Sameer (00:11):
Please give a warm welcome to Samir Gandhi and George Kurtz. Welcome everybody, and I'm very excited to be able to have George up here with me to talk to you all. Everybody knows that he's the founder and CEO of CrowdStrike and really a true pioneer in our cybersecurity industry, and I think just in our tech industry overall. He's been doing this for 30 plus years, although he doesn't look at as a technologist, entrepreneur, CEO operator, he's done it all. We first partnered with George in 2013 leading a financing round in the company, and subsequent to that, following George's vision, we led or co-led every following round all the way up to and including investing in the IPO, which has been a good thing for Xcel. So we're very thankful to George and more importantly, really just it's a tribute to the journey he's led us on since that time and then since the company went public. So today we all know CrowdStrike as a leader in AI native and cloud native security. It's something that when we talked about, when George and I talked about it in 2013, nobody was really believing that we were going to do AI and cloud, but today it is where we are and where you need to be. So with that, welcome George.
George (01:44):
I hope you're going to tell this story before we started, how we met the first meeting.
Sameer (01:48):
I probably should spend a second on you. Should I do that? I think you should. Yeah. Okay.
(01:52):
Well, let's put it this way. Sometimes when you venture capitalists meet entrepreneurs, the meeting doesn't always start on a note where you think it's going to end up in an investment. In fact, it could start poorly. Nate is somewhere in this audience and I believe he was there and he's going to remember it as well. So the quick story is that we hounded George incessantly to even meet with us. He finally agreed to do that. We flew down to Southern California where he was based, got there on time. George was not on time because he had an eye doctor's appointment. So he shows up 30 minutes late into the one hour meeting wearing these dark goggles after having his eyes dilated. So my first thought is
George (02:32):
I couldn't even see
Sameer (02:33):
This meeting is not going to go well. And we started off and we're feeling each other out and started talking about things and then the vision for what CrowdStrike was and where we thought cybersecurity at that time on the endpoint where it had to go, it meshed beautifully. And the one hour meeting was a couple hours long and George entertained us as investors after that very shortly thereafter. So that was our origin story. So I want to jump into this right away because we could talk a lot about cybersecurity, but I think the big topic today is it's not cyber necessarily, it's artificial intelligence, or as some people, public service might say a one, we'll call it a one, but for those of you who dunno what a one is, you get the steak sauce and you'll know
George (03:27):
You can't make this up.
Sameer (03:28):
You can't make this stuff up. Exactly. So for us in investing, AI is, it really is creating new frontiers everywhere and cybersecurity is one of the areas where it's having the most profound impact. And I wanted to start high level, George and just get your take on what that has meant for not only CrowdStrike, but really from the industry perspective when you think about what the opportunities are, but also what the transformation and risks are. And I do want to point out that we talked about AI before it was called ai. We might even go back to
George (04:00):
That. Yeah, we were talking about AI before it was fashionable, it was machine learning. Obviously at the time that was a big part of what CrowdStrike was focused on. The first thing we did was really collect data at scale. And then once you had the data, it really unlocked a lot of the other pieces that we wanted to do. And we didn't solve the malware problem first. We solved the data problem. But when we think about AI today as an investor or entrepreneurs in the audience, I mean it couldn't be more exciting really in terms of the opportunities that are in the market from an AI perspective or a one we're in the first inning. I think maybe we're getting out of the dugout putting the batting donut on, but it's still such kind of an early journey. I liken it back to when I first got into security in 1993, it was like you barely had websites.
(04:50):
And I still run into people who have a OL accounts and I make fun of them. They have these A OL email addresses, but it was just different. And you look back on those times, you're like, man, that was such a basic time and it was just so easy. And I think as cool as AI is today and what it can do, I think we're going to look back five, 10 years ago, man, that was the most basic of things. So great time to be an entrepreneur, great time to be an investor. And from a security perspective, it's a key element to what the adversaries are going to use and how the good guys can actually protect customers.
Sameer (05:24):
Yeah, man. I think you've coined a couple phrases. One that you used on Kramer that I really liked, the democratization of destruction, which I think you should get a trademark on that.
George (05:34):
There you go. It's
Sameer (05:35):
A very cool phrase. I'm going to use it in lots of different contexts. But what do you mean about that here specifically? Because I think that is in some ways where AI is taking us, right?
