CrowdStrike Holdings, Inc. (CRWD) Q1 2025 Earnings Call Transcript
Published at 2024-06-04 20:41:05
Good day, everyone, and thank you for standing by. Welcome to CrowdStrike Fiscal First Quarter 2025 Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand it over to the Vice President of Investor Relations, Maria Riley. Please go ahead.
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the second quarter and fiscal year 2025 and any assumptions for fiscal periods beyond that, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled risk factors in the company's quarterly and annual report. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George. Thank you.
Thank you, Maria, and thank you all for joining us for our first earnings call of fiscal year 2025. We started the year from a position of momentum and exceptional strength, outperforming our guided metrics. Our AI native platform wins at scale, every geography, every market segment and every solution area. CrowdStrike delivered a record Q1, record Q1 net new ARR of $212 million, growing 22% year-over-year. Record ending ARR of $3.65 billion, growing 33% year-over-year. Record subscription gross margin of 80% and record free cash flow of $322 million, reaching 35% of revenue and a free cash flow Rule of 68, making us the only cybersecurity vendor of scale delivering this level of growth and profitability. We achieved all of these records while closely managing every P&L line, delivering significant year-over-year operating leverage and our fifth consecutive quarter of GAAP profitability. Even as we continue investing in growth, we're adding sales capacity, investing in our market leading brand, and accelerating innovation while firmly on the path to $10 billion in ending ARR. The foundational theme underpinning CrowdStrike's result is the power of the Falcon platform to consolidate cybersecurity at scale. This is coupled with the market's unequivocal desire for a single AI powered software platform consolidator. We're landing with more modules than ever before. The number of deals involving cloud, Identity or Falcon Next-Gen SIEM modules more than doubled year-over-year and we're closing some of our largest deals ever. We're consistently hearing that customers want to partner with us as they consolidate, standardizing their cybersecurity future on the Falcon platform and investing their trust in CrowdStrike as cybersecurity's North Star. Let me explain why. We built the right architecture from the start, the industry's lightest weight, easiest to install sensor, embedded with AI, no system reboot required, a single AI native platform console, not disparate stitched together or siloed multi platforms. Our architecture built from the start with what I refer to as gold plated plumbing allows the Falcon platform to gracefully land, retrieve data once and then flight, infinite security, IT, data and compliance capabilities without any friction. This is the definition of a true platform and our platform strategy from Inception continues to deliver the results. Deals with eight plus modules grew 95% year-over-year. Our 28 modules are best-in-class on a standalone basis as rated by applicable leading industry analysts. Yet combined and natively built into the single Falcon platform, our solution modules work even better together, unlocking customer value characteristics of a virtuous flywheel. The sum of platform adoption is even greater than the individual parts. The Falcon platform's differentiated architecture creates a technological competitive moat around our ability to be cybersecurity's premier platform consolidator. This is something you can acquire or fix later. You must build it right from the start. Our platform architecture delivers the following unique customer outcomes. Through consolidation, the Falcon platform delivers faster and more effective cybersecurity than ever before, our AI native platform is consistently evolving to close the gap between detection and response, compressing alert to resolution time scales from days and hours to seconds in real-time. And now with Charlotte AI, customers are experiencing more platform utility at faster speeds, shrinking hours of their security work days into minutes. Threat hunting is supercharged, response and remediation are revolutionized. The AI powered SOC is no longer a vision, it's a reality. We stand out in our ability to secure diverse attack surfaces with the industry's highest protection levels, expanding cloud, data, device, identity, third-party sources and beyond, natively alerting in one place and automatically responding across the platform at machine speed. There's no console, hide and go seek, no separate platforms with their own UI languages, no multi-agent bloat and no stitched data silos. Through consolidation, the Falcon platform delivers extreme cost savings. The more modules customers adopt, the more cost savings they realize. The Falcon platform consolidates point and pseudo platform vendors across point cloud security fragments like CWP, CSPM, ASPM, DSPM and CIEM products, Identity protection, SIEM, Threat Intel Feeds, data protection and DLP, vulnerability management, attack service management, compliance, endpoint management suites and legacy AV and Next-Gen AV and EDR. As an industry, organizations are buying many promises, unfortunately, they are left with wasteful shelf wear, point product learning curves, and features that failed to deliver end-to-end outcomes. The longtime cybersecurity outage of defense and depth has led to a new phenomenon, expense and depth, consolidating on the Falcon platform reverses the ever increasing cost curve. A recent IDC report quantifies CrowdStrike's extreme cost savings. For every $1 invested in Falcon Solutions, our customers recognized $6 of cost savings. Our customers came to us asking for new ways to adopt the Falcon platform even faster. Instead of acquiring Falcon module by module, we developed the Falcon Flex subscription model. Falcon Flex customers enjoy the best prices for the products they want today and tomorrow, while eliminating procurement and legal cycles from module use. The outcome for CrowdStrike is even broader platform adoption. Unlike vendors who pedal wasteful ELAs, our customers utilize what they purchase because when you buy what you want and need, when you want and need it, utilization