Crowdstrike and the $250 Billion Opportunity in Cybersecurity - The Compound and Friends

Summary6 min read

Podcast Summary: "Crowdstrike and the $250 Billion Opportunity in Cybersecurity"

Podcast Information:

Title: The Compound and Friends
Host: The Compound (Downtown Josh Brown, Michael Batnick, and rotating guests)
Episode Date: April 10, 2025
Guest: George Kurtz, President, CEO, and Co-founder of CrowdStrike

1. Introduction and Background

The episode kicks off with Josh Brown introducing George Kurtz, highlighting his extensive experience in the cybersecurity sector. George, known for founding CrowdStrike in 2011, previously held significant roles at McAfee, including Worldwide Chief Technology Officer and EVP of Enterprise.

Notable Quote:

Josh [00:10]: "George has more than 30 years of experience in the security space."

2. Cybersecurity as a Defensive Investment

Josh initiates the discussion by framing cybersecurity as a defensive investment, noting its resilient performance amidst market volatility. He observes that CrowdStrike's stock behaves defensively compared to other tech sectors.

Key Points:

Cybersecurity is likened to essential utilities like air and water.
Increasing threats and regulatory measures bolster the industry's necessity.
Geopolitical tensions amplify the demand for robust cybersecurity solutions.

Notable Quotes:

George [02:00]: "Cybersecurity... you have to have it, every company has to have it."
Josh [02:50]: "Your stock is probably the most bulletproof."

3. CrowdStrike's Market Position and Strategy

George elaborates on CrowdStrike's position as a leading SaaS-based, enterprise B2B cybersecurity provider. He emphasizes the company's clean business model, focusing solely on recurring revenue without hardware dependencies or legacy technology burdens.

Key Points:

CrowdStrike simplifies enterprise security by reducing vendor complexity.
The company's cloud-native approach avoids the pitfalls of tech debt associated with legacy systems.
Their unified platform and single-agent architecture offer seamless integration for customers.

Notable Quotes:

George [05:14]: "We are one of the largest pure play security providers."
Josh [05:37]: "What they call tech debt."

4. Total Addressable Market (TAM)

Josh references a recent Stevens research report estimating the cybersecurity TAM at $116 billion, projecting growth to $250 billion by 2030. He inquires about CrowdStrike's internal projections.

Key Points:

CrowdStrike aligns with Stevens' TAM estimates.
Current Annual Recurring Revenue (ARR) stands at over $4 billion, with a strategic path to $10 billion.
Significant room for market penetration exists, signaling ample growth opportunities.

Notable Quotes:

George [09:09]: "We're directionally correct... going to 250 billion plus."
Josh [09:48]: "Grow your own share within the market."

5. Consolidation and Acquisitions in Cybersecurity

The conversation shifts to industry consolidation trends. Josh cites an analyst's view favoring integrated platforms over best-of-breed solutions, enhancing CrowdStrike's strategic advantage.

Key Points:

Enterprise customers prefer fewer, more strategic platform providers.
CrowdStrike benefits from this trend by offering comprehensive solutions that reduce vendor sprawl.
The company selectively acquires technology and talent to enhance its platform without complicating its go-to-market strategy.

Notable Quotes:

George [06:32]: "We spend the time and effort to integrate it."
Josh [11:08]: "More integrated, larger platform preference."

6. Rule of 40 and Financial Performance

Josh highlights CrowdStrike's adherence to the Rule of 40, balancing growth and profitability—a key metric for investors.

Key Points:

CrowdStrike consistently exceeds the Rule of 40 benchmark.
Focus on both ARR growth and free cash flow.
The company's financial discipline underscores its sustainable growth trajectory.

Notable Quotes:

George [12:56]: "We've always been above 40%."
Josh [13:22]: "Grow the ARR by 40% annually."

7. Industry Diversification and AI Opportunities

George discusses the broad diversification of CrowdStrike's customer base across various industries. He points out the burgeoning need for cybersecurity in the AI sector, collaborating with major players like Nvidia.

Key Points:

Diverse clientele spans financial services, technology, manufacturing, and more.
The rise of AI workloads exponentially increases the demand for advanced security solutions.
CrowdStrike is positioned to capitalize on the AI-driven expansion of cloud infrastructures.

Notable Quotes:

George [15:29]: "Every AI workload is gonna have to be protected."
Josh [16:14]: "We're gonna need a bigger boat."

8. Adversarial AI and Falcon Platform Evolution

The discussion delves into the implications of adversarial AI, with George explaining how it democratizes cyber threats. He introduces CrowdStrike's Falcon platform enhancements, including Charlotte AI, to counteract these evolving threats.

