252: Crowdstrike Q4, My Apple Order, Tyler, Amazon, Snowflake, Sony Gaming, Cloudflare, Logistics SNAFU, and Visa/Mastercard on Speed vs Fraud
"I ask to hold his hand so *I* don’t fall."
The world breaks everyone and afterward many are strong at the broken places.
A Farewell to Arms
💳 💸 I just ordered a new Mac Studio + Display (5k 27”).
I’ve been wanting to get on board the Apple Silicon/ARM train 🚅 for a while, but I prefer desktops with big screens to laptops, so I was waiting for the large iMac (Pro?).
It looks like the Studio has taken that spot in the lineup, and in fact, I prefer to have the display separate from the computer, since they don’t necessarily have to be upgraded on the same cadence.
I’m upgrading from a 2019 27” 5k iMac (6-core i5 @ 3ghz, 28GB RAM, 1TB SSD).
Normally I would’ve kept it many years longer because it’s still really fast for my needs and that P3 screen is beautiful, but the ARM transition is one of those rare discontinuities that a geek like me can’t resist, so I made an exception.
I tend to be frugal for most things, but I’m ready to pay up for the things that really make a difference in my quality-of-life — a kind of barbell approach.
Computers definitely fall into that category for me (and please, no religious wars about Windows vs Mac vs Linux — I’ve used all those platforms for many years each, they have their strengths and weaknesses… I just find that the Mac is the best platform for my needs).
This order was my first time ever using a BNPL service (Paybright, which is “by Affirm”).
I figured with 0% interest, I may as well pay over 12 months. Now I understand how they get you — not really any downsides as a customer.
👨👦 🧊 It’s a small thing, but when I’m walking outside with my 3-year-old and the ground is icy, instead of asking him to hold my hand so *he* doesn’t fall, I ask to hold his hand so *I* don’t fall.
If I do the former, he refuses, to show that he’s a big boy and independent.
If I do the latter, he accepts, to show that he’s a big boy and can help take care of me, making him really proud.
📲 📩 📭 If you’ve been trying the new Substack mobile app, know that if you turn on notifications, email delivery also turns off unless you uncheck that option.
I thought that wasn’t the right default, because many people may use the app as a secondary place to read and may not carefully read every setting screen and not understand why they aren’t getting emails anymore — they may miss time-sensitive newsletters they pay for, or may be searching for something through email archives months or years later and not find something because they never got the email, etc.
In other words, the failure modes of this being opt-out were more severe than the failure modes of it being opt-in.
The company had an open-thread Q&A with Substack engineers, product managers, and even the CEO answering questions, so I wrote about this here as well as on the Substack beta Slack channel and got feedback from the CEO and other Substack employees that they were debating all this internally. I’m sure many others sent this feedback too.
I don’t know what did it, but a few hours later this news came out:
I think it’s the right decision. Makes me more confident that Substack is well-aligned with readers and writers.
I write this to let you know that if you're using the mobile app and aren’t getting emails anymore, you can go in the settings and turn email delivery back on.
I’ve stayed anonymous since starting this blog, but I don’t see a reason for that anymore. My name is Maksym (Max) Sirous and until recently I was based in Kyiv, Ukraine, working at a local family office as an analyst. Since the war started, I moved my family (my wife and my 4 y/o son) to western Ukraine which is a safe place at the moment. Right now, Kyiv like a lot of other Ukrainian cities is being indiscriminately shelled by the Russian army. This has already resulted in countless casualties, destruction of infrastructure and humanitarian crisis in many regions of the country [...]
What I would ask you to do – please help refugees, those who have lost everything overnight and had to move to the west with their children just to survive. [...]
I have no plans for the future – the situation is changing too fast to make any plans. Will try to keep you posted on this situation.
💚 🥃 For the price of one alcoholic drink, you get 12 emails per month (plus 𝕤𝕡𝕖𝕔𝕚𝕒𝕝 𝕖𝕕𝕚𝕥𝕚𝕠𝕟𝕤) full of eclectic ideas and investing/tech analysis.
Thank you for your help supporting the serendipity engine.
We’ve recently dipped back below 5% of paid supporters, as new free subs have grown faster than supporters.