is natural. We're not reclassifying, recounting, or repositioning existing business to concoct perceived platform value. When a platform delivers real value, you don't have to give it away. In the three quarters, since we've built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $500 million in deal value, growing our share of customer wallet while consolidating and simplifying their security. Applying IDC's analysis would imply Falcon Flex has assisted customers in saving more than $3 billion that would have been spent on other products. Now that's extreme cost savings and indicative of the platform momentum we are seeing with new and existing customers. Through consolidation, the Falcon platform delivers innovation to solve tomorrow's cybersecurity as well as broader IT and data problems. Our position as cybersecurity's consolidation platform keeps CrowdStrike innovating to lead the industry forward. This focus has allowed us to ship game changing products at rapid pace. Within months of our Bionic acquisition, we fully integrated ASPM into our Falcon Cloud Security suite. Over the past few months, we brought our LogScale next-gen SIEM into the console of all of our customers, feeding their utilization of Falcon to replace legacy SIEMs. And more recently, following yet another major Microsoft reach and CISA, Cyber Safety Review Board's findings, we received an outpouring of requests from the market for help. We decided enough is enough. There's a widespread crisis of confidence among security and IT teams within the Microsoft security customer base. At the request of organizations saddled with Microsoft E5 licensing, we delivered Falcon for Defender, a platform on-ramp to help organizations of all sizes start utilizing Falcon to secure their Microsoft Defender usage. Falcon for Defender is delivered via the CrowdStrike sensor encompassing our industry leading OverWatch threat hunting services as well as mission critical reporting to help security teams do their job. With Falcon for Defender organizations using Microsoft now have what we call Vsquared. Validation and Verification, a missing third-party protection layer for their security programs. And with our sensor already deployed on customer systems, we're dropping anchor on the beachfront real estate to not only transform cybersecurity but also stop breaches. Feedback has been overwhelmingly positive. CISOs now have the ability to reduce monoculture risk from only using Microsoft products and cloud services. Our innovation continues at break-neck pace, multiplying the reasons for the market to consolidate on Falcon. Thousands of organizations are consolidating on the Falcon platform, there are a few that stood out from the quarter. A seven figure deal in a Fortune-100 healthcare company who was using Microsoft and experienced a breach. Our industry leading IR team deployed more than 46,000 sensors in days stopping the adversary, restarting business, and importantly keeping this business out of promotional vendor fanfare. This customer immediately adopted Falcon Complete, Identity, Falcon Cloud Security, LogScale next-gen SIEM, and Charlotte AI. In addition to removing Microsoft security products, they were able to move off their vulnerability management vendor and their legacy SIEM too. The consolidation outcome, 75% reduction in agent footprint by consolidating to our single agent and a 700% improvement in mean time to detect and respond, taking average alert triage times from four-plus hours down to minutes. We stopped the breach, displacing more than three vendors along the way and now this customer experiences not only lower TCO but also cybersecurity outcomes they hadn't thought possible. A seven figure deal in a large Middle Eastern power and utilities provider that experienced many incidents using a regional point product endpoint vendor. These incidents were each preventable with the Falcon platform's AI defenses. Standardizing the Falcon platform, this customer adopted CrowdStrike for Endpoint, identity, cloud, and next-gen SIEM, consolidating five security vendors down to just one in a few short months during the deal cycle. Lastly, our focus on solving cybersecurity and IT use cases inspired a multinational services customer headquartered in Japan to consolidate on CrowdStrike in a seven figure expansion deal. Acquiring four additional modules, they successfully eliminated Tanium, a legacy AV vendor and a vulnerability management provider. This deal illustrates existing customers taking the opportunity to further consolidate on Falcon beyond just security. We have the platform, data gravity, and trust to make consolidation turnkey for security and IT teams alike. These deals highlight the tempo and scale of Falcon consolidation. It's not on a PowerPoint slide, it's inside a single console with a single sensor and delivered on a single platform. What we see are prospects and customers using consolidation as an opportunity to transform creating expense and depth for cybersecurity that's better, faster, and more cost effective. Consolidation isn't just a phenomenon happening with end customers, it's also a priority, embraced and prioritized by our partners too. In our MSSP business, one of our fastest growing segments, partners are coming to us to migrate their customers off legacy and substandard point products as well as multi-platform vendors. In a large seven figure deal eSentire, an industry leading MSSP selected the Falcon platform to migrate hundreds of Carbon Black customers in mass, representing an exodus of nearly 0.5 million endpoints. This is a prime example of an industry leading MDR that developed their own award-winning services on the Falcon platform, consolidating on CrowdStrike. And our expanded partnership with Mandiant and Google Cloud announced at the RSA conference, Mandiant is migrating its Mandiant-managed defense MDR customers to the Falcon platform. Recognizing our market leadership and the need to deliver services on the best technology platform, CrowdStrike is the natural choice to migrate their customers off legacy AV and other point products. And in our channel ecosystem at large, we're seeing partners deprioritizing other vendors on their line cards to consolidate their time, headcount, and go-to-market focus on CrowdStrike. Our top 50 partners in every geo are growing and telling us