CrowdStrike Holdings, Inc. (CRWD) CEO George Kurtz presents at BofA Securities 2024 Global Technology Conference (Transcript)
CrowdStrike Holdings, Inc. (NASDAQ:CRWD) BofA Securities 2024 Global Technology Conference June 5, 2024 10:50 AM ET
Company Participants
George Kurtz – CEO
Conference Call Participants
Tal Liani – BofA Securities
Tal Liani
We have a packed, packed day and George did us a favor and reported great results last night. So we have great topics to talk about. So with no further ado, I’d like to welcome George Kurtz, the CEO of CrowdStrike.
George Kurtz
All right. Thank you. I did it just for you.
Tal Liani
I know. It’s my birthday party. My birthday gift yesterday. I forgot to tell everybody that yesterday, we spoke about my birthday, but it’s not just me. It’s Angelina Jolie and me were born the same day. All the beauty came to this in world one day. So it was a joke. George, first of all, thank you for doing this. This is early morning and I really thank you. You reported great results last night and it was hard to find something that I can talk about and criticize you.
George Kurtz
But you will.
Question-and-Answer Session
Q – Tal Liani
No, but I’m not sure I’ll find because the results are really clean. I want to ask you about the trends. For those of you who are investors who didn’t read the report or the results, what drove such a strong growth in an environment that is not that great? All the companies have something that is going wrong and your company reported just very solid results across the board.
George Kurtz
Well, first a pleasure being here and thanks for your kind words. I think if you look at what we did, it’s something we’ve been focused on for the last five quarters, which was delivering results in a really challenging environment. It’s still, we talked last night, it is still a challenging environment, make no mistake about that. I think a key driver for us has really been the platform expansion that we’ve — that we’ve been embarking on really since I started the company and this platform term and this sort of whole strategy of selling more to customers and consolidating this is not new to CrowdStrike. This was a key thesis when I started the company in 2011. I think you’re seeing the manifestation of that. Getting into customers, we’ve always given the module land count and then how we’ve expanded into 3, 4, 5, then it was 5, 6,7 and 7, 8, 9. It keeps going up because we keep landing and expanding. And I think when you go into a customer and you can drive broader adoption and really consolidate and save money, every dollar spent on CrowdStrike saves $6 somewhere else and you combine that with Falcon Flex, which I’m sure we’ll talk about, which I think is a really innovative licensing methodology that we have, this is what customers wanted, and we delivered it to them on a platter.
Tal Liani
Got it. What’s the benefit of having — you reported that customers that buy eight modules went up 95% in the quarter. You reported great statistics about how it shifts to more and more modules being bought by the same customers. What drives it? What’s the value in buying all these modules from a single company?
George Kurtz
I think what’s important to realize is that when you actually get into the details of it and when customers use the product, when you look at PowerPoints, I’ve never seen a PowerPoint that was wrong. They all look good, right? But when you actually use it and you install it and you go into some of our big banking customers and we’ve got 15 I think out of top 20 banks in the world, might be more at this point, they — some of them have, when we got the deal done, they allocated two years of deployment time, two years, you know this from a big bank, right? We got it done in three months and it was only because that was their schedule. Could have got it done a lot faster than that. This has not been done before in our space and it’s because of the way we built the technology, how easy it is to deploy no reboots and then actually operationalize. So there is this sort of revelation for companies when they get it, they go, okay that just worked and it was really easy. Now you would think every technology does that. I can assure you it’s not that way. There’s a lot of technology can’t scale past 5,000 or 10,000 endpoints. You need brokers and you need reboots and all kinds of complexity in the environment. So once they get it, then they look around and they go, okay, well can I use that? I have a vulnerability management. Can I consolidate here? I’ve got IT, I’ve got other players in IT, can I use Falcon for IT? And it just goes on and on because the valuable real estate is the agent that we have. And again, when we think about what we do, yes, there is a big element of endpoint protection, but really what we’ve built is a really effective data ingest engine, which we get data from the agent and now with our log scale fully integrated into our platform, we can take third-party data. So once we get the data into the platform, which is well beyond security, it opens up many more use cases and many more TAM expansion opportunities, which you’ve seen over the years of covering us.
