CrowdStrike Holdings, Inc. (CRWD) Citi’s 2024 Global TMT Conference (Transcript)

CrowdStrike Holdings, Inc. (NASDAQ:CRWD) Citi’s 2024 Global TMT Conference September 4, 2024 12:30 PM ET

Company Participants

Burt Podbere – CFO

Conference Call Participants

Fatima Boolani – Citigroup

Fatima Boolani

I’m Fatima Boolani. I jointly run the software research team here, and I have the absolute pleasure of hosting Burt Podbere, the CFO of CrowdStrike. Burt, you are the prettiest girl at this dance so I’m going to say it out.

And look, I want to start the conversation off — from the standpoint of the incident, right? It’s been 2 months, nearly 2 months since the outage happened. Want to get your perspective and a sense from you on what the most consistent feedback that you’ve received from your customers and the partner community. And how is a lot of this feedback now being incorporated in the way you’re running the business, investing in R&D, and then ultimately, economically engaging with customers and partners?

A – Burt Podbere

So first, Fatima, it’s great to be here. Thanks for hosting CrowdStrike. So yes, let’s dive in a little bit about the incident. So for us, obviously coming out of it early, right, everybody is hot. Everybody is upset. And we did, I think, the best we could in terms of coming out and being transparent about it, taking ownership. And I think that went a long way with respect to customers, certainly in the long term. Obviously, in the short term, people were upset and the full focus was, of course, getting people up and running.

And that’s exactly how it kind of went down. So the incident happens, we mobilized immediately. I think we took great strides in getting people up and running effectively, efficiently. And we took ownership. We went on TV straight away and kind of explaining what happened. And so customer feedback from that. So earlier days are a little different than today. Earlier days, the customer feedback was get us up and running, and some people were really hot when they came out and said, we want — you need to do this for us and you need to do that for us.

But once a couple of days went by, 2, 3 days went by, most — everybody kind of saw the stats in terms of how many of the machines are back up and running. The conversation changed a little bit. And the customers that I talked to and my team, the first thing out of the mouths of some of those folks who had seen George, our CEO on TV, was how’s George doing? How are you folks doing? I know that the customers would say, “Hey, look, we saw the response. Thank you for the response.”

Just what happened from your lips, how it happened, what are you doing about it? That was the first response early days. And we came out, we told everybody about what had happened. And for this group just really quickly, we have 3 parts of our technology. We’ve got the software, which is the agent. We’ve got content and we’ve got cloud.

So this was absolutely on the content side. It was absolutely a configuration change, not a code change. Configuration is just another word for a policy change. And so what happened was there was a validation of all the policy changes in 21. There were 21 of those and each one of them was validated for logic and everything else, and they all passed individually.

However, when the 21 were sent to the agent, the agent was only expecting 20 and so it didn’t know how to handle the 21st and that’s what brought the blue screens. So what are you doing about it was the next thing out of their mouths. And so we were obviously very concerned about getting the right information out initially. So we put out a preliminary report and described kind of, at the time, what I just talked to you all about. And that came out within the first couple of days.

And then a lot of people were waiting for the RCA, the Root Cause Analysis, which would describe in more detail what had happened and also what are we doing about it. So it all what was in the RCA was the following. We said, look, we’ve got this arduous process that we put our software changes through.

And it’s different than the config changes in terms of the quality and what we do in terms of the thing. And what we did is we took all those processes and controls that we do with our software and basically did the same thing and married it for the config changes, which includes giving more control to customers in terms of when they should take the updates for config filed.

So once we got that out and once we went through kind of the additional processes and things — process changes and strengthening of all of those things surrounding any of our updates, then we were able to go into the next phase, which was the business discussion. And so the conversation then switched over to, “Okay. We were impacted. How are you going to help us out,” right?

And so we’ve been on this journey. We talked a little bit about earnings, if you heard the earnings call, about something we call a customer commit package. We get it, you were impacted. We’re deeply sorry for it. We’re doing — we tried to get the focus as the whole company, mobilize the whole company, get people up and running. Now let’s take care of you in the best way we know how.

Question-and-Answer Session

Q – Fatima Boolani

And Burt, just to be clear, the customer commitment packages are specifically designed for your heaviest impacted customers, right? This isn’t free-for-all for the entire installed base, right? Because I think there’s varying degrees of understanding around that.

