CRWD picks up S execs

Thanks to @Rubenslash

Daniel Bernard has been appointed as chief business officer, and Raj Rajamani has been named chief product officer, DICE (Data, Identity, Cloud and Endpoint). Bernard will report directly to CrowdStrike founder and CEO, George Kurtz. Rajamani will report to CrowdStrike’s chief product & engineering officer, Amol Kulkarni.
Bernard and Rajamani, who most recently served as the chief marketing officer and chief product officer at SentinelOne (NYSE: S), respectively, bring extensive experience with high-growth, disruptive cloud and SaaS businesses, as well as elite reputations in the cybersecurity industry. Both have been widely recognized as key architects of SentinelOne’s go-to-market and product strategy.

Keep also in mind that the President of Security at Sentinelone, Nick Warner, was announced as also leaving the company last month.

Three execs: chief marketing, chief product, and president of security have now departed S

To quote Snowflake’s CEO Slootman:
“In sales meetings I would sometimes pose a clarifying question: "What is our definition of victory? Sun Tzu, in The Art of War, had a simple answer: ‘Breaking the enemy’s will to fight.’ That translates in business terms to persuading some of your competition’s best talent to join your company instead. The more high-achieving people who desert their current employers to join us, the more we are winning. It’s a double whammy: not only is our enemy losing some of its best talent, but we’ve taken their strength. A talent drain is the best evidence that a company is in serious trouble and is losing its will to fight.”


Or it could mean that Crwd is going to buy S. A very real possibility at this price.



Hi Jon,
At first I was feeling the same way, that I should sell my Sentinel position, but then I started thinking about it, and wondered why Crowd would be anxious to hire the head of product development from a company it always tried to put down? Did it feel that Sentinel’s products were so much better? And another as chief business officer? Did Crowd feel its own business wasn’t doing so well and that Sentinels was doing a lot better? I didn’t know the answers but decided to just sell just a small part of my Sentinel position (15% of my shares), and hold on the rest for now, and see what happens.

Another thing to consider is that Crowd may have offered very large stock based compensation and with its current price so low that may have been tempting too, while the two execs, staying where they were, their prior stock options were all probably way out of the money. Again, just speculating. (As I write, Sentinel is just down all of 35 cents so I guess a lot of other people also didn’t see it as the end of the world for them.)



I wanted to quickly add to Saul’s post. First Daniel, Raj, and Nick worked together at Cylance before SentinelOne. I would guess they are at least “allies”. Raj overlapped with George Kurtz at McAfee so its possible that might be the link between this action. Nick was also at McAfee but after George had already left.

Its important to note that Raj isn’t becoming Crowdstrike’s head of product, he is a sub-head of product, working for the top guy. Also Daniel didn’t become CMO and instead has a chief business officer role. So in both cases, its not like Crowdstrike preferred Sentinel’s people to their own, they just assimilated them.

I was wondering the same thing that Saul did – if you are at S and have 3 years worth of underwater stock options, the board doesn’t decide to reprice them, and a competitor comes calling with a big equity package ---- that would definitely be good fuel to move on.

In general, this certainly seems like a bad thing for S and a good thing for CRWD.



Also, it seems like CRWD has a lot of respect for S. Note the last line in this paragraph lifted from the press release:

Bernard and Rajamani, who most recently served as the chief marketing officer and chief product officer at SentinelOne (NYSE: S), respectively, bring extensive experience with high-growth, disruptive cloud and SaaS businesses, as well as elite reputations in the cybersecurity industry. Both have been widely recognized as key architects of SentinelOne’s go-to-market and product strategy.

It would have been an easy thing to merely recognize the acquisition of two senior people without giving props to a competitor.




I think the net-net of these two new hires to CRWD, is that it’s good for CRWD, and bad for S.
Good talent left S, and good talent has joined CRWD.
Not seeing how it could be construed any other way.
Regardless of whether it was money reasons (big pay at CRWD) or not…(as it would also mean that S couldn’t afford to pay up to match/exceed CRWD’s offer).