Tal Liani
What are the big modules that are being sold today? Meaning, outside of endpoint protection, actually other areas you’re going after?
George Kurtz
Well, it’s a good question, and we do have a lot of customers that come to us, and they might have a specific use case, right? Because we always get asked, well, how does it all start? I mean, certainly, if they need endpoint protection, they know where to come. But we do have a lot of customers that come to us first and say, we have a cloud need and we have to secure it, right? Can you help us there? Well, we’ve got a cloud offering. And you’ve seen the last public numbers that we put out, not this quarter, past quarter was a $400 million business in cloud. That was — that data is a quarter old. They might come to us with a Next-Gen SIEM. There’s so much movement in the SIEM market. They’ve got legacy SIEM. They’re not happy with it, not happy with the cost, expense, the performance. They’ll come to us in that area and then a lot of companies will come to us and say, hey, we’ve had a breach, we failed a Pentest because we don’t have identity protection. Can you talk to us about your solution? And we can. So we can land in areas that are outside of just what you would call endpoint protection and I think that has allowed us to get in various vectors and continue to cross-sell the platform. But those are the three that we continue to talk about. There’s a lot of excitement around data protection and Falcon for IT, but cloud, Next-Gen SIEM and identity are key drivers of growth that we’ve seen just tremendous success with.
Tal Liani
Yep. Talk about competition. You highlighted yesterday on the call your Falcon for Defender solution against Microsoft and we have seen the results of SentinelOne that were not that great. How — talk about the evolution of the competitive landscape. How do you see what’s the pricing environment and how competition is like?
George Kurtz
Sure. I think it’s one of those areas where we’ve always been in a competitive market. When I started the company it was McAfee and Symantec and others. Right now, most of the players that we started and competed against, that laughed at us by the way when I started the company, are either sold or out of business. So you’ve got to look at it, it’s always been competitive. Now you’ve got a different slate of competitors in 2024 and what do we see? Well, I think if you look at some of the other players that you mentioned, we’ve had a lot of success in the SMB. I didn’t talk all that much about Falcon Go yesterday, but we’re doing amazingly well with going down market. And I think that’s really the exciting part of the model. There’s not many companies or industries where you can dominate in a segment like the enterprise and go all the way down into the SMB. It’s — you’re in rarefied air to be able to do that with a similar set of products. So we’ve been able to do that and we’ve been able to do that through some effective partnerships which I know we’ll talk about here in a minute. But I think that has really served us well in these markets and when we think about Falcon for Defender, that’s another area in SMB, we think we’re going to see a lot of success with. We just launched it at RSA. But in general, what we had is customers, many enterprise come to us that are E5 Microsoft customers. And when you have an E5 license, the only thing that you would technically get with the E5 that you’re not paying extra for is on the desktops, not the servers and other places. So we’ve had customers say, well, procurement made a decision in this area, but we know we have the responsibility for stopping breaches. We know you have a 6x improvement in terms of mean time to response than a Microsoft. We know we need things like OverWatch. So we came up with, I think, really effective packaging that allows us to help backstop what’s there and help customers prevent the breaches. And then we’re running in other areas, servers and things of that nature, but really it’s the entryway into those organizations that will allow us then to expand our module footprint.
Tal Liani
Got it.
George Kurtz
There’s been a lot of excitement around that from customers.
Tal Liani
You spoke about partnerships and I want to expand on it. I want to talk about go-to-market and your target. You started as an enterprise company starting in the very high end. Talk about the evolution of the company beyond the enterprise and also penetration within the enterprise.
