Jan 5 2021 - CrowdStrike: Just Getting Started


  • CrowdStrike was a standout performer all throughout 2020.
  • The market has yet to appreciate just how fundamental and large the cybersecurity sector is, with CRWD at the center of it all.
  • The growth story is intact, and we expect CRWD to maintain its momentum and impressive metrics going forward.
  • When the market euphoria inevitably comes to a screeching halt, CrowdStrike will both survive and thrive.
  • Welcome the pullbacks and look to get in, while not losing sight of the long game.

CrowdStrike (CRWD) had a stellar 2020, smashing expectations across the board and finally putting into perspective just how crucial cybersecurity is to the global economy.

The thesis is simple: CRWD has developed a nimble, first-rate platform that is easy to set up, powerful in its efficacy, and is well-equipped to scale due to its cloud-native origins. In reflecting on the companies best positioned to flourish in the next decade, CrowdStrike eclipses the bunch - offering investors both a safe haven and a proper alpha-generating candidate.

Let's waste no time diving in.


If You Always Do What You Always Did, You Will Always Get What You Always Got

We are, as they say, creatures of habit. Behavior is such a powerful force in the human psyche that it can push us to do some pretty extraordinary things - for better or worse - without giving the matter a moment's thought. In the broader social context, it is reminiscent of and serves as an extrapolation of conformity experiments that were pioneered by Solomon Asch in the 1950s. These have taken on different shapes, most famously in videos where people stand at the sound of a tone, until the room is filled with people who merely obey without the slightest notion of why it is that they're standing.

This human characteristic inevitably translates into other domains, and business is no exception. We fall into a rhythm of doing things that eventually becomes cozy and comfortable, so if it ain't broke, why fix it? Well, for starters this could easily translate into complacency or stagnation if we're not careful. Steve Jobs was a revolutionary character particularly because he refused to limit himself to the confines of the status quo. The following quote illustrate just how bizarre he found this line of thinking (bolding is mine):

You know, throughout the years in business I found something, which was I'd always ask why you do things. And the answers you invariably get are 'Oh, that's just the way it's done.' Nobody knows why they do what they do. Nobody thinks about things very deeply in business. That's what I found. I'll give you an example. When we were building our Apple I's in the garage we knew exactly what they cost.

When we got into a factory in the Apple II days, the accounting had this notion of a 'standard cost'-where you'd kind of set a standard cost and at the end of the quarter you'd adjust it with a 'variance.' And I kept asking, 'Well, why do we do this?' And the answer was, "Well, that's just the way it's done." And after about six months of digging into this, what I realized was, the reason you do it is because you don't really have good enough controls to know how much it costs, so you guess. And then you fix your guess at the end of the quarter.

And the reason you don't know how much it costs is because your information systems aren't good enough. But nobody said it that way. And so later on when we designed this automated factory for Macintosh, we were able to get rid of a lot of these antiquated concepts and know exactly what something cost to the second.

So in business, a lot of things are-I call it 'folklore.' They're done because they were done yesterday and the day before. And so what that means is if you're willing to sort of ask a lot of questions and think about things and work really hard, you can learn business pretty fast. It's not the hardest thing in the world.

Well, it so happens that CEO and co-founder of CRWD George Kurtz has asked these questions, learned business, and made his vision a reality. CRWD is founder-led by a seasoned operator who founded CRWD's first iteration in the shape of Foundstone, which was acquired by McAfee (MCFE) and led to Kurtz becoming the company's CTO.

Curiously, it is not until tragedy strikes that we look to reexamine the pillars that underpin our society, wondering if there could have been more to prevent such damage. As long as things are flowing smoothly, however, we simply can't be bothered to care.

Consider the following excerpt from Nassim Taleb's Black Swan, illustrating how we act merely after the fact.

Assume that a legislator with courage, influence, intellect, vision, and perseverance manages to enact a law that goes into universal effect and employment on September 10, 2001; it imposes the continuously locked bulletproof doors in every cockpit (at high costs to the struggling airlines)- just in case terrorists decide to use planes to attack the World Trade Center in New York City. I know this is lunacy, but it is just a thought experiment (I am aware that there may be no such thing as a legislator with intellect, courage, vision, and perseverance; this is the point of the thought experiment). The legislation is not a popular measure among the airline personnel, as it complicates their lives. But it would certainly have prevented 9/11.

Taleb's point is a simple, yet powerful one - we are primitive, short-sighted beings that do not seek to comprehend that which is tangibly out of our reach. If the threat consists of nuclear warheads, we're quick to panic, but if the danger consists of electrons potentially compromising our entire security, we don't so much as flinch.

