Hi, I am Trung. I deep-dive into market leaders. I follow up on their performance with my Thesis Tracker updates, and when the right price comes, I buy them for the Sleep Well Portfolio, which I am building for my daughters to redeem in 2037. I disclose my reasoning for all BUY and SELL (ideally never) transactions (1st, 2nd, 3rd, 4th). Access all content here.

Build your Sleep Well Portfolio today

Today, I bought a top cyber security business, Fortinet (FTNT), at $58/share and placed an order to buy CrowdStrike (CRWD) at $285/share after trimming it to $381.64/share a month ago. I am reluctantly selling Medistim (MEDI) at NOK 170/share to fund the purchases.

Reasons:

1. Adding Fortinet

I added Fortinet because it’s the most resilient business in cybersecurity; the recent thesis review also shows promising developments are coming, as 65% of its revenue is about to enter an inflection point. Finally, in light of the global IT outage caused by CrowdStrike’s faulty update highlights the importance of having a backup plan, multi-vendor strategy, and keeping your critical system on-premise—raising the profile of companies such as Fortinet and Palo Alto (PANW). Moreover, SentinelOne (S), the direct competitor of CrowdStrike, is looking to gain the most here. Palo Alto and SentinelOne are extensively discussed in my Fortinet and CrowdStrike deep dives, as well as updates if you want to know more about them.

2. I placed an order to buy CrowdStrike.

I have placed an order to add Crowdstrike at $285/share. I will notify you if the order has been filled out or not. The reasons for putting an order at a lower price instead of buying today are:

I am not buying today as I want to see how CrowdStrike deals with the problem. So far, so good. The CEO quickly found the solution, reported the findings on their website, and went on air on CNBC to apologize to the customers and people impacted. Next, I need time to see changes in internal testing processes and risk management steps to prevent further events like this. Below is the initial technical and root cause analysis CrowdStrike has laid out on its website

Root Cause Analysis

We understand how this issue occurred and we are doing a thorough root cause analysis to determine how this logic flaw occurred. This effort will be ongoing. We are committed to identifying any foundational or workflow improvements that we can make to strengthen our process. We will update our findings in the root cause analysis as the investigation progresses. - 19 July 2024

I am placing the order at $285/share because, at this price, the growth expectation is reduced to 15%, a more achievable feat than at $381/share when I last trimmed the stock. This implies that CrowdStrike would have to grow free cash flow per share by 20%+ for the next decade.

CrowdStrike’s sharp 15% decline in the stock price on the outage day (and 30% from $400) showed the market had no appetite for a sky-high valuation, no matter the quality. Notably, the magnitude of the problem created yesterday at 11:00 PM GMT (18th July 2024) is still unknown.

So far, we only know that the content update related to Falcon Sensor impacted 8.5M computers (primarily corporate) worldwide.

Global media outlets (Sky News), airlines (Jetstar, Delta, Turkish Airlines), banks (Lloyds, Visa, Santander), hospitals, transport networks, and Cafe shops came to a halt (see spikes of error reports below).

The main question now is:

What’s the cost of the error?