they're doing less and less with other vendors, instead increasing their focus and business results on Falcon. Partners are a key driver of market consolidation, both representing our technology to their end-customers and also consolidating their efforts away from anecdotal declining point feature vendors. The power to consolidate on a single platform requires having the right technologies at the right time delivered on the right platform. Our investments in hyper growth solution businesses continue to deliver market leading capabilities and record results. Here's our Q1 color on cloud security, identity protection and LogScale next-gen SIEM as well as several platform innovation areas. Cloud utilization is reaching unprecedented highs. This is largely driven by the AI revolution of the past few quarters. Today, every company is or is quickly becoming an AI company. Every CISO, CIO, and Board member I speak with is experimenting with using AI in new ways. We all know that AI is transformative and this transformation is happening in public and private clouds. The cloud is foundational technology for building AI models, operationalizing AI and integrating AI into existing technologies. The only way to safely harness the transformative nature of AI is through best-in-class security that operates at the speed and scale of AI built natively with AI with CrowdStrike. As hyperscalers print remarkable results as NVIDIA continues to amaze and as AI hardware spend reaches gold rush levels, estimated to be north of $60 billion in the last 12 months, CrowdStrike is at the epicenter of securing the workloads driving the AI revolution. We're the next conversation. Jensen Huang, Founder and CEO of NVIDIA recently validated this by stating in our Q1 partnership announcement that, quote, Pairing NVIDIA accelerated computing and generative AI with CrowdStrike cybersecurity can give enterprises unprecedented visibility into threats to help them better protect their businesses. End quote. And this is why industry leaders across every vertical, including the Gen-AI companies themselves are choosing Falcon Cloud Security to secure their heterogeneous cloud environments consolidating multiple point products on the Falcon platform. Here's a lighthouse example. One of the world's leading hyperscalers grew their adoption of the Falcon platform, standardizing on the Falcon cloud security in an eight figure deal. In a public press release, this customer and partner extolled the unified nature of our security platform and their ability to consolidate multiple cloud security point products on Falcon Cloud Security. Our joint go-to-market partnership has evolved to focus on Falcon Cloud security where CrowdStrike rises above other vendors to enable secure cloud consumption. Driving our cloud security customer wins is the market embracing our runtime centric cloud detection and response vision that focuses on real time cloud visibility and protection. Offering features like cloud attack path analysis, API based side scanning, and most recently integrated ASPM and CDR sets us apart as the only solution on the market that spans code to application to the infrastructure on which everything runs. Our latest acquisition of Flow furthers our competitive moat, adding in the industry's only runtime DSPM securing data both at rest and in motion. Falcon Cloud Security has surpassed a garden of unicorns, decacorns, and legacy vendors as one of the largest cloud security businesses in the market. As of Q1, Falcon has been selected by 62 of the Fortune 100 as their cloud security provider of choice. CrowdStrike pioneered the creation of the identity detection and response category. Our identity protection module continues to be the only single agent solution on the market, giving us a major competitive advantage. Our active directory expertise has evolved to now support increasingly popular cloud identity solutions such as Microsoft Entra ID, formerly known as Azure AD, giving us the ability to support diverse customers wherever their identities reside. Our sustained focus on identity protection continues to pay dividends, not only winning deals, but also with industry analysts where CrowdStrike was named the overall leader in KuppingerCole's inaugural ITDR Compass. A key customer win from the quarter includes, a seven-figure deal with a large healthcare provider who was stuck in a Broadcom contract and increasingly being pushed towards a multi-platform hardware provider's password products. Our identity threat protection module was a game changer for this customer, deploying us to more than 100,000 devices and allowing us to replace these other two vendors. Identity protection led to an 85% better meantime to respond for identity based attacks and motivated this customer's significant cyber transformation. One of the solution areas I'm most excited about is our LogScale next-gen SIEM business. There's certainly no shortage of market activity in the SIEM space where consolidation is a foot with M&A activity impacting Splunk and more recently Exabeam and QRadar, more happened in the SIEM market over the past few months than in decades. In the wake of this consolidation, the demand environment is ripe. Each of these consolidation moves creates immediate opportunity zones. Organizations are iconoclastically questioning their legacy SIEM choices and looking for new, better and more cost effective ways to run their SOC in the AI era. With CrowdStrike representing more than 80% of the data going into today's SIEMs, we are naturally placed to disrupt, consolidate and chart the future of the SIEM market. This is because our LogScale next-gen SIEM is already natively in the Falcon platform, already ingesting, visualizing and actioning all first party CrowdStrike data for all of our customers. While other vendors must buy their way into this market acquiring legacy technology, our flag is already firmly planted and flying. Our goal is to win the hearts and minds of customers through superior technology and outcomes, not ELAs, forced migrations, and traps. Here's why we're winning. We have the right technology. Our next-gen SIEM immediately solves one of the biggest and most costly SIEM challenges, ingestion of data. CrowdStrike data natively resides in the platform requiring zero transportation costs, zero storage cost, and zero configuration. We