Burt Podbere

Yes. I mean, there is. We would — what we’ve done proactively is try to reach out to every single customer. And so how did we do that? We engaged our partner community to help us and to basically take the temperature, take the temperature of our customers, how they’re impacted, what was the depth of their impact. And then from there is the starting point in terms of where we would go with the customer commitment package.

There were some folks that weren’t impacted. There were some folks that were impacted and they were up in an hour. Some people were impacted and they were up in even less than that, and they didn’t even know that they were remediated, knowing we had awesome automation that went through it.

And there were some people obviously that it took longer to get them up and running. And so we would just listen to the customers, and the customer commitment package is potentially for everybody but it’s in terms of how we impact and the assessment of the temperature of the customer and the size of customer and all those things.

It’s not one-size-fits-all. But it’s there as a tool for the sales team to start the dialogue. And that’s what we’re trying to achieve today is start a dialogue, right? Let’s move it away from all the heated discussions that we had in the first couple of weeks and move it into a business discussion as opposed to legal and everything else.

And so the discussions now are all about, if we’re talking to customers, it’s all about, again, hey, we saw what you did and we saw the response that you’ve had. So we’re going to give you some kudos for that. We were still impacted. We were still hurt. Now let’s have a business discussion.

Fatima Boolani

I want to come back to the customer commitment packages because it is very much a multidimensional, not bespoke per se, but there’s a framework involved here, right, with a number of different factors. So I want to come back to that. But before I do, going back to the quarter’s performance, I mean, incident happened July 19. You closed the quarter on July 31. You still put up 11% growth on net new ARR.

So can you give us kind of the postmortem of what actually happened over the course of the last 2 weeks insofar as you were still able to execute and transact on a normal course of business, almost business as usual, right? And I think you made some quantification around some hiccups that would obviously be natural. But I want to go back to that point because notwithstanding all of this, you still — net ARR went up 11%.

Burt Podbere

Yes, and it would have been a lot more than that. We gave out a number of $60 million of deals that we had targeted to close in the quarter that got delayed for future quarters. And so it would have been — the number that we would have posted would have been beyond what we had disclosed at the end of the quarter, right? So the other day, some deals closed post the incident. Some big deals closed post the incident.

We had a 9-figure total contract value deal that closed. And they wanted to go all in on CrowdStrike. Best tech, put their needs. We also had an 8-figure deal that closed that also wanted to do the exact same thing. We had another 8-figure deal that had 2 different SIEM products and we placed it with ISO. And so we came in and we were able to serve that customer. So there were big customers that we’re able to close post the July 19 incident.

Having said that, there were a bunch that paused, right? Probably that $60 million that were paused that said, hey, we just want to see where we are and how the dust settles, right? We want to wait and see and we disclosed that. Having said that, the discussions that took place post, we’re always focused on customers up and running, first and foremost. And then second, how we’re going to manage going forward.

And so for us, the post has been a journey, right, what I described earlier. Getting the RCA out was pretty big. And then the good news here is everything that we promised that we would do with the RCA, we did. And so when we talk about the RCA with our customers, we go and show them exactly what we did and how we did it.

And so that’s a big piece of that next step of the discussion is like, okay, what are you going to do for us? How are you going to take care of us? So that’s where this customer commitment package came in, and those can come in the form of more products, right?

We’ll give you some more products for free. Try them for the length of your contract or for a year. It depends, very bespoke, as you said. It could be anything from training. It could be anything to, come into our Fal.Con, or it could be anything, it could be more time on your contract. So there’s a whole variety of things, including, by the way, flexible payment terms, right? Our business model has always been pay us up and then we’ll turn on the service.

Now it could be, well, maybe pay in 6 months or something of that nature. We all look the customer what matters to them. And by the way, not every customer has the same needs. That truly has come through in this process. So that’s, that next phase. We’re there now. We’re touching a lot of customers. People asked us at the IPO, which was in 2019, okay, you had the IPO. What next? And for us, it was, okay, let’s go touch 100 customers 100 days, right? We had it all planned out.

