A few days before Christmas, TechCrunch caught up with CrowdStrike CEO George Kurtz to chat about his company’s public offering, direct listings and his expectations for the 2020 IPO market. We also spoke about CrowdStrike’s product niche — endpoint security — and a bit more on why he views his company as the Salesforce of security.
The conversation is timely. Of the 2019 IPO cohort, CrowdStrike’s IPO stands out as one of the year’s most successful debuts. As 2020’s IPO cycle is expected to be both busy and inclusive of some of the private market’s biggest names, Kurtz’s views are useful to understand. After all, his SaaS security company enjoyed a strong pricing cycle, a better-than-expected IPO fundraising haul and strong value appreciation after its debut.
Notably, CrowdStrike didn’t opt to pursue a direct listing; after chatting with the CEO of recent IPO Bill.com concerning why his SaaS company also decided on a traditional flotation, we wanted to hear from Kurtz as well. The security CEO called the current conversation around direct listings a “great debate,” before explaining his perspective.
Pulling from a longer conversation, what follows are Kurtz’s four tips for companies gearing up for a public offering, why his company elected choose a traditional public offering over a more exotic method, comments on endpoint security and where CrowdStrike fits inside its market, and, finally, quick notes on upcoming debuts.
The following interview has been condensed and edited for clarity.
How to go public successfully
What’s most important is the fact that when we IPO’d in June of 2019, we started the process three years earlier. And that is the number one thing that I can point to. When [CrowdStrike CFO Burt Podbere] and I went on the road show everybody knew us, all the buy side investors we had met with for three years, the sell side analysts knew us. The biggest thing that I would say is you can’t go on a road show and have someone not know your company, or not know you, or your CFO.
And we would share — as a private company, you share less — but we would share tidbits of information. And we built a level of consistency over time, where we would share something, and then they would see it come true. And we would share something else, and they would see it come true. And we did that over three years. So we built, I believe, trust with the street, in anticipation of, at some point in the future, an IPO.
We spent a lot of time running the company as if it was public, even when we were private. We had our own earnings call as a private company. We would write it up and we would script it.
You’ve seen other companies out there, if they don’t get their house in order it’s very hard to go [public]. And we believe we had our house in order. We ran it that way [which] allowed us to think and operate like a public company, which you want to get out of the way before you come become public. If there’s a takeaway here for folks that are thinking about [going public], run it and act like a public company before you’re public, including simulated earnings calls. And once you become public, you already have that muscle memory.
Raw numbers matter
The third piece is [that] you [have to] look at the numbers. We are in rarified air. At the time of IPO we were the fastest growing SaaS company to IPO ever at scale. So we had the numbers, we had the growth rate, but it really was a combination of preparation beforehand, operating like a public company, […] and then we had the numbers to back it up.
TAM is key, even at scale
One last point, we had the [total addressable market, or TAM] as well. We have the TAM as part of our story; security and where we play is a massive opportunity. So we had that market opportunity as well.
On this topic, Kurtz told TechCrunch two interesting things earlier in the conversation. First that what many people consider as “endpoint security” is too constrained, that the category includes “traditional endpoints plus things like mobile, plus things like containers, IoT devices, serverless, ephemeral cloud instances, [and] on and on.” The more things that fit under the umbrella of endpoint security, CrowdStrike’s focus, the bigger its market is.
Kurtz also discussed how the cloud migration — something that builds TAM for his company’s business — is still in “the early innings,” going on to say that in time “you’re going to start to see more critical workloads migrate to the cloud.” That should generate even more TAM for CrowdStrike and its competitors, like Carbon Black and Tanium.