George Kurtz
Sure, so for me and just my background, I spent a lot of time in enterprise sales, just within my prior roles, McAfee and Foundstone. So that’s really where we gravitated the company. And we did that for two reasons. One, I had a lot of experience there. And two, if you can own the enterprise, it’s much easier to go down market. If you’re a mid-market company and you can think about many players in security that are mid-market companies, BofA is not buying the mid-market security. They’re just not doing that, right? It’s just not going to check the box for them. So we want to start in the enterprise and then it’s really this pyramid of enterprise, mid-market, and SMB. And we’ve been able to go effectively down market in those areas. And I think once you have these big light-out customers, 15 of the top 20 banks, probably 40 plus different states in the United States that are customers, manufacturing, utility, it goes on and on. We’ve got a marquee blue chip customer base. Once you have that, then you have build credibility to go down market and then you create the partnerships. We have a very effective inside sales team and really what I wanted to do was to take a sort of a page out of the SolarWinds Insights sales team playbook, right, and combine that with the Atlassian e-commerce engine and just kind of — they’re smart people have done things like how do you put it all together and how do you create velocity in down market. We’ve done some amazing partnerships with Pax8 and NinjaOne now in the MSSP space where we had some competitors there. But now they actually came to us and they said, we want something our customers are demanding CrowdStrike and we want to be able to offer it. So we’ve got a lot of robust business in those areas and we’re seeing tremendous growth up and down from enterprise all the way to smaller SMBs through these managed service provider channels.
Tal Liani
And how’s the success by the way so far? How big is — you’re still in — the majority of revenues come from enterprise. How big is the portion of smaller accounts and how’s the success so far?
George Kurtz
Yeah, well, if you look at any company that sort of has our characteristics, by revenue, you’re going to see a lot of it land in the enterprise just because they have bigger buys. But when you see the customer count and the velocity that we have in the mid-market SMB, it’s really important. And one of the things that — this was at the end of the year, we gave out a total reportable customer count, right? But what we don’t report on is all the MSSP end user customers. So there’s many, many of those.
Tal Liani
And they’re counted as a single customer?
George Kurtz
They’re counted as a single customer, but they’ve got tens of thousands of customers that are underneath them. So that’s when you look at it, it’s not just one piece of it. And those are all bundled together. So when you look at our ability to touch these markets and in different geographies, I think it’s been incredible. There are many areas that and geographies that even as big as we are we can’t touch. We just don’t have the people there, right? So we need the partner network. We need things like distribution. Traditionally in the US we’ve been — it’s been CrowdStrike to a reseller. Outside the US now we have distributors. So we’ve got distributors in Europe and Asia and then they’ve got resellers and they’ve got end customers. So we’re really getting to areas that we haven’t gotten to before and that’s — I mean that’s probably the normal evolution of a company that is originated in North America. But there’s a lot of places that we’re still not. And I think if you were to ask me some areas that we really want to focus on and we think we can do better in, it’s outside the rest of the world. We think this is a huge opportunity in areas that we’re just not in.
Tal Liani
Got it. You spoke about Flex pricing, so if I can actually expand the discussion, let’s talk about your pricing. Because for those that don’t know you even, how is your pricing mechanism to customers? How is it different from big enterprises versus smaller customers and channels?
George Kurtz
Yeah, there’s really a couple of vectors to the pricing. One is just kind of the number of agents or endpoints that we would actually deploy, whether that’s on a desktop or in the cloud. And that’s counted, just add them up, the more you buy, the better deal you get, right? You could have 10 or you could have, you know, 4 million. It’s everything in between. That’s one piece. Then the number of modules. So you’ve got, call it, 100,000 endpoints, maybe 50,000 servers, and how many modules do you want to put on top of it? Those are each a cost and we have — I think we have effective bundling around that. And then you have in some areas like Next-Gen SIEM, you’ve got data ingest costs and then support and other things. So, but in general, if you were to simplify it, it’s number of modules and sort of number of agents. When you get into other areas like agentless and cloud, it’s a different way to count it. When you look at SIEM, you’ve got data ingest, things of that nature. But by and large, modules and node counts sort of drive our models.
Tal Liani
And what is the Flex? You mentioned the Flex pricing or Flex program that you have.
