Hi, I am Trung. I write 10+K words deep-dives on market leaders. I also write Thesis Trackers updates to follow up on their performance. When the right price comes, I buy them for the Sleep Well Portfolio, which I am building for my 4-year-old daughter to redeem in 2037. I disclose the reasoning of all BUY and SELL (ideally never) transactions (1st, 2nd, and 3rd). Join me in building generational wealth.

Before investing in 100-year-old market leaders, I closely tracked a few ‘unproven’ ones as they possessed the right ingredients to become future leaders. One is CrowdStrike (CRWD - $38B Market Cap), a leading cyber security platform founded in 2011 and IPOed in 2019 (at $20B Market Cap). This is one of the few hyper-growth tech names that continued to perform post-covid.

Thesis Tracker

I first bought CrowdStrike in May 2020, wrote the first note in September 2020, and updated it with more details in May 2021, in a format before the Sleep Well Investments framework was born and refined.

This write-up tracks how CrowdStrike’s moats and market share have moved since.

The following table shows CrowdStrike has consistently taken market share (green box highlighted below). Out of 7 peers I studied, I singled out Microsoft and Sentinel One as the biggest threat and the most similar product architecture, respectively.

The green boxes are the result of findings from:

1. Revenue growth vs. key rivals (seven)

2. Client wins / losses

3. Gartner industry rankings

4. Gartner customer’s reviews

The four points are specific for CrowdStrike. Read my Investment Thesis Tracker to learn more about how I measure market share and moats. For other picks, the criteria are different. Click here for MIPS and FND.

In the second part of the post, you will also see if CrowdStrike can continue gaining market share and whether it can achieve the new 5-7-year financial targets. We will see CrowdStrike’s

1. Product growth

2. Product stickiness

3. Operating leverage

4. Free cash flow per share

Finally, we explain how CrowdStrike earned 12/20 points from the Sleep Well Investments scorecard and consider scenarios in which we would add more shares.

What’s CrowdStrike?

CrowdStrike is a cybersecurity software company that provides cloud-based security solutions and services worldwide. The fundamental difference from its competitors is that CrowdStrike was built as a cloud-native platform driven by AI. The architecture allows data collection at scale, centrally storing it in the brain, which CrowdStrike calls the Threat Graph. The data then trains the algorithms on these vast amounts of high-fidelity data and develops into the legs and arms to do various services, which CrowdStrike calls the Falcon Platform.

The Falcon Platform has ten modules at IPO and has grown to 23 today. The slide below, starting on the left, contains functions such as detecting, preventing, and responding to all kinds of attacks for endpoints (desktops, laptops, servers, mobile, and IoT devices), the bread and butter of CrowdStrike, and it’s what it started with and known for. For the last few years, as more customers were onboarded, the Threat Graph collected more data and became more intelligent. The data enabled the Falcon Platform to expand its functions to cloud security (protects cloud-based infrastructure, applications, and data).

Today, CrowdStrike is an industry leader in endpoint and cloud workload protection, used by over 23,000 customers worldwide, generating almost $3B Annual Recurring Revenue which recorded an impressive 77% 5-year revenue CAGR growth and 145% 5-year free cash flow per share growth! As cybersecurity becomes more and more mission-critical in our digital world, the company has a long road ahead.

I link the S-1 document at IPO here if you want to know more about the technical side. It goes deeper into the architecture and the history of the business.

Big Guidance Upgrade

Last week, at Fal.Con 2023, held in Las Vegas, CrowdStrike upgraded its long-term financial targets with

• Gross margin 82-86% (expanding by +4% from the prior target at the midpoint)

• Operating margin 28-32% (+9%)

• Free cash flow margin 34-38% (+5%)

For your reference, below is the long-term financial target set at IPO 2019 and at 2022.

Fal.Con 2023 surprised me because it upgraded massively its 5-7 year targets, aiming to achieve $10B Annual recurring revenue (ARR), a gross margin of 84%, and a free cash flow margin of 36%, higher than other software industry leaders.

