Today's article is powered by Commonstock:
Welcome all readers! This week, we dissected 12 investor conferences and so much more to deliver you condensed, simplified, thorough takeaways... for free!
1. CrowdStrike (CRWD) -- Investor Conferences & RSA Conference 2022
a) CFO Burt Podbere Interviews with Baird and Stifel
On hiring plans:
“We have a unique opportunity to hire. We’ve seen in the news lately a lot of companies that have done layoffs. We’re going to be the company that becomes stronger during this period by hiring.” — CFO Burt Podbere
Podbere added that CrowdStrike has always featured aggressive hiring plans, but last quarter was the first period in which it hit its hiring targets. Perhaps this is a sign that the competitive environment for adding talent is cooling off and that CrowdStrike’s fortress balance sheet and cash flow generation will allow it to continue playing offense while other tech companies cannot. As a reminder, CrowdStrike has made no changes to this year’s hiring plans and just finished adding a record number of new employees last quarter.
Leadership is encouraging existing and new employees to come back to the office to work as needed but is not mandating it. The company had been a predominately work-from-home entity prior to the pandemic so it was well-equipped to maintain that paradigm if need be.
“Zooms are great for PowerPoint. It’s a little different when you need to collaborate and whiteboard. It becomes more difficult on those technologies. There’s nothing like being in a room together to hash out direction and vision.” — CFO Burt Podbere
On competition and pricing:
Podbere told us how his job title involves every single deal (largest to smallest) passing through his desk for product and pricing approval. This past quarter, he saw zero evidence of deal velocity slowing, competition taking share, or needing to discount more heavily. So far, it’s business as usual.
CrowdStrike’s 18,000 customers are about 5% of what Symantec had just for its legacy anti-virus offering (which Falcon replaces) when it sold. He sees the opportunity to take share as still “early innings” with the best days for the company “ahead of it.”
“The pricing narrative has been concocted by our competition. The reality is that we sell on value. At the end of the day, we’re out there trying to reduce total cost of ownership… by collecting data once and reusing it many times. By doing that, we’re able to enjoy the margins that we see.” — CFO Burt Podbere
“When we go out and compete against -- you’ve mentioned SentinelOne several times -- we win and we’ve been winning for quite some time... We feel like we’re in the most favorable competitive environment we’ve ever been in." — CFO Burt Podbere
On why CrowdStrike’s success has been so sustainable:
"George Kurtz founded this in 2011 when he was competing with Cylance and Carbon Black and there were investors who weren’t sure which would win. We took the patient approach. We weren’t going to build a slightly better mousetrap and put a huge marketing program around it and hope for sustainability. We collected data and used it to create different solutions that could help see things others couldn't." — CFO Burt Podbere
Podbere told us about the business value assessments it runs for each new Falcon customer to calculate savings from using CrowdStrike. Among 3,000 case studies, CrowdStrike has delivered an average 150% ROI in the first 12 months for investors. CrowdStrike can come in and on-board its entire product suite while facilitating the rip and replace of legacy agents with minimal downtime. This is how it gets away with charging more for its services than others do. Pricing power comes from value creation and CrowdStrike’s is immense and concrete.
He was asked about research reports from vendors like MITRE that seem to show SentinelOne being better at threat protection than CrowdStrike (most reports place CrowdStrike first, but some don’t). He explained that as competition “paying to play” for better scores which “CrowdStrike doesn’t need to do to stand out.”
On go-to-market:
“There’s no other company today that’s in security with an e-commerce engine flighted in a way supporting touch-less on-boarding with the sales team. We’ve been working on that for years to reduce friction.” — CFO Burt Podbere
Things like raising the free trial program from 4 to 12 modules, using free trial data to target other relevant product offers to customers and broad channel partner strength were all credited for CrowdStrike’s diminishing buyer friction.
On Falcon Complete (the turn-key service):
“There are competitors announcing a service that looks and smells like Falcon Complete, but it’s not. Most just offer a breach to-do-list. We remediate on your behalf in a largely automated way thanks to Falcon Fusion (which helps automate and augment organizational workflows)… We’re not just telling you there’s a problem, we’re telling you we fixed it. Nobody else is doing that.” — CFO Burt Podbere
b) Founder/CEO George Kurtz Interviews with Bank of America
On why the market has 5Xed since its IPO:
“It’s driven by our customers. They ask us to use data to create a workflow addressing a different use case. So we do. That’s the beauty of having a security platform. When we expand into another adjacency, we don’t have to build yet another product, we already have most of the apparatus built and we just build a new workflow.” — Founder/CEO George Kurtz
On Zero Trust and Identity:
Kurtz was again careful to explain that CrowdStrike is not attempting to be the identity access broker. That’s Ping’s and Okta’s job which are both close CrowdStrike partners.