This time, it’s more like let’s touch 100 customers in 2 days, right? And it really exaggerate how we’re managing our customer base. And we’re — we want to make sure that our customers stay with us. We want to do right by them. We want to do all the right things but then take care of them. By the way, for a new customer, for prospects too, we’re going to best go after our prospects. The message we want to get across to all of our customers and prospects is, now is the time to deal with CrowdStrike, right? We’ve announced all these publicly, these customer commitment packages.

Now is a great time to do a deal with us, whether you’re an existing or new. And no, it’s not business as usual because we’re doing things a little differently. But we want to — we’re in the business of protecting even we’re going to do our best to kind of make you come on board or stay with us, if that’s the case.

Fatima Boolani

Both the anecdotes around the 7 to 9-figure expansions after the incident, I think, is a very remarkable set of outcomes for you, right? So after the customer had gone through their 5 stages of grief, right, what compelled them to say, “Okay, well, I’m not only going to come back, but I’m going to come back in a big way.”

Because I think some of the anecdotes you referenced were affected customers who still came back and still continue to expand. So what were some of the defining features of those conversations that were so powerful that they were able to simple-handedly overcompensate for the disruption in their business?

Burt Podbere

Yes. So there’s multiple phases to answer that question. First, I’ll start with, okay, what’s compelling them to stay with us, right? One, they saw our response, right? They saw a company that reached out to its customers, didn’t try to hide anywhere, came front and center. So there was an appreciation for that.

Two, our tech, right? We are who we are because we have tech that really works. And all of our customers that you guys know the numbers in terms of how many we have. That’s an example of, hey, people are using this thing and it works in the community small, 30-odd analysts who are out there testing us and comparing us to others, whether it’s Gartner or whether it’s MITRE or whether it’s Forrester, they’re all coming out and saying the same thing. This product really, really works.

And basically it’s second enough in its effectiveness and efficiency, its manageability and its scale, its ability to scale. Those are the 3 things that — and vision. Those are the 3 or 4 things that the analysts look at. And then we look at, okay, well, what’s really the alternative, pick this thing off? Yes, you can press the uninstall button and we’re able to deploy in seconds. Part of the reason we were really successful. We can actually uninstall in seconds. It’s really involved in that.

So by just pressing that button, sure, you can just go at this and you can uninstall it. However, all of our customers, they have CrowdStrike as a center of their foundation of their security stack. There’s processes that are tied into our technology. There’s people that have been trained on our technology. They know how to use it, read it, make it efficient, make it effective. To uninstall all of that, there’s a cost. And a lot of companies don’t want to go through that cost.

And then there’s, okay, well, what do we do? A lot of our customers, we gave it a stat at the earnings call. For customers that had over $100,000 in ARR, 48% of those customers have 8 or more modules. So what does that mean? If I take out CrowdStrike, I likely have to put on 3 more, right? And nobody wants more agents. And why is that? Why does more technology, why is that not necessarily a good thing?

Well, if you have 3 agents, you, you, and you, I can already see a gap between the 2 [indiscernible], right? So if I have 2 technologies trying to talk to each other, I got to flip. That’s where the adversaries go right there. And so that’s where they’re going to try and exploit you. So the more of those gap you have, the more risk you have in your business to be breached. Whereas us, we’re all integrated everything we have. So to go and uninstall us and then add a whole bunch of new different technologies, that could be problematic in terms of stopping a breach.

So for us, that’s part of the reason we’ve been as successful as we’ve been. So the idea to go and reverse — taking off what we’ve already done in terms of consolidation, it’s not so appealing. So all those reasons make it really tough to change or swap off of CrowdStrike. And we did disclose our gross retention rate, 98% at the end of Q2. And we also disclosed that the retention in the — at the time, 5 weeks post the incident, our gross retention rate actually went modestly up year-over-year.

And it’s because people want to stay with us. They want to do more with us. Look, what hasn’t changed in the customer’s mind pre and post? So pre the incident, all customers, they wanted to spend less and get more. That has not changed post the incident. They want to spend less and get more. Now they can get even more with us, right? And so that’s even more appealing. You’re getting more value. So yes, the incident was bad, and we’ve done what we can to make amends and we’re continuously doing that, on the one hand.

On the other hand, in terms of stopping breaches, we are who we are, and we’ve been successful for a reason. Let’s more with you. And by the way, we know you went through this incident. We know you went through this remediation. We know you hired a bunch of consultants to come out and look at all your processes and come out with a stronger, more resilient platform. And ultimately, you’re going to come out with — we’re going to come out with a binder of 800 pages. Here are the things that we’ve done.