George (05:45):
So when we think about the adversary groups, and this is one of the things that we focused on at CrowdStrike, we just didn't look at the malware. We looked at who was creating this stuff and it was always humans behind it and who was doing it and what was the purpose. And if you understood how they were operating what they were doing, then you had a better chance of protecting against it. So we sort of have this pyramid, the adversary pyramid, which at the top of the pyramid is the nation state groups that have basically represent the smallest number but the highest level of sophistication. Then the middle tier is really your ECR actors and you've got lots of them, not quite as sophisticated, but still very sophisticated. And then the bottom is the hacktivist. That's just to catch all lots of folks that are out there that can maybe run a script.
(06:30):
So when we think about those particular groups, I think it's important to remember that these nation state actors, they come out with very sophisticated techniques, but at the end of the day, they tend to transcend down into the lower tiers. So if we think about something like GPS, right? We all have it on our phone, we use it every day. I mean starting in the government, but now we don't even think about it. So you take these very esoteric techniques and some get leaked out and others kind of just become public, but now you're bringing 'em down to the masses. So you have really, I would say the top of the pyramid, you have a sort of handful of people, not really, but in this scale of 8 billion people in the world, it's a handful that understand how all this stuff works and are very sophisticated, and now you make all of these techniques available to the unsophisticated, you're just going to clone more people and you're going to make it easier for them to create these attacks. So that's what I mean by democratization of destruction. You're going to have a lot more adversaries and it's going to be a lot quicker for them to actually create these attacks and unleash 'em on companies.
Sameer (07:37):
When I think about we had sophisticated tracking on couple hundred nation state, the sophisticated actors, and what you're saying is the 250 or whatever we tracked before we had great clever names for them, that's going to become orders of magnitude.
George (07:54):
That's going to be a lot more because anyone is going to be able to create these sort of attacks. I was in some other, we had an innovation summit today, ed k CrowdStrike, and we had a bunch of companies come up and there was one company that actually, one that was focused on this automated pen testing and they had all these AI agents that were doing the pen testing. Well, that's exactly what the bad guys are building. It's just on the other side of it. So that sort of technology is going to be just like ransomware as a service. You're going to have that as a service and pick and choose what you want, pick and choose the customers in terms of access brokers where you want to get access and then pay your fee or really split your revenue a rev share. It's a SaaS model. Of course, they want scalability and their model, and there you go. So lots of people and the sophistication, the bar is going to be a lot lower in terms of sophistication.
Sameer (08:48):
So then if you flip that around and think about what we're doing with AI and Charlotte comes to mind as one element, there's different elements. Maybe talk about if we have this world of the lower part of the pyramid now being enabled with sophisticated techniques, what are we doing on the other side to combat that? It's always the arms race, but we are trying to stay a step ahead every time.
George (09:12):
It's always the arms race. And for me, I always thought security is a data problem. So if you had the data, then you can solve many problems that were out there, what we're solving today with 29 module, we started with one, now we've got 29. Some things we never contemplated, but we knew if we had the data, we would figure it out. And the customers really guided us on that journey to understand what we should be solving. So if you subscribe to the fact that data can solve lots of security problems and train ai, that's a good example. But at the end of the day, I think data AI is going to be critical in this arms race in getting ahead of what the adversaries are trying to do, and it's always understanding what they're doing and leveraging the power of the crowd to create that community immunity.
Sameer (10:01):
And then the example of Charlotte This's just one manifestation of how we're doing it, but I think it's a great one to talk about where we're innovating on that. So
George (10:09):
Yeah, so from a Charlotte perspective, and Charlotte for this
Sameer (10:11):
Sake, Charlotte is character
George (10:13):
Also
(10:15):
Before Agentic ai, he even had a term, a term we were like, Hey, we don't want to create just a chat bot. We want to create something that actually does work on behalf of customers. So we created Charlotte ai, we wired it into all the different functions of the platform. And a big part, I think what's made us successful is sometimes it's better to be lucky than good, is we spent 10 years through something called Falcon Complete, which was our MDR technology and services that we developed. And we were able to train Charlotte on 10 years of threat hunting on 10 years of understanding what the adversaries are doing on 10 years of remediating something. And just by happenstance, we sort of had all this annotated. So when you think about training, it kind of get back to chat GPT, they had a bunch of humans sort of trying to train it and figure out what was good.
(11:05):
We just got lucky and we had all these things annotated as cases and we were able to put it through. And Charlotte became very smart very quickly. And the big thing though is that we figured out where to use it, how to use it, and what models made sense, bespoke models versus some of the frontier models. And we put all that together over the last couple of years and I mean still the early innings where we think it's really cool what it can do, but I think it's only beginning to show all the promise that it has.