It is thus anything but surprising that until cybersecurity breaches become publicized that the general public becomes aware of the threat - one that is ever-present, ever-pervasive, and increasingly difficult to combat against.

Let's think about the legacy security paradigm. Companies would purchase on-premise, signature-based antivirus, which in turn would monitor both the inflows and outflows of data into the system. Further, the software cross-references these data points to validate whether the source code contains any known malware threats. In other words, the entire architecture is predicated on a reactionary rather than proactive approach to cyber threats. Moreover, each company is siloed off from one another, hiring their own individual systems administrators manage all IT infrastructure and security systems. This localized approach was crying out for a more decentralized, scalable approach to security - and then CrowdStrike came along.


(Source: CrowdStrike Q3 Earnings Presentation)

CRWD's offering is almost too good to be true. The platform is significantly more adroit, agile, and exhaustive in its protection against all forms of cyberattacks - known or unknown. There are three main pillars: i) a single lightweight agent that is easily deployed, ii) a cloud-native platform that crowdsources all data from its client base, and iii) a proprietary, AI-powered threat graph that as of Q3 captures over 4 trillion (!) high-fidelity signals per week.

It took some time, but people have finally come to grips with the fact that the cloud is a far more secure and beneficial solution. The resistance was driven far more by an aversion to change that is inherent to human behavior, much like everyone believed trains would rip people apart from traveling at devastating speeds of 30 MPH, and countless other examples of historical technophobia. In a fascinating interview, an anonymous Amazon (AMZN) cybersecurity engineer paints the picture of how companies (erroneously) garner a false sense of security from managing their own security, until they're shown exactly how mistaken they really are:

Big companies have traditionally operated their own data centers. Was it hard to make the case to them that they should move to the cloud? They might feel more secure if they're doing everything themselves.

They might, but ultimately the security standards of their data centers are always going to be lower than those of a cloud provider like AWS. A cloud provider has many tenants and they can have economies of scale that let them have more sophisticated security systems than someone fully managing their systems in-house.

Also, if you're a company that's operating your own data center, you're responsible for 100 percent of your security-infrastructure security, transit security, perimeter security, everything. If you move to the cloud, Amazon is responsible for at least some of that.

So when you use AWS, part of what you're paying for is security.

Right; it's part of what we sell. Let's say a prospective customer comes to AWS. They say, "I like pay-as-you-go pricing. Tell me more about that." We say, "Okay, here's how much you can use at peak capacity. Here are the savings we can see in your case."

Then the company says, "How do I know that I'm secure on AWS?" And this is where the heat turns up. This is where we get them. We say, "Well, let's take a look at what you're doing right now and see if we can offer a comparable level of security." So they tell us about the setup of their data centers.

We say, "Oh my! It seems like we have level five security and your data center has level three security. Are you really comfortable staying where you are?" The customer figures, not only am I going to save money by going with AWS, I also just became aware that I'm not nearly as secure as I thought.

Companies who are willing to even entertain the idea that their security might be suboptimal are quickly surprised just how vulnerable they actually are. CRWD offers immediate deployment to ameliorate these deficiencies.

The cloud facilitates data access and thus provides constant protection, ensures continuous learning through incessant data analysis, and is even surprisingly efficient in that a single collection of data can be recycled through the system many times over.

The Business

The core of CrowdStrike's business is the Falcon Platform. What began exclusively as a cloud-native endpoint protection provider evolved to protect workloads and modules that extend beyond endpoint protection such as Identity Protection, Managed Services, and IT Ops, among others. The company's financial profile continues to improve, as illustrated by its latest earnings numbers that show a sustained level of growth coupled with metrics that underlie further scaling of the overall business.


(Source: CrowdStrike Q3 Earnings Presentation)

  1. Lightweight Agent: Traditional antivirus software slows down computers to the extent where users are more than willing to compromise on security in order to boost performance. With CRWD, no such tradeoff is required. The single, lightweight agent lies on the endpoint, offloading intensive tasks to the cloud while remaining nonintrusive and even protecting when devices are offline. A 30-second installation is all companies need to bolster their cybersecurity, and it is this ease coupled with potency that has enabled CRWD to service as many clients as it has with such ease.
  2. Threat Graph: One of the more fascinating aspects of CRWD's inherent network effects is the sheer scale with which its business improves over time. In crowdsourcing all data from its client base, the algorithm because increasingly smarter at rates that are difficult to comprehend. As an aside, the network effects associated with Facebook (FB), for instance, consist in high switching costs for users because the actual social interaction and proliferation of user-generated content is constrained to a singular platform. In CRWD's case, however, the actual product improves as more and more users contribute their data to the network, indexing all sorts of attacks in a business that is uniquely required to stay ahead of the curve out of necessity. In 2019 alone, the company processed and analyzed over 1 trillion high-fidelity signals via both cloud AI models and local AI models. As we mentioned earlier, this number has quadrupled since, and is only improving as more customers join the platform while the data streamed to the platform continues to grow exponentially.
  3. CrowdStrike Store: What do with so much data? For starters, there's plenty of unrealized potential in the "new oil". As a result, the inception of the CrowdStrike store is a clever way of channeling newfound applications in the first cloud-based application platform for endpoint security. More than anything, it appeals to developers looking to experiment and strengthen their security systems piggybacking off of CRWD's data in an environment of trusted third parties. Let's call that a win-win-win.