Well, okay, if they’re going to have that conversation with us, they’re probably going to have that same conversation with our competitors, right? So for us, we want to come out as a more resilient company in terms of availability and uptime and in terms of not blue screening. And then as well, still continue to enhance and invest more in our R&D to continue to do the things that we’re known for. And that’s our path.

Fatima Boolani

But going back to the Customer Commitment Packages, the CCP, we did talk about it’s bespoke so there’s a framework in terms of a menu on more modules, flexible payment terms. Now the optionality is great for customers, but as an organization, your go-to-market organization, how are you giving these options but making sure they’re within the bounds of a framework so that not every conversation becomes a snowflake conversation that every conversation is different?

And the spirit of the question here is if a salesperson’s spending most of their time mollifying a customer, talking about the options and what the CCP parameters are going to be for them, that’s frankly less time that they’re using to build pipe, right? So how are you putting some guardrails around that, that these CCP conversations don’t actually suck up the sales resource time and doing more valuable things like generating pipe and new business?

Burt Podbere

I’ll separate the 2 with respect to generating pipe and how we’re delivering this thing and how does it make it work and win-win for us and the customers. So first on the pipe, we have a whole other organization that’s pipe-gen, right? We have demand gen in terms of what we have sales development reps. They’re prospecting, they’re doing outbound prospecting. They’re even working with even existing customers. There’s a group that works internally that works with our existing customers to find out what they want to — what they want to use with us.

So the prospecting is on 1 side of the house. And I did talk a little bit about that, that we did pause it for about a few weeks after the incident. Just [indiscernible] let’s sell it low, right? So that kind of made sense. But now we’re back to pre-incident levels with respect to outbound prospecting. And now back to the ramp in terms of how that discussion there was and how do you have guardrails in terms of what we’re doing.

So about a year ago, at Fal.Con of last year, we announced something called our Flex program. And Falcon Flex is an elegant way to go to market, really, really elegant and well, what is it? Well, think of Amazon and think of giving a commit and then being able to draw down on that commit like cafeteria-style. So they’re able to — the elegance in something like that is that the customers get to pick and choose what they want to use when they want to use it, right?

And so if a customer is in mid-cycle with another vendor for one of the things that they want to use with us, okay, they can turn us on at the end of that term if they’re 6 months left. And they only — on internally, it only hits their budget for 6 months as opposed to a full year. So they have a lot of flexibility to kind of work around their own budgets. That’s number one.

Number two is, once you enter a Flex contract, you don’t have to renegotiate when you want to use something else from our technology stack, right, which saves time, money, effort, all that kind of thing that has so much friction in this than the normal sales cycle. So it’s a beautiful elegant way to avoid that fraction.

And third, we are going to our customers and telling them, you don’t have to have an annual minimum, right? In year 1, if it’s 3 [indiscernible] you don’t have to spend $1 million in year 1. You can spend $500,000. You have no annual requirements, which means that you have flexibility in terms of when you want to use stuff. If you’re a back-end loaded or you have a customer has, well, I want to do this deployment, I don’t want all my machines but I want it on some of my machines and then more later, this is a beautiful and elegant solution for you.

And for us, we love it because we’re getting the commitment longer. We’re being more deeper with our customers. That’s the delivery tool of choice for us to do the CCP, the customer commitment package. And think about why. What we want to do is we want to see our customer base and new customers with more problems, right? We want to see them to do that. And the easy way to do it is a Flex licensing agreement where we got to price list for each of the products. And 2 of them, because we’re in negotiations, one of them might have a zero net to it for a year.

So I’ve got this bond within the Flex. I got these 5 products that I let’s say I’m an existing customer and I’m already using them. And then I can add 1 more for free, [indiscernible]. Well, a year from now, at the term of the contract [indiscernible] there will be some other number. And the customer knows that you’re getting it for a year free, it’s a 0 value.

Fatima Boolani

Limited time only?

Burt Podbere

Limited time only. Strike now. And then there’s a built-in upsell. So that’s why I went out and said on our earnings call that we anticipate acceleration in the back half of next year when some of these things come home to roost, right? And so what we’re doing is seeding the market with more of our product, more of our platform, having deeper relationships with our customers and being more involved in the customer’s journey.

