CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

Excellent. Thank you, everyone, for joining us. My name is Keith Weiss. I run the U.S. software equity research franchise here at Morgan Stanley. And very pleased to have with us from CrowdStrike, CEO, George Kurtz. George, thanks so much for joining us.

Great to be here.

Excellent. Before we get started, for important disclosures, please see the Morgan Stanley research disclosures website at www.morganstanley.com/researchdisclosures. Excellent.

So with that out of the way, you reported earnings earlier this week. And I just want to start with maybe State of the Union. How are you feeling about sort of the overall demand environment as we head into FY '26, how you're feeling about sort of the state of security? And then CrowdStrike's positioning to sort of capitalize against it?

Sure. So again, great to be here, and thanks for everybody's early morning visit. So we could just go back and recap Q4 in terms of top line, we beat consensus by $32 million ARR. We had a year of $1 billion in free cash flow. You look at the growth of some of our products, which we're going to go through, outstanding, some of the emerging technologies. And overall, coming out of the incident in July, 6 months later, to be where we are and see the success and the engagement with customers, I think it's fantastic. It far exceeded my expectations. So the demand environment is still very, very active right now. When we think about the geopolitical tensions, security needs only go up, and there's a lot of uncertainty in the market today. And I know there's topics that we'll cover. So from a demand environment, we see it there. We look at products like Next-Gen SIEM and Cloud, Identity, have been doing extremely well. And security is not going away. And I guess from the macro piece and as we dive into the details, what's important to capture here is that security always parallels the slope of the innovation curve. So if we think about the early '90s, it was super simple. If we think about where we are today, [ Sam ] just got done, I think, about all the complexity there in AI and what AI is going to mean in terms of security. You're going to need players to be able to secure every layer of that. And CrowdStrike is going to be one of those foundational platform players that's going to be in the mix. There's not just one, but obviously, there's room for a few big guys out there.

Got it. I want to touch on the July outage, mainly because I think it was a great example of how to well-react to an incident. You guys were very transparent. You were very proactive with the end-customers. And what we've heard from your customers, what we've heard from your partners, was it actually engendered more confidence in the relationship with CrowdStrike, the partnership with CrowdStrike. Everyone is going to have incidents, but it's how you react to them. What was the learnings from the CrowdStrike side of the equation?

Well, I mean, lots of learnings. I think if you take it from the top, it just goes to what I've said for a long, long period of time in my career, which is, I can never promise perfection. I aspire to it. But I always can promise a response. And I think the response that we had was fantastic. We just did what we would normally do. This is -- we didn't do anything special, other than what we would normally do as CrowdStrikers, which was be open, communicate what happened very quickly. I was on 2 news shows pretty early on. And taking responsibility, communicating what it was. And then ultimately making everything that we found very public. What I know is what everyone knows, it's all on the website, right? And taking that approach, I think, has been, A, it's the right thing to do. And two, it really has built even more trust with our customers. Our customers love us. They loved us before. They still love us after. But in fair weather, everything looks good, right? The real true test of a partnership is when you have rocky weather. And we've had customer after customer, even CEOs after CEOs come to us and say, "You guys did a fantastic job. We work with a lot of other vendors. We've had other issues with vendors. No one in the industry has handled an issue like this like you guys." And that's why we have 97% gross retention rates.

Okay. One of the ways that you sort of foster that partnership with your customers was customer commitment packages. Can you walk us through some of the impact -- the near-term impact on the top line that CCP has, and then the opportunity to drive better growth longer term as the CCP impacts start to roll off?