Sameer (11:35):
I think of it almost as you sort democratizing the other side, you don't need our highly skilled, high paid individual to sort through things. Matt Charlotte can do it for you.
George (11:46):
Yeah, I mean you take four days. We had one customer that was telling me, I'll tell you the story. The CISO goes, Hey, I was asking my team for this sit rep, which is situational report, and normally it takes 'em four days and it came back in 24 hours and they wanted to impress me that they did it in 24 hours rather than four days. And he knew Charlotte was behind the scenes and he goes, why did it take 24 hours? He said, I know it only took you one hour with Charlotte, and they were actually sandbagging making it 24 hours, but we took something that literally took four days of tons of analyst work and just grunt work, and they wrapped it up in an hour with a bow, with their name on the report with all of their logos, everything. And that was what they were using for their ciso.
Sameer (12:31):
That's sort of the incredible power of where we're headed with some of these things. Shifting gears a little bit, one of the things, and people might have AI questions, well, we'll have some room for questions at the end. One of the things that you and I talked about from the very beginning, we started off as a single product company and in some sense we were best of breed on the endpoint, but we always in the background talk platform strategy. I think it's really interesting people for you to unpack how we think about best of breed versus platform and navigated that transition over the course of the company.
George (13:10):
So when you and I talked, it was always about how do you be the Salesforce of security? So it really was that sort of platform and there really was no platform company in security wasn't Palo, wasn't Checkpoint, Mackey, Symantec, all the folks that are out there. So that was a big part of the driver. Some of it we had to figure out along the way, but we thought if we got the data that was going to be the key. And in the early days of CrowdStrike, we had sort of one product where we packed everything together because when you go into a large bank, you're just trying to get the deal, throw it all in and get somebody to be a reference customer. And then over the years we were able to create these modules, which sort of became an industry standard now from what we did and unleash the power of the business model by creating modules with very high margin business behind them.
(13:58):
So I think a big part of what we were able to do was to basically take what Salesforce, Workday ServiceNow are doing and apply that to security. And at the end of the day, that's what customers want. There's no customer I've gone into that says, Hey, we want more complexity, more agents, more vendors, and we want to spend a whole heap of money and make it really a big pain in the ass. They're like, get rid of all the crap. Give me something that works. I only want to deal with a few vendors. And we had that sort of early vision, which I think has been a key part of our success. So now we have customers really making buying decisions based upon is it part of CrowdStrike Suite or does it a partner work with CrowdStrike? And is it all part of the whole ecosystem?
Sameer (14:41):
Yeah, it's a big transition that we saw from the customer side too, to simplify a bit of the vendor chaos. And I think one thing that you did really well was you did not do the marketing platform, right? It's technically a platform, meaning that you invested the time to actually build products natively. They all work together, they're seamless, it's all off the same dataset. Unlike there's ways to stitch things together and you can say you have it all, but you sort of did it the hard way.
George (15:10):
We did it the hard way. And I mean I never forget the early days. We had a guy that was employee zero and his name was got into college when he was 10. And then, yeah,
Sameer (15:22):
I remember him. He is definitely one of the,
George (15:24):
He's out there. He didn't go until he was 16. But anyway, so he was the chief architect and we were doing something and I was in the weeds with him. I'm like, why are you doing all of that? This is going to take forever. We've got to get to market like the go to market guy. I'm asking him all these questions and he's like, George. And I said to him, I said, Hyon, this is gold plated plumbing. Why do you need this? He goes, trust me. One day you're going to look back and you're going to say, now I know why we need gold plated plumbing. And that has really served us well because we didn't take the shortcuts and the scale that we operate and what we've done. Sure, we've evolved the product, but it is become a really scalable, scalable architecture as we've seen over the summer. It's pretty scalable. It works pretty quick. We didn't know how scalable it was, but
Sameer (16:19):
I wasn't even going to bring that up. That's
George (16:20):
Okay. That's okay. But yeah, it works well and some of the gold plated plumbing has really been a big key part of our success.
Sameer (16:29):
My tag onto that is we bought one of the companies that we bought with the really cool product in the identity space, and then I swear, have the same conversation you might've had with hi synth, which was when we going to launch the product and you're like, no, we're rewriting the whole thing. So it fits on the platform and it's native to CrowdStrike.