And that’s our whole premise, be a longer-term customer that’s commit to more, use more of our stuff and then benefit from it with respect to this Flex contract. So that’s how I would separate the 2 in terms of how we think about it.

Fatima Boolani

From a revenue guidance perspective, pre-outage to now, there has been a 100 — roughly $110 million revision to the top line. You specifically explicitly quantified $60 million of that tied to the CCP, with the balance being kind of the amalgam of sales cycle elongation and more scrutiny. I’d love for you to go in a little bit more detail on that but specifically on the CCP side because we talked about kind of the different dimensions a customer can elect an CCP.

Can you give us a sense of what that — the part of that $60 million where it’s coming from? Is it straight-up hard discounts? Is it foregone revenue for incremental modules that are being taken on? Help us frame that because I think you’ve talked very explicitly on the revenue degradation mechanics, but if you can add some more specificity on that $60 million and what’s actually moving the needle.

Burt Podbere

Yes. So to talk about the $100 million in the back half in terms of taking on the revenue guide. Let’s talk about the $60 million. It’s $60 million for the commitment packages, both on revenue and ARR. So just on the revenue, I’ll touch on it for a second, and then we’ll move to ARR.

So on the revenue side, you have the $60 million. It’s directly related to the CCP, to the commitment package. And that’s specific to our subscription products. There’s still — I did talk about high single-digits impact on our services because there’s going to be impact. So you’ve got, let’s call it $70 million of the $100 million. And then the $30 million is going to be based on what you just described, the longer sales cycles, more scrutiny. We the prospecting and just the muted upsell values. I mean, those are the biggies, right?

On the ARR side, again, I tried to quantify it to the extent I can. I don’t have the visibility that I had before the incident because we’re doing all these new programs and I just don’t know enough. But I estimated based on the number of customers I have, we try to generate how much each customer — an average value type of thing.

And it’s going to impact ARR specifically is if we give it a more extended time. So if you’ve got a deal that’s $3 million over 3 years and you give a year for free, it’s going to be $750,000. It’s going to come down. So that’s specifically related to ARR in terms of how we thought about it, and we took a look at that.

We got a lot of customers. And it’s not only the ones that are up for renewal. So I tried to have enough in there and be prudent about it in terms of taking into account that some of our customers are going to come to with us before their renewal date and say, “Okay, we were impacted. Help me out, right?” So I’m trying to build that in as well.

So the [indiscernible] is going to be the extension of time, right? Obviously, if we give more product, that’s not going to impact the ARR. And that’s our preferred mechanism. So going back to your other question about guardrails. We’ve tried to prioritize with our sales team what we would like them to offer our customers first. And it’s with customers, we think we’re going to want which is more product, right?

We’re staying with you. We want to be with you. Time will tell. We’re still really early in terms of data that makes sense for me to share with everybody. We’ve tried to do, as you know, a good job in our disclosures and trying to give more than anybody else on the street. And I want to give more and I will give more once I know the data is not misleading, right? I want to get a good sense of where customers are going with the customer commitment package before I disclose it. Maybe I’ll have some more information at Fal.Con in a few weeks, maybe enough.

Fatima Boolani

You’ve got the sizzling teaser.

Burt Podbere

Yes, sizzling teaser, but no promises on that one, but other stuff there. We can talk to our customers this time. But potentially end of Q3 and certainly at the end of Q4 when we’re going to provide guidance for the following year and maybe we’ll have enough data points at that point to really give you an understanding of where our customers are going with these customer commitment packages, and quite frankly, how Flex is working.

I would like nothing more than for every single one of our customers to be on a Flex license. That would be

Fatima Boolani

Its proportion of the base.

Burt Podbere

That’s small. We only announced it last year, right? It took some time to get the sales rep up and running in terms of how to sell it and customers to get accustomed to it. We didn’t get it out once that — we said customers that have Flex, the total contract value of those customers is $700 million. So it’s a real number but not all of that is Flex. So we’re excited about the elegance of the license.