Think about it, if SentinelOne instead put out a press release yesterday that Jennifer Johnson (CRWD’s chief marketing officer) and Amol Kulkarni (CRWD’s chief product officer) had left to join SentinelOne… I highly doubt anyone here would say that it could mean ‘Sentinelone is being desperate/anxious/feeling like CRWD’s products were just so much better.’

Direct quotes by the former Sentinelone execs:

CrowdStrike is the unequivocal cybersecurity leader as evidenced by its marquee customer base, cutting-edge technology and customer satisfaction scores,” said Daniel Bernard [former SentinelOne chief marketing officer]…
“Doubling down on the channel and bringing CrowdStrike into new markets will drive continued growth. George has assembled a stellar team that wins, and I’m excited to join CrowdStrike for its next growth chapter.”

“Having worked both with and against George and team over the years, CrowdStrike has been a company I’ve long respected and admired. So when offered the opportunity to help shape the future of CrowdStrike’s product strategy and innovation – and to work with CrowdStrike’s amazing product team – it was simply too good to pass up,” said Raj Rajamani [former SentinelOne chief product officer]…
CrowdStrike set the bar for the XDR era, and I am incredibly excited to have the opportunity to keep raising it higher - and that’s exactly what we’re going to do.”

And Daniel Bernard’s linkedin post:

Also interesting: an early (40th) employee of SentinelOne chose to leave last week


I agree. Can’t argue with that. Losing two good execs can’t be good news for Sentinel.

Now I find it to be silly to apply this to the Crowdstrike vs Sentinel situation. Who is in the driver’s seat here?

Crowd is guiding to 44.5% growth this quarter.

Sentinel is guiding to 90.5% growth this quarter.

How can losing two executives be evidence that Sentinel “is in serious trouble and is losing its will to fight?” Doesn’t it sound more as if Crowd felt itself in serious trouble and was willing to pay exorbitant amounts to get help.



(By the way, instead of selling off 10% or 20% yesterday after the announcement, Sentinel was up 1.3%).


Reality check: it was up 1.3% on a day when CRWD was up 4.9%, DDOG was up 3.7%, NET was up 5.5%, and SNOW was up 3.4%.

I think there’s a chance we’re making too much of these executive moves, but it’s possible that it’s actually good news for neither CRWD nor S. CRWD obviously used this as a headline to say they’re “winning” and I’m sure they want to see it exactly as Jon described – taking from the enemy to make themselves stronger. But they’ve just told us their growth will be kinda slow for the next year or so…so whether or not you call them “desperate,” they’re certainly hungry for some good press. Personally, I think CRWD will be fine (maybe it’s even undervalued at this point), but since endpoint demand looks weak for the next several quarters, they’re taking this opportunity to focus on another narrative.

Sentinel, on the other hand, is facing more dire problems. We can point to near triple digit growth that they’re still eking out, but there’s a real chance growth will be more like 60% in a couple quarters, and slower thereafter. And this is including an acquisition that’s muddying the waters! 60% wouldn’t be so bad for a more mature company, but for Sentinel, I don’t think we can assume they will be able to hit FCF break even by Q4 next year growing at that rate…by my math, they would have to keep OpEx and SBC about where they are now, or maybe even reduce! I don’t remember ever seeing that for a hypergrowth company. The income statement reminds me of Hortonworks – they’re just too far away from break even to get there if they can’t continue to grow at 90%. So losing executives is just bound to hurt, and then there’s the obvious question: why are they leaving? Do they see more trouble ahead?

Again, this is just a data point and I don’t want to oversell it. But with all the worries I already had about SentinelOne, I’m not surprised to see execs jumping ship.



Bear, so today Sentinel right now is up 3.8% and Crowd is up 2.4%. So what does any of that prove? What I was saying was that if it was perceived as a major defeat for Sentinel which would impair its future, Sentinel would be down 15% or 20%, not up 1% (or up 3.8%), no matter what the rest of the market was doing!