Sure. So maybe we should talk about CCP, what it is. Essentially, we use -- and I want to make a distinction because I don't want people to get confused. I know we're going to talk about Falcon Flex. But Falcon Flex is the licensing mechanism, which is a commitment, and then a burn-down type model, right? It's very similar to a hyperscaler. So what we did is we loaded Falcon Flex dollars into a pool and basically said to a customer like, we know we had an impact, we want to make it right. And we talked about some new products. And for the most part, what we had to do was to put dollars in 4 products. And those customer commitment packages, we originally thought would be kind of $60 million over 2 quarters. It turned out to be $86 million. But we view that as a good thing because the -- by and large, a bulk of that is seeding the customer base with new products, like Identity, like Cloud, like Next-Gen SIEM. And that is what gives us confidence as we roll through the back half of this year, because those dollars were designed to really burn off within that one-year period, and it gets somebody using our technology. So we wanted to do the right thing by customers. We got them comfortable. And the big element is, we were down a path with Falcon Flex to convert the customer base into a Falcon Flex licensing, which takes time, and education by the sales force because it's a more consultative sale. And we really just accelerated the adoption of Falcon Flex. Because if you wanted to take a product and Falcon Flex dollars to use, you have to be converted to a Falcon Flex license mechanism. So it's kind of -- two really good things came out of it, is the conversion of the license into Falcon Flex from a traditional one and the fact that we've now seeded those technologies, which will essentially burn off in the back half of this year.

Got it. So all in the pursuit of making it easier for your customers to adopt a broader sort of portion of the portfolio. This is just a near-term instantiation of a longer-term initiative that you guys have within Falcon Flex.

Correct. The strategy was always to convert the customers over the Falcon Flex and a commitment model, which is the more they commit, the bigger discounts they get, and they have a lot of flexibility in picking the module. So essentially, you open the entire product catalog up to our customers. Because they came to us and they said, "We want to do more with CrowdStrike. You've got 29 modules. You keep adding more, you buy new companies. Not everybody can keep track of it." And even our sales team, they have to keep track of each module and be experts. So customers came to us and said, we want a new licensing model like a hyperscaler, but with more flexibility. And if we commit more, we want a bigger discount, and we're locked in for 3 to 5 years. So that's worked out well. So we were going down that path anyway. And it just turned out that we could use that vehicle to convert the customer base over and then deliver the customer commitments packages, which we really wrapped up that program at the end of Q4.

Right. Got it. And then just from an investor perspective and understanding those impacts, you wrapped it up in Q4, how should we think about the dynamic of when that headwind starts to turn to a tailwind?

Yes. So you're going to still see some headwinds in Q1 and Q2 just from an expense side because you've got things like sales commissions that -- being amortized over this next year. And as we're paying commissions on the CCPs to make sure that we [ protected ] the sales team, right? I mean it was the right thing to do. So those will ultimately burn off. You had some headwinds from legal. Obviously, you have big expenses there. You've got consulting headwinds. But these are more onetime costs in many of these areas at a higher rate in any way. And then they begin to burn off. And then you start to see the ramp in operating profit as well as free cash flow. And as I said, we talked about exiting this year free cash flow of 27%. So we also have some larger bills that come due in terms of commission payments and deferred payments in Q1, which will -- Burt already talked about that in our earnings call. So again, what we're looking at is getting through Q1 and Q2. We've got the ramp in Q3 and Q4, focused on net new ARR acceleration.

Got it. I wanted to sort of -- go to maybe a little bit of a higher level. When we think about Falcon Flex, sort of, A, taking away the frictions for customers to adopt the broader part of your portfolio, it speaks to this sort of a broader trend of consolidation of kind of more functionality with fewer vendors. And it speaks to sort of that debate of sort of platform versus best-of-breed. And where does sort of CrowdStrike fall out on that? Like what's the right balance in terms of trying to drive that platform consolidation versus kind of sustaining best-of-breed functionality?