CrowdStrike is instead shaping its Zero Trust identity product around its bread and butter endpoint/workload niche to prevent lateral movement. This means, if a hacker breaches an especially vulnerable piece of an organizational environment with a phishing campaign to gain credentials, they can’t just freely move throughout the system going forward. The issue with this type of breach is that it doesn't require malware -- the hacker got the needed log-in info separately. So CrowdStrike builds profiles of each authorized employee/login to flag behavior when it differs from norms. When this happens, it sends the alert (called a trust score) to Okta or Ping to re-require multi-factor authorization.
“I think identity is our new Endpoint Detection and Response (EDR)... it’s early but we see a lot of similarities with not much competition in this area… Every EDR customer should have it and we’re killing it there.” — Founder/CEO George Kurtz
Considering how monumentally successful EDR has been for CrowdStrike, this perked my ears up in a hurry.
On if competition is leading to any pricing pressure in the endpoint markets:
His short answer -- like Podbere’s -- was no. The longer answer:
“Think about since 2017 and the M&A activity: McAfee sold, Symantec sold, Carbon Black sold, Endgame sold and Cylance sold. There’s a reason why you’ve seen that turnover and it’s in part the success of the technology we’ve built. Most of the other players still continue to only focus on prevention and malware detection. If prevention-only and automated migration with no human intervention was the solution, Cylance wouldn’t be called BlackBerry today.” — Founder/CEO George Kurtz
On CrowdStrike vs. SentinelOne:
“As they say imitation is the sincerest form of flattery. You can’t just paint something purple from red and call it good. As I’ve said before, there’s a difference between a Fiero and Ferrari. They kind of look the same, but there is a big difference. There’s so many architectural differences in our tech that allow us to operate with scale. We replace others because they can’t even get more than 5,000 servers up and running. We come in and replace them time and time again because we can operationalize our technology.” — Founder/CEO George Kurtz
“We build in real time, not batch mode (requiring manual authorization). We stream to the cloud with smart filtering and a single data source powering all of these modules which is something that hasn’t been replicated. You asked about SentinelOne. That’s an anti-virus product that was on-premise and then they bolted a bunch of stuff on. It was never born in the cloud… things all sound the same because people copy what we put out there. But when you get into production, there’s a big outcome difference." — Founder/CEO George Kurtz
Final notes from Podbere and Kurtz:
- Podbere wants R&D as a percent of revenue to rise.
- The guidance offered is “prudent.” The company “doesn’t guide to running the table.”
- Leadership cited IoT & medical devices as a new endpoint vector to find more growth.
- Macro pain could actually accelerate CrowdStrike adoption as spend here is not discretionary and its agent consolidation lowers total cost of ownership for its clients. Everyone looking to do more with less (so everyone) can do so with CrowdStrike.
c) RSA Conference 2022 Highlights
Humio for Falcon:
CrowdStrike debuted Humio for Falcon this past week. Humio -- its log management platform -- has been able to deliver multiple seven-figure deal wins since the acquisition last year. Furthermore, it has allowed CrowdStrike to significantly augment its 3rd party data ingestion capabilities to build a more effective Extended Detection and Response (XDR) module on top of its EDR base. As XDR is simply an extension of EDR with more 3rd party data usage, a strong EDR core is a key pre-requisite, which CrowdStrike features.
This week, CrowdStrike announced that it's now offering Humio’s observability as a fully integrated module in the Falcon Platform.
With this new release, Humio will help Falcon’s telemetry (means automated communication across software ecosystems) and data retention capabilities extend to at least a full year. Cybersecurity and observability often go hand in hand -- a full view of your data and any misconfigurations or unwanted authorizations makes keeping a secure tech stack more seamless. Humio helps to uncover those weak spots and the combination of these assets create a tasty, peanut butter and jelly-type offering.
According to the company’s CTO -- Michael Sentonas -- the vast data ingestion needs of threat hunters and incident responders force specialists to trade-off between needed data consumption and storage capacity. Humio eliminates this sacrifice in a cost-effective way. For firms like Tuesday Morning, this combination of Humio and CrowdStrike generated net savings of $150,000 in just 12 months alone.