have also made it easy to ingest data from third-party sources. Once the data is in the platform, users benefit from our head-turning incident workbench, providing curated alert visualization, delivering on the promises of XDR like never seen before. Our next-gen SIEM is created for security users by security users, making running a cybersecurity program easier and more data driven. And coupled with Charlotte AI going from an idea to action, context to conquest, and of course, detection to response is supercharged for the AI era. At our recent partner symposium in Asia and Europe, we received standing ovations with viewers commenting that next-gen SIEM is our biggest industry-changing innovation. We have the content, with over 500 integrations, we welcome data from all sources to call the Falcon platform home. While many competitors are closed and complicated in what data they ingest, we are open, the melting pot of cyber and IT data. Our ecosystem is a proxy for the cybersecurity market at large. For years, we've collaborated closely with ISVs of all kinds from startups and innovators in our Falcon Fund portfolio to industry stalwarts across cybersecurity and the broader IT market. With hundreds of native vendor specific connectors as well as a generic log ingester, bringing data into next-gen SIEM is easier and faster than ever before. And once the data is in, cybersecurity experiences are enriched with the Falcon platform illustrating alert specific, attack surface specific and campaign specific events coupled with automated response through Fusion SOAR playbooks and Charlotte AI actions. To date, Fusion SOAR is used by 47% of our top 5,000 customers who have created more than 135,000 custom workflows, processing more than 155 billion signals weekly to automate actions across the Falcon platform and third-party products. We have the right services, helping organizations move into their next-gen SIEM is a partner-led opportunity. Today's SIEMs were installed, configured, and oftentimes managed by partners. Partners see where the puck is going and have approached CrowdStrike to build their next-gen SIEM practices. These practices span data governance, data movement, dashboard configuration, and automation response creation as well as managed SIEM services, system integrators like Deloitte, EY, HCL Tech as well as SIEM specific partners like Net Builder are leading the movement with CrowdStrike as their next-gen SIEM platform of choice. Here's an example of a noteworthy customer win. The Global 2,000 manufacturing and machine system conglomerate with more than 100,000 employees left Splunk for LogScale next-gen SIEM in an eight-figure deal. Together with Accenture, we were able to successfully and swiftly migrate numerous data sources as well as ongoing SIEM management to the Falcon platform, delivering the outcome of consolidation, cost-savings as well as longer data retention, and faster alert response times. We have the technology platform, the content, the partners, the customers and the native data gravity to transform the SIEM market. And it's happening right now. Outside of our cloud, identity, and next-gen SIEM hyper growth businesses, new platform innovation areas are quickly taking flight. Demand for each of these products is exceeding our expectations, driven by both the innovative nature of our technology, but also secular consolidation market factors and frustration with legacy incumbents. First, data protection. Frustration with legacy DLP remains at a fever pitch where logging into these products is akin to taking a time machine back to the 90s. In a little more than a quarter, we've sold our data protection module to several hundred customers, many of which are Fortune 1000 accounts, delivering results indicative of a hyper growth startup. We win because we scratched the consolidation itch, delivering the compliance necessities without anything new to deploy and manage. Data protection coupled with Flow's DSPM are important components of our ability to natively secure AI as well. And with data becoming increasingly important for AI model development, customers want more than back in the disaster recovery for the data. Data protection is laying the groundwork for another multibillion adjacent Falcon market. Next Falcon for IT, the desire to move away from endpoint management point products is pronounced and exceeding our expectations. Organizations are looking to Falcon to deliver enterprise search, patching, deployment, device health and more, all from the same sensor. It's a very logical add on and our pipeline is already in the eight figures since shifting this module a little more than a quarter ago. And lastly, Charlotte AI, every CISO is eager to see their employees become more productive. Every CISO wants their cybersecurity to be faster. The productivity gains are real and the benefits of making cybersecurity easier conversational and instant multiply the cybersecurity outcomes the Falcon platform creates. While still early, our POV close rate is close to 90%, reflecting excitement for Charlotte AI. Despite each of these solutions areas being young in the Falcon Nest, the feedback from prospects, customers, and partners show us we're on the right path for these technologies to be meaningful growth drivers and competitive differentiators. CrowdStrike's innovation engine is just another reason why customers have confidence in Falcon as cybersecurity's platform consolidator for today and tomorrow. In closing, I'm excited about the consolidation CrowdStrike is driving in the market, the business results we're delivering, and most importantly, the Falcon platform's societal impact of stopping breaches. Over the past 12 months, our industry leading incident responders in our partner network used Falcon to respond to thousands of breaches, cementing CrowdStrike as the industry's incident response authority. These engagements often convert to net new Falcon customers. Delivering a Q1 like the one we're announcing today is a strong reflection not only of the technological superiority of the Falcon platform, but also of the passion, the tenacity, and the mission focused from the very best team in cybersecurity. While the talent war is ongoing, CrowdStrike remains a career destination. Many vendors take great pride in best place to work designations. I'd like to point to a figure that dimensionalizes CrowdStrike as cybersecurity's very best place to work. Over the past five quarters, we received more than 687,000 applications from individuals who want to work for CrowdStrike. These professionals decided that CrowdStrike would be the ideal venue to build a career. In hiring low-single-digit thousands of these individuals, our acceptance rate is low, a lower acceptance rate than to every Ivy League institution. It's figures like this one that send a clear message to me, to CrowdStrike, to customers, to partners, to prospects, to the cybersecurity community, and to the market at large. The very best talent builds the very best cybersecurity, and we have ample runway ahead of us to revolutionize, innovate, and, of course, consolidate this year and well into the future. I'll now turn the call over to Burt for our financial updates. Thank you.