Well, you sort of have to do both. So let's just maybe recap, because if you go back in time, and I've been doing this 30-plus years in security, you have best-of-breed products and you have best-of-suite products, and now what I call best-of-platform. And what customers -- they don't -- customers shouldn't be construction workers. They shouldn't have to assemble everything. They shouldn't have to put all the pieces together and have tons of people that all they do is integration. They should be able to take a platform like CrowdStrike, plug it into another platform like Zscaler, pick one, and have it all work. And that's what we're focused on, and that's the best of platform. Now when we look at individual modules, our goal is to be first or second in any one of those categories. Many of the modules that we started with early on, the more mature ones, we're certainly #1 by a long shot. And then as we come out with new modules, we keep adding new functionality, maybe we enter a new market, and we keep adding to it until we're able to replace other technologies that are out there. One of them I talked about in the last earnings call was Exposure Management, being able to replace some of the traditional vulnerability management vendors. We've done really well with that. So you want the best platform. But you also want to focus on what you really do well. And this is one of the things that I always say to the team at CrowdStrike, and our customers. This is what we do really well. These are the areas of security and data and cloud and everything that we do, and a lot of things we don't do. Like we're not a firewall vendor. We don't sell boxes. That's not us. We're not going to be doing that. And it doesn't mean you don't need it, but that's not us. So we focus on what we do well, and we want to be #1 or #2 in any of those categories from a module perspective.

Got it. And maybe you could give us sort of an update on kind of how far we've come with Falcon Flex adoption. Any kind of sense you could give us in terms of what percentage of ARR or how penetrated that has become into the customer base?

Sure. So the latest stat is, in terms of total contract value, we've got $2.5 billion converted over Falcon Flex. I think over -- yes, I mean, it was a huge quarter in Q4. So when we think about the base of the customers, obviously, these are bigger dollars. But the number of customers is still small. So there's still a long way to go in the conversion of Falcon Flex. And part of what we're doing as well is investing in our channel and our go-to-market around that, because it took the sales team sort of, call it, last year to get their heads around how you sell Falcon Flex. Because you move away from, hey, here's another module to sell you, to let's sit down and create a demand plan. Let's go through your road map. Let's understand what we have. Let's understand how we consolidate, how we save you money and what you're going to use and when you're going to use it. That's a different muscle, right? So you have to have that muscle memory. So we took last year to actually build that with our sales team, and now this is the year that we're building it with our partners and channel. And I spoke to most of the large GSIs, their CEOs, I went to a few sales kickoffs. And it was all about Falcon Flex and the investment there. So we think that's going to be an accelerant to the larger deals this year and then going forward.

Got it. And how should investors think about the cash flow conversion impacts of kind of moving to this more flexible payment terms that come along with Falcon Flex?

Well, from a cash flow perspective, I think if you have flexible payment terms because you went through a customer commitment package, right, that's a little bit different. And we talked about the impact of some of those in Q1 as well. When we think about Falcon Flex, it doesn't mean that there's delayed payment terms, right? If -- I mean, there are payment terms, either we're getting paid all upfront or we're getting paid annually. Or, which -- one of the reasons why we created CrowdStrike Financial Services, and we've done very well with it and some really big deals, is that we can supersize the Falcon Flex deals and then we can actually finance it. And we've got some great results from that. And then obviously, that's a very quick conversion.

Got it. I want to switch gears here a little bit, start talking about some technology. I would lose my license as a software analyst if I didn't start talking about generative AI pretty quickly. How do you see generative AI changing kind of the cybersecurity landscape, both in terms of what's going on in the threat environment, but also the tools it gives you to better address those threats?