And now, Sentinel is up 4.4% and CRWD is up 1.8%. So the market doesn’t see this as a devastating defeat for Sentinel, as some on the board were insisting.

And that’s all that I was trying to say.


IMHO - IF the news of execs leaving did have any impact on the stock price of S, I’m guessing it would have been factored in over the last couple months. I highly doubt news like this would not have been known by big players in the industry. I have to assume the hiring process for execs like this would have been going on for a while. Big money would have known, and big money would have been quietly selling.


Dmitri Alperovitch, Crowdstrike’s Cofounder and CTO left Crowdstrike in 2020.

I remember, it wasn’t a big deal for anyone. They did well since then.


I think both sides have now been extensively discussed and made good arguments. I just want to add to the comment from mooo that there is a big difference with Alperovitch since he didn’t switch to SentinelOne. He founded a non-profit organization/think tank… so not really comparable to the current situation.


Again, this episode is probably bad for both companies – let me expand on that. Let me expand the lens in general, because I really really do NOT want to obsess over this one thing: the poaching of a couple executives. In my opinion, this is a single data point. Let’s zoom out and look at the overall narrative for the endpoint security world.

A few things come to mind:

  1. Several months ago CRWD started talking about moving down-market. They dominate enterprise in the endpoint market, and they were moving into SMB. Sure, there are a LOT of SMBs (just ask BILL), but it’s still kind of a weird move. I now believe the main reason for it would be that CRWD was already starting to see a bit of early signs of saturation within enterprise.

  2. Do we have any more evidence of any slowing in endpoint? We sure do. CRWD guided for flat net new ARR next year, and Sentinel who has been growing at 100%+ put a “floor” for next year at 50%. Yikes.

  3. Now we have the poaching of these execs. Maybe, just maybe, the competition in Sentinel’s niche, SMBs, is heating up. That could very easily be bad for both CRWD and S, and could be the reason both are forecasting slow downs.

I’d love to know how others are putting the pieces together, but rather than just look at one piece of news, let’s examine all the evidence we have.



I’ve seen saturation in endpoint mentioned here a few times by a few individuals. I don’t understand where its coming from. Can someone please explain?


Bear, your pose reminded me of a conversation I had with our VP of IT. I am running on a laptop right now with SentinelOne installed (and Zscaler). I asked why we were running Sentinel instead of CRWD.

He said there was a lot of debate within the IT team about it, and some favored CRWD. He said ultimately they believed that CRWD was “better”, it required more administrative focus and therefore it was more suited for a larger enterprise (we are a SMB). While Sentinel wasn’t quite as good, but still respectable, didn’t require much administrative resource, which is good, since we don’t have many people in IT.

So I think the point about CRWD moving down market is interesting in light of this conversation. If anyone has data on administrative burden of each, it would be good to see.

We also use BILL by the way. Between ZS, S, and CRWD, if you changed one or more of them out, I don’t think most people would notice a difference (or care). If you changed BILL out, I can’t imagine the outcry. Its inconceivable to me that we would make that kind of change. I think that is one thing interesting about security software. It really doesn’t matter to the end users very much as long as the performance is acceptable. I think all of these solutions are fine. But SNOW, MDB, and BILL have much higher switching costs. I digress but that thought just came to me.



Good point and I partially agree with this. For an SMB, yes definitely. However, Crowdstrike recently reported that 60% of their customers are using 5 or more modules. This is creating switching costs, there aren’t that many other vendors out there where you can get the exact same offering as Crowdstrike when using 5 or more modules, unless you want to get back to individual point solutions, which as we know, can increase costs and create additional complexity and administrative burden. Both Crowdstrike and SentinelOne are becoming platforms where companies consolidate security spend and this is definitely increasing switching costs. Crowdstrike has 23 modules today, SentinelOne around 10.

Not to forget that these channel partners also prefer to work with Crowdstrike and SentinelOne because they have a lot of modules => more opportunity for upselling and extra $$ for these partners. There’s a distribution moat here as well.

To add to the discussion regarding endpoint saturation: Here again, these companies are becoming much more than just endpoint protection. I wouldn’t be surprised if at some point in the future, the non-endpoint revenue will actually be larger than endpoint revenue.

Crowdstrike recently reported that they have around 540 of the Global 2000, that’s around 27% in the largest enterprises. Not sure where they can get to, but there’s definitely still room for growth.

Here’s what Kurtz recently said about the market:

Q: Maybe the question for you, George, is because you’ve been around endpoint security for years and years, right? I mean, what metrics do you maybe look at to gauge where we are in that shift? And what are those metrics telling you?
A: Well, I can get back to our 12% (marketshare) number. We’re still pretty early on in the shift, right? And if you look, it’s still fragmented market. Obviously, we’re excited about our position in it, but there’s a lot more to go.
And there’s a lot more Symantec. There’s a lot more McAfee down market (me: This explains why Crowdstrike focuses more on SMB now, still a lot more legacy there compared to enterprise). There’s trend Micro. There’s [indiscernible]. There’s a cast of characters that are out there in different – and different geographies, right? So from the overall opportunity, you’ve got massive opportunity in still displacing legacy vendors. And then I’m sure we’ll talk about the cloud piece, but then you move to the cloud, and there’s actually no one to this place. It’s just nobody there, right? So that’s a total greenfield opportunity, still in the early innings of the journey even though we’ve been at it for a while.

And more on the opportunity in cloud:
So when we look at it, we think it’s like a [ 10x ] opportunity. And even just to 5.7% (of total cloud spend), it’s a massive, massive opportunity, and it’s not just in one area. You have cloud workload protection, pretty easy to understand. You have things like CSPM, which is kind of compliance and reporting using the APIs of a cloud infrastructure provider.
And then you have all of the kind of shift left technologies, CICD pipeline, hygiene. How do you make sure that you’re not putting tainted containers and vulnerabilities into your pipeline, and you have everything in between, right?
And we think it’s a massive opportunity because there’s no one there, and it’s still pretty fragmented. Whoever is there, it’s still fragmented because it’s in early innings.

Similarly from SentinelOne management:

But ultimately, I see cloud, and I see that being as large as endpoint over time when I think of the TAM for that. So we’re really excited about the acceleration we’re seeing there.
But to be honest, I mean, when we look at how these cloud opportunities, especially with the cloud-native companies, they’re probably 4x, 5x, sometimes 10x the size of the endpoint footprint and the endpoint opportunity.

Management specifically commented on market saturation earlier in 2022.

On endpoint:
Yes. easy answer from a core market perspective, we’re in like the third inning, if it’s a 9-inning game. for example, our managed service partners where they are all in on SentinelOne and we still only represent 10% or 15% of their total estate. And that other 80%, 85% is running some combo of antiquated signature-based AV technology that they are in the process of replacing over the coming quarters and years.


Enterprise is more saturated and this explains why Crowdstrike is guiding to mid 30s next year. SentinelOne seems better positioned with the larger opportunity in SMB and mid market, and it’s clear why Crowdstrike is making these recent moves to get more of that market. However, it appears to me that there is still a gigantic opportunity in all these other emerging categories, such as cloud, identity and observability to name a few. Probably not enough to sustain hypergrowth for CRWD, but it might be enough to get strong growth durability in that 30-40% range.

Does it make sense to sell Crowdstrike if you are mostly interested in hypergrowth? Probably, yes.

I am personally still holding CRWD and S as I factor valuations, moat and growth durability into my decision making, maybe even more than hypergrowth. We get CRWD at 7x 2023 revenue, and SentinelOne even at less than 5x 2023 revenue, I think that we might capture the entire revenue growth + some multiple expansion over the next couple of years, that’s a pretty good deal if you ask me.


More than one C-suite leader leaving a company at the same time is quite disruptive and almost never good at least in the short term. This is especially true for a company like S losing these executives to an aggressive competitor like CRWD.

Given these events, I believe we should be considering the following points and questions:

Which company has a more attractive long term roadmap and vision AND the ability to accomplish it?
Apart from the possible generous compensation package, do these leaders believe that CRWD has a stronger long term roadmap and vision for the cybersecurity space? And more importantly, do they believe that CRWD is in a better position to fulfill that roadmap?
This is likely an important consideration for Rajamani, the ex-S-Chief Product Officer. Engineers and techies want to work for companies that are constantly innovating, investing in R&D, that have engineering momentum etc.

Which company has a more attractive customer pipeline and potential?
Bernard, as ex-s-Chief Marketing Officer, is similarly motivated to work for a company that has a more dynamic, active and engaged sales and marketing work environment. More market potential, more customers, larger, deeper pipeline, larger, more interesting markets.

C-suite hiring is much more than just interviews and compensation packages
C-suite hiring is a much more involved and delicate process. I am sure that both these gents went through several rounds of meetings with most of the CRWD C-suite and perhaps even some members of the board of directors. This is matchmaking in action…in BOTH directions…both sides looking for the right fit and potential. Additionally, these candidates are being evaluated with future sucession plans in mind. Could Daniel become the Chief of Sales in the future? Could Raj become the Chief Product Officer in the future? C-suite leaders are not just hired for their current position…they are also evaluated for their potential to be promoted at least 1-2 levels up.

CRWD acquiring S?
I am quite sure that CRWD has considered acquiring S and decided that it was not worth it. Therefore they decided to poach their executive talent. See more in the next point.

Product mapping
A good product team regularly maps their product capabilities against what the market needs/wants as well as their competitors products. This mapping identifies overlaps, redundancies and gaps. The gaps are then evaluated using a buy vs build analysis. If it is easier and cheaper to build what they do not have, they will likely hire external talent to help them jump start the work to close those gaps. If cheaper to buy, they will acquire. CRWD likely conducted such analysis, did the math and then decided the build and hire route was better.

Press releases and public remarks
I do not put more meaning into words and phrases used in press releases and public remarks, beyond what they state. Press releases are carefully worded and heavily reviewed and edited…this is a very tedious process and can often be hair-splitting for everyone involved. It usually ends up saying very little and is more positive sounding to be on the safe side.
And C-suite leaders become quite adept over time at saying nothing while talking in a public setting…carefully choosing their words, being vague and general at conferences etc. It’s quite an art form actually once you learn how to do it well.

Non-competes and NDAs
For at least 1 year, both Raj and Daniel as well as CRWD will be closely monitored by S’s legal team for any possible breach of their executive non-compete and non disclosure agreements with S. Even though they have left S, they will not be able to share any trade secrets, customer lists etc. This will hamper their ability to be directly involved in the development of a competitive product (or features) or pursuit of S’s existing customers. These NDAs could even be longer than 1 year in length.

In all of this, S losing Raj, their Chief Product Office, is most concerning. This is a big loss for their product team and could take months, even 1-2 years to fully recover from.

And Daniel is bringing along his rolodex and his undertanding of S’s current customers and markets…that’s why CRWD hired him, subject to the non-competes and NDAs currently in place.

More on my investing approach in my profile


In California Non-compete agreements are not valid. Since we are going into a slow down the financials are something that must be taken into account. Companies that are not at least FCF positive or a huge cash balance have a real chance of going under.



Good clarification, Andy and this is a rabbit hole that is off topic and easily Google-able.

CA does protect businesses from disclosure of their trade secrets by ex-employees. There are current CA and even federal laws that offer this protection. Several court cases regarding this, even recently…

And trade secrets are broadly defined to include not just product or technical secrets but also customer lists and market plans.

Oh btw, S is incorporated in the state of Delaware. So there’s another wrinkle to contend with.

Bottom line, both Raj and Daniel, likely have already received guidance from the CRWD legal team on the dos and donts. I am sure they are already operating within these guidelines.