Excellent. Thank you, everyone, for joining us. My name is Keith Weiss. I run the US Software Equity Research franchise here at Morgan Stanley, and I'm very pleased to have with us from CrowdStrike CEO George Kurtz. George, thanks so much for joining us.
Great to be here.
Excellent. Before we get started, for important disclosures, please see the Morgan Stanley Research Disclosure website at www.morganstanley.com/researchdisclosures.
Excellent.
With that out of the way, you reported earnings earlier this week.
Yep.
I just wanna start with maybe a state of the union. How are you feeling about sort of the overall demand environment as we head into FY 2026? How are you feeling about sort of the state of security? And then CrowdStrike's positioning to sort of capitalize against that.
Sure. So again, great to be here and thanks for everybody's early morning, you know, visit. So when we could just go back and recap Q4 in terms of top line, you know, beat consensus by $32 million ARR. We had a year of $1 billion in free cash flow. You look at the growth of some of our products, which we're gonna go through, outstanding some of the emerging technologies. And overall, coming out of the incident in July, six months later, to be where we are and see the success and the engagement with customers, I think it's fantastic. It far exceeded my expectations. So the demand environment is still very, very active right now. When we think about the geopolitical tensions, security needs only go up, and there's a lot of uncertainty in the market today. I know there's topics that we'll cover.
From a demand environment, we see it there. We look at products like Next-Gen SIEM and cloud identity, have been doing extremely well. Security's not going away. From the macro piece, as we dive into the details, what's important to capture here is that security always parallels the slope of the innovation curve. If we think about, you know, the early 1900s, it was super simple. If we think about where we are today, you know, Sam just got done thinking about all the complexity there and AI and, you know, what AI is gonna mean in terms of security. You're gonna need players to be able to secure every layer of that. CrowdStrike is gonna be one of those foundational platform players that's gonna be in the mix. There's not just one, but, obviously, there's room for a few big guys out there.
Got it. I wanna touch on the July outage, mainly because I think it was a great example of how to well react to an incident. You guys were very transparent. You were very proactive with the end customers. And what we've heard from your customers, what we've heard from your partners, was it actually engendered more confidence in the relationship with CrowdStrike, the partnership with CrowdStrike. Everyone's gonna have incidents, but it's how you react to them. What was the learnings from the CrowdStrike side of the equation?
Well, I mean, lots of learnings. I think if you take it from the top, it just goes to what I've said for a long, long period of time in my career, which is, I can never promise perfection. I aspire to it, but I always can promise a response. And I think the response that we had was fantastic. And we just did what we would normally do. We didn't do anything special other than what we would normally do as CrowdStrikers, which was, be open, you know, communicate what happened very quickly. I was on two news shows pretty early on. And, you know, taking responsibility, communicating what it was, and then ultimately, making everything that we found very public. What I know is what everyone knows. It's all on the website, right?
And we're taking that approach, I think, has been the right thing to do. And two, it really has built even more trust with our customers. Our customers love us. They loved us before. They still love us after. But in fair weather, you know, everything looks good, right? The real, the real true test of a partnership is when you have rocky weather. And we've had customer after customer, even CEOs after CEOs come to us and say, "You guys did a fantastic job. We've worked with a lot of other vendors. We've had other issues with vendors. No one in the industry has handled an issue like this, like you guys." And, you know, that, that's why we have 97% gross retention rates.
Okay. One of the ways that you sort of fostered that partnership with your customers was Customer Commitment Packages.
Yep.
Can you walk us through some of the impact, the near-term impact on the top line that CCP has, and then the opportunity to drive better growth longer term as the CCP impacts start to roll off?
Sure. So maybe we should talk about CCP, what it is. Essentially, we use, and I wanna make a distinction 'cause I don't want people to get confused. I know we're gonna talk about Falcon Flex, but Falcon Flex is the licensing mechanism, which is a commitment and then a burn-down type model. Right? It's very similar to a hyperscaler. So what we did is we loaded Falcon Flex dollars into a pool a nd basically said to a customer, like, "We know we had an impact. We wanna make it right." And we talked about some new products. And for the most part, you know, what we had to do is to put dollars in for products. And those Customer Commitment Packages, we originally thought would be kinda $60 million over two quarters. It turned out to be $86 million. But we viewed it as a good thing 'cause, by and large, the bulk of that is seeding the customer base with new products like identity, like cloud, like Next-Gen SIEM. And that is what gives us confidence as we roll through the back half of this year because those dollars were designed to really burn off, you know, within that one-year period and get somebody using our technology. So we wanted to do the right thing by customers. We got them comfortable.
The big element is we were down a path with Falcon Flex to convert the customer base into a Falcon Flex licensing, which takes time.
Right.
Education by the sales force 'cause it's a more consultative sale. We really just accelerated the adoption of Falcon Flex because if you wanted to take a product and Falcon Flex dollars to use, you had to be converted into a Falcon Flex license mechanism. It's kind of a, you know, two really good things came out of it: is the conversion of the license into Falcon Flex from a traditional one and the fact that we've now seeded those, technologies, which will essentially burn off in the back half of this year.
Got it. So all in the pursuit of making it easier for your customers to adopt a broader sort of portion of the portfolio, this was just a near-term instantiation of a longer-term initiative that you guys have within Falcon Flex.
Correct. The strategy was always to convert the customers over to Falcon Flex in a commitment model, which is the more they commit, the bigger discounts they get. And they have a lot of flexibility in picking the module. So essentially, you open the entire product catalog up to our customers.
Right.
Because they came to us and they said, "We wanna do more with CrowdStrike. You've got 29 modules. You keep adding more. You buy new companies." You know, not everybody can keep track of it. And even our sales team, you know, they have to keep track of each module and be experts. So customers came to us and said, "We want a new licensing model like a hyperscaler but with more flexibility. And if we commit more, we want a bigger discount. And, you know, we're locked in for, you know, three to five years." So that's worked out well since so we were going down that path anyway. And it just turned out that we could use that vehicle to convert the customer base over and then deliver the Customer Commitment Packages, which we really wrapped up that program at the end of Q4.
Right. Got it. And then just in from an investor perspective and understanding those impacts, you wrapped it up in Q4. How should we think about the dynamic of when that headwind starts to turn to a tailwind?
Yeah. So you're gonna still see some headwinds, you know, in Q1 and Q2 just from an expense side because you've got things like sales commissions that, you know, being amortized over this next year, and 'cause we were paying commissions on the CCPs to make sure that we protected the sales team, right? I mean, it was the right thing to do. So those will ultimately burn off. You had some headwinds, you know, from legal. Obviously, you know, you have big expenses there. You've got consulting headwinds. But, you know, these are more one-time cost in many of these areas at a higher rate in any way. And then they begin to burn off. And then, you know, you start to see the ramp in operating profit as well as free cash flow.
And as I said, we talked about the exit as exiting this year of free cash flow of 27%. So we also have some, you know, larger bills that come due in terms of commission payments and deferred payments in Q1, which will, you know, Burt already talked about that in our earnings call. So again, what we're looking at is getting through Q1 and Q2. We've got the ramp in Q3 and Q4, focused on net new ARR acceleration.
Got it. I wanna sort of go to maybe a little bit of a higher level. When we think about Falcon Flex, sort of taking away the frictions for customers to adopt a broader part of your portfolio, it speaks to a sort of a broader trend of consolidation of kinda more functionality with fewer vendors. And it speaks to sort of that debate of sort of platform versus best of breed. And where does sort of CrowdStrike fall out on that? Like, what's the right balance in terms of trying to drive that platform consolidation versus kinda sustaining best of breed functionality?
Well, you sort of have to do both. So let's just maybe recap because, you know, if you go back in time, and I've been doing this 30+ years in security, you had best of breed products, then you had best of suite products, and now what I call best of platform. Customers shouldn't be construction workers. They shouldn't have to assemble everything. Right. You know, they shouldn't have to put all the pieces together and have tons of, you know, people that all they do is integration. They should be able to take a platform like CrowdStrike, plug it into another platform like Zscaler or pick one, and have it all work. And that's what we're focused on. And that's the best of platform. Now, when we look at individual modules, you know, our goal is to be first or second in any one of those categories. You know, many of the modules that we started with early on, the more mature ones were certainly number one and, you know, by a long shot. And then as we come up with new modules, you know, we keep adding new functionality.
Maybe we enter a new market, and we keep adding to it until we're, you know, able to replace other technologies that are out there. One of them I talked about in the last earnings call was exposure management, you know, being able to replace some of the traditional vulnerability management vendors. We've done really well with that. So you want the best platform, but you also wanna focus on what you really do well. And this is one of the things that I always say to the team at CrowdStrike and our customers, "This is what we do really well. These are the areas of security and data and cloud and, you know, everything that we do." And a lot of things we don't do, like, we're not a firewall vendor. We don't sell boxes. We don't, that's not us. We're not gonna be doing that.
And it doesn't mean you don't need it, but that's not us. So we focus on what we do well, and we wanna be number one, or number two in any of those categories from a module perspective.
Got it. And maybe you could give us sort of an update on kind of how far we've come with Falcon Flex adoption, any kinda sense you could give us in terms of what percentage of ARR or how penetrated that has become into the customer base?
Sure. So, the latest stat is, in terms of total contract value, we've got $2.5 billion converted over Falcon Flex. I think, yeah, I mean, it was a huge quarter in Q4. When we think about the base of the customers, obviously these are bigger dollars, but the number of customers is still small.
Got it.
There's still a long way to go in the conversion to Falcon Flex. Part of what we're doing as well is investing in our channel, our go-to-market around that because it took the sales team, you know, sort of call it last year to get their heads around how you