CrowdStrike: Standing tall in crowded cybersecurity
In a NY Times oped in 2018, Zeynep Tufekci wrote, “The early Internet was intended to connect people who already trusted one another, like academic researchers or military networks. It never had the robust security that today’s global network needs. As the Internet went from a few thousand users to more than three billion, attempts to strengthen security were stymied because of cost, shortsightedness and competing interests. Connecting everyday objects to this shaky, insecure base will create the Internet of Hacked Things. This is irresponsible and potentially catastrophic.”
In July last year, Rob Vinall mentioned the following in his letter to investors, “it is worth remembering that crises come in different shapes and sizes. This crisis impacted the physical world to the benefit of the online world. The opposite scenario is equally possibly. In fact, in January I wrote that the greatest longtail risk to the economy was from a virus… of the computer variety (so near to glory, and yet so far). I still believe a computer virus is a major risk and strongly recommend reading “Sandworm” by Andy Greenberg to get up-to-speed on how fragile the Internet is.”
As I spent the last month understanding the vulnerability of our online world, it is hard not to sense a tangible fear of catastrophe sometime in the future. Companies such as CrowdStrike are one of the strongest answers to such vulnerabilities. I must admit that the velocity in cybersecurity space is moving forward at a dizzying pace, especially for a generalist like me. I am grateful to MI Capital, Ryan Reeves, Muji, Liberty, Cleveland Rainmaker, and the internet (even if it’s “fragile”) to help me get up to speed.
Here is the outline for this month’s deep dive:
Section 1 Mini-primer on endpoint security: Many readers may not be quite familiar with the historical and current context of endpoint security. I briefly discussed and left some helpful readings that you can explore further if you are interested.
Section 2 CrowdStrike business model: I explained CRWD’s business model and how it makes money.
Section 3 Sizing up the opportunity: I outlined CRWD’s TAM and commented on their potential in cloud security.
Section 4 Competitive dynamics: A detailed discussion on competitive dynamics among legacy incumbents, next generation security companies, Microsoft, and some current crop of startups is presented.
Section 5 Valuation and model assumptions: Model/implied expectations are discussed here.
Section 6 Management, capital allocation, and incentives: I opined on the management, and their compensation incentives in this section.
Section 7 Final Words: Concluding remarks on CrowdStrike, and brief discussion on my overall portfolio.