Key Points:

Adversarial AI lowers the barrier for malicious actors, increasing the volume and speed of cyberattacks.
CrowdStrike's Falcon platform employs agentic AI to automate threat detection and response.
Charlotte AI significantly reduces the workload on security operations centers (SOCs), enhancing efficiency.

Notable Quotes:

George [20:32]: "Superpowering the players in the middle."
Josh [22:44]: "A security GPT almost you can think about."

9. Recent Acquisitions and Competitive Landscape

Josh brings up Alphabet's $32 billion acquisition of Wiz, a major event in the cybersecurity space. George views this as market validation and discusses CrowdStrike's own acquisition strategy.

Key Points:

Large-scale acquisitions signal the strategic importance of cloud security.
CrowdStrike remains focused on acquiring technology and talent that enhance its platform without overcomplicating its offerings.
The acquisition landscape presents opportunities for CrowdStrike to integrate innovative technologies seamlessly.

Notable Quotes:

George [24:03]: "Validation in the market."
Josh [23:58]: "It validates how important this category is becoming."

10. Return of Alex Ionescu

George announces the return of Alex Ionescu as Chief Technology Innovation Officer, underscoring CrowdStrike's commitment to innovation and future-ready technologies.

Key Points:

Alex Ionescu, a renowned expert in Windows internals, brings invaluable expertise back to CrowdStrike.
His role focuses on Horizon 2 and Horizon 3 projects, driving next-generation cybersecurity architectures.
Collaboration with partners like Microsoft is emphasized to advance technological innovations.

Notable Quotes:

George [25:44]: "He is looking at Horizon 2 and Horizon 3."
Josh [25:43]: "American Federation of the Defenders?"

11. Business Environment and Global Operations

Addressing the broader business climate, George discusses the impact of global economic conditions on cybersecurity investments. Despite potential retrenchments, the perpetual need for security remains a cornerstone for businesses.

Key Points:

North America constitutes approximately 68% of CrowdStrike's revenue, with growing international markets.
Geopolitical tensions drive heightened security needs, maintaining demand even in uncertain economic times.
CrowdStrike's Falcon Flex licensing model offers flexibility and cost savings, reinforcing customer commitment.

Notable Quotes:

George [27:22]: "They're still gonna need security."
Josh [28:24]: "The Falcon Flex is like a way that they can access the Falcon platform."

12. Falcon Flex Licensing

George elaborates on the Falcon Flex licensing model, which allows customers to commit to a spending range over several years in exchange for broader access and discounts across CrowdStrike's product portfolio.

Key Points:

Falcon Flex simplifies the procurement process by reducing the need for multiple RFPs.
Encourages customer loyalty and increases adoption of multiple CrowdStrike modules.
Significant uptake, with over $2.2 billion in Falcon Flex licensing since its inception in early 2024.

Notable Quotes:

George [28:31]: "It's an easier yes."
Josh [29:30]: "Less RFPs, less Bake Offs."

13. Conclusion and Follow-Up Information

The episode wraps up with George providing resources for listeners to stay updated on CrowdStrike's advancements, primarily directing them to CrowdStrike.com and their YouTube channel for case studies and expert insights.

Key Points:

Emphasis on customer success stories and real-world applications of CrowdStrike's technology.
Encouragement to engage with CrowdStrike's online resources for deeper understanding.

Notable Quotes:

George [30:18]: "CrowdStrike.com is the best spot."
Josh [31:07]: "We'll have a Ritholtz wealth management case study."

Conclusion:

This episode offers a comprehensive exploration of CrowdStrike's strategic positioning within the booming cybersecurity sector. George Kurtz articulates the company's robust growth prospects, driven by a vast and expanding TAM, strategic acquisitions, and innovative AI-driven solutions. The discussion underscores cybersecurity's essential role in modern business infrastructure, highlighting CrowdStrike's commitment to delivering scalable, integrated, and efficient security solutions. For investors and tech enthusiasts alike, the insights provided affirm CrowdStrike's pivotal role in shaping the future of cybersecurity.