The Asset Graph -- “Path to Proactive Security Posture Management:”
Cloud evolution over the last decade has quadrupled the range of assets a company has to control and protect. This new Asset Graph allows CrowdStrike to take posture management (vulnerability, identity and permission management) to the next level by offering a centralized dashboard that automates and contextualizes the tracking of changes to configurations within an ecosystem. It calls this process of merging and infusing disparate asset data sources “Asset Resolution.” Just like CrowdStrike can consolidate agents to lower cost elsewhere, it can unite asset contextualization to drive operational efficiency here as well. The graph offers simple visualizations data these interactions to expedite and ease the task completion resulting from it. ServiceNow was announced as a 3rd party data integration partner for this new tool.
This is the 3rd visualization graph emanating from the Falcon Platform:
- Threat Graph -- tracks 1 trillion events per day to prevent, identify and address threats. This is the brain of CrowdStrike
- Intel Graph -- offers real-time trends in attack techniques being used to keep enterprises one step ahead of hackers.
- And now the Asset Graph.
CrowdStrike’s unique ability to collect data once and use it several times for countless use cases continues to play out in real time. This is why the company’s growth has been so stubbornly strong and why its margins are also excellent. It’s wonderful to be a platform and not merely a product that can pop in and out of vogue. As part of the Asset Graph launch, CrowdStrike integrated the capabilities into its Falcon Discovery module with a re-vamped, granular user experience.
2. SoFi Technologies (SOFI) -- CFO Interview with Piper Sandler, a Reverse Split, Insider Buying & Technisys
a) Lapointe Interview
On drivers of the 2nd half of 2022 EBITDA ramp:
- Rapid loan and technology segment growth which comes with better margins than its financial services.
- Financial services working towards breakeven contribution margin.
- The bank charter and its 1.5% cost of capital savings impact kicking in.
On Credit:
SoFi has seen no negative impact to its “gain on sale” margin from holding its loans for a longer period of time. It’s getting the added net interest income AND the same gain on sale profit. This is a product of SoFi’s high quality loan book that continues to set new delinquency rate lows for the company amid worsening macro.
Of the $1.7 trillion in outstanding student loan debt, SoFi believes that “hundreds of billions” are priced “far north” of what rate SoFi can refi for. There’s a lot of pent-up demand whenever the loan moratorium is resolved. SoFi is seeing zero evidence of any softening of the economic health of its customer as it caters to a more affluent and macro-economically resilient client.
On Deposits:
Lapointe updated SoFi Bank’s deposits for us during the call. SoFi is now up to $2.2 billion in deposits vs. $1.5 billion a few weeks ago. This figure is now growing “north of $100 million per week” vs. "$100 million per week" as of May.
SoFi’s 1.25% savings APY was credited for this. Others have somewhat similar rates, but those all come with deposit maximums (where the rate falls thereafter) that SoFi’s rate offer doesn’t include.
On Costs:
- SoFi expects stock-based comp to fall from 33% of sales well into the single digits over the coming years as going public awards roll-off.
- SoFi sees Galileo’s contribution margin at maturity near 40%. Today, it’s spending heavily on it and running it at a 20-30% contribution margin.
“We’ve never been in a better position to navigate what appears to be a tough macroeconomic cycle.” — CFO Chris Lapointe
b) Reserve Split and Insider Buying
A shocking amount of attention has been paid on Twitter lately to SoFi voting to authorize its board to conduct a reverse share split. While reverse splits are generally met with a negative share price reaction, that’s also generally because the company splitting is fundamentally weak. SoFi is not. Its growth remains brisk, its margins continue to quickly expand and its product suite has offered it key insulation from macro-pain. The company is merely doing this to ensure it avoids a forced liquidation event for some institutional holders if its stock dips into penny stock territory: It's a product of historic market turbulence. As long as the company continues to perform, I don’t care about this.
CEO Anthony Noto added $800,000 in new equity to his ownership pile through multiple open market purchases during the week. He’s been buying consistently for over a year.
c) Technisys
Brazil’s prominent Banese Group (one of 5 public banks in the country) is debuting "Desty" -- a new digital bank -- in that market. Technisys is providing the multi-product banking core software to make this a reality. Another key client for Technisys in South America.
Commonstock is a friendly community of passionate investors who believe that transparency can elevate discussion and performance. This platform strikes the perfect balance between collaborative debate and uplifting camaraderie. I like to think of it as a more focused, verifiable, productive and kind version of FinTwit -- without all of the noise.
There's a reason why I have linked my portfolio to the service, am a daily active user and have made it the only place to see my daily transactions.