Liberty’s Highlights is reader-supported. To support my work, consider becoming a free or paid subscriber. 🛰
🧩 A Word From Our Sponsor: Heyday 🧠
Do you have 100+ browser tabs open right now? 😬
Give your memory a boost with Heyday, the research tool that automatically saves the content you view, and resurfaces it within your existing workflows. 👩💻
It’s like cheat codes for your memory. 😲💡
Investing & Business
🔥 Crowdstrike Q4 Highlights 🔥
Before we even begin… Why is Crowdstrike’s fiscal year offset by exactly one year? I mean, I’m annoyed by offset fiscal years generally, but I can understand the argument that you may not want to close your books during your busiest quarter, etc.
But what’s the justification for Crowdstrike’s Q4 2021 to be their fiscal Q4 *2022*, and Q1 2022 to be their fiscal Q1 2023? What possible explanation could there be for that?! I feel like I’m taking crazy pills! 💊💊💊💊 🤪
A few things of note:
Gross margins (Non-GAAP): 79% vs 80%
RPO: +67% ($2.27B)
FCF Margin: 29.5%
Customers with 4+, 5+ and 6+ modules: 69%, 57% and 34%, respectively
They now have 22 modules for sale
From the transcript, recap of FY21:
We finished the year with over $1.73 billion in ending ARR. And in fiscal year 2022, we delivered 65% ARR growth, 66% total revenue growth, 215% operating income growth, 157% net income growth and record free cash flow of $442 million or 30% of revenue.
This is the second year in a row CrowdStrike delivered 30% or better free cash flow margin [...] we accomplished these results, while also aggressively investing in the business and expanding our remarkable team by 46%. [...]
Our gross retention rate remains high and best-in-class at 98.1% at year-end. Our dollar-based net retention rate was above the 120% benchmark throughout the year. Net retention was 123.9% as of the end of FY '22, which is essentially a similar level to last year but on a much bigger base.
On protecting cloud workloads ☁️☁️☁️☁️:
tremendous momentum for ARR derived from Falcon deployments in the public cloud, where ARR eclipsed the $100 million milestone and grew 20% quarter-on-quarter [...]
Cloud workloads are increasingly targeted by adversaries and are largely underprotected, representing a significant growth opportunity in FY '23 and beyond.
Shoutout to AWS:
One partner I'd like to highlight is AWS. In fiscal 2022, ending ARR transacted through the AWS marketplace grew more than 100% year-over-year.
We added over 1,600 subscription customers for the third consecutive quarter, bringing the total number of customers that rely on CrowdStrike to protect their business to 16,325, a 65% increase year-over-year.
16k may sound like a lot, but consider that the biggest security companies have hundreds of thousands — it’s a big pond.
we are thrilled to announce that Cloudflare… became a new customer in the quarter, adopting both Falcon Complete and Horizon. We look forward to deepening our natural partnership and identifying even more opportunities to work together.
Crowdstrike partners pretty closely with Zscaler, even having each other’s salesforces help cross-sell both products.
I wonder if something like this is coming with Cloudflare… Though Zscaler is probably their preferred partner for a lot of things, but maybe there are non-overlapping products where they can work together?
Certainly interesting to see Cloudflare become a customer of CRWD — the Cloudflare people are extremely savvy, so it says something that they picked Crowdstrike over Microsoft or SentinelOne…
We are seeing tremendous growth from our emerging products that solve use cases outside of traditional endpoint protection. This includes our Discover, Spotlight and identity protection modules as well as Humio.
ARR for this group grew more than 100% over last year, contributing $157 million to FY 2022 ending ARR. These modules are significant growth drivers for our overall business, with ending ARR for these modules growing 30% quarter-over-quarter and representing approximately 17% of our Q4 net new ARR collectively.
Nice to see that all these modules that they keep adding aren’t just adding complexity and clutter to the menu, but are getting real traction (as can be seen at the top by the number of customers using 6+ modules),
They keep saying they’re not just an endpoint company, and have a platform that can be extended to all kinds of adjacencies. These numbers seem to support that.
2021 provided no rest for the weary, with an 82% increase in ransomware-related data leaks. As the nation's state events of the past few weeks have demonstrated, cyberspace is center stage, joining land, air, sea and space as the fifth dimension of warfare.
