Intro:
We recently initiated a position in CrowdStrike and want to take the opportunity to update you on the company. Previously, I covered CrowdStrike in October 2020 here. In the report, I explained how cybersecurity would continue to be a key initiative for organizations in the remainder of 2020 and beyond. I also covered CrowdStrike’s product offerings and explained how the company was uniquely positioned as the top vendor in a critical subsector of cybersecurity. We discuss the previous coverage below and examine why the company has become even stronger, as well as numerous industry catalysts.
We continue to see strong C-level survey results for cybersecurity in 2021, in particular, with CrowdStrike and Zscaler the undisputed leaders. We discuss why we have chosen CRWD, yet it seems ZS is a strong second choice. We also cover Cloudflare and why we have passed for our own portfolio.
Security Software: Top Priority for 2021
Security software has consistently ranked as a top spending priority among C-level executives, but our research shows it has become the #1 priority in 2021. The Covid-19 pandemic and shift to a more remote workforce uncovered a number of major gaps in the cybersecurity of organizations.
The high-profile Sunburst hack further highlights the need for businesses to transform their legacy security architectures, as legacy tech is no match for today’s adversaries. As a result of the Sunburst hack, the current administration has talked about how cybersecurity spending is a top priority, calling on Congress to “launch the most ambitious effort ever to modernize and secure federal IT and networks.”
Credit Suisse’s recent CIO survey suggests that security spending is the top spending priority in 2021, even more so than in July.

We view CrowdStrike and Zscaler as the best positioned cybersecurity companies to benefit from the growing security spending cycle. We are still in the early innings of the shift in security architecture towards Zero Trust and SASE, of which we believe CrowdStrike and Zscaler will benefit the most.

Here’s a snapshot of government spending and the triple-digit increase in FY2020 growth in federal spending for Zscaler and CrowdStrike. The current administration’s commitment to cybersecurity should also benefit CrowdStrike and Zscaler as they continue to gain more share of federal spending.

1. CrowdStrike (CRWD)
In my past coverage of CrowdStrike here, I explained why the company would thrive as the fastest growing endpoint security vendor. Endpoints are frequently the first point of entry for attackers, so endpoint security is an integral part of a multilayered security strategy. CrowdStrike has thrived in this area, leading to the addition of a record 1,480 new subscription customers in Q4.
While CrowdStrike has demonstrated tremendous expertise in endpoint security, the full CrowdStrike Falcon Platform now encompasses much more. The full CrowdStrike platform, designed to define Cloud Security, includes managed services, security & IT operations, threat intelligence, identity protection, and log management. The power of CrowdStrike’s platform is demonstrated in the financial data, as 63% of CrowdStrike’s subscription customers have 4 or more Cloud Module Subscriptions. This number has grown from 47% two years ago and 55% last year.
The growth of this metric is important to CrowdStrike’s growth, as they have expanded their TAM through acquisitions and the launch of new modules that cover untapped areas of cybersecurity. We are now seeing the majority of CrowdStrike’s subscription customers, almost 2/3, adapt 4 or more modules meaning most customers are subscribing to the idea of having CrowdStrike handle most of, if not all of, their cybersecurity needs. CrowdStrike management has talked in the past about how most customers typically sign up for 1 or 2 modules but adapt more modules over time. This shows the success of the CrowdStrike customer life cycle. From the time the company onboards a new customer to the adaption of more modules, they are able to add new sources of revenue from already existing customers.
In Q4, CRWD grew revenue 77% YoY and added a record 1,480 new subscription customers (+82% YoY), with a number of marquee customer additions including Pfizer. CRWD also enjoyed a record quarter in profitability metrics with its best ever quarter of non-GAAP EPS (+$0.13), Free cash flow (+$97M), FCF margin (+37%), EBITDA (+$45M), and EBITDA margin (+17%).
CrowdStrike guided for 50% YoY revenue growth in FY 2021 and EPS of $0.29. The projected growth rate leads the security SaaS industry and our comparisons of ZS and NET, despite the stock trading at a slightly lower valuation than those stocks.
As previously discussed, with its recent acquisitions of Preempt and Humio, CrowdStrike has enhanced its capabilities beyond endpoint security to also encompass cloud workload security and identity protection. With Preempt Security, CrowdStrike is leading the charge with a Zero Trust solution focused on endpoints and workloads. In its Q4 earnings call, CrowdStrike CEO George Kurtz talked about how customers have become increasingly interested in its Zero Trust offering derived from Preempt following the Sunburst hack.
The acquisition of Humio will combine Humio's data ingestion and analysis engine with CrowdStrike’s technology. CEO George Kurtz discussed the Humio acquisition the company’s Q4 earnings call:
“With Humio, we are now redefining next-gen XDR through a platform that spans endpoints, identities, applications, the network edge and the cloud… Humio provides us the ability to expand our data leg and to solve more security and non-security use cases in real time… providing CrowdStrike with a greater time advantage over the competition and the adversary.”
It has become evident that CrowdStrike has continued to successfully enhance the capabilities it can offer and has taken a big step toward its goal of providing the “fastest, most cost efficient, and extensible cloud data platform that will deliver best-in-class visibility for security as well as observability for IT operations.”
2. Zscaler (ZS)
Zscaler ranks #2 behind CrowdStrike on our list of cybersecurity stocks to own. Like CrowdStrike, we believe Zscaler is well positioned to capture the industry wide shift to Zero Trust and SASE. We covered Zscaler’s Fiscal Q1 Results here. Fiscal Q2 was another solid quarter for Zscaler as they continue to show their strength as a major cybersecurity player. In Fiscal Q2, Zscaler grew revenue 55% YoY and gross billings an impressive 71%. Although Zscaler is an industry leader with strong fundamentals, our analysis shows that the company is not as strong fundamentally as CrowdStrike despite having a slightly higher valuation.
Over the next 12 months, Zscaler is projected to grow revenue 37% versus CrowdStrike’s 51%. ZS has slightly higher gross margins over the trailing 12 months at 78% versus CRWD’s 75% but lags CRWD in Operating Margin and FCF margin. We compare ZS to CRWD and NET fundamentally in the table below.
3. Cloudflare (NET)
We covered Cloudflare’s Q4 earnings here. Although Cloudflare is not purely a security company, approximately half of their products are security related. A lot of Cloudflare’s focus on the future is related, according to CEO Matthew Prince. In its Q4 earnings call, Cloudflare management talked about their expectations for a big shift in 2021 from a traditional hardware-based security approach to a much more modern Zero Trust approach. Cloudflare is well positioned to be one of the leading companies in enabling organizations to make this shift. However, we still view CRWD and ZS as better ways to play the shift in cybersecurity spending.
We feel NET is not as strong fundamentally as CRWD or ZS. The stock is also not as attractive from a valuation standpoint. For these reasons, NET ranks third behind CRWD (#1) and ZS (#2) on our list of security SaaS stocks to own moving forward.

Source: YCharts; data as of 3/25/21
Conclusion:
Selloffs are tough, but the silver lining is getting quality companies at much more reasonable valuations. CrowdStrike is a company that we think will do well when the market remembers that tech is not going anywhere and growth in this sector is not Covid dependent. CrowdStrike is my favorite company that had a stretched valuation throughout this past year and we see the selloff as a buying opportunity.