Loading summary

Transcript112 lines

[00:00]
George Kurtz
Foreign.
[00:11]
Josh
Hey, everyone, it's Josh. I am here with a very special guest. I'm so excited to be chatting with George Kurtz. George is the president, CEO and co founder of CrowdStrike. This is a leading provider of next generation endpoint protection, threat intelligence and services, what most of us call cybersecurity. George has more than 30 years of experience in the security space. His Prior roles at McAfee include worldwide chief technology officer and GM, as well as EVP of enterprise. Most people know you as the CrowdStrike founder and you have been there since you founded the firm in 2011.
[00:47]
George Kurtz
Yep.
[00:47]
Josh
Okay. That's a lot of titles. So I know you're one of the busiest people I know. So I really appreciate you coming in, doing the show with us and I know our audience is thrilled to hear from you.
[00:59]
George Kurtz
It's great to be here. Great to finally be here in person.
[01:01]
Josh
Yes.
[01:02]
George Kurtz
And New York is a big market for us. Got a lot of customers. So I'm out meeting customers and slipping in a meeting with you.
[01:08]
Josh
We appreciate that. I want to start with the cybersecurity, let's call it the invest, from my perspective, the investing theme, but from your perspective, the cybersecurity industry just as like a level set. I think this has been a really good year for. I know it has for CrowdStrike and for many cybersecurity companies. And of course, that's been the case for the last few years. Recently we've had stock market volatility, but one of the things that I've noticed is that your stock sort of trades defensively relative to other technology companies, relative to other software companies. Is that the way that you guys within the industry think of cybersecurity as almost like a must have, not a nice to have, and more like a defensive sector relative to some of the more growthy sectors that are now getting hit in the stock market.
[02:00]
George Kurtz
Well, when you look at cybersecurity, I think it's like air and water in the hierarchy of needs. You have to have it, every company has to have it.
[02:07]
Josh
It's like a staple of the technology sector.
[02:09]
George Kurtz
It's a must have. Right. And obviously the threats continue to go up, the regulation around security continues to go up, and whenever you have these geopolitical tensions and sort of heightened geopolitical issues in periods of time, you see more attacks. Right. So when we think about cybersecurity, let's go through, we're SaaS, we're Enterprise B2B, we're in security, and we've got incredible moats and we're not subject to tariffs. Right. Obviously we've got to deal with companies that are, but you know, we're not. So I think when people look at that and they look at our growth profile, what we're able to do, they look at the total addressable market. I mean, it checks a lot of boxes for investors.
[02:50]
Josh
Right. When you hear Wall street analysts talk about this sector lately, one of the big themes that continues to come up is that of all of the SaaS plays that are somewhat susceptible to the economy, yours is probably the most bulletproof. And I just think that it's a reflection of the reality. When a board of directors gets together, even if they're thinking about cost cutting, even if they're thinking about taking down the IT budget, your line item is probably one of the last to even be considered. That probably makes it easy for you in an environment like this. Or is it not quite so, quite so simple?
[03:29]
George Kurtz
It's never that easy selling enterprise software. Right. But at the end of the day, you have to look at what are boards talking about. The one or two number one or two risks of a board is really security, right? So that's almost every board. So when we think about their risk, obviously there's reputation risk, there's legal risks, there's lots of risks associated with having an issue or breach. That's not an area that they're going to cut. In fact, I think it plays into our hands because boards of directors will say, hey, how do we consolidate? How do we save money in other areas? Can we do more with vendors like CrowdStrike? Because we can help save them money, consolidate vendors and give them a better outcome. So that sort of cost cutting plays into our hand. But they still going to need cybersecurity, Right?
[04:15]
Josh
This is what the analysts at Wedbush Morgan who cover technology or Wedbush, this is what they're saying. Cybersecurity names such as Palo Alto, Zscaler, CrowdStrike, Check Point and CyberArk will be defensive names where investors can rotate from semis to software to hunker down during this Category 5 storm, and likely outperform other subsets of tech. So I think that mentality has sank in. And I think another thing that's unique about CrowdStrike is that by now everyone realizes that you are one of the largest, if not the largest, not only provider in a lot of these areas of cybersecurity, but you're a platform that covers pretty much the entire enterprise. I was reading in an analyst deck the other day that the typical enterprise has 75 different vendors for different security needs. I would imagine that's one of the biggest opportunities for you guys right now.
[05:15]
George Kurtz
Absolutely. So when you look at CrowdStrike as, you know, if not the largest, one of the largest, I think we probably are the largest. Right. Pure play security providers. Right, Right. We don't have hardware, which is the beauty of our model. We've always had a SaaS offering. Right. And recurring revenue. We didn't have any mixed models that we had to explain the Wall street. As we transitioned, we didn't have any of that. So it's a very clean business.
[05:38]