The table below shows that CrowdStrike’s financial profile is not far off while recording the second fastest growth (behind Sentinel One - the youngest).

Fortinet (FTNT), the ‘legacy’ provider in cloud security and network security, together with Microsoft (MSFT) and Paolo Alto (PANW), are mature players. They show what’s possible at an optimum scale, enjoying 19%-35% free cash flow margins with above industry growth (10%+). CrowdStrike’s target at the low end is even higher, showing a lot of promises (but we’ll see that it has the track record to back it up).

Sentinel One (S), the most direct peer, labeled as the ‘next-gen,’ also a cloud-native, one-agent platform provider, is still burning cash with a -10% free cash flow margin. Meanwhile, Okta (Identity), Zscaler (Cloud Workload), Cloudflare (‘4th’ Cloud Platform), and Palo Alto (Networks) trail behind Crowdstrike’s profitability and cash generation.

In Q2’23, CrowdStrike’s free cash flow margin was already at 27%, not far from the 36% guided at the mid-point, albeit non-GAAP. And Q3 and Q4 would be even closer, given net new ARR generation is typically greater in the second half of the year as CIOs draw up cloud budgets for the following calendar year. In addition, the operating margin is also typically higher in H2, as costs for payroll taxes, new hires, and annual sales and marketing events are mostly paid in H1.

The rosy outlook shows management’s belief in CrowdStrike’s superior platform products and best-of-class economies of scale. Wall Street loved the update and estimates CrowdStrike to hit $17B revenue in 2033 or 22% CAGR! (I beg to differ, and we’ll see why)

But are the new targets achievable, and how does it translate into value creation?

I think CrowdStrike has a high chance to compete with Microsoft to remain relevant for decades, and it could create 15%+ shareholder value over the next ten years, despite assuming CrowdStrike only meets the low end of the target (82% gross margin and 35% free cash flow margin) with double the amount of years, ten instead of 5-7, and with 10% cost of capital, allowing an extra layer of margin of safety.

Moats and Market Share Direction

Gaining or losing market share speaks volumes about the quality of the moats and barriers to entry. This is my go-to KPI to sleep well at night. Keeping things simple and elegantly effective - as

CrowStrike has consistently taken market share from key rivals, illustrated by the green boxes from 2021-Q2’24.

Before I derive my findings from the four aspects mentioned:

1. Revenue growth vs. key rivals (seven),

2. Commentaries from management on client wins / losses,

3. Gartner industry rankings

4. Gartner customer’s reviews

I had a preview of the IDC market share report, but they cost $4500/each for the full report - which I don’t have. Thus, the digging exercise allows me to learn CrowdStrike’s key rivals intricately through reviews and management commentaries - reading IDC reports might not.

Nevertheless, I captured a few data points from the IDC report, which I can present as follows.

CrowdStrike and Microsoft are winning shares rapidly. It’s a fragmented market (48% still uses legacy anti-virus software) and expanding rapidly (from End Point Protection to Data security, industry consolidation, and geographic mix, a >$200B market in 2028). Meanwhile, McAfee and Symantec were the top five players a few years ago but have disappeared in the ‘Rest of Market’ pie.

Let’s review my interpretation of market share movements from IPO to 2023.

1. Revenue growth vs. peers (7)

This is not a perfect measurement, but it shows CrowdStrike as the second fastest grower, with 88% ave growth, behind Sentinel One, with 109% in the past 4-6 years. Thus, I can safely say CrowdStrike has been gaining shares, and everyone’s growth has slowed in the last two years.

*There is no information available for Cylance, Symantec, and McAfee, legacy competitors.

**For Microsoft, I used the Intelligent Cloud segment as a proxy as it’s the most relatable to cybersecurity. Microsoft Defender is a direct comparison to CrowdStrike Falcon, but only management commentary is available, which we will go into later.

2. Management commentaries on client wins / losses