So let's talk about the threat environment for a little bit. So just to level-set with everybody, when we think about the threat environment, we break it down into adversary kind of groups. And you can think about it as a pyramid. So at the top of the pyramid, you've got nation-state adversaries. So you've got the most threat sophistication at the top and the smallest number of adversaries that are that sophisticated. Then in the middle band of this pyramid is your e-crime actors. So you've got more of those, but not quite as sophisticated as the top. And at the bottom, you have hacktivists, and those are the least sophisticated, but there's lots of them. So we start there. So essentially, when we think about the nation-state adversaries being the most sophisticated, what that means is, in the grand scheme of 8 billion people in the world, there's a handful of really smart folks that know what they're doing and can create a lot of these technologies. Now obviously, there's a lot of them, but in the grand scheme of 8 billion, it's a small number. What AI does is it really democratizes that level of destruction, and it now is bringing these very sophisticated techniques, the ability to rapidly create malware, to disassemble patches and look for vulnerabilities, to execute attacks, to create end-to-end attacks very efficiently. It now brings that to the masses. So what you're going to see is you're going to see a proliferation of new attack groups. So I'd like to say that the threat environment is going to get better. It never does every year. And it's going to even get worse, I think, at a faster rate. So that's kind of the threat environment. When we think about generative AI with respect to CrowdStrike, Charlotte AI has been a big success for us, and we were building generative AI before it was called generative AI. And it was really designed to go beyond just a chatbot, and we wired it into the workflows that we have. And the whole idea is: How do you save time, and how do you take -- and money, of course, and how do you take a level 1 analyst and make them a level 3 analyst? Some of the results of that with our Detection Triage, we're saving, on average, 40 hours a week for customers in just this one area of detection with 98% accuracy. And customers continue to use it. My last point on that is, we really thought it would be Tier 1 analysts, and they are using it; the Tier 3 analysts are using it more than anyone because they actually understand how to get the most out of it.

Got it. So that starts to go after what had been one of the real constraints within cybersecurity is enough security analysts to be able to handle all the volume, to be able to respond. So Charlotte AI, you're basically massively improving the productivity of the security analysts and trying to get at that fundamental shortage.

Correct. Just not enough smart people in the world from a security perspective. And we always want to grow more of them. And as the threats proliferate, you need more smart folks. And you can't -- like anything else, you just can't keep adding people. It's really hard to find them and keep them, but you can't keep adding them. So anything for me, when I look at gen AI, it's like, well, what's a kind of a rote task that I can automate? Like lots of data, lots of things to go through. You understand what patterns are. It's a perfect use case for it. And then you can focus the humans on the higher-order tasks. So it doesn't mean you're getting rid of a whole bunch of people, maybe not hiring as many, but you're focusing them on what humans do really well.

Got it. When I think about generative AI and sort of the -- we're seeing -- I think we're about to come into sort of a proliferation of new use cases, new applications that are being driven by the expansion of the capabilities of generative AI, but that also, to your point, creates more surface area to be protected. You described the endpoint as the beachfront real estate within cybersecurity, why is that? Why is the endpoint so important? And how does that help CrowdStrike in this broader AI conversation?

Well, it's a beachfront real estate because when you look at stopping breaches, right, which is our tagline, where does the breach happen? It doesn't happen in the network. Because the network is the highway. The bad guys just drive the highway and then they get to the server, the workloads. And then they exploit those and get data, take them down, encrypt them, whatever. So that is the last mile of stopping a breach. A, that's why it's important. Two is, you can get the most visibility and data out of the endpoint. Think about a network device, there's only so many things you can glean from the network, right? And a lot of it is encrypted. So you're getting some basic information as packets flow. But on the endpoint or in a workload, you actually know what's happening. And that level of data goes beyond just threat data. So when we first started the company, again, our goal was to do something different. We really pioneered cloud-based EDR and these sort of things. It wasn't even called EDR, okay? We were collecting data and then figuring out where threats and threat actors were and stopping them. But what we found is, we built one of the most scalable agent cloud architectures on the planet, and we can collect security telemetry and IT telemetry at scale. So we actually collect asset information, the health of the system, the user IDs. I mean there's a whole bunch of things that go beyond just threat data. And that has allowed us to be able to monetize all these new modules. So the whole business model is really collect once, reuse many. But you have to have the agent, that's why it's beachfront real estate. So whenever we add a new module, we're not building a new product. We've already collected the data, right? We're just building a new workflow.

Got it. So the data becomes the connective tissue through the entire portfolio.