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Additionally, the results we are reporting today include the acquisition of Flow Security, which closed during the quarter and was de minimis to revenue and ARR. CrowdStrike delivered an exceptional start to the fiscal year, driven by strong execution and increased platform adoption as customers prioritize their cybersecurity budgets around consolidation on the Falcon platform, driving bigger deals and increased wallet share. We have demonstrated a consistent track-record of execution, profitably scaling the business to new heights. In Q1, we achieved net new ARR of $212 million, up 22% year-over-year, bringing ending ARR to $3.65 billion, up 33% over last year. Demand in the quarter was broad-based across the platform. Our strong win rates remain consistent with the prior quarter and we built a record Q2 pipeline. As George discussed, the Falcon platform's unique ability to consolidate multiple vendors along with the early success of our Falcon Flex program drove bigger consolidation deals in the quarter. Customers are embracing CrowdStrike's platform strategy more than ever as evidenced by the number of deals with eight or more modules, which grew 95% over Q1 of last year. Subscription customers with five, six and seven or more modules grew to 65%, 44% and 28% of subscription customers respectively and the number of deals involving cloud, identity or Falcon next-gen SIEM modules more than doubled year-over-year. Additionally, our dollar based gross and net retention rates were consistent with our expectations as we are executing well across landing, retaining and expanding with our customers. Moving to the P&L, total revenue grew 33% over Q1 of last year to reach $921.0 million. Subscription revenue growth accelerated to 34% over Q1 of last year to reach $872.2 million. Professional services revenue was $48.9 million, representing 18% year-over-year growth. The geographic mix of first quarter revenue consisted of approximately 68% from the US and 32% from international geographies. Record total gross margin of 78% increased by 26 basis points year-over-year. Record subscription gross margin of 80% increased 32 basis points over the prior year, driven by investments in data center and workload optimization and a consistent pricing environment. Total non-GAAP operating expenses in the first quarter were $522.5 million or 57% of revenue compared to 61% of revenue in the prior year. As planned, in Q1, we increased our pace of hiring, growing total headcount by 15% year-over-year as we invest in scaling the business to $10 billion in ending ARR and capture the massive opportunities ahead of us. In the first-quarter, non-GAAP operating income grew 72% year-over-year to reach $198.7 million and operating margin increased by five percentage points year-over-year to reach 22%. We once again delivered GAAP profitability, which grew to $42.8 million, up significantly over Q1 of last year. Non-GAAP net income attributable to CrowdStrike grew to $231.7 million or $0.93 on a diluted per share basis. Cash and cash equivalents grew to a record $3.70 billion and free cash flow grew 42% over Q1 of last year to reach a record $322.5 million or 35% of revenue, increasing to achieve a Rule of 68 on a free cash flow basis. Before I move to our outlook, I'd like to provide a few modeling notes. First, we are encouraged by the momentum we see across the business and pleased by our strong execution to start the fiscal year. While the macro environment remains challenging, the unique capabilities and data gravity of the Falcon platform, coupled with our Falcon Flex program are driving larger platform deal sizes, consistently strong win rates, and record levels of pipeline for the year. With that in mind, we continue to maintain a consistent and prudent approach to our outlook and assumptions amid a macro-environment that remains challenging. While we do not specifically guide to net new ARR, our net new ARR year-over-year growth assumptions for the second quarter of the fiscal year are at least double-digits, up to the low-teens. And second, we are maintaining our free cash flow margin target of 31% to 33% of revenue for the full fiscal year 2025 and expect Q1 to Q2 seasonality similar to last year. Moving to our outlook. For the second quarter of FY'25, we expect total revenue to be in the range of $958.3 million to $961.2 million, reflecting a year-over-year growth rate of 31%. We expect non-GAAP income from operations to be in the range of $208.3 million to $210.5 million and non-GAAP net income attributable to CrowdStrike to be in the range of $245.7 million to $247.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.98 to $0.99, utilizing a weighted average share count of approximately 250 million shares on a diluted basis. We are raising our guidance for the full fiscal year 2025. We currently expect total revenue to be in the range of $3,976.3 million to $4,010.7 million, reflecting a growth rate of 30% to 31% over the prior fiscal year. Non-GAAP income from operations is expected to be between $890.1 million and $916.5 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $985.6 million and $1,012 million. Utilizing approximately 251 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.93 to $4.03. George and I will now take your questions.
Thank you. [Operator Instructions] And our first question comes from the line of Andrew Nowinski with Wells Fargo. Please proceed.
