room to grow that gross margin.

Free cash flow. You hit positive free cash flow faster than you anticipated in the past. How do you balance -- or can you tell us about the balance between the need to invest versus the desire to have a higher free cash flow?

Yes. I love that question, and you're right. We did hit free cash flow earlier than anticipated. Again, it goes back to the overperformance of the business. But we set a long-term target of 30% or more of free cash flow by FY '25. We did that in April. So that's the first time we've gone out there and talked about what that number is going to be, the sustainable number, right? Because it's going to go up and down quarter-to-quarter but a sustainable 30% floor, let's look at it that way, by FY '25. And then you look at our efficiency metrics, and it's telling us that we have room to continue to aggressively invest. And we have stated that we will. I just talked about it, and I do plan to do it. I do admit it's harder to do than you think it is because we're still -- we still have really high standards in terms of people into the company. And that's something that's out there. But as I said, I do plan to invest heavier internationally, heavier on some of the emerging markets for us on the sales team. So that's the plan.

Got it. I have time left for one quick question, so I'll ask it. Big position of cash balance, what are your plans for cash balances?

Maintaining a strong balance sheet, keep net leverage levels low and then strategic M&A. We've got a high bar for M&A. We're really happy with the 2 M&AS that we've done post public, but we plan to -- highest and best use of our cash, and that's certainly a lot of our thoughts and our efforts are looking at different companies and technologies out there that would fit our platform and make it stronger.

Always the same, meaning add-ons to the platform? Or will you also use M&A in order to branch out?

It's -- for us, at this point, it would be unlikely for us to branch out. It's got to be fitting in the platform. We're not looking for a transformational acquisition. I'm not saying it won't happen, but it's much more unlikely that we would do a transformational type of acquisition than these plus swaps that are part of the platform.

Perfect. Burt, thank you so much. As always, great discussion.

Thank you so much, Tal. It was great to chat with you today.

Perfect. Thank you.

Take care. Bye-bye.