Exactly.

I want to step through the portfolio and starting kind of where you guys started in terms of endpoint protection. CrowdStrike came into the marketplace and fundamentally disrupted how we were doing endpoint protection with that cloud-based EDR. How much runway is left from sort of the older endpoint protection systems to EDR? Is that still an opportunity for you? Is there still legacy replacements left to go in that core part of the business?

Yes. So when we think about sort of endpoint protection, I'm just going to bucket that, we have a few modules that focus on endpoint protection, like protecting the endpoint and getting EDR data. It's just a few out of the 29. But that market, almost half the market is still using legacy technologies. Almost half. So there's still a long way to go. We've been very successful in the enterprise over the -- and we started in the enterprise. And over the years, we've gone down into the SMB market and have had success with MSSPs. But there's still a long way to go. There's a lot, a lot of legacy technology out there that needs to be converted. And that's why there's still a long runway in those areas. And then when you convert them, then obviously, you keep adding new modules, exposure management or cloud or what have you.

Got it. So the push into small businesses, that's Falcon Go?

It's Falcon Go, and it could be Falcon delivered through a managed service provider.

Got it. How does the go-to-market have to shift to address those smaller customers? Because it's a much different kind of selling process for a large enterprise, different set of requirements versus what a small or midsized business would be thinking about.

Yes. From a small business perspective, they normally have relationships with some IT groups, a lot of managed service providers, right? And they typically just buy what they're told to buy. I kind of use the -- I don't know if you have a home AV system, like you just -- you have a guy that makes it all work and, half the time, it doesn't work, right? And then he tells you, "You got to buy this," and you go, "Okay, I'll buy that," right? That's the way it works in the SMB. They're like, you just need CrowdStrike, put it in, and don't worry about it. So what we've done is, we've worked with these managed service providers and massively expanded the business. And when they go into a customer, it could be 3 -- we did a deal yesterday, it was 5 endpoints. Well, how do I know that? Because there was some wire fraud in a small company I know, and we actually found it and they're like, "We need CrowdStrike," right? So it was 5, and we did it through a managed service provider, and they were up and running in 10 minutes.

Unfortunately, I'm the one doing the AV in our household, and none of it works.

Okay. You're not alone.

Can you talk to us about Falcon Complete? It's been gaining traction over the past couple of years. What's the economic value for the end-customer from Falcon Complete?

So Falcon Complete, this is, again, one of these stories you never know until you put it in the market. So the whole idea, you were talking about smaller businesses. Smaller businesses are key to larger businesses. And when we think about all the interactions, they need to be protected. And the larger companies are looking at them, and from a supply chain perspective, third-party risks are saying, "Hey, we're doing business with you. You might be $1 billion, you might be $500 million, you might be $10 million. But you have something, that we're doing business with you, and we're worried about what you have to do," whether it's connected to a large enterprise or not. Think about all the wire transfer fraud. So from that perspective, the small business still needs to be protected and Falcon Complete was designed to be able to protect those businesses who didn't have even a full-time CISO. Now what we found is that the larger businesses really like this as well. So what we do is we install it, we triage any alerts, and we actually have the ability to take an action. And we've built a lot of workflow and automation in the product. So customers go to bed at night, they don't think about it. And if anything happens, we're there to deal with it. We thought it would be really good for the kind of the medium-sized business. And it turns out it is, but it's really good for the enterprise. Some of our largest customers are Falcon Complete customers. Because when they did the math on what it would take in terms of people and just the ability to deal with all the kind of threats, they're like, "You guys do that. We can't replicate it. And we're going to have our folks focus on sort of the higher-order bits."