Okay, thank you, and congrats on another amazing quarter, particularly in a tough environment where every single one of your peers has put up pretty mediocre results this quarter. So you have so many interesting things going on with cloud and identity and SIEM, but I'll have my question. We'll stay focused on the SIEM offering, which I think you've done a really nice job building out. It clearly has a lot of advantages over the legacy vendors like Splunk and QRadar. And now it seems like the SIEM market in general has been revitalized. So I'm wondering how are you thinking about the opportunity with your SIEM solution going forward? And what are the -- what are you seeing in terms of Splunk and QRadar displacements, which are obviously some of the largest potential shared owners? Thanks.
Thanks, Andy. So when we look at this market, as I've said in my prepared remarks, we've seen more movement in the last year than 10 years. And I think a lot of the various factors in play in the market, M&A and various partnerships and the like have really contributed to a broad interest and adoption of our technology. If you look at what we've done and what we've talked about for some period of time 80%, 85% of the data that goes into a SIEM comes from the endpoints themselves. So having this type of capability natively built into our platform now gives us data gravity. And we've got all of our customers enabled for next-gen SIEM. And that's one of the things I really want to reinforce. All of our customers are now enabled. Now it becomes a sales motion to be able to convert them into next-gen SIEM customers. And given the movement in the marketplace, we've got many, many customers reaching out, dissatisfied with the current vendors and also interested in leveraging a completely integrated solution with the data they already have. So we think this is a massive, massive opportunity for us. And given what we're doing in this space and the innovations we're driving, particularly with AI and the data we have, we think it's going to be a many multiyear journey of opportunity for us in a very antiquated space and one that's right for disruption.
Thank you. And one moment for our next question. And it comes from Saket Kalia with Barclays. Please proceed.
Okay, great. Hey, George. Hey, Burt. Thanks for taking my question here and nice start to the year.
George, sure thing. George, maybe for you. I thought the AWS win that you announced publicly intra quarter was interesting. And of course you've talked about them as a key customer and partner for CrowdStrike in the past. Can you just dig into how you've maybe expanded that relationship, particularly around cloud security? I think you referenced it a little bit in your prepared remarks, but could you maybe flesh that out a little bit? And also touch on how that's maybe setting CrowdStrike apart competitively in the cloud security market?
Sure. When we look at our cloud offerings, as we've talked about in the past, we've built an incredible portfolio of capabilities from code-to-cloud and everything in between, whether that's agent, agentless, title management, et cetera. So I think it's really reflective of what we've built and the technological advantages that our offerings have for our customers. When you look at someone like AWS, they're obviously looking for the best cloud technology in the market and we believe we have it and it's fantastic to be able to continue to expand our relationship there. This was also a Falcon Flex deal and I think again reflective of the fact that customers want to do more with us, they want to buy more, and we're giving them the opportunity to do this. And in fact, Saket, while we're on the call, we actually just won another award, best cloud security solution by SC Europe, followed up by another five wins. So as I've said for many years, and you've heard me say it, the best architecture, the best technology starts from the beginning and it can't be stitched together. And I think these wins really highlight what we've been able to do and how we've been able to deliver on what we've built since I started the company.
Thank you. One moment for our next question please. And it's from the line of Brian Essex with JPMorgan. Please proceed.
Hi, good afternoon, and thank you for taking the question. And congrats from me as well on a nice set of results. George, I was wondering if you could maybe just broadly talk about the emerging products on the platform. And now that they're becoming meaningful in scale, I think last year you kind of -- last quarter you referenced that they're each kind of IPOable segments in their own right. How often are you leading with the -- with individual solutions that are emerging solutions, whether it's LogScale or identity or cloud, versus leading with the platform and pulling some of those emerging products onto the platform? Just want to get a sense of maybe how the go-to-market might be changing there? Thank you.
Yeah, it's a good question. And I mean, I think in general we're leading with the platform, but maybe to focus in on the heart of your question, which is we have various use cases for the platform, so we may have a customer that comes to us and says, hey, we're using a legacy SIEM. We want something better, right. We may have a new prospect that says the same thing. We're using legacy SIEM and we want to explore what CrowdStrike can offer us. We have plenty of new customers that come to us and say, hey, we need a better solution in our cloud because what we have is not working or it doesn't give us the full spectrum of capabilities. So we can land with something specific to that customer's use case. And that's, a lot of times they're looking for something that they need to solve immediately. And of course, we're selling the value of the platform. So whether it's an existing customer or new one, we're focused on delivering the full value of the platform, but solving their use cases today and into the future and obviously consolidating on what they have in place. In terms of legacy, you heard some of the incredible stats and delivering more value at a lower cost.
Thank you. One moment for our next question please. And it comes from the line of Tal Liani with Bank of America. Please proceed.
Hi, guys. Two questions. First is, SBC went up 40%, and that's on the back of 28% increase last year. That's a material increase from previous quarters. Can you talk about stock based compensation and what's the driver for this? And then second on the results, so for your platform sales, total pricing is going up because you can bundle in more and more components. But does it mean for those who are selling point solutions that pricing is coming down? The fact that you and others are driving platform, does it result in individual component pricing coming down? Can you talk about the pricing environment? Thanks.