By the way, it’s what customers asked us for. Help us find a way to use more when we want it. And that was the genesis of where Flex came from. And we’re excited that we were able to provide something so elegant for them. And for us, it’s just, hey, let’s — the idea is even before the incident, hey can it to more? [Indiscernible] right? And that’s very appealing for our customers, even in today’s environment.

Fatima Boolani

But one of the questions I’ve been getting as well since the earnings call is okay, CCP is the right move. You’re doing right by the customer exactly on their terms. But is there a time bound on CCP, right? Are you — is this going to now perennially be part of the sales motion or is it going to just be an adjunct to Falcon Flex? And by the time we anniversary sometime next year, back to your commentary about, hey, you do see prospects for back half reacceleration in ARR and revenue growth.

How much of a time bound should we expect on CCP because I think some of the challenges and certainly the challenges you are having with respect to visibility on how the impact is going to be on financials because of the different variables and dimensions inside CCP, how should investors think about kind of the longevity on CCP?

And I’m asking you this because I think you’ve been very clear in the way you’re saying, “Hey, this is your opportunity to strike and be aggressive in the market is now. And CCP alongside Flex is a conduit for you to do that, right?” So it’s almost like, hey, are we now going to be in this open-ended time frame where you are going to be more aggressive in the marketplace?

Burt Podbere

It’s good question. So what I’ve talked about is and even the numbers is CCP is available for the back half of this year, right? And it’s accumulating data from there, right? I don’t know enough. And we’ve prided ourselves on our ability to give visibility and give disclosures, but no one really anticipated an outage that we went through. So we — I’ve lost a lot of that visibility. Right? We’re trying to do right by our customer.

I don’t have visibility in terms of the uptick. I don’t have visibility into what the package is, what part of the packages that customers want. So we’ve been going out and saying, “Look, now is your time to strike, right? Now closer — like any other else also do an entity closer to the sun, I call it. It’s very, very close to the sun. And as you move further and further away, it cools down and then reasonable discussions are taking place.

And so for us, it’s about getting through that first phase, which we have and then now going to the second and third phases, which is making it right by the customer and this full customer commitment with package with Flex is a really elegant way to do it. And it’s right now. I can’t really comment on the future. I don’t know what’s going to happen at the beginning of next year until we get there. And then we’ll have more data and more understanding and feedback from customers and then determine what we want to do at that time.

Fatima Boolani

Again, I know it’s early days, the market structure and behavior from your peers and competitors is also changing. How much of what you’re doing with CCP and even Falcon Flex and really doubling down on making this sort of the go-to-market message an offensive strategy? But in some ways, naturally defensive strategies because I think we’ve all heard some of your larger peers in the space talk about, hey, they’re ready to play ball, right, because there has been a shake-up right?

So from your perspective, is we can look at your margins, right? You did bring your margins down by a bigger factor than you took down revenue, right? So is there something to be said there about the fact that you are being more offensive but also defensive?

Burt Podbere

Yes. I think this is an opportunity for us with our competitors. There’s been a very wide variety of responses from some of our competitors. Some are jumping on it in a very awkward way and some are taking a different road and working with us, and it’s a bigger industry problem we’re solving. And jumping on it, all of them are being opportunity as I would.

Having said that, for us, being aggressive now is the right time, right? There are some of our competitors that have come out there and publicly said what they’re doing to seed the market and we’re doing it because we’re now — and so from — it’s interesting. Some of our competitors were already doing it years before, and we’ve been selling against in Verticom is free for a long time.

But they came out with new terminology right for the market to absorb to think it’s kind of new, and that’s good marketing, good for them. But now we’ve actually come out and said what we said with the CCP. And it’s real and it’s here it’s people to take advantage of. And so I think it’s a good combat at this point, apples-to-apples in terms of not only what’s actually happening but how it’s being perceived in the market.

So we’re excited for being able to go out there and do the things and having our deeper dialogue with customers and I don’t think the threat landscape changed. I think it’s still really, really bad and there’s all reasons why. But we think we have a competitive advantage on our technology, and you’ve all heard about that for years. And we’re going to continue to spend in R&D. So our margins are — we’re not cutting to save a penny on the stuff because that’s the blood line of our business, right?

Yes. And on margin, the other thing is on margin that we’re — that we know are kind of like some of the — there are additional things that I have to spend money on, right? There’s consultants and there’s that the other thing with the incident, and we know that there is cost to — and when we give away the products that we want to give away, there’s still cost to that, right? So that’s going to hit the bottom. And so we’re cognizant of that. I don’t have that whole crystal ball. I don’t have all the details.