(Source: CrowdStrike Q3 Earnings Presentation)

As the preceding graph illustrates, CRWD has built up 17 modules that span from cloud security to threat intel. More so than expanding CRWD's reach in the cybersecurity space, this also represents a stickier and more profitable business model overall. This is crucial to understanding CRWD's investment thesis. The first module purchased by a customer covers the customer acquisition cost ("CAC"). In other words, every additional module a client adds to their subscription is pure gravy (or, in duller terms, gross margin) for CRWD. Historically, we can see that the company has demonstrated an ability to cross and upsell its increased amount of offerings as customers trust the results they've garnered from their first products and look to conveniently package all their security needs with a single vendor. At scale, this turns into a money-making machine, given the company incurs in no additional cost for serving more and more customers. Build once, sell as many times as you'd like.


(Source: CrowdStrike Q3 Earnings Presentation)

The inherent nature of cloud architecture enables CRWD to build and deploy new modules at a much more rapid pace than legacy cybersecurity companies.

While the old proverb "tell me who your friends are and I'll tell you who you are" rings true, it is all the more applicable with respect to a company's clients. Beyond the impressive number of subscription subscribers that CRWD has steadily amassed, it is also important to note who these customers are. Among this roster are some of the biggest companies and largest financial institutions on the planet, who no doubt seek to protect their sensitive data at whatever the cost with the best of the best. Such is the trust and brand equity that CRWD has cultivated that their website displays a rich selection of customer testimonials who are willing to put their brand at stake in showcasing just how valuable CRWD has proved to be for their business. These clients range from Goldman Sachs and the State of Wyoming, to Mercedes Benz and Navitas, to name a few.


(Source: CrowdStrike Q3 Earnings Presentation)

The market has been banking on a plethora of SaaS businesses who churn through obscene amounts of capital in the hopes that one day, however far, profits will come rolling through the door. Unfortunately, most will not pan out and the time will come when investors will demand a return or cut their losses. CRWD, on the other hand, has charted an impressive path to profitability, evidenced by its improved operating leverage driven by its subscription model.


(Source: CrowdStrike Q3 Earnings Presentation)

The Opportunity

In a parallel universe where no one has heard of COVID and all is (relatively) well in the world, cybersecurity remains a key component of the world's increasing digitization as cyberthreats have been an ongoing issue from the onset of the internet itself. The pandemic has generated some awareness on just how vulnerable IT systems can be, but it wasn't until the the latest SolarWinds hack that people started to pay real attention, which was described by Kurtz as a "watershed event for security". But it's not the first of its kind. Far from it, in fact, as the last decade alone has produced a series of notable hacks that include notorious companies such as Yahoo, Marriott (MAR), the Republican National Committee, and Equifax (EFX), exposing hundreds of millions of accounts. The following two slides from CRWD's latest earnings presentation illustrate just how little emphasis has been placed on a fundamental pillar of all business who have at least some sort of online presence.



(Source: CrowdStrike Q3 Earnings Presentation)

When asked by Emily Chang on the importance of securing company workloads, George Kurtz succinctly expressed just how non-negotiable this aspect of any business is:

In terms of security in general it's equivalent to shelter. In the hierarchy of needs, you have to have it" - George Kurtz

One of the components Kurtz stressed most in that same interview is the "hand-to-hand combat" and "increased sophistication of the adversary", as hackers are continuously looking for new ways to sneak through. Security companies are thus on the clock 24/7, and whereas another company may survive a shipping blunder, for instance, cybersecurity companies face devastating consequences upon failing to act immaculately. The anonymous Amazonian also offers how the benefits of cheap, offshore labor can quickly become pernicious when the economic cycle fosters cutbacks:

Increasingly, large tech firms use people in developing countries as a disposable white-collar workforce. Smaller shops do too. A lot of startups will have one CTO in the Bay Area, and then they'll have their whole development shop be in Ukraine or Romania or something.