George Kurtz
Yeah, so we announced Flex in September at Falcon. We really just operationalized at the beginning of the year. And it’s been incredible. So we sat down with a bunch of customers who came to us and said, hey, we want to buy more from CrowdStrike. We want to consolidate more. We want to do more with you. You got a lot of modules, we’re a bit of a product of our own success. I mean you start with one or two and it’s easy to keep track of. You got 28, how do you sell it? Does the entire sales force know each one of them? It becomes more complex in these areas. So they said, we want to go all in on CrowdStrike and here’s what would make us happy. So essentially what Flex does is it opens up the entire product catalog to a customer, right? So we worked with actually a pretty big bank on this one. They said, we want to go in with you. So essentially the entire product catalog, almost 28 modules are available to them. They start with a bill of materials, okay, and then they can add new products and it very it basically is similar to what they’re doing with an Amazon or Microsoft Azure or what have you. You have a commitment to CrowdStrike. The more you buy, the better deal you get. You open up the product catalog. You can add products as you need it. And you can ramp out of products from competitors. You can ramp into our products. If you sold a division, you can take the licenses and put it back into the pool. So it’s incredibly flexible. And even if we buy a new product, they can add a new product without going through another procurement cycle. Most organizations and customers don’t want to go through procurement cycles. So we can eliminate a lot of procurement cycles and give them what they want which is going to drive even higher adoption rates on a module by module basis.
Tal Liani
So what are your challenges? I mean the numbers were pretty strong. Everything was consistent. Pricing you said was consistent. NRR, net retention rate, was consistent. We do see struggles not with you, with other companies. So what are your challenges? When you think about the next three years, five years, where do you want to see the company and what are the challenges in getting this?
George Kurtz
Well I think I have to go back to our Falcon Investor Day when Burt talked about the path to $10 billion in five to seven years. I mean we’re firmly focused on that and there’s a lot of steps in between that and where we are today. For us, and you think about the challenges, still a challenging macro environment. Make no mistake about it. I mean there’s a lot of hard work and execution that went into to this quarter and we’ve done it in a challenging environment as I said for a while now. For us, it’s always making sure that we’ve got the right people, the right talent, that we’re ahead of the curve. And we’re thinking about the future. We’re really an innovation company. We’ve done that since I started it. We’ve really disrupted a lot of the markets and came out with things that people hadn’t even contemplated. So when we look at technology for us, we want to make sure that we’re skating to the puck as they say, right? So I always look at technology and the technology curve as a slope. And when I got into security 30 plus years ago, it was pretty simple, like actually dating myself a bit because I was involved before there were really commercial firewalls, it was Cisco routers and things of that nature. And then you look at the complexity, it wasn’t like this, right, sort of exponential. Well, as you look at the slope of that technology curve going up to the right, you need security to parallel that. And there’s many areas and it used to be simple like endpoints and servers. And now you’ve got pods and you’ve got clusters and you’ve got all kinds of serverless infrastructure. I mean, it goes on and on and I won’t go through the whole technology stack. So as we think about Generative AI and we think about where the industry is going, you’re going to need security to solve a lot of those new technologies that are coming out. So for us, just put a fine point on this, we’re really good in areas that we focus on and there’s a bunch of things that we don’t do. We’re not a firewall company, we’re not an appliance company, we’re not a whole bunch of doing email and other things. We do what we do really well. But if it has a data gravity element to it and we can solve a security use case that fits the bill and those are areas that we’ll look to get into.
Tal Liani
Got it. There’s one question I forgot to ask you and I’d like to ask you is when we speak with distributors which obviously is [W] (ph) recently at RSA, et cetera. So they talk about your competitors, they say it’s bundled in for free basically and that’s only on the endpoint. How do you compete with free bundling? How do you compete with something that is bundled in, whether it’s Cortex from Palo or how do you compete with that and does it mean that on the end point side, pricing — price erosion is a factor?