Josh
What they call tech debt.
[05:40]
George Kurtz
Tech debt. Right. So you have a lot of companies that have come to market, either they were public, then they went private, then they come back and they have to retool because they started as legacy technology or on prem. We started in the cloud, born in the Cloud as a SaaS offering and are deliver mechanism, software delivery SaaS. But also you have to match that up with the revenue model, which is recurring revenue. Right. We don't have term licenses and things of that nature. So this is really important. That's why it's such a clean model and a great story for Wall street, because they understand how hard it is to get to where we are. That being said, with 75 different vendors out there, we don't walk into a customer. I have a bunch of meetings this week here in New York. No one says, hey, we want to have more vendors and we want to have more agents and we want to have more complexity. It's like, save us money, give us a better outcome, and get rid of a bunch of stuff that we don't need, which fits squarely into what CrowdStrike is all about.
[06:33]
Josh
With our Falcon Platform, Yeah, I think people are looking to simplify in general, and if they find a vendor that can cover them across the board, it's obviously going to be more appealing decision. Not just because nobody wants more line items and more vendors, but because all of this stuff has to work together. And stitching things together that don't necessarily talk well with each other is probably a recipe to introduce potential problems.
[06:59]
George Kurtz
Correct. And we've seen a lot of our competitors buy things, try to stitch them together, and it doesn't always work. It looks easier on a PowerPoint. I always say, I've never seen a PowerPoint that was wrong. It all looks good. But to make it work, it's really hard. And I think one of the areas that we've done a really good job, we've done Some really nice acquisitions. Adaptive Shield is one of our latest cloud acquisitions and it's been on fire because it's so easy to use and it gives a view of all your SaaS, applications and experiences, exposures and identities. But when you look at our philosophy, it's always been if we're buying tech and talent, which is typically what we like to buy, we don't like to buy a whole bunch of go to market. Not saying we won't, but we spend the time and effort to integrate it. So we've got one clean platform, a single agent, single data architecture, and we make it seamless for our customers and that's a big part of our success.
[07:46]
Josh
So when you make an acquisition, it's not necessarily because of who the customers of that company are and you just want to take over those relationships. A lot of the times it's because there's an underlying technology that you can build out internally and add to correct. And of course the engineers that come.
[08:03]
George Kurtz
Along with it, hopefully team and tech and that's what we like. We like to get them at a certain phase where there's a go to market or there's a product market fit and you've got the right team and then we've got such a sales machine and the way the platform works with our cross sell and our net retention rates, we just put it into the machine and it takes off. And that's been, you know, big part of our success.
[08:24]
Josh
So I wanna show you a slide from a recent research report from Stevens. They initiated coverage on the sector or updated their price targets. Of course they've got a highly favorable viewpoint on CrowdStrike, but this is something that they wrote about the cybersecurity industry at large. And of course the most striking thing here is they estimate is currently a $116 billion TAM or total addressable market in cybersecurity. They see that growing at a 21% CAGR over the next five years and hitting 250 billion by the end of this decade. I don't know what your internal projections are about your own total addressable market, but does that strike you as about right or maybe underestimating or.
[09:09]
George Kurtz
That's about right. If you look at our investor deck, it looks like that because we're directionally correct in terms of the current TAM that we participate in today and then where it's going, 200, you know, 50 billion plus. Absolutely. And I think the key part of what we look at is, you know, we're a little over 4 billion of annual recurring Revenue. So you can do the math on this. Right? We still are. There's a lot more to go in terms of penetration. And what we've talked about time and time again is our path to 10 billion. Right. So if you look at our overall market penetration, where we are today at 4, getting the 10, you know, we.
[09:44]
Josh
See a path to that 4 billion ARR right now.
[09:48]
George Kurtz
Yeah, okay, 4.2 billion ARR getting to 10. Right. Over the next couple of years. So more than a couple of years. Right. We've laid it out in our deck. But what's important to realize is when you look at the TAM and the opportunity and you look at our market share, this huge market out there, and we have a very small piece of it. So that's the way we look at it. It's really.
[10:10]
Josh
Right. So not only is the market growing, but you can also grow your own share within the market, which is, I think what growth investors are looking for. Like that's the general idea, is that we want share growers with a pie that's growing. Also, I want to quote from the report a little bit further because I think this is important. Stephen says they expect continued ongoing shift to more consolidated platforms, which speaks to what we were saying before. Over the course of history in cybersecurity, the pendulum has swung back and forth between best of breed solutions and integrated platforms. We believe the current trend is that enterprise customers are looking to consolidate around a smaller number of strategic platform providers. So does that mean that you guys will get more pitches from startups and younger companies, you'll hear more ideas to acquire because there is this new preference or growing preference for a more integrated, larger platform. Does that also play into your favor?