There are no borders in cyberspace and the cyber blast radius has no bounds, putting every organization and government at risk as attacks can extend far beyond their intended targets
Last year, 62% of attacks we observed were malware-less, with most of these involving compromised identities. We expect that both e-criminals and nation-state adversaries alike will continue to exploit vulnerabilities across endpoints and cloud environments and ramp up tradecraft around the use of identity and stolen credentials to bypass legacy defenses.
Not only is the importance growing, but the resources to deal with the threat are scarce:
organizations must contend with the ongoing security skills gap, which we have seen drive increased demand for our Falcon Complete offering [...]
the attack surface is expanding rapidly and the digital supply chain is ever growing as organizations embrace digital transformation and move more workloads to the cloud. We believe our TAM continues to expand, and all of these factors will lead to sustained market growth for the foreseeable future. [...]
Enterprise risk is coalescing around 3 critical areas: endpoints or workloads, identity and data, all 3 areas we have been investing
I like how they track the ROI on their professional services segment. It has lower gross margins and isn’t recurring like the software, so at first glance, one may think that it’s a worse business, but look at this:
Our professional services organization is a strong lead-generation engine for the Falcon platform… for each $1 spent by those customers on their initial engagement for our incident response or proactive services… we derived an average of $5.71 in ARR for those subscription contracts, up from $5.51 reported last year.
‘the best informational advantage is experience with the same business’
I like this line. It’s so true, at least in my own experience.
You can’t borrow someone else’s conviction, even if their thesis makes a lot of sense to you.
The conviction that is built over years of following a certain business closely is worth a lot, and helps avoid mistakes and spot opportunities.
If I were to sell one of these ‘deeply understood’ businesses and replace it with something else of equivalent quality at a cheaper price, it may still be a bad deal *if* that price difference isn’t high enough to compensate for the years that it’ll take me to rebuild the knowledge and confidence in the new business, making me more vulnerable to mistakes and missed opportunities in the meantime.
Tyler Tech ❤️ AWS
My friend Jerry (💎 🐕) found a nice infomercial for AWS in a Tyler presentation:
The question is about our partnership with AWS. And as I said, we entered into that a couple of years ago. We recognized that we didn't want to keep building out Tyler data centers for a number of reasons.
One, it had -- we really were reaching capacity. It was a continuing increase in capital spend, just we're not able to scale at the same rate. The public cloud environment has become much more competitive between AWS and Microsoft and the other providers. So the pricing had gotten a lot better, and we have a very attractive large customer base that they'd like to build relationships with Tyler sort of as the lead-in to that.
And cybersecurity continues to be a bigger and bigger issue around our own data centers. And certainly, we have what we think are much stronger capabilities there than our customers believe they would have on their own in their own data centers. But AWS is on a different level as well there.
This is a good point. Security has to be going up the priority list at almost every company these days.
So we talked to all of the providers and ultimately felt a really good fit with AWS. So that gives us now basically unlimited capacity to accelerate both moving new customers into the cloud and that, again, moving that big customer base of ours. So they've also provided us with a lot of resources, whether it's developer training, helping fund some of our product transition, marketing assistance as well. So they've given us some financial support around that as well. And it's been a really good partnership.
They have a very strong government cloud and FedRAMP capabilities.
And we have a -- we're about 98% domestic, just about 2% international and don't really expect to grow the international business significantly in the near term. But we've also had issues where international customers need to be hosted in the country where they're located. Canada is one of those. And obviously, they give us a capability there. So it's been a good partnership, and we look forward to moving many more customers into AWS.
These guys should get a discount on their AWS bill for doing sales like this.
Amazon Splits & Shrinks, 5 nickels for a quarter edition 🪙
Speaking of Amazon, it looks like they’ve decided to split the stock 20-to-1. Not that this matters at all, but it was always interesting to see which companies refused to split even as per-share prices were becoming really high, following in Berkshire’s footsteps (at least until the creation of the B shares).
They’ve also announced a $10bn buyback authorization, which isn’t that material in the grand scheme of things for such a large market cap, but will be seen as a signal by the market. As I wrote in edition #238:
They bought back $1.3bn in stock during January, subsequent to quarter-end. They don’t do this often — last time was 2012 — but they time it well:
❄️ Snowflake’s Efficiency Gains, Win-Win Edition ☃️
In my quick highlights on Snowflake Q4, I mentioned that the way the company keeps making efficiency/performance/compression improvements and passing on the savings directly to customers (rather than keep price constant and pocket the difference) may lead to lower revenues short-term, but a better long-term competitive position and some revenue gains too.