George Kurtz
Well, we’re always selling value and I think the value we’re selling is stopping breaches and actually having technology that works at scale. We don’t have multiple agents. As I said, if you deploy it and work, when you look at some of our competitors that bundle things in for free, they’re looking at six months deployment times. We can get it done in a day. Literally, it’s up to the company. Like, their own processes kind of get in the way of it and it’s just going to work and by the way when you look at things like Falcon Complete which is our MDR service and OverWatch, I mean we are orders of magnitude faster and better than our competitors there. So I can give you a good deal on a leaky lifeboat. If you want to buy that that’s fine. But when you go to sort out the breach and you look at one of the latest healthcare breaches that was, what $800 plus million?
Tal Liani
Yeah.
George Kurtz
That was disclosed. I mean, ask who they were using. So at the end of the day, from my perspective, you get what you pay for. If we need to be aggressive in how we package things, we can. We’re big enough to do that. And I think ultimately the total cost is different than the price of something. And the operational overhead and just the pain inflicted in customers and multiple consoles and things stitched together ultimately bears out into wins for CrowdStrike. And I think you saw that this last quarter.
Tal Liani
Last question before I get into some of the products or some of the modules is just about federal. We asked all the companies about federal opportunity for cybersecurity. How are you positioned and how do you think this market evolves?
George Kurtz
I think we’re positioned well. We just got late last year, IL-5 certification, which is now the next level. And it is, when we just talk about US federal, because we got federal all over the globe, if you will, the equivalent, it takes time. We did a deal with CISA, and we have a license to hunt in over 100 different agencies that we’re knocking down agency by agency. But when you look at some of these big contracts, and I was involved with them when I was at McAfee, I mean, they’re still there, right? It takes time to get these out. The government moves slowly, and you have to look at the budgetary pressures. So we are making, I think, really good progress in areas. And I think the breakout ultimately will come when some of these new programs turn over and you look at a much broader adoption that gives you sort of one shot to deploy in lots of places. So I think good progress there. If you look at where we are, obviously the build is into Q3, where the federal buying takes place. I think it’s going well. You’ll get state and local government. As I said, we got 40 plus different states that have settled on or consolidated with CrowdStrike. And outside the US, we’ve got a certification. IRAP in Australia and other places. So we’re knocking down all these local certifications so that we can continue to sell into their equivalent federal government and their state and local. It’s been an amazing business for us, and we’ve got, I think, the right products and the right offerings for these organizations to allow them to consume it with not always the resources that they have. A lot of times they’ll have budget, but they can’t get headcount. And I think we’re a perfect fit for them.
Tal Liani
Maybe before I go into the products, I want to ask you just some financial numbers. Just what — I think yesterday, you reported $3.7 billion of cash. Great cash flow generation. What are the plans of doing with all this cash?
George Kurtz
Well, there’s a couple of things that Burt, our CFO, and I was talking about, and that’s ARR and cash, right? We love the free cash flow. And we’ve been very diligent with what we’ve done with that cash. And I think if you look at some of the acquisitions that we’ve done, they’ve turned out amazing. You look at our identity product, it was doing $7 million of ARR when we got it. And the last number we reported was $350 million plus, right? That was a quarter ago. So that was a great buy. We’ve got Flow acquisition, which is in DSPM space. We did Bionic in the ASPM space. So for us, we think we can make the best use for shareholders of that cash, leveraging it through acquisitions and being really smart about it. And having dry powder and that’s really what we want to have. We want to have the dry powder to be able to take advantage of opportunities that come our way. As you know, many of these flyer deals were funded in ’21. They’ve got some big valuations. I think expectations are being reset a bit as the market has moved. So we want to be there. We want to be opportunistic. But ultimately, we want the best people and the best technology that can be folded into our platform to provide greater value to our customers. And that’s really — that’s what we plan on doing with it.
Tal Liani
Got it. Okay. So I want to take just kind of audience through the evolution of the company, starting from an endpoint company into going all these areas. And you spoke about the fact that you’re lending today in many times not in endpoint, you’re lending with the other modules. So just to understand how you play in these markets, let’s take for example, identity. You’re playing in identity, but we also have Ping and Okta and other players that traditionally were in identity. What’s the difference between what you’re doing in the market and what they are doing in the market? So if we can talk about same question, identity, SIEM, where — how are you positioned versus the incumbents or the existing players?