[11:08]
George Kurtz
It does play in our favor when we think about the markets today. And look, I think everyone would love the IPO markets to open up as investors. Right.
[11:16]
Josh
But probably not this year.
[11:17]
George Kurtz
Not this year. Right. And it's going to be choppy. And you have a lot of companies that have taken a lot of money, they've taken a lot of secondaries and they have high valuations and the investors want out. And the investors want out. So they're stuck in a little bit of no man's land because at the value, either they're going to have to take less on the valuations or they're going to have to get it public. And you know, getting it public is not going to be so easy. So we look at it as a great opportunity in the market for us. There's lots of great tech and teams that are out there, some smaller, some bigger. We look at companies every week. We've been. Been very, I think, disciplined in our buying, very focused on good deals and good teams, and we've made it all work. And you can see, you know, with some of our acquisitions, like in NextGen Sim, that was an acquisition that we did four years ago. It's incredible business for us growing at 115%, and those are the kind of things that we like. So we're going to see more and more of those. And I think the investors are going to. As the public markets realign a little bit in terms of their expectations, there's always a lag, but you're going to see that flow into the private markets and there's going to be, I think, some pretty good deals for us.
[12:24]
Josh
I wanted to run this quote by you that's about you guys in particular. We believe that CrowdStrike provides investors a rare combination of growth at scale and strong profitability, as reflected in its consistent rule of 40 plus performance. Talk about that rule of 40. And just the idea of being able to deliver what you've delivered for investors so far in your history as a public company and how important you think that is to the investor class that you continue to do that.
[12:56]
George Kurtz
I think it's incredibly important. So myself and our cfo, we focus on ARR growth, which is incredibly important, and we also focus on free cash flow. So when you look at a rule of 40, you're looking at your growth rates and your free cash flow rates as well. And you know, we've always been above 40%. Right. So that gives you an idea.
[13:18]
Josh
And grow the ARR by 40% annually. Grow the cash flow.
[13:23]
George Kurtz
Well, we're growing both. I mean, this is the idea. Right. But you have to add, I mean, the rule of 40 is adding the free cash flow and the growth together. Right. So you may have 20% growth or 25% growth, and then you got your cash flow and, you know, add them together. Right.
[13:36]
Josh
You've been able to stay in that quadrant above 40. Yeah. For a really long time.
[13:41]
George Kurtz
Yeah, exactly. I'm just saying we look at it on a free cash flow basis. So when you look at it that way, you've got incredible growth at scale. I mean, we're a $4 billion company. The type of growth that we've seen, that just doesn't happen by accident. And when you add the cash flow, we're over a billion dollars of cash flow last fiscal year.
[13:59]
Josh
Right.
[13:59]
George Kurtz
It's incredible. So that's our mantra and what we talk about and when we get and we talk to investors, it's AR growth, it's gross margin growth, and it's free cash flow.
[14:10]
Josh
Is there an industry that is particularly coming up on the radar as an area where they're adding a lot of spend on security, or is it really just like this across the board, very well diversified base of customers from all different verticals? Like, what do you, what would you say is the current state of things right now?
[14:30]
George Kurtz
In general? I would say it continues to be well diversified and each company, and it's more sort of industry in size, they have different needs, even smaller companies, we've done really well in the S and B, but if you look across the board, who are the big drivers of buying security? Well, certainly financial services technology companies, the folks who have lots to lose, lots of money, they buy a lot of this stuff. When you get into manufacturing, you have smaller margins and they buy a little bit less. But you gotta work within their budgets. But I think at the end of the day, what we've seen too is in the AI world, every AI workload is gonna have to be protected. So if you believe in the proliferation of AI workloads, you're gonna have to have security attached to it. This is one of the reasons why we work very closely with Nvidia and, you know, being able to help protect those pods and workloads. As more and more of those get spun up in the public cloud as well as in private clouds, you're gonna need security there.
[15:29]
Josh
Yeah. I wanna ask you more about AI. So we could do it right now. Obviously this is shaping up to be the technology megatrend of the decade. Obviously there's been a ton of capex and a lot of money spent on data centers and additional cloud infrastructure and now electricity to be able to fuel all of that activity. How big of an opportunity does that create for CrowdStrike? Above and beyond what the opportunity set already was. When this AI thing started and you saw the emergence of all of the LLMs, and then you started seeing CapEx numbers out of companies like Microsoft and Alphabet, did you say to yourself, oh my God, we're gonna need a bigger boat?