Got it. We talked a little bit about best of platform before. It's a question that I get a lot from investors and our bankers. Every company calls themselves a platform company. How do you differentiate what the real platforms are from just kind of point solutions trying to fluff themselves up, if you will. My kind of point of view is you look at the results, you look at whether they're able to sell in adjacent categories. And that's been, from my perspective, one of the most impressive parts of the CrowdStrike story, is how you've been able to ramp up new product additions. You have over $1.3 billion in ARR, growing 50%, from products beyond that core within endpoint protection. And you've done it without having to discount aggressively. It's not like you're just giving the product away. So what's been the secret sauce for CrowdStrike in proving out that platform and being able to go into these adjacencies so effectively?

Yes, sure. So first, when you talk about platform, everybody has their own PowerPoint with a platform. And as I say, I've never seen a PowerPoint that was wrong. Like just everyone has something, and they never look wrong until you actually try to use it. So the real key to a platform is the number of module adoption. When we first started and we first started reporting, it was like 1, 2, 3; and then it was 2, 3, 4; 3, 4, 5. Now we're actually -- we're deprecating 5 or more because we're at 67% adoption in the customer base. So you have to look at what's adopted, and you have to actually look if it's really a module or something like support offering or something. So first, we have that in spades. And then we look at these businesses that we talk about, $1.3 billion collectively in these 3 areas of Identity, Cloud and Next-Gen SIEM, and you could see the growth rates on them. That's really the traditional definition in my mind of a platform, the ability to do that. Now why are we able to do that? Well, I spent as much time on the technology architecture when I was building the company as I did the business architecture. The whole model is, if you believe security data can solve a security use case and can solve a lot of problems, if you collect that data, then you can reuse it in many different ways. So the key to our success is that we collect data one time, we create workflows on top of it, and then we monetize those. And by the way, it's all integrated. We have one platform, our competitors have 3 or 4 or 5 or 6, right, pick one. So we have one, they have more. And when it's all integrated, guess what we do? We have in-app trials. If someone wants to try Identity or Exposure Management, they go in, they click it, it gives them a trial for 15 to 30 days. And then we follow up, we make sure there's success. And then we convert it.

Got it. I want to click into a couple of those. Starting with the public cloud. Public cloud ARR surpassed $600 million this quarter. It's grown 45%. What's the opportunity there as we see kind of the market consolidating to fewer vendors? And how does CrowdStrike differentiate to sort of ensure your continued success in that market?

Yes. So when we think about public cloud, we did $600 million in our Cloud business. So we have one of the biggest cloud businesses around. We've got a lot of relationships with folks like AWS. We did over $1 billion in Marketplace transactions through AWS in one year. So we've got an incredible cloud platform offering, everything from code to runtime. And one of the keys there is that if you want to stop breaches, you have to have runtime protection. And really, that's where we started. Like we are the best in that area. And you have to -- it's a lot of hard work. You don't just short-cut your way to get there and have the high ground to be able to run on these critical servers. And over time, we've added things like CSPM, ASPM, DSPM, right? CIEM. Alphabet soup of Ms. But it's what customers want. And by putting that together in a very cost-efficient package, very easy to deploy and use, we've had tremendous success in those areas.

Got it. I think the largest emerging module, Identity Protection. Identity Protection from what we're seeing is continuing to become more and more important within that security architecture. Why does it fit so well into the CrowdStrike portfolio? What's the affinity between sort of the endpoint protection and the identity side of the equation?

It goes back to when we acquired this company, it was Preempt, a number of years back. We took the time and effort to actually integrate their agent into ours. We actually rewrote it, and we put it into ours, okay? Now why is that important? Because we have a single-agent architecture. It's part of our brand promise, the single agent. Again, you look at our competitors, they got 3, 4, 5 different agents that are -- or they say 1, but there's 4 of them sort of masked as 1. They're really not 1. And this is really important because customers want less agents. On average, in an enterprise, there's 13 agents that are there. You guys and gals, I see all the computers up here, when you boot them up and it takes forever to run, these are all the things that kind of make it slow. Nobody wants that, right? They want to get rid of those. So by being able to do that, we've integrated Preempt into the agent. So if you want Identity, you know what you do? You turn it on. There's no installation. It's there. There's some configuration. That's why it's been on fire. In fact, even the numbers that we've reported are probably a little underrepresented because that was one of the most demanded CCP-type modules. So I think we'll see the results of that down the road when the CCPs burn off. But it's been phenomenal. And it does what others can't do, integrated into the agent and stopping identity breaches at the agent.