George Kurtz
Sure. So let me just give you one minute just overview just as we think about how we evolve and what we did. So when I started the company, it was really thinking that data can solve security problem. And what we built — and we didn’t quite realize the super power we built, but the ability to get data from our agent into our Threat Graph and cloud at scale has been just amazing what we can do, and it’s very difficult to replicate that. So even the original slides of the company where you had Salesforce and Workday and ServiceNow and nothing in security, and my little slide had CrowdStrike as that missing platform player. So now we fast forward to today, we have all this data, what are we doing? Identity is one of those areas. And just to make it easy, because we do get a question a lot, you compete with Okta or Ping, these guys, how does it all work? And actually, they’re partners of ours. But you can think about identity in three areas. One is the creation of the identity. This is generally like an Azure AD, they’ve renamed it. You’ve got Active Directory, which — that’s basically the creation of identities. And then there are other systems that have identities. Then you’ve got the aggregators, which are — thing in Okta, where they’re able to pull — as a user here, you think about all the SaaS applications you have and all the things you log into, you probably have 10 different identities. So they’re able to then pull all those identities together. Then the last piece of that is the protection of those identities. And that’s where CrowdStrike plays. So we don’t create the identities, we don’t aggregate the identities, we protect the identities and that’s how we play in the ecosystem. There’s plenty of great players that are creating and aggregating, and we want to be the protection end of that. And what does that do? Well, it allows us to understand how all these identities and these stores are configured. There’s a lot of challenges in active directory in the cloud, just things misconfigured and it’s hard to get information out of it, so we protect those. And then the second piece of that is we can provide fine-grain access controls in areas and applications and protocols that you cannot do natively within Windows. So that has been a real boon to our customers and again, one of the fastest-growing modules we have.
Tal Liani
Got it. Same question for SIEM. How do you differentiate and innovate in SIEM versus incumbents?
George Kurtz
So what we found with SIEM is if you looked at the market over the last, say, 10 years, last decade, it hasn’t been a tremendous amount of innovation. I mean people have been additive to their solutions for sure. But what we found is there was a high level of frustration both on the technology side and particularly the business model side of buying SIEM, right, really expensive. And to me, when we look at data, data should be like your cell phone minutes. You shouldn’t — I remember the old days where I have to like do I call my mom on the weekend where I get my 3 minutes, right, to friends and family, or do I call her tonight, right? If you had the old Nokias and Motorolas, you remember?
Tal Liani
By the way, I think you can afford it now.
George Kurtz
I’m okay. I think I can cover it. But I think it’s one of those areas where people are making decisions around data where they’re saying, I can’t ingest that data, it’s too expensive when the reality is the power of what we’re doing to find these bad actors and to drive the AI models, you need the data. So why not disrupt that market and make it very cost effective. [Technical Difficulty] number of years ago, I think, ahead of the curve, we purchased a company called Humio, which is now LogScale, which has — we’re seeing 150x increase in search speed over our competitors, 150x. We have banks that were using competitors that were taking two days for one search. They do that in less than a minute with ours. We’ve taken the cost from our competitors, and we’ve got a third of the cost now of what they were paying. And we’ve become their data lake, so — for our customers. So when we look at that market, it was ripe for disruption. Now the really exciting part is that technology has been natively integrated into Falcon platform with the Raptor release. And we started migrating customers over into that new release in the fall and we finished now. So we went small, medium and large customers. We got to everybody. So everybody has it. And what that means is that when we think about Next-Gen SIEM customers, we don’t have to go buy legacy SIEM technology for customers. We already have a big customer base. Everyone has it. Now we have to just go through the selling motion of activating it for our customers. And at RSA, we actually announced that we’re giving away 10 free gigabytes of third-party ingest. So now it’s natively within their workflows. It’s natively working within the FalconStore product, and they get 10 gigs to ingest third-party data. By the way, we generate probably 80% of the data that they were putting in the SIEM anyway. So why send it out somewhere else and incur the cost? So we’re saving on the data exfil cost. We’re saving on the technology that they actually have to procure, and we’re giving a better, faster, cheaper outcome. That’s why we’re so excited about this.
