A compelling opportunity with significant network effects, CrowdStrike is emerging as a category leader in the cloud-native cybersecurity…
A compelling opportunity with significant network effects, CrowdStrike is emerging as a category leader in the cloud-native cybersecurity space. Founded in 2011, CrowdStrike is head quartered in Sunnyvale, California. The company made an initial public offering on the NASDAQ in June 2019.
Within the cybersecurity space, CrowdStrike’s primary focus is on endpoint security, or the protection of all the devices that access a particular network (think of all a company’s laptops, cell phones, internet-of-things devices, etc.). CrowdStrike is disrupting the anti-virus space with an innovative solution.
Traditional anti-virus solutions are reactive. They must first see an attack, which are then logged with a signature, and downloaded to every endpoint. CrowdStrike’s platform is different. Through machine learning and artificial intelligence, CrowdStrike is able to predict and prevent new attacks. CrowdStrike’s proprietary Threat Graph leverages all of the devices on their network to gather signals which are then processed in their cloud. The more customers they have, the more signal they get, the better their Threat Graph machine learning model becomes.
We see this network effect as a particularly strong competitive advantage. Given their first mover advantage, their large data set already provides a moat. This data moat means their solution is better — able to prevent more and stranger attacks — than the competition or any new model.
Management, Team, & Culture
CEO and Co-founder, George Kurtz, has over 26 years of experience in the security space. Previously he founded cybersecurity firm, Foundstone, which was acquired by McAffee. He then served as Worldwide CTO at McAffee. He has built a strong leadership with experts across the cybersecurity space.
CrowdStrike supported a distributed, remote work before the rest of the world adapted to COVID19. Over 50% of the over 1,200 employees were remote in 2019. The company now has over 1,600 employees.
The company has positive ratings on glassdoor.com. As a professional in the field, I can say that CrowdStrike is an attractive company to work for.
Business & Opportunity
CrowdStrike operates a software-as-a-service business, creating annually recurring revenue. The business has grown significantly and continues to do so, as demonstrated by year-over-year ARR growth of 88% in the quarter reported June 2020.
The company has established a strong model to land and expand, offering upgrades and add-on modules. Dollar-based retention rates have been maintained above 120% the last 2 years. That is, for every dollar of a customer’s subscription, the next year that same customer is paying 1.20.
The market opportunity is large and expanding. Consider the explosion of connected devices we have had in the last few years. This trend will only accelerate going forward. All of these devices need endpoint protection. The market across all opportunities (corporate endpoint security, security & vulnerability management, IT operations management, threat intelligence services, and managed security services) is estimated to be roughly $27 billion in 2020. This market is estimated to grow at 9% over the next few years.
For the fiscal year 2020, total revenue was $481.4 million, a 93% increase, compared to $249.8 million in fiscal 2019.
For the fiscal year 2021, the company expects total revenue of roughly $770 million, a 60% increase compared to $481.4 million in fiscal 2020.
Regarding earnings, for the fiscal year 2021, the company expects a non-GAAP net loss of $10–15 million.
As of April 30, 2020, the company has cash and cash equivalents of roughly $1 billion.
Valuation & Target
As of June 2020, with the current stock price near $100, the company is trading at a market cap of roughly $21.8 billion. With estimated ARR of $770 million in 2020, the company is trading at 28.3x 2020’s revenue.
At first look, this seems excessive given the company’s losses and estimated annual revenue of $770. However, I believe there is an opportunity given CrowdStrike’s position as a category-defining leader, the stability of the revenue, the opportunity for growth, and the demonstrated traction.
CrowdStrike offers their long-term operating model target. After sales & marketing, research & development, and general & administrative expenses, the company targets an operating margin above 20%.
To value a growth company, we must extrapolate growth. More art than science, the outcome is particularly sensitive to assumptions.
Consider revenue growth continuing at 50% for the next 5 years. The company would have revenue of roughly $5.8 billion.
Assuming the company matures, we would expect metrics to normalize. Assuming 25% operating margin, operating earnings would be roughly $1.5 billion.
Considering the continued opportunity and growth, this company would still fetch a healthy multiple on operating earnings. Conservatively, we will assume a multiple of 30. The best way to gauge this is through comparison to larger peers — Salesforce trades for 63x operating earnings, Workday trades for 93x operating earnings.
Arriving to a valuation 5 years out, we have roughly $1.5 billion in operating earnings with a 30x multiple. The estimated valuation for CRWD would be $45 billion. This is in comparisons to today’s market cap of $21.8 billion, or roughly a CAGR of over 16%.
Keep in mind, this is a modeling exercise. If in 5 years growth continues or accelerates, the valuation could be much higher. On the converse, if growth slows down, the valuation could take a significant dive.
For the reason mentioned above, investment in growth opportunities like CRWD tend to involve significant volatility. If revenue growth slows (or accelerates) in a quarter, the market tends to react quite significantly.
Another risk worth of mention is the CTO’s recent departure. Dmitri Alperovitch, Co-founder and CTO, transitioned out of the company to pursue his own nonprofit organization. Michael Sentonas, an internal leader, was promoted to CTO on February 19th, 2020. The departure of such a prominent leader is never a positive sign. In this case, however, it does appear to be benign.
There are other systemic and company-specific risks that one should be aware of. This includes, but is not limited to, the actual growth of the market, increased competition, and other internal and external factors.