Thanks, Tal. Hopefully, you can hear me.
I can hear you. Can you hear me?
Yeah, I can hear you. Thanks. So let's talk about SBC. So first, as I think about SBC, I think about dilution, right. SBC in and of itself really doesn't tell you a whole lot until you get into dilution or until you look at EPS. So for us, dilution, as I've stated many times, we're looking at around 3% for the year and that's well within our -- in terms of our expectations. In terms of the pricing environment, the pricing environment for us is -- we're in a consistent area for ourselves. And how it impacts other point solutions, well, you can see by our results we're winning. People want to consolidate with us. People want to actually go to one single platform, one single agent, one single console. Those are -- all those things combined together, those are the things that are making us win. So as I think about the pricing environment, I think about an advantage to crowd, given our single platform, given the fact that we have 28 modules to choose from.
Thank you. One moment for our next question please. And it's from Hamza Fodderwala with Morgan Stanley.
Hey, everyone. Good afternoon and very solid result and strong start to the year. George, you spoke a little bit about public sector. There was an article last month about the state department looking to really broaden their security vendors beyond Microsoft, which you mentioned in your prepared remarks. I'm curious how is that conversation going with some of those federal agencies who are looking at CrowdStrike? And how is the pipeline trending, particularly ahead of the September fiscal year close in Fed?
Well, when we think about the federal market, obviously the buying cycles happen mostly in the third quarter for them, but we continue to maintain our momentum and gain momentum in those areas. Many of the challenges that we've seen over the years from organizations outside of the public sector continue to plague the government. And when you look at the additional budget that's being released into these governments, given cybersecurity's importance, we think we can play a meaningful part in those opportunities. So from our perspective, we continue to gain, and I think, deliver technologies. And now, if you look at next-gen SIEM, we think there's a massive opportunity in the federal space for our products.
Thank you. One moment for our next question please. And it's from the line of Matt Hedberg with RBC.
Great guys. Thanks for taking my question. I'll offer my congrats as well. Obviously a difficult selling environment. You guys are doing really well. George, I had a question for you. The success you had with Charlotte AI, I think you said 90% POV close rates is great to hear. I know it's still early, but I guess in the spirit of a customer's overall Gen-AI journey, one of the things we're hearing is that could potentially slow down deal cycles for broader software -- the broader software landscape. I'm wondering as your customers adopt your AI platform, maybe even more specifically Charlotte AI, are they seeing faster time to production for Gen-AI applications, does it speed up a customer's Gen-AI journey?
Yeah, I think what we're seeing is that customers are really embracing the fact that we can reduce their operational workload for their SOC analysts. We can take hours of mundane brunt work and turn it into minutes and not only answer questions with the collective wisdom and knowledge that CrowdStrike has developed over the many years, but also drive automation. We talked about the Falcon Fusion SOAR technology built in. So when they look at what we've built and how we can save time and how we can drive AI automation into an AI native SOC, I think this is really important for them. And you know overall I think it's a fantastic technology. And as I mentioned, we won a few other awards while we're on the call. We actually won best AI category for SC awards specific to Charlotte. So we're delivering on our promises and this is real technology in the hands of customers today.
Thank you. One moment for our next question. It's from Fatima Boolani with Citi. Please proceed.
Thank you for taking my questions. George, I'm going to ask you a very high level question just with regards to the $10 billion ARR target. You've reemphasized it, you've reaffirmed it with a lot of confidence, and there's a lot of reasons to anticipate why that's going to be a very likely outcome. But I wanted to ask you very specifically, what do you feel like will help your relative velocity in attaining that sort of bogey? So frankly, what would have to go really right for that outcome to be realized within three years versus five years, you know, appreciating that you haven't put a time frame on it. And, I can appreciate there's no shortage of product. You've seen so much momentum in Falcon Flex and a lot of the platform anecdotes that you platformization anecdotes there. I say that, that you shared, but would love to kind of get your perspective on what could change your relative velocity to that ARR target.
Sure, I think, there's probably two key points there, and then I'll see if Burt wants to chime in when we look at our ability to consolidate. And I talked about in the call, Falcon Flex, I think is a game changer for a lot of customers buying more, buying bigger, leveraging the platform, and you see velocity of adoption using Falcon Flex. So really excited about that and what it's going to mean for CrowdStrike. The second piece, again, as I talked about in my prepared remarks, is that Next-Gen SIEM is natively built in. So rather than sending data out somewhere else and paying for the transport costs and all the complexity around that, the bulk of the use cases and the data that's generated that goes into a SIEM is already in the platform of choice for customers. And we see that being a meaningful opportunity for us. It's a massive market opportunity. And then other things like data protection, I talked about that. That is an industry or technology that's ripe for disruption. It's the definition of legacy, and we've got a fantastic product around it. And combine that with Falcon for IT, leveraging the single agent architecture to do more than just security. These are all meaningful drivers for our growth. Any other comments, Burt on that?