So I tried to be prudent in our approach to give you guys an understanding of how we think of the top, how we think of the bottom. I know we didn’t talk a whole lot about cash. And the reason I didn’t talk a lot about free cash flow is because I have even less visibility with that, right? Yes, there are legal expenses internally, externally. And I just don’t know what it’s all going to shake out. Any time we have a potential legal discussion, we are doing our very best to move that from a legal discussion to a business discussion.

And as of this morning, to the best of my knowledge, we actually haven’t seen a lawsuit against us by a customer for the incident. So we don’t know how it’s all going to shake out. Everything we’re doing and trying to do is take the legal discussion away from our interaction with customers and move it to the business discussion with the CCP. And as time goes on, that does get easier because we’re moving further away from the sun, right? And that’s how we think about it.

Fatima Boolani

So as we work down the P&L, the capital efficiency of the business kind of speaks for itself, right? But clearly, you’re taking some deliberate measures from a customer retention, customer loyalty insuring standpoint. So when we think about the short-term impact and the medium-term impacts and the way you’re managing OpEx, right, you just alluded to some of that, right? There’s some consultant costs, legal costs, et cetera.

But over the medium term, as you put more resources behind shoring up bolstering the R&D organization, how does that maybe change the calculus in terms of what you’re thinking about the medium-term envelope and how that would impact unit economics, again, against the top line pressures? It’s self-inflicted, right? But how does that sort of move downstream? Because again, there’s a time-bound question here, right? We’re used to you producing a lot of profitability and margin expansion and free cash flow conversion. So how do you kind of navigate those turns?

Burt Podbere

Yes. I mean, the good news is we’ve built a really strong model with strong unit economics. And so we have some degree of opportunity to move those along the way we need to in the short term, and we’ve talked about that. In the midterm, and I’ll define midterm by anything what we are — not everything, but short term is anything under a year. Midterm is midterm, long term is long term.

But for the short term, we talked about all the dynamics. We’ve given some numbers. We’ll give more numbers at the end of Q4. Midterm, it really all goes back to the fact that we’re going to — we plan on reaccelerating the business in the back half of next year. And there are a lot of the good things happen with that, right? You get back to unit economics that drive margin to the way they would. So slow but surely building back to those measures.

Obviously, they’re going to be impacted by the based on the CCP going to impact everything. But we anticipate that if we do everything right by the customer in the short term, it’s going to pay dividends beyond what we expected, certainly in the long term. And then when you look at the long term in terms of our target models, the $10 billion that we’ve put out there, we kept up within the range at the end of 2031 or 2031, that’s when we’re going to achieve the $10 billion in ARR. We didn’t change that range.

And then we’re excited about that because I think if you would ask me July, quite — how do I think we’re going to come out of this thing. I probably wouldn’t have said we’ve come out stronger at that point. That’s today. Not only do I think that we’re going to come out stronger as a company, but we’re going to come out stronger in a quicker time.

So a lot has changed, obviously, since July 19. And there’ve been a lot of visibility and people are watching us and how we responded. And I think that we’ve, and as I said, at the bar. But more importantly, I think people are watching the customer interaction closely. You saw some of the results originally from Q2, as much information that made sense at the time. I’m looking forward to getting out more.

Fatima Boolani

We’re eager to hear it.

Burt Podbere

I’m eager to tell you, believe me. I just don’t want to give any misleading information. But we are very active with our customer base and new prospects.

Fatima Boolani

On the $10 billion, big, hairy, audacious goal, 5 to 7 years, you’re still in the band, but yes, let me ask you this question. What would need to happen for you to get hold to the 5-year time frame again? So eliminate that 2-year gap and get to the — in this in a good way, low end of the range.

Burt Podbere

Yes. I mean, I don’t have a crystal ball, but certainly, some of our newer technologies would accelerate faster than anticipated. There’s a whole bunch of things that can get us there. But look, I think similar to how we guide on a quarterly and a yearly basis in terms of our methodology and the prudence we take, it’s the same with the 10 year — I’m sorry, with the 5 to 7-year range that we gave out last year.