[16:15]
George Kurtz
Absolutely. When we think about the transition from on prem into cloud, we actually put it in one of our investor decks a couple of years ago. We can get it to you. But it was a 1 to 10. So for every server that was moved from on prem into the cloud, it was like 10 cloud workloads.
[16:34]
Josh
Okay.
[16:34]
George Kurtz
Okay. So just to give you an idea, we think that's going to be even bigger from an AI perspective. Okay, so you have this exponential increase of workloads now because of AI, and they're all going to need protection. And we're in the sweet spot of cloud workload protection, among other things that we have. And that's why, again, we're working with all the largest cloud providers. We're working with AI vendors, the hardware vendors, because we're only in the early innings. You cover it all the time. I think we're just getting the bat out and taking the donut off the thing. That's how early we are. So as that emerges, you're going to need security. And one of the things that I always talk about, Josh, is that security parallels the slope of the technology curve. So I got into this business in the early 90s and it was website, barely a firewall, it was like routers. And then obviously the curve has gone all the way up to the right. So through that whole period of time, security and security companies, that's why not one security company could do it all has to meet the needs of the technology as it grows. So if you believe that technology is going to keep going up to the right exponentially, then security is going to be right along with it.
[17:43]
Josh
It has to.
[17:44]
George Kurtz
It has to. So as long as you believe in technology advancements, then security is a great space to be in.
[17:50]
Josh
The bad guys have AI too. What does that mean for Falcon, your flagship platform, and what does that mean for the way that you guys think about building the roadmap going forward?
[18:03]
George Kurtz
Well, when we think about adversarial AI and its impact, there's two main pieces to that. Number one, and let me just kind of draw out the way we look at the adversary. So if you imagine a pyramid, at the apex of the pyramid you have nation state adversaries. So that's the most technologically advanced. They've got an army of people and they've got time and money. Government funded. Right in the middle of the pyramid, you then have E crime. So you've got a lot of folks that can make a lot of money, but they're not quite as smart as nation state. And at the bottom you have hacktivism, all the geopolitical issues that you see that are out there. So what AI adversarial AI is doing is it's democratizing destruction. You're taking the very smart things that the top of the pyramid can do, and now you're bringing it to the masses. There's a lot of things you can do with ChatGPT that you probably couldn't do on your own. Right, Just. It whips it up for you.
[18:53]
Josh
You're superpowering the players in the middle so that they can act more like the players at the top now.
[18:57]
George Kurtz
Exactly. You're superpowering, but you're multiplying them.
[19:01]
Josh
Oh, you're creating more opportunities and more people. That and more access to.
[19:05]
George Kurtz
Exactly. Because it's so easy to do. Right. So that sort of multiplication is a big area. The other area is time. Security is really a time based event. How much time do you have? Like how do you identify and prevent these things? Right. And there's only. You can chart it out over a period of time. And what we found in our global threat report, which is off our website on CrowdStrike.com is that the breakout time, meaning if I fish you and you give me your credentials and I get on your computer on average last year, last year it was 62 minutes for me to.
[19:38]
Josh
So the bad guy only needs 62 minutes to extract what they wanted to extract from whatever they broke into?
[19:43]
George Kurtz
No, extracting is very quick. It's 62 minutes to move from your computer to really what they want, which is central. The central databases and, you know, servers and infrastructure.
[19:53]
Josh
Oh, I see.
[19:54]
George Kurtz
Okay. Right. So the entry point is normally not where they want to go. They want to go to the internal pieces of the network. Now it's down to 43.
[20:01]
Josh
Entry point is like the entry point is like the chink in the armor that gets them into the metal suit.
[20:07]
George Kurtz
Correct.
[20:07]
Josh
And then once they're inside of there, the main goal is obviously the treasure trove.
[20:11]
George Kurtz
The crown jewels. The crown jewels, right. So it went from 62 minutes to 48 minutes. But what we saw is last year the fastest time was 51 seconds, meaning someone got onto a computer and in 51 seconds they pivoted from the computer that they first had entry to to another system. 51 seconds. So this gets back to my point.
[20:31]
Josh
That's AI.
[20:33]
George Kurtz
Yeah, I mean, you have automation and AI, right, exactly. It's all automated, it's all AI. And you know, that's where it gets scary. It's really compressing the window that the defenders have to protect themselves. Which is why, you know, when I started the company, we're AI native company, it was called machine learning. Back then, AI Gen AI wasn't out, but that's what we started. We were using data and we were using algorithms from the beginning, 2011, 2012, to identify and prevent things that have never been seen before without signatures. So we're well versed in this and I think things like Charlotte AI, which is our agentic AI, is a game changer for customers because guess what, we're now growing more security people. Just like the bad guys are growing more bad actors, we're growing more good security folks and we're upskilling them.