But when funding dries up for startups and companies have to shutter, then all of their digital operation overseas is cut loose. And the people who lose their jobs go into cybercrime. They think, "There's no other options for me. So sure. Let's do it. Lock and load."

Given CRWD's global presence, we can factor in Europe's grave approach to privacy and security, while we don't necessarily agree that the US government will simply sit on its hands as breaches become increasingly damaging. Make no mistake, this prelude plays right into CRWD's strengths as a tailwind - companies simply need to get their act together and CrowdStrike can help in a meaningful way. Let's juxtapose that with a market that has been underestimating CRWD's overall TAM, and one that continues to grow. On the criminal side, Kurtz ventures that e-crime is more than a "trillion dollar business" as a whole, and CRWD is best positioned to mitigate, combat, and wipe out the onslaught of threats. Further, this suggests that CRWD may even be "low-balling" its own estimates of its industry in an effort to curtail expectations.


(Source: CrowdStrike Q3 Earnings Presentation)

To recap: most companies don't spend enough on cybersecurity, CRWD's clients are growing in volume along with modules per customer, and the overall market will continue its expansion regardless of the general economic climate. Let's add to that that CRWD enjoys the highest rate of revenue growth among its peers, has outstanding cash flow margins, and boasts an impressive degree of revenue visibility. Few companies on the globe can say the same for themselves. All in all, CRWD is firing on all cylinders, its fundamentals are fantastic, its product is countercyclical, its easy to use, and clients love the product. Investors can take solace in that CrowdStrike practically ticks every box, and while nothing is assured, we believe the company will reward them many times over in the long term. But hey, don't take our word for it, these numbers fail to deceive.


(Source: Public Comps)

Where do We Go From Here?

2020 was a fantastic year for CRWD, with the stock nearing an almost 300% increase YoY. Over the last eight quarters the company has average a QoQ gain of 92% in revenue increase, climbing all the way from .5M to 2.5M. Further, institutional ownership has skyrocketed even more so than the stock, as the last for quarters saw a 364% increase from 203 funds to over 942.


(Source: Koyfin Charts)

While December headlines extended the stock to expensive valuation levels, the last few weeks have seen it come back down to earth. It's important for investors to welcome these pullbacks, as the company settles into solid base ranges digesting gains without getting too ahead of itself. The company is head and shoulders above its peers, continues to execute, and we expect its soon-to-be-announced FY21 results to be a home run all around. As such, we rate CRWD a buy - especially at these reduced levels from its highs. We'll be looking to increase our position as well.

Sure, there's an implied risk associated with the company missing earnings by even the most diminutive expectations, which would translate into more aggressive pullbacks than the ones we've witnessed of late. However, cybercrime is only increasing and becoming more sophisticated, and CRWD is the best company positioned to lead the charge and stave off the perils.

With that being said, it is even more important to keep the long game in perspective. The music always stops at some point, and it will above all be most painful for companies who have no basis to justify their chart that is up and to the right. We sustain that CRWD is one of the few winners that will emerge from the eventual consolidation.

Final Thoughts

CrowdStrike is the undisputed leader in cybersecurity. It is only recently that companies are beginning to appreciate just how significant of an area this is relative to their overall business. Concurrently, CRWD has been firmly building up a world-class product and platform that conveniently and swiftly welcomes customers finally coming to their senses. The TAM is growing at a CAGR of ~10%, while CRWD further grows and monetizes its user base with the adoption of more modules.

Financially, the company has demonstrated an ability to optimize its operating leverage while improving its free cash flow generation. It shows no signs of slowing down and the flywheel is only just beginning to turn.

While the threat may very well appear invisible, it looms quite large in reality. In line with Taleb's concept, CrowdStrike scours trillions of data points each week in an effort to anticipate the cyber equivalent of 9/11. So far, they've proven more than capable of doing so.

0 0 258
Submit comment
    No comments yet

May 4 2020 - Crowdstrike: Strike Hard, Strike Fast

Mar 22 2021 - CrowdStrike: Cloud Security Of Choice With Widening Moat

Sept 1 2020 - CrowdStrike: Buy For Long-Term Growth

Exploring CrowdStrike's Competitive Advantage

Sept 3 2020 - CrowdStrike - Another Step Closer To Become The Leader

Sept 3 2020 - CRWD Another Step Closer To Become The Leader In Cybersecurity

Mar 23 2020 - CrowdStrike: A New Theme Emerges

Sept 9 2020 - CrowdStrike: Bullish On The Company, Less So On The Stock

Submit media
Enter your nickname



Enter your email address and we will send you an email explaining how to change your password or activate your account.

Back to login form