I really do believe that we have a company like this that’s just surfaced above everybody else in terms of what they — what we do. You have a moment, right, where you can take advantage of that. And that’s not lost on us. And yes, we had this incident and we’re trying to do our best in the CrowdStrike way to kind of make customers stay with us and more with us and all those good things.

But we also know the opportunity in terms of when we started the company is still there, right? There are still a lot of customers out there that don’t have CrowdStrike that are facing risks with respect to being breached. And so we have, I think, it’s still around 50% of legacy technology out there that we’ve all seen what’s happened when you have a legacy technology in terms of the news and what’s been breached. And we want to be there for them, right?

And so we’re trying to get back to normal in terms of prospecting everything else now. We still think we have this opportunity to go after and procure new business, new logos as well as all the things we talked about in terms of the CCP to give our current base excitement to continue with us, to stay with us.

And if you ask our customers today, you’re kind of — but there’s — if you want Fal.Con, ask customers, customers are looking at this thing and going, “Wow, the response you gave is even beyond what I expect. And some of my other service providers and software providers, I have a number and I don’t even get through that, right? And you guys, even before the incident, were really good about responding.” We’re not perfect by no means, but really, really heads and shoulders above some of the others, not necessarily just security but in software in general.

Fatima Boolani

On the $10 billion objective, about 1/4 of your business today is what I’d characterize as some of your emerging products, right? They were born in the last 3 to 5 years, if even, right? So very new vintage. So when you think about the $10 billion target, when you think about the monetization switches that are going to flip on after customers have had a taste of more modules under Falcon Flex, under CCP, and the expectation that you will be able to monetize this on the other side, not now, when you look at the $10 billion objective at fiscal ’31, where does that mix go?

And what do you think is going to be a star product? Because we know identity is really punching well above it with weight class right now, but in the future, again, if you had your druthers, what’s that going to look like in terms of the biggest driving force?

Burt Podbere

Yes. The great news for us is I think there’s a bunch of different acts that can get us there. People talk about second act, I think we had 5 different acts, right? Identity could be one of them, Next-Gen SIEM. Cloud could be really big, right? And I think that this is an emerging market, but that is going to be, I think, a real battleground, right? Because there’s no incumbent there, right? So there’s us and then a couple of others.

And so I think that those technologies and all the things we’ve done in cloud give us a real head start, right, in terms of going after that market, being both having an agent and agent list, and we’re the only technology security company that has both. And that really matters. So I think those — the emerging products can really do well. And we do it internally, too. We take a look at the When we came out with that $10 billion, we kind of broke it down between some of our earlier products versus some of the emerging versus some that we haven’t even come out with yet.

And some of those products in the emerging were done through M&A, right? And then they were able to scale really quickly, especially Identity I think took off really quickly. But we have other goodies in the bag to kind of tell and show the — show our customers what is coming out. And we listen. Then we’ve been successful as we listen to our customers and tell us, “Hey, you should have this.” And we’re going okay, to build that. And so we’ve been really, really good at in that. And look, we have 28 different modules today.

Fatima Boolani

It was 9 at IPO.

Burt Podbere

We’ve gone a long way. And the beauty, believe it or not, not only the technology is going to help us get us there, less. The fraction licensing, the go-to-market is just as important as the technology in this case. And the Flex licensing program can be a big accelerant in terms of how well it’s received by the customers. So that can be a big one, too.

So there’s a lot of different paths, x 2, 3 and 4 in terms of a product line. But in terms of even the go-to-market, the Flex program, I [indiscernible] if you’re familiar with our technology to our complete offering. So our complete offering is our managed service. And when it first came out, people were some hesitancy on whether this thing was going to take off, is it going to work. It’s been a big, big winner for us.

But it took some time to get there. I think Flex is going to be a similar thing. And I well, we already have a bunch of couple had. It’s still a very small base, but we have this opportunity to flow through the entire customer base. My goal is to have every customer on flex. It’s better for our customers, right? And then it’s good for us because we get this long-term commitment.

Fatima Boolani

Flex is the future.

Burt Podbere

Flex is the future. 100%.

Fatima Boolani

Thank you so much, Burt. Really appreciate your perspective. This is a fantastic conversation.

Burt Podbere

Thank you. Great to be here. Thanks, everybody.