Why I trimmed CRWD substantially

I know many people might disagree with this but Bear encouraged me to post this here to have some discussions on the board. Here is what I thought about CRWD, just my humble opinions.

Recently I trimmed CRWD to 1% gradually from 13% and added a bunch of proceeds to LSPD (unfortunately before the short report, bad luck…) and BILL due to the following reasons:

  1. Law of large numbers CRWD is facing, similar to DOCU
  2. Strong competition from S, especially after S IPO (S should have a much easier sales being a public company). Although S is not showing good operating leverage, they are definitely grabbing a lot of revenue shares from CRWD recently in cloud security market (checked Gartner, G2 reviews, S has the same 4.9 mark as CRWD, customers are loving them as well and their pricing is very competitive)
  3. CRWD guided 57% for Q3 and with recent 4% beat, they are likely to grow 63% only for Q3 which is a significant deceleration and such deceleration may continue in the next few quarters to low 60s/high 50s, which might inevitably cause multiple contractions therefore lower returns in next 12-18 months
  4. The market might have known all these already as CRWD has the least YTD return (17.17%) so far among all my positions - the market is looking forward not backward
  5. In the past few years I have learned one thing - to have a successful hypergrowth investment, we shall tend to buy stocks with highest YTD return instead of lowest and cheap is always cheap for a reason. For CRWD with 56B market cap, this is unlikely to be a mispriced scenario by the market

Having said that, I still believe CRWD might have like 30-40% return in the next 12 months, just there are better places to put my money.



Hey Zoro, thanks for posting. I have no issues with anything you wrote except maybe for part of your 2nd point.

SentinelOne has been competing in the same space for 8+ years. Being public might help them, but, that’s not guaranteed. Over the last year Sentinel grew faster YOY (127%) compared to CRWD 71%. However, it’s important to remember that Sentinel was working from a Significantly smaller base - 20.7mil last year Q2 to 45.8 this year. CRWD grew from 199mil last year Q2 to 337.7 this year. So, in Q2 CRWD added $138mil in new business YOY, while SentinelOne added $25 mil. Moving forward Q3 seq growth estimates are equal. SentinelOne’s Q3 estimate is 49-50mil. That is 8%, equal to CRWD’s 8% Seq. growth estimate. It will be interesting to see who is sandbagging more.

Still, to your point, if S1 didn’t exist, I imagine CRWD would be landing a good portion of whatever business S1 is winning.




Hi Zoro,
Thanks for post great your reasons. I appreciate that you checked Gartner, G2 reviews, S has the same 4.9 mark as CRWD, customers are loving them as well and their pricing is very competitive

I don’t pay much attention to quidance unless I’m aware of some reason to do so. In my monthly portfolio I stated that my reasons for selling a bunch of Crowdstrike to purchase Cloudflare and Zscaler was due to their recent expansion into end point security. Muji never said explicitly that Cloudflare and Zscaler are or will be displacing Crowdstrike. This was my take away from Muji’s more recent write ups.

Maybe we could get Muji into this discussion?

Either way the Sentinel One angle you outlined is yet another reason to take Crowdstrike’s guidance more seriously, IMO.

I’m now down to a 5% allocation in Crowdstrike.

Thanks again,



I am with you. I sold out my CRWD positions.

I did not pay much attention to S, but I did notice that PAWN had a better quarter than CRWD (at least the street thought so), with its cloud business growing significantly. Ironically, everybody was talking about how CRWD was eating PWAN’s lunch a couple of years ago. That told me that PAWN is quickly catching up and CRWD may face a giant enemy. Admittedly, CRWD’s relatively poor stock performance contributed to my decision.

CRWD may still be doing great, but there are many other good alternatives out there, such as BILL, AFRM, DOCS, TSLA, and SWAV, etc. SO, I moved on. I may come back any time - will closely watch its next ER.


I have trimmed some of my CRWD position, and it is now equal weighted with my ZS position. I have been thinking about whether to trim more, but saw that they are doing an Investor Product Briefing Tuesday 10/12 at 1 pm. So I’m not selling more until I hear what they are thinking.

I was also interested to see the announcement of the partnership with UiPath (PATH) and hope the event on Tuesday will give more color on that. Here’s that announcement: https://www.uipath.com/newsroom/crowdstrike-uipath-secure-ro….

George Kurtz doesn’t seem like the kind of guy to sit back and passively watch others take market share. So I’m hanging onto my remaining 5% position in CRWD to see what next week’s event looks like.


To me the most worrying was that Crowdstrike doesn’t seem to be riding the tailwind of all the recent headline breaches such as Solarwinds or Colonial Pipeline. I was expecting to see accelerated revenue in the last 3Qs, but instead they were decelerating. What happened to the presumably 10,000 customers Solarwinds deployed Crowdstrike to? Does that mean their sales team is at capacity and can’t keep up with law of large numbers?

SentinelOne now have more money to throw at S&M after going public. They are already price cutting Crowdstrike pre-IPO to gain market share. I don’t see how they will not wage a bigger price war with the new cash.

Every client won by S means one less client for CRWD. This doesn’t mean S is a good investment, as has been discussed on the board many times. But I see it as S shrinking the TAM for cyber security which hurts every company in the field including CRWD

Even though I believe CRWD is superior and will eventually win the field, I decided to trim 70% of my CRWD and move to other companies discussed on the board that are growing as fast, if not faster, and don’t have a major price-cutting competitor in the field.

I am still waiting to see what happens in Q3: in the past 2 years, Q2 has been a slow quarter, so I’m willing to hold on to a smaller position to see if things improve, and trim all of it if it doesn’t.


SentinelOne’s management commented on the price difference between S and CRWD in the last earnings call:

Tal Liani – Bank of America Merrill Lynch – Analyst

Got it. And about pricing, is it – is being cheaper than next-gen competition the strategic goal for you? I mean how do you characterize your pricing versus competition?

Tomer Weingarten – Co-Founder and Chief Executive Officer

Yeah. I don’t think we’re cheaper than the competition. I think if you look at it apples-to-apples, you’ll see that the prices are pretty much similar. I think we take a different approach.
I think we take a much more transparent approach, and we don’t force customers to opt into tiers. We don’t force them to use our service. So all in all, I mean, they can actually choose what they want to procure from us. But again, apples-to-apples, I think you’ll see that prices are very, very similar. I don’t think we’re cheaper by any degree.

Nick Warner – Chief Operating Officer

One thing I would add to that – this is Nick here.From a budget perspective, what we don’t try to do is hijack a customer’s security budget into forcing them to buy reams of services hours to support a nonautomated product. What we’re bringing is automation and machine learning, ease of use, and really we’re democratizing very advanced technology. What that enables customers to do is achieve the outcome we’re driving for them and our prospects and customers, which is protection and prevention. And so, from an apples-to-apples perspective, we’re typically at or higher from a technology perspective, but we enable customers to best put that money to use buying technology and more importantly, really implement that technology fully to get the best protection and visibility on the planet.

Nick Warner made a clear reference to (in their view) CRWD’s inferior product and as a result higher cost to the customer due to more manual involvement. What I understand after comparing S and CRWD for hours is that S is much more automated and can investigate/resolve possible threats within seconds, while CRWD usually will require either a specialist at the customer to investigate or a CRWD specialist (at an additional cost), and it might take hours to investigate. I quote a comparative article between CRWD and S:

CRWD: As already alluded, the brain of CRWD is in the cloud and utilizes EDR to understand the global landscape of threats. The very nature of this cloud-based EDR approach requires the computation of petabytes of data that quickly detects potential threats but also generates large numbers of false alerts. The notion of the false alert volumes necessitates the need for thorough investigation which is why the full response [detection through to removing threat from system] time takes hours instead of seconds. Ultimately, CRWD’s approach is rather labour-intensive but is still way more autonomous than legacy signature-based AV.

S: The brain of S is in a hybrid form that utilizes both end-to-end automation and AI in the front-end EPP and cloud-powered global intelligence in the back-end EDR, and blends the two harmoniously together. The story technique applied in TrueContext ID radically reduces the number of alerts and the manual investigation for the EDR side of operations. So, as aforementioned, for the high majority of threats, this results in full automated response and recovery [system cleanup] within seconds, and results in relatively less manpower requirements [versus CRWD] for the more sophisticated attacks.

The more I look at SentinelOne, the more I start to appreciate the business. I am still investigating but I took a small 4% position. They are growing at 121% (and ARR at 127%) in their last quarter and still relatively small at an EV of 12 billion, offering more upside then CRWD in my opinion. Valuation wise, they are trading at estimated 35 times 2022 revenue after the recent 25% correction which offers good upside compared to peers. Even if the stock price only grows at half the revenue growth rate, we are probably looking at 40-50% annualized returns in the near future.

Couple of additional comments from my end:

  • Gross margin is low at 62%, however looking back to CRWD’s numbers, they had the exact same 62% gross margin in Q1 2019 with revenue of 47.3m, vs. S at 45.8m
  • Non gaap profitability is worse than CRWD at that time. S has negative margin of 98% vs. CRWD’s negative 66% at the time. However management guided in the last investor presentation to long term gross margins of 75-80% and operating margin exceeding 20%. If management’s predictions are reliable and trustworthy, this may indicate similar rate of profitability to CRWD in the future.

My main take away from Zoro’s great cumulative case against Crowdstrike was that it’s not just the threat of SentinelOne (and Palo Alto and others), or any other specific problem that we have to be able to foresee. It’s simply a company that’s had years of hypergrowth but has gotten to the point where its valuation and its deceleration are going to have to fight it out. That typically leads to a stock going sideways, especially when the market cap is over $50b or so. That’s what we’ve seen with Twilio and Docusign in the last 12 months (or more). The fall from grace from hypergrowth to GARP (growth at a reasonable price) can be a more jarring rerating than most folks expect – not that it necessarily comes with a great deal of downside – just a lot of opportunity cost.

At this point it would be fair to ask: Datadog is a $50b company now growing at about the same rate as Crowdstrike. How is it different?

Well, Datadog is accelerating. (To be fair, re-accelerating after the covid blip.) Both of these companies are around 65-70% YoY growth, but their trajectories are opposite. That said, if Datadog’s growth starts decelerating again, its stock will falter as well.

Maybe I’m trying to read the tea leaves too much, but I don’t think so. I think it’s plainly there. And I agree with Zoro that CRWD may still return 30% in the next 12 months, even if nothing changes. I’m willing to hold a small position in hopes that something does change and Crowdstrike manages to grow faster than we now think. But I’m not willing to hold a large position hoping that something I don’t expect, will happen.



For true SaaS companies, I like to look at QoQ to determine acceleration/deceleration. For example, DDOG’s re-acceleration actually started Q4 2020, however, the annual growth percent lagged due to lower trailing quarters. It wasn’t until they lapped the COVID quarter (this past quarter), that it was going to hit the top headline number.

Not counting the COVID quarter, CRWD has been slowly decelerating since Q4 2019. The QoQ growth rates have been 21.6%, 17.11%, (COVID 11.8%), 16.6%, 14.2%, 14.2%, 11.5%. The deceleration from 14 to 11 percent is why I sold some. However, the guidance, with the 4% beat is actually an ACCELERATION, not a DECELERATION from last quarter. With the 4% beat (about the same as both of the last 2 quarters), their QoQ growth rate would be 12.5%. I’ve also taken into account over the past few years that Q2 has been their weakest. For example, 2019 their QoQ growth was 12.5% (60% annualized). They followed that up with 15.7% and 21.6%. 2020 Q2 was the COVID quarter so can’t really put too much focus on it. It followed the same pattern as 2019 though. Will this year do the same? I don’t know. The acceleration and potential re-acceleration or at least stabilization is why I’ve decided to keep it in my portfolio, just not as one of my top three like it had been before.

Further comparing the two, with a modest beat (in their normal range), DDOG will report next quarter around 70% YoY. CRWD will more likely come in around 64%. I do expect that number to shrink though as their last QoQ annualizes to 55% and with a 4% beat, this Q will be around 60%. Their forward looking statements will be very interesting to me and very well will lead to action; whether its buying or selling isn’t yet known.


I’m willing to hold a small position in hopes that something does change and Crowdstrike manages to grow faster than we now think. But I’m not willing to hold a large position hoping that something I don’t expect, will happen.

  • Bear

Hey Bear et al,

If ever something were about to change…

From Crowdstrikes’ Twitter:

In his Fal.Con 2021 keynote, CrowdStrike CEO @George_Kurtz will unveil new products and announce exciting new #cybersecurity solutions. Register for #FalCon21 today to connect with thousands of your cybersecurity peers and discover the future of the industry.

I like risk/reward here. Great company huge tailwinds unlikely to stumble and about to launch new products. Fal.Con (love the name) Oct 12-14. If new products wow…

Just a thought.



“Ironically, everybody was talking about how CRWD was eating PWAN’s lunch a couple of years ago. That told me that PAWN is quickly catching up and CRWD may face a giant enemy.”

I’m not here to question your decision to leave CRWD, just to call attention that CRWD and PAWN are NOT competitors. One secures endpoints, the other secures network and application access.


Also, the reason PANW is doing so well is that they deal with legacy systems. They are not exclusively a cloud-based company. So they are basically the company stragglers go to. And that strategy can’t continue indefinitely.


So they are basically the company stragglers go to.

That may be so but I have wondered if it is also the large companies and government entities that use System Integrators (“SI”) as their key IT resources who use PANW.
This to me, explains why a company that has a large portion of hardware sales to cloud offerings can compete with cloud companies.

The SI has earned the confidence and trust of their customers so, with complex systems, company executives are reluctant to change course due to damaging their credibility within the company.

Apologies to Saul and board for CloudL post sent earlier. that message was supposed to e-mail reply to Author.


Could one of this board’s IT experts who follows cyber-security maybe address whether $CRWD might/might not benefit from tigthening up cyber-security for Syniverse after their under the radar announcment about their recent 5-year long (and recently discovered) SMS hack of everyone’s texts on cellphones?

What, you haven’t heard about this hack? Syniverse, (and by extension $T, $VZ, $TMUS, etc,) the provider of texting software for hundreds of major cellphone network provider, would like this to not be front page news.

It would seem to me one of our cyber-security firms, or several, might benefit going forward. I’m surprised no one on the Saul board caught this earlier in the week. (I just did a quick look back and didn’t see the news.)


Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years. Syniverse and carriers have not said whether the hacker had access to customers’ text messages.

A filing with the Securities and Exchange Commission last week said that “in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization. Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals.”

Syniverse said that its “investigation revealed that the unauthorized access began in May 2016” and “that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (‘EDT’) environment was compromised for approximately 235 of its customers.”

p.s. To give you an idea of just how big 5-years of un-noticed hacking of text messages could be, here is one more of the paragraphs from this article which will open your eyes:

“Syniverse says its intercarrier messaging service processes over 740 billion messages each year for over 300 mobile operators worldwide. Though Syniverse likely isn’t a familiar name to most cell phone users, the company plays a key role in ensuring that text messages get to their destination.”

p.p.s. Can you imagine what all the intelligence outfits across the planet can do with “sexting” photos from prominent people? How easy it would be to compromise a nation’s security? We’re not talking just one golden shower here.

Thus, the question to our IT brains on this board: Do any of our cyber-security stocks have in-roads to providing some kind of security going forward to Syniverse? Anyone?


“What, you haven’t heard about this hack?.. It would seem to me one of our cyber-security firms, or several, might benefit going forward.”

PerigrineTrader, I hadn’t heard about this. But, thanks in a large part to Saul and the board, I’ve learned to pay close attention to companies I invest in, so, I did listen to Crowdstrike’s Earnings call (Aug 31st) and remembered this:

from Kurtz’s opening… “We are also excited to announce a new strategic alliance with Verizon. Through this collaboration, the CrowdStrike Falcon platform will be positioned as part of Verizon’s business security portfolio to provide comprehensive endpoint and workload protection that spans prevention, detection and response capabilities. Verizon Business will be able to manage CrowdStrike through their managed detection and response and CRM services. And we are thrilled to team up with them to help joint customers stop breaches and reduce cyber-risk.”




Very good catch, Brian. Here’s another thought:

If you read my link about Syniverse, these guys are ready to IPO. Now as a private company they did not have to disclose the hack which had been going on for five-years.

But with the new guard dogs inside the SEC finally showing some teeth, you cannot withold material information from investors such as this. Which leads me to wonder if Verizon will mention this hack on their next Earnings call on October 20th?

Verizon’s last earnings call was 21 JUL 21. Between then and maybe the August announcement of Kurtz telling us $VZ is now part of our business going forward, I could see where inside knowledge about Syniverse and their upcoming IPO may have alarmed $VZ greatly.

Look forward to this $VZ upcoming earnings call. Let’s see how the $VZ CEO discusses this hack, and he really better discuss it with the SEC cracking down on firms not discussing material information like this. If the $VZ CEO plays this smartly, he might explain how the firm is beefing up cyber-security on its end, and if he’s even smarter, he’ll name firms such as $CRWD who are brought on board to help defeat future hacks.

To be clear, it was Syniverse which was hacked. Every text through their system was made available to hackers for the past five-years.

But if $VZ can now add a layer of protection on its end which would supersede Syniverse’s bumbling of sending and receiving the messages before passing them through carriers, maybe this could be a big win for $CRWD in 12 days.

This is just spitballing and a wide angle look at the puzzle pieces not yet connected. But now, I’m actually looking forward to the October 20 call with $VZ, a firm I have no interest in until you just reminded me to go back and check the $VZ timeline of earnings vs. the acknowledgement of the Syniverse hack just this week.