Yeah. Thanks, George. So one of the things that we talked about at Falcon was the $10 billion ARR number in five to seven years. And along with that, we give an illustrative example of some of the things that will get us other than what George has talked about in terms of TAM. We talked about cloud being around in that same timeframe, $2.5 billion to $3 billion. We talked about identity being $1 billion to $1.5 billion. We talked about Next-Gen SIEM being $1 billion to $1.5 billion. So you start adding up those numbers and you get more and more confidence in terms of being able to attain that number. That's how we think about it internally.
Thank you. One moment for our next question please. And it's from Gabriela Borges with Goldman Sachs. Please proceed.
Hi. Good afternoon. Thank you for taking the question. George and Burt, I wanted to follow-up on one of the earlier questions on AI, and more specifically, when you talk to your customers and they start planning out their generative AI projects, how does that impact their cybersecurity plans? To what extent are you seeing scenarios where you may be seeing a pause in budget or maybe an acceleration in budget? And maybe as part of that, George, if you could just touch on, help us understand the technical differences between protecting, call-it a classic cloud workload versus a cloud workload that's running an LLM, or connecting to an LLM. Thank you.
Sure. So we see the opportunity growing. And a number of years ago, we talked about the cloud opportunity. We thought that was underrepresented by some of the market researchers. And now when we think about the proliferation of new hardware. Just look at how much new hardware has been procured over the last six to eight months, right. A lot of that is going towards generative-AI workloads. And you've seen the announcements with NVIDIA. These workloads continue to be something that need to be secured and will be, I think, a huge opportunity for CrowdStrike, given what we've built and the fact that not only can we tell you what may be misconfigured, but our cloud workload protection is really a hallmark of what we do at CrowdStrike, and it's providing real prevention capabilities into these workloads, which consistently come under attack. So that's the way I would look at it, as a huge opportunity for us. And we've spent many, many years protecting cloud workloads and we've adapted that into protecting Gen-AI workloads and providing additional information on how those workloads run and how they need to be protected. So big opportunity for us today and in the future.
Thank you. One moment for our next question please. And it's from Alex Henderson with Needham. Please proceed.
Great. Thank you so much. You guys had an outstanding quarter here and in an environment where a lot of people are struggling. So what I was hoping you could talk to a little bit is what you're seeing as you're talking to CISOs, you're talking to CEOs, C-Suite type people about what is causing their reticence to spend short-term. I know you're gaining share and doing well, but many aren't. And I'm wondering if that's a function of their challenges in figuring out how they're going to implement AI and to what extent that's causing a slowdown in decision making process? Or is it macro or alternatively is it a -- they are determined what they're going to spend on and they're shifting money away from other things, including some security in some -- if you look at the results of some of the other players. So what is exactly going on in the field right now with the decision making process?
Sure. Well, what we've seen and Burt talked about in the prepared remarks is that customers are looking to consolidate and save money on CrowdStrike. And at the same time, Alex, as we mentioned, it's still challenging macro environment. But I think the results you're seeing from us is the fact that the consolidation technologies and platform that we're delivering is working. We're providing more for our customers and consolidating other spend that they have and they're taking that share of wallet and putting it with CrowdStrike from other vendors. And we gave you some, I think, really interesting stats around that. That's the simple version of it. We've got the right technology, we've got the ability to reduce their costs. We've got a partner network which is delivering massive value for us. And when you put it all together, yes, it's challenging. But if you've got the right solution with the right offerings, we think we can be very successful. And I think the quarter that you just saw is reflective of what we've been saying for a long time and what we delivered.
Thank you. One moment for our last question in queue. And it comes from the line of John DiFucci with Guggenheim Securities.
Thanks. Thanks for taking my question. So George, you and your team have put up consistency in numbers. We just haven't seen from anyone over what's been described as a challenging IT spending environment. And I'm talking about the last couple of years, especially this quarter. I think we understand how early on you expanded the definition and the scope of the market you address. And also more recently, you did something similar in broadening your market influence to customers of all sizes. But if the backdrop remains the same, at least for the rest of this year, and it doesn't get better like a lot of people thought it would at the beginning of the year, is it more of the same for you, or are there other levers that you can or need to pull to continue to put up the impressive numbers that you have?
Sure. So thanks, John. I think you said it right. We, Burt and I and the rest of the team focused on consistency and delivering value to our customers if we can provide the right technology and solve use cases, and more importantly, listen to them. If you look at Falcon Flex, which I talked about, which we're really excited and I know is going to continue to drive results for us, that was an outcome of listening to our customers. We actually worked with several customers on putting that together, buying it how they want it, the way they want it, reducing friction in the procurement cycle. So that's what we're going to focus on. And I think I'll leave you with if we take care of the customer, the rest takes care of itself. And that's again a hallmark of what we try to do at CrowdStrike and what Burt and I are focused on every day.
And thank you. With that, I will conclude Q&A session and I'll pass it back to George Kurtz for his final comments.
Thank you so much for joining our call and we look forward to seeing you next quarter. Be safe.
And thank you everyone for joining. You may now disconnect.