George (16:49):
We did that. Most companies that buy stuff, they're like, next day chuck it over the fence and go here, sell it. We bought a company in the identity space and we really didn't sell it for the better part of 20 months where we're like, Hey, that's really good. We need the people, but it's not going to work quite the way we want with the scale that we have. So we just rewrote the whole thing and it's become a huge business for us.
Sameer (17:12):
I'm going to shift gears again and go a little bit to thinking about leadership. And since you brought up last summer, I am going to bring it up. So you had to navigate a lot of twists and turns. Everybody thinks the company goes up and to the right, but it doesn't. Right? And obviously we've had our own fair share of crises. So what's a lesson in there that you learned when you think about how you deal with those kinds of situations? And obviously last summer we have so many customers and a lot of people rely on us, and so it took a certain type of leadership quality and philosophy to get through that. So I think that's a great lesson to share.
George (17:54):
Yeah, look, you never know when you're going to be in a situation like that. And I certainly don't wish that on anyone, but you got to learn from it. And I think a big part of what's made us successful is always keeping the north star in mind that the customer comes first and if you take care of the customer, the rest takes care of itself. So look, something like that happens. There's no hiding it. It's like we owned it, we figured out what it was, and we didn't just fix that particular, I mean there was a bug. We didn't just fix a bug and move on. We look at every process and it's sort of that Swiss cheese failure model. And the Swiss cheese failure model, if you're not familiar with it, is all these little controls have to go in such a way where you can actually see through the whole of a Swiss cheese. It's a lot to make it line up. So 10,000 times and 10 years, it all worked perfectly until it didn't. So we took a step back and I think to the heart of your question, I think any company of substance has had a blip. Microsoft, Facebook, Google, I mean go down the list. And the thing is you have to look at and go, well, how does it transform the company? So we really looked at every process. I mean
(19:09):
Everything that we did, how we touch customers, obviously all the tech and all the pieces that go there, but even how we communicate with customers, how we interact, how we think about everything start to finish. So I think it was really a defining moment for us that's going to make us certainly a better company. And I do think as painful as it is, we'll be able to look back five years from now as an industry and say, I wouldn't want to be in this position. Don't plan on being on it again. But we helped not only the companies, the country and the world become more resilient because everybody looked around, we were the good guys, we tend to know what we're doing. We made a mistake and we rolled it back. But at the end of the day, if it was the Chinese and they didn't roll it back, it would've been like a disaster.
(19:54):
So lots of companies had lots of takeaways, and I think we will look back at this and go, that was not a great time, but did we help people along to become more resilient? And oddly enough, coming out of that, I had customers come up to me and they thanked me and they're like, I'm like, dude, well you're thanking me. This is crazy. They go, no, we're thanking you. Because we went to the board and we said, we need to spend money on resilience and are all the things that we're doing. And they're like, yeah, we had a hiccup for two hours and it wasn't a huge deal. Obviously other companies had bigger issues that didn't invest. And he said, don't let it happen again. I go, no, it's not going to happen again. But what was important is he said it really helped him in his program. So there are some silver linings that come out of it. We became a stronger company out of it. And the reality is the customer intimacy we have now and the trust that we built up is incredible. And we have lots of customers for life, even though we made a mistake.
Sameer (20:54):
Well, and I think it'll go back as a case study at some point about owning it, being transparent and then putting whatever it took to get the customer up and running again. And it was an all hands on deck for the entire company
George (21:07):
And made it right. I mean financially for lots of customers.
Sameer (21:10):
And that too, it's kind of hard to look back and go when things work out. You're like, well, I wouldn't change anything. There's always something you think about and go, I learned some lessons along the way and maybe I would've done one thing different or this or that different. Do you ever think about that in the early days of CrowdStrike? Something you would've done differently?
George (21:31):
Yeah, I would've put a shit ton more of my own money in the company. Yeah, me too. Yeah,
Sameer (21:39):
You would've changed the valuation that I invested at.
George (21:41):
It's a good question. We always went back and forth in the valuation.
Sameer (21:44):
Yeah, we did.
George (21:45):
It was always fair. Fair though. It was fair. He was grumbly. I was grumbly. But we came out, it all worked out. I don't know, there's a whole bunch that I would actually change. I think we were in the right place at right time with the right team and we were crazy enough to think we can do it. And when we started it, I mean everybody thought we were like, these guys are nuts doing this from the cloud and that's risky and this is never going to work. And we're like, okay. We sort of have a saying inside as we tried to fail and we failed to fail, so we just were dumb enough. Another good one we're going to patent. Yeah, we were crazy enough to think it all worked out and we had really great design customers early on, which is super important for any company. And not a lot I would change, I got to say, I mean, didn't think it would be. I thought it would be big but not this
Sameer (22:40):
Big. I think the one thing that struck me, and there's different ways to think about it in today's day and age, but go back to 2013 when you said, we're going to do this from the cloud, and everybody's like, it'll never work and no one will buy it. And I remember how we would talk about being super disciplined about that and not being pulled to do some hybrid thing. Yeah, that's a good point. And we were like, we're just going to do cloud. We believe that's the future. And we turned away people, you went into customer meetings and they said, we'll never do it. And I remember you told me this one too, a big bank in Switzerland and you said, alright, well I'll be back in a few years and you'll buy it then. And they did. They did. It's a really great thing to be like if you have that conviction to be disciplined about it and not stray from the mission, because later on it's a mess
George (23:35):
As we know it's a total mess. I mean I really think that's a good point for maybe lots of folks in here is we never got sucked into the on-prem. Hey, we need this. Every big bank wanted on-prem, every big bank scalability, you've never seen a company this big. And it's like until we have a whole bunch of big companies, yeah, we have, you guys are not the biggest, we're beyond that. But I think a big part of the success is having the discipline actually to say no. And in today's world you have a little bit more flexibility. You can have cloud as a control plane and different containers if you have privacy issues. But back when we were doing this, a lot of these things we had to build, Amazon didn't have all these services, we built our own graph technology. It didn't exist the way we needed it. So I think it's really relevant point is you have to know when to say yes and when to say no and to try to get that big customer, you're like, oh, I got to land it if I get so-and-so. And then it becomes an albatross. It's a noose around your neck. So that's one thing I think we did pretty well.
Sameer (24:32):
I agree. The racing comment. I got to bring one last thing and then we'll take some questions. So I love how you've really made motorsports and racing kind of almost synonymous with the CrowdStrike brand. It's very tied with the brand and sometimes I think about what parallels do you see in high performance and motor sports and high performance in running a company? There's a lot of things to learn one way or the other. Maybe you can point out a couple.
George (25:05):
Well, I think a few, I dunno, how many people are motor sports fans in here? Obviously Netflix Drive, there's five. Lots of people popped out as Formula One fans, which I think is pretty cool. But it's not just the driver. I think the driver gets a lot of credit. I get a lot of credit, but it's really the team behind us. And I think you have to understand that it's a team sport in building a company. Obviously a team sport in security and the little details matter. So the difference between a successful team and an unsuccessful team are the little details. I mean you're talking about tens and hundreds of a second. It's certainly in Formula One, literally. I mean it's millions of dollars for a hundredth of a second. It's like crazy because a lot of the drivers are like robots. You meet these kids and if you've ever been to Formula One race, you see these skinny little kids that look like they're playing video games and they're like, that's a Formula one guy. And they're the nicest people until they put a helmet on. They're like, they're ready to kill you. So what I learned from that is don't race skinny little kids because they're going to beat you,
Sameer (26:13):
Especially ones that are 18 or 19 years
George (26:14):
Old, 18 or 19. But it's a little details. And I think in racing, when you look across 20 drivers, we'll take F1, these are the 20 best people in the world and there's a lot of drivers that are out there. So how did they get there? Well, there's a big story of how they got there, but who are the ones that, who are the ones always at the top of the grid? And those are the ones with the mental toughness to actually get to be a winner. There's a reason why Max is a winner, even though his cars have always been good now, not so good. But the guy will always be a winner just because of the way he thinks. And if you look at somebody like Lando Norris, he's a super talented guy, but does he have the mental toughness to always get it done when things count? So those are the kind of lessons I take from racing. It's the small details matter. You got to be across the details. Can't be management by just looking at a report. You got to be in the weeds of some of this stuff. And I think it served me well and I don't like to be BS on stuff, so I figured it out.
Sameer (27:18):
Well, I know that you're well into the details, having seen you do that for the last dozen or so years, kind of amazingly. So even on the size of the company today from when we started, which just to give people a sense of scale, it was, I think we rounded up to 1 million a r, if I'm not correct, Nate, round it up generously and you're over 4 billion today. But it is in the details.
George (27:45):
Yeah, it's all in the details.
Sameer (27:46):
Let's give these two guys a warm round of applause.