Tal Liani
Before I go to the other products, I just want to ask about, did you have to change go-to-market? Because you started as an endpoint company and now you’re increasing focus on other areas, is the sales motion different? Are the buyers — are there different buyers for that? Or is it the same kind of sales strategy for the past few years?
George Kurtz
Yeah. There’s different personas when you’re selling. If you’re selling Falcon for IT, that is a different persona, right? Certainly since we’ve become public, we’ve been more focused on the platform sale, right, because we’ve got many more modules than when I started the company. So that muscle memory is there. But there are new buyers, right? And there are other players in the market who have always operated the CIO level. We’ve been there over the last number of years because of all the modules and the spend that we have with these big customers. But if you look at cloud, if you look at Falcon for IT, if you look at Next-Gen SIEM, these are different personas. So we do have some specialized sales teams that focus in these areas. But if our main sellers are able to sell the platform, and the benefits of it, and package it up with something like Falcon Flex, then we can support that with the specialized sales team that we’ve created. So that’s really what we’re thinking about. But there are some nuances for sure and some differences in those personas that we have to sell to that.
Tal Liani
I want to shift to cloud. So we know the space well. You have companies like Prisma Cloud and you have companies like Wiz. Where — same question I asked you about identity, where are these companies that started in cloud security or at least evolved there? And where are you positioned? Is it the same exact location or in a different location than the others?
George Kurtz
Well, we actually think it’s more. Because if you look at some of the private companies that are out there, they really started with CSPM, right, and there’s very little beyond that. For full cloud security, and this is what customers want, they want the ability certainly — and let’s just go through it. CSPM is like vulnerability reporting for the cloud, it’s what it is, right? What’s misconfigured, what’s out of compliance, here’s a report. It doesn’t prevent anything, right? So what customers want is the preventive piece, which is a cloud workload protection, which is really where we started. Now we’ve added over time, CSPM, which we believe has parity with the other players in the industry. We have ASPM. We have that, the other players don’t. Other players don’t have ASPM. We have DSPM. We’ve got CIEM. These are all acronyms, but essentially, we’re covering the full suite what you need from code to cloud. And certainly, the private companies are specializing in a few areas. or one, but it’s — what customers want is an integrated solution. They want your CSPM to talk to your cloud workload protection, which understands — ASPM is the application security posture management. These are all elements. You’ve got to tell the story and put it together. So if you just one off, it makes it really difficult for a customer to kind of figure out what’s going on. So we think collectively, that one plus one equals three. But on a stand-alone basis, we’ve got world-class technology in each one of those categories that I mentioned. And I think the way we’re bundling it and going to market, it’s really cost effective and disruptive to some of the other players that are out there.
Tal Liani
Yeah. When you look at cloud solutions, they start on the left side with developed environment. Then you have the hygiene part, you have to make sure the network — I’m trying to not be [indiscernible].
George Kurtz
Yes.
Tal Liani
And then you have the protection part and run time protection, making sure that there is no risk right now in the network running. Are you positioned in all areas of cloud security? Or is this still a work in process kind of evolving into it?
George Kurtz
No, it’s really code to cloud. And there’s always other things that you would want to fill in, and there’s — it really is an amazing industry because you will see little companies pop up that just one thing, right? And as new technologies come out or a new open source project comes out, it needs to be protected. Or now with GenAI, you need guardrails around that piece. We think GenAI is going to be a huge boon to us in protecting all these pods and these super pods. You heard some of the announcements we did with NVIDIA. So from that standpoint, we’ve got the full suite, but there’s always more we can do. There’s always more we can add. And by the way, if you stand still, there’s going to be stuff that — new things that come out that you’re going to need to either build or buy, right?
Tal Liani
So, last night, you mentioned — on the call you said, and I want to ask you about it, you said that you have a single AI engine basically across the board. Let’s talk — let’s take maybe a step back and just speak first about the implications of AI and GenAI on our business, both from an opportunity and threat, and where are you differentiated?