Got it. The last product I want to sort of dig into, LogScale, the Next-Generation SIEM solution from CrowdStrike. Surpassed $330 million in ARR in Q4, growing 115%. Why is now kind of the right time for kind of SIEM and bringing in the Next-Generation SIEM? We've been talking about security analytics for decades now. Is there a technology kind of evolution? Is there a better way of us kind of addressing this problem that's enabling you to come and kind of displace this existing marketplace?

I really do think we're in an inflection point for Next-Gen SIEM. And why are we, is really the question. A few things. One, I think people understand, the more data they have, the more use cases they can solve with security with that data. What that also means is that it's ripe for AI automation. Let's take a legacy SIEM. There's a lot of manual things that you have to go through. There's a lot of triage. There's a lot of pointing and clicking and hunting and filtering and querying, right? That takes time and expertise. There's a lot of expertise when you're using some of these legacy products. And there's a lot of cost. So when you look at the traditional models of ingest costs that we're just killing customers, and you look at the fact that about 80% of the data that is being put into a SIEM was taken out of something like CrowdStrike, so customers are buying CrowdStrike, and then they're putting 80% of the data in the SIEM and paying for it in the SIEM, and they already have it at CrowdStrike. So over the years, the customers have said you guys should just ingest the 20% that you don't have, things like firewall logs and network type devices. And with the Humio acquisition, which became LogScale, we did that. And now Next-Gen SIEM is built into the entire platform. Guess what happens when we want to turn it on for the customer? We flip the switch. It's there. So our competitors take 6 months to roll this stuff out. We're up and running that day. And that's why we're at the right time. Plus you've had acquisitions in the space. So you have a confluence of all this coming together. And this is one of the businesses I'm most bullish on. Every customer we're talking to is talking about Next-Gen SIEM. And by the way, every GSI from the CEO down is looking to build hundreds of million dollars of practice around our technology for Next-Gen SIEM and LogScale.

Got it. We have about a minute left. I want to wrap this all up. I'm a big free cash flow guy. I like good free cash flow stories. You guys have been a great free cash flow story. There's investments that you're making today, investments in go-to-market, there's been investments in terms of stuff like CCPs, I would look at it as an investment. But you guys have a lot of conviction of free cash flow margins exiting this year back at 27% and have room on a go-forward basis. Can you help us kind of construct that almost mechanical argument of why free cash flow margins are going to improve into the back half of the year? What gives you confidence in that forecast?

Sure. Well, I mean, obviously, when you look at coming out of the incident, we had things that are going to hit in Q1 and Q2. You've got expenses like commissions, right? You've got some deferred payments, which we called out in our last earnings report. That's all going to hit in Q1. You've got sort of consultants and kind of legal fees. That's all a drain in the early part of the year, right? That stuff begins to burn off. And then obviously, you got the reacceleration of ARR and the investments that we're making, obviously, on the sales side, you're going to have ramp reps, et cetera. So some investments early on that begin to pay off in the back half of the year. And that's what gives us conviction to get back to the 27%. And then even Burt, which he normally doesn't do, but he wanted to make sure that he was very clear, getting back to the 30% for the following year, right? So we got to deal with the near term here. But I can tell you, Burt and I are maniacally focused on cash flow, and we look at ARR and cash flow. That's kind of our gauge. So that's why we have confidence in the back half of the year and the 27% exit rate.

Outstanding. Really exciting times at CrowdStrike. Continues to be a really dynamic story. Thank you so much for coming and joining and talking to us about it.

Great. Thank you. Have a great conference.