During a recent presentation, Snowflake’s CFO discussed exactly this:
we fed the efficiency of the software is one, that's the warehouse scheduling service…. if you have a warehouse fill with lots of data and you're running thousands and thousands of small queries, you're going to see a massive performance improvement in the system.
When you have a new chip, CPU, you can process queries faster, but not all CPU enhancements — but just because you may see a 30% CPU improvement doesn't necessarily mean that the software is going to improve by 30% because you still have the — you're still I/O bound. And you still have to take the data into the new compute platform and then you need to put it back out. And so on average, we're seeing a 10% to 20% performance improvement by customers.
And as we become cheaper, people put more workloads into us. And as we become faster, there's more workloads because of latency before that they wouldn't run on Snowflake. And we have many customers that have told us, "If you can get your performance to this, we'll move more of these workloads."
And so we know because we've been doing this for quite some time, there will be more workloads by customers moving into us. And as an example, many times when we do a big on-prem migration, you're not shutting down the legacy system 100%. I think we have hundreds and hundreds of on-prem migrations that were in various stages. We've only -- I think there's only about 50 customers that had completely shut down their legacy system, whether that's Teradata, Netezza or others.
Why? Because many customers just moved their most key workloads into Snowflake. And as we become cheaper, they're willing to move other stuff to Snowflake. And it is a multiyear journey for most companies to do an on-prem migration. Why?
Because they're hard.
There's not that many companies that have been successful in doing large Teradata migrations. As far as we know, we are the only one that has done large [ones].
Snowflake wrote a bunch of tools to help migrate proprietary Teradata formats over to Snowfkale. Competitors sure don’t make it easy to switch… Ask any Oracle customer about that.
‘Sony suspends all PlayStation sales in Russia over Ukraine war’ 🎮
Sony has stopped selling its PlayStation consoles and software in Russia, becoming the latest major brand to withdraw from the country over the Ukraine war.
The company has the biggest presence in Russia of any console maker, according to industry insiders.
The PlayStation Store also will no longer be available in Russia. (Source)
Last I heard, Nintendo’s eShop was also down in Russia, though it’s not clear if it’s the company deciding to pull it or just that they can’t do payment processing. And Microsoft is also out…
Will a bunch of angry gamers overthrow the regime?
Sometimes slower is better, Visa & Mastercard Edition
Science & Technology
🥽 🌥 Free & easy tip to better protect against malware (ransomware, identity theft, etc)
In this world of increasing cyber-attacks, one easy (and free!) thing you can do to improve your security is set up Cloudflare’s 184.108.40.206 DNS server. It’s just as fast as their 220.127.116.11 DNS server, but this one also blocks malware.
It won’t make you bulletproof, but it’s one more tool in the toolbelt — if your browser or email client ever tries to load a URL to a known piece of malware, it’ll be blocked, possibly saving you a huge headache (ransomware, destructive viruses, spyware that attempts identity theft, etc).
I’ve been setting this on my wife’s devices, my parents, family members, etc.
If you go to the bottom of this page, there are instructions on how to change your DNS on various platforms (mobile and desktops).
Just make sure to write the last digit as “.2” instead of “.1” if you want the malware filtering. If you use “.3” instead, it’ll also block adult content.
Russia’s Failed Logistics, Eyes in the Sky Edition 👀🛰
h/t friend-of-the-show and OG supporter (💚 🥃 🎩) Nick Ellis
The Arts & History
Putinism ≠ Russia 🇷🇺
The rest of the world has to make is super-duper-mega clear that our problem is with Putinism, and we're ready to welcome ordinary Russians and their country with open arms and help them prosper if Russia becomes a peaceful democracy rather than an aggressive dictatorship.
I’m not saying they individually have much control over this or that it’s easy to get rid of Putin, but if the rhetoric becomes too “anti Russia” rather than “anti Putin”, it’ll make it easier for Putin to hold onto power and deflect responsibility for his decisions.
Like, don’t boycott Russian restaurants and art in the West, that’s just stupid (unless these specific people have shown clear support for Putin). Most ordinary Russians are victims of Putin.
In other words, Putin will try to frame things as “it’s the West that stands between you and a better life” while the reality is that it’s Putin that stands in the way of prosperity and normalcy in Russia. That should be highlighted at every opportunity.