George Kurtz
Yeah. So it’s a good question, and it’s one of those areas where we’ve been doing AI before it was fashionable. And not GenAI, because that’s a later technology, right, we’ve been doing that for a while. But when I first started the company, it was all about leveraging machine learning to be able to identify and predict whether something was good or bad without ever seeing it before, and moving beyond signature-based, database kind of lookups for these bad pieces of malware. So we started the company doing that. We’ve evolved. We’ve got a very large and robust [Technical Difficulty] once you have that date, you can use in various ways and lot of it was to feed the algorithms. Sometimes better to be lucky than good. We were, I think, very fortunate in that, say, the 10 years of collecting data from everything we do. We were able to annotate that data in a way that made our Generative AI training very effective. And as many of you know, like you’ve heard the stories of ChatGPT, where the humans are there, is it good, is it bad, right? Well, we had sort of annotated. That’s what I mean. We’ve had data that was collected that we had — we sort of described a long old 10-year journey so that when we fed it into the algorithms, it was sort of clean. So that made our life a lot easier when we created something like Charlotte. Charlotte is our Generative AI technology. What does it do? It goes beyond just a chatbot. And I think what you see in the industry, Tal, is a lot of like, hey, we’ve got a new chatbot. Okay, that’s interesting and fun, but what do you do beyond that? So what we’ve done with Charlotte is we’ve taken the collective wisdom of CrowdStrike over the last sort of 10 years of operating, if you will. We put it in the Charlotte. So you ask a question, you get an effective answer as if you’re talking to the smartest SOC analyst, security operations center analysts that we have. That’s one. But the second, and I think more impactful piece is we’ve wired it into the automation framework of CrowdStrike. We’ve wired it into our store. We’ve wired into our real-time response technology. So from a customer standpoint, if you want to take 8 hours of brunt work, we can reduce that down to 10 minutes. Because not only can we answer and pull data out of the system and write reports on it, like threat reports that would take days, it writes automatically. But then we can actually provide actions into what you want to do to fix it, and it’s wired into the platform. And that’s really the power of what we see. We want to create a virtual SOC analyst, not a chatbot. And I think we’ve been very effective in doing that, which is why we called out the 90%-plus win rates when people actually pilot Charlotte.
Tal Liani
Got it. I didn’t leave enough time for questions or much time for questions. Is there any question from the audience? Yes.
Unidentified Analyst
So, George, you guys talked last quarter about upping the investment spend again this year and next year versus a little bit of a pause last year, if you will. Given all the momentum you’re seeing, strength of Flex, traction in international, the excitement in the marketplace, to the degree to which your sales are exceeding, how quickly can you reinvest that upside? Or will you just maintain a very methodical approach to your budgeted spend, such that we’ll see the leverage and the flow-through sooner? Or will you turn around and try to reinvest that very quickly?
George Kurtz
Yeah, it’s a good question. And what Burt and I talked about — and Burt gave some, I think, constructive words on this, is that we front-loaded the investment a bit this year and certainly in terms of headcount and go-to-market, even engineering, right, we have new products, we continue to add there. And we front-loaded this because we wanted to make sure we got the ramp. It does take — you hire a new salesperson, they’re not productive day one. So we wanted to make sure that we had the ramp for the back half of the year. And I think we’ve been doing a good job in that area. But one of the things that Burt and I have always said, and it’s part of our DNA, is that it’s not growth at all costs. And we have amazing growth at our scale. I mean we’re a rarefied air, as many know, but we want to do it in a profitable way. And we want to certainly do it and deliver the free cash flow that we’ve talked about and the operating leverage and the operating margin. So we’re not going to deviate from that, but where we can invest and be smart and strategic about and front-load things, knowing we’re going to get the benefit, that’s what we’re going to do. And that’s really what we’ve done in the beginning part of this year.
Tal Liani
Any other question? Okay. I’m giving you back 25 seconds.
George Kurtz
Okay. Fantastic. Thank you so much, Tal.
Tal Liani
Thank you. It’s a pleasure. Thanks.