[21:19]
Josh
So let's talk about Charlotte. Charlotte AI is like a ride along for security professionals whose businesses are using CrowdStrike as their endpoint security solution. And Charlotte is able to do what as agentic AI? Is it proactively talking to them and telling them when they need to pay attention to something? Is it solving problems before they even find out about it? What's the big idea there?
[21:42]
George Kurtz
Yeah, so when you look at agentic AI, there's a few components. One is you have to basically tell it what's important and what you want it to do. Right? Then it has to have decision making and reasoning, then it has to have a workflow and then it has to learn from that and it has to self learn and get better. We do all of that. And the key piece is that when you look at a, what's called a security operations center, that's like the heart of a big company that, you know, you have lots of security folks that are looking at threats and dealing with it. We can do that automatically. We can take that level one sort of analyst that's looking through lots of data. We can do all that automatically. So we can take, you know, something that would take 40 hours and do it in a couple of minutes. Right. And we're routine, routinely returning hours back to our customers. On average, 40 hours that we're seeing per SOC, you know, per week that we can return back just with our AI technology. But it will do things automatically. Biggest thing is it can sift through all that data automatically and then an analyst can ask questions. What does it really mean? What are the threat actors?
[22:41]
Josh
Like a security GPT almost you can think about.
[22:44]
George Kurtz
Exactly. It's the best way to put it with automation. This is the key part. It's not just a chatbot now. We drive automation in where Charlotte could actually and automatically take action on your behalf. So you could be sleeping and Charlotte can be taking action and protecting your companies.
[23:00]
Josh
I want to ask you about recent acquisition in this space. It's been a while since we've seen a big technology acquisition. I think there's been a political change and maybe a change in the way of thinking at the fda, ftc and so large companies are willing to take risks with Announcing big deals again. And Google wasted no time. They announced an acquisition of a company called Wiz, which is privately held, but they managed to sell themselves to Alphabet for 32 billion. So really big number. I think it's Alphabet's biggest acquisition ever.
[23:34]
George Kurtz
Yeah.
[23:34]
Josh
And probably one of the largest software acquisitions.
[23:37]
George Kurtz
Largest venture backed acquisition.
[23:39]
Josh
And these are Israelis.
[23:40]
George Kurtz
Yeah.
[23:41]
Josh
Okay. Israeli. Former military.
[23:43]
George Kurtz
Yes.
[23:43]
Josh
Okay.
[23:43]
George Kurtz
Yeah.
[23:44]
Josh
When you saw that deal, what did you say to yourself in terms of like how much this validates, how important this category is becoming? What is the. How does the competitive landscape shift?
[23:58]
George Kurtz
Yeah.
[23:58]
Josh
When you see a player like Alphabet go that big in security or has this already been happening?
[24:03]
George Kurtz
Anyway, I think it's validation in the market. I know the players, I know, I know the people there, you know, I'm happy for them. And timing, I think was great. That was a little bit before everything started to move around in the markets.
[24:15]
Josh
Yes.
[24:16]
George Kurtz
And it is validation. I think that the acquisition before that, that was the biggest was WhatsApp. So you're talking about a huge acquisition, but really what it does is it validates how important cloud security is and it validates how strategic it is for someone like Google. We actually work very closely with Google, so our hope is to continue to work closely with them. And they've got some technology, we've got some. But at the end of the day we're all focused on customer outcomes. So I think it's going to be a good acquisition for them, but it does validate the market. And I think if you looked at our 600 million plus in ARR, we're one or two largest cloud security providers because we go well beyond Endpoint. If you apply to 64x multiple of that, what is that?
[25:00]
Josh
Right. If you were trading at the same multiple that Wiz was acquired.
[25:04]
George Kurtz
Just. Just our cloud business.
[25:05]
Josh
Just the cloud business alone.
[25:06]
George Kurtz
Yeah.
[25:06]
Josh
Right. Obviously it would be significant.
[25:10]
George Kurtz
Exactly. So for me, I think it's. I look at it and go, this is fantastic. Validation and you know, really puts security on the map. If security is the largest privately backed venture deal of all time. Tells you how important it is.
[25:23]
Josh
I agree. I wanted to ask you about some. Sounds like really great news, you guys. Welcome back. An old colleague, Alex Ionescu. Am I pronouncing it right?
[25:32]
George Kurtz
Yeah, Ionescu. Alright.
[25:33]
Josh
Alex Ionescu was the company's founding chief architect and he was the former vice president of endpoint engineering at CrowdStrike. I guess this is a week or so ago.
[25:43]
George Kurtz
Yep.
[25:44]
Josh
You guys announced that he is returning and he will be what in the organization.
[25:51]
George Kurtz
So he's our chief Technology Innovation officer. So he is looking at a variety of things but a lot of it we would call Horizon 2 and 3. So you have Horizon 1 products today and tomorrow, Horizon 2 and Horizon 3. And a big part of that will be as well working with Microsoft as we think about the next gen architectures of what Microsoft is doing and what we're doing and a collaboration there. So he's an amazing. He's one of the foremost experts, wrote the definitive book on Windows internals and the kernel itself and he went off and did some government service for, for Canada and he's back now. We're excited to have him back and you know, we've always been a company focused on innovation and you know, he was one of our early, early guys and just an amazing human and I think great addition back to the team.
[26:41]
Josh
Very cool. I want to ask about. I know you can't speak specifically about earnings or revenue or any projections, but you guys will be reporting this quarter along with every other technology company. You're also a global business, although I know the majority of the revenue is coming from the United States. You're still doing business around the world. You must have a point of view about what's been happening over the last couple of weeks and what that might mean as technology companies are affected by it. And maybe in some cases the effect will be small, maybe larger in other cases. But just if you could generally speak to the business environment out there, given your central role in a lot of really critical things.
[27:22]
George Kurtz
Yeah, sure. So just by revenue we're 67%, 68% North America, what we would call it, and then you have the rest of the world and that is a growing business for us. So I think one of the areas obviously you have to pay attention to is what's the impact to customers, what does it mean to them? How do they retrench their business? I think there's a lot of companies just trying to figure out what they do and how they deal with their supply chain. So I think all that be unfolding. But at the end of the day, as we started the conversation, they're still gonna need security, right? And it's still gonna be important and I think it might even be more important because when geopolitical tensions go up, the nation state actors get even more active. So we'll continue to work with them. I think we've been very good in showing them real tangible roi. And in one of the areas is our Falcon Flex licensing, which really has helped our customers basically commit more to US but also save more. The more they commit, the bigger the discounts and then it opens up the entire product portfolio. So as they sort of figure out what they're.
[28:25]
Josh
The Falcon Flex is like a way that they can access the Falcon platform.
[28:29]
George Kurtz
All the modules.
[28:30]
Josh
All the modules. Okay.
[28:31]
George Kurtz
Yeah. So it looks like a hyperscaler license. And it's something that came out of our customers where they said, hey, George, you started the company with one module, you got 29 today. We want to do more with you. Like, we got to keep buying stuff and go through procurement, make it easier for us. So we literally sat down with some of our biggest customers and they said, we want to commit a certain amount over a three to five year period. We want to then open up the entire product portfolio. We'll pay for what we use. Right. But the more we commit, the more discounts we get and we don't have to go through another procurement cycle. And it's been a game changer. We started this early 2024 and today we're over 2.2 billion in Falcon Flex licensing. That means when a customer has to make a decision, do I go to procurement, do I do a tender, do I do this, do they, I do that? Or do they just go. CrowdStrike has that module, let's activate it and burn down the lifestyle.
[29:24]
Josh
So less RFPs, less Bake Offs. Companies can just say like, we're in the door with these guys, they have what we need.
[29:30]
George Kurtz
Exactly.
[29:31]
Josh
Let's utilize it directly from there. It's an easier yes from everyone involved.
[29:37]
George Kurtz
It's an easier yes. And the only people that like going through procurement are the procurement people. So we had our customer advisory board last week that I was at. I was goto and figure out what's going on and get the feedback. And we had a customer basically tell us like, hey, we were looking at, you know, in this space, what you had in this module. And he basically was a cio, basically shut down, like going out to RFP because he's like, we already have the funds and you already have a great module, like, what are we doing? And it was a quick sale.
[30:05]
Josh
That's terrific. Well, George, I want to say thank you again for joining us and answering my questions. I know I don't live in the inside the cybersecurity world the way that you do, so you're pretty good at it.
[30:18]
George Kurtz
Pretty good at it.
[30:18]
Josh
This is all super helpful to me as a shareholder and also someone who's investing broadly in tech. So thank you so much for joining us. Where can people go to continue to follow along as CrowdStrike builds? I know the website has a lot of content there. It's CrowdStrike.com CrowdStrike.com.
[30:34]
George Kurtz
Okay, that's the best spot. And then from there, you know, we've got obviously on YouTube, we've got lots of videos that are out there. You can actually see the technology and hear from some of our experts. And more importantly, you can hear from our customers. That's the thing when you're an investor, in my opinion, you need to hear from the customers.
[30:52]
Josh
You have case studies up there, case.
[30:53]
George Kurtz
Studies, what we did, how we did it and brand names. I mean, these are not like folks you never heard of. These are the biggest brands in the world. So that's.
[31:03]
Josh
Someday we'll have a Ritholtz wealth management case study.
[31:07]
George Kurtz
There you go.
[31:07]
Josh
On the Crowdstrike website. We really appreciate it. Thank you so much. And guys, thank you so much for watching. Thanks for listening. We'll talk to you soon.