To The Moon

The Cybersecurity Vendor That Quietly Became an Operating System

There is a strange irony surrounding CrowdStrike Holdings, Inc.. Despite becoming one of the most dominant software platforms in enterprise security, many investors still discuss it as though it merely sells antivirus software with better marketing and cooler conference booths.

That framing now looks wildly outdated.

What I increasingly see is a company evolving into the operating layer for modern cybersecurity operations — a position that tends to create frighteningly durable economics. Once enterprises centralise endpoint security, identity protection, cloud workload monitoring, threat intelligence, SIEM, and incident response into a single architecture, the cost of ripping it out becomes about as appealing as replacing a jet engine mid-flight.

The numbers suggest this transition is accelerating rather than maturing.

CrowdStrike ended the fiscal year with $5.25 billion in ARR, becoming the first pure-play cybersecurity software company to cross that threshold. Even more telling, full-year net new ARR exceeded $1 billion for the first time. That is not the profile of a company running out of runway. It is the profile of a platform deepening its gravity.

And gravity, in software, is wonderfully profitable.

The platform is becoming harder to escape than gravity itself

The Module Addiction Investors Underestimate

The market keeps rewarding execution faster than sceptics expected

The most important statistic in CrowdStrike’s story may not be revenue growth at all.

It is module adoption.

Around 60% of customers generating more than $100,000 in ARR now use eight or more modules across the Falcon platform. That matters because each additional module increases switching costs, improves data visibility, and expands CrowdStrike’s role inside enterprise infrastructure.

This creates a compounding flywheel.

More modules drive higher average revenue per customer. Higher platform integration improves retention. Better retention supports larger enterprise deals. Larger deals create richer telemetry datasets, which in turn improve the AI models powering detection and automation.

That loop becomes very difficult for competitors to disrupt.

An underappreciated angle here is that cybersecurity budgets are increasingly being consolidated rather than expanded. Chief information security officers are tired of managing sprawling 'Frankenstein stacks' stitched together from dozens of vendors after years of panic-buying point solutions. CrowdStrike benefits directly from this fatigue.

Ironically, the cybersecurity industry may have created its own consolidation opportunity through excessive fragmentation.

AI Is Not a Slide Deck Here

The software sector currently resembles an AI-themed talent show. Everyone insists they are revolutionary, most are merely rehearsing PowerPoint choreography, and investors are left trying to distinguish substance from theatre.

CrowdStrike stands out because the AI economics are already visible in the financials.

Non-GAAP gross margin reached a record 79%, while subscription gross margin climbed to 81%, helped by ongoing cloud optimisation and platform efficiency gains. Most companies discussing AI today are watching costs rise. CrowdStrike is watching margins expand.

That difference matters enormously.

The company’s NextGen SIEM business surpassed $585 million in ARR, growing more than 75%. Customers reportedly achieve query performance improvements of up to 80%, which may sound technical until one remembers that speed matters immensely during cyber incidents. When ransomware actors are moving laterally across networks, nobody wants their security software pondering existential philosophy before returning search results.

Charlotte AI and CrowdStrike’s machine learning infrastructure appear increasingly central to operational efficiency rather than superficial product decoration. Operationally, Charlotte AI functions as an automated security analyst inside the Falcon platform, helping customers investigate threats, prioritise alerts, generate incident summaries, and reduce the manual workload that normally overwhelms cybersecurity teams.

This is an important distinction investors sometimes miss. AI becomes economically powerful when it reduces labour intensity, improves automation, and lowers customer response times simultaneously.

CrowdStrike appears to be reaching that point.

One insight I suspect the market still underestimates is the data advantage embedded within Falcon’s architecture. Security AI improves with telemetry scale, and telemetry scale improves with customer consolidation. That creates a feedback moat similar to what large cloud providers achieved in infrastructure optimisation years ago.

In other words, the biggest platform may not simply win more customers — it may become structurally better at security itself.

Valuation: Expensive or Exceptionally Engineered?

Now for the uncomfortable bit.

CrowdStrike is not remotely cheap.

The company trades at roughly 27 times sales and more than 100 times forward earnings. Traditional valuation screens react to those multiples the way cats react to cucumbers.

Yet I think simplistic 'too expensive' arguments miss the architecture underpinning the long-term model.

Management’s stated FY2036 ambition is $20 billion in ending ARR — roughly four times today’s base. Ordinarily, such long-range targets deserve healthy scepticism because corporate forecasts beyond three years often resemble weather predictions written by poets.

However, CrowdStrike’s margin framework gives the target more credibility than many high-growth software narratives.

What makes CrowdStrike’s long-range model more credible than many software forecasts is that the operating leverage is already visible today. Subscription gross margins have climbed to 81%, operating margins have steadily expanded, and free cash flow has scaled to roughly $1.6 billion even while the company continues investing aggressively in platform expansion. This is not a business promising future efficiency after growth slows; it is already demonstrating efficiency while still growing revenue above 20%.

Premium multiples survive surprisingly long when execution keeps accelerating

The company believes it can ultimately achieve subscription gross margins between 82% and 85%, operating margins of 28% to 32%, and free cash flow margins of 34% to 38%.

Those are extraordinary numbers if execution holds.

Importantly, CrowdStrike already generates substantial levered free cash flow despite reporting modest GAAP losses. That disconnect confuses some investors, but much of it stems from stock-based compensation and aggressive reinvestment. From a cash-generation perspective, the engine is already functioning impressively well.

The balance sheet also remains remarkably healthy. CrowdStrike holds over $5.2 billion in cash against roughly $820 million in debt, giving management considerable strategic flexibility.

This matters more than people realise because cybersecurity remains one of the few enterprise software categories where spending priorities stay relatively resilient even during economic slowdowns. Boards may delay software upgrades elsewhere, but they rarely announce, 'Perhaps we should become slightly more vulnerable to nation-state hackers this quarter.'

The Competitive Battlefield Is Narrowing

Competition remains fierce, but the nature of that competition is changing.

$Microsoft(MSFT)$ remains the largest existential threat due to its bundling power, immense distribution reach, and growing security capabilities. Many enterprises already pay Microsoft enormous licensing fees, making integrated security offerings financially attractive.

Meanwhile, $Palo Alto Networks(PANW)$. is pursuing its own platform consolidation strategy, aggressively integrating cloud, network, and AI-driven security offerings. $SentinelOne, Inc(S)$. continues competing heavily in endpoint protection, particularly around autonomous response technology.

Yet $CrowdStrike Holdings, Inc.(CRWD)$ increasingly looks differentiated in two critical ways.

First, its cloud-native architecture remains cleaner and more scalable than many legacy competitors still modernising older systems. Second, Falcon’s module expansion strategy appears exceptionally effective at turning individual product wins into broad enterprise standardisation.

What gives CrowdStrike an edge is not simply product breadth but data proximity. Every additional module deployed inside Falcon expands the company’s visibility across endpoints, identities, cloud workloads, and user behaviour. That telemetry improves detection accuracy, strengthens automation models, and increases the operational value of the entire platform. Competitors can replicate individual products; replicating the behavioural dataset generated across millions of interconnected events is considerably harder.

Verdict: A Security Company Wearing an Infrastructure Multiple

CrowdStrike is no longer simply selling protection software. It is building a deeply embedded enterprise operating layer with increasingly powerful economic characteristics.

The combination of platform consolidation, AI-driven operational leverage, and expanding margins creates a rare setup where growth and profitability are reinforcing each other rather than competing for oxygen.

Yes, valuation risk is real. A premium multiple leaves little room for execution stumbles, macro shocks, or growth deceleration. The stock’s extraordinary rally over recent years means expectations already sit somewhere near the stratosphere.

But I also think many investors underestimate how rare it is to find a software company simultaneously achieving scale, expanding margins, accelerating platform adoption, and substantial free cash flow generation.

Infrastructure rarely looks exciting—until everything depends on it

CrowdStrike increasingly resembles infrastructure disguised as software.

And infrastructure businesses, once deeply embedded, tend to compound for a very long time indeed.

@TigerStars @Daily_Discussion @Tiger_comments @Tiger_SG @Tiger_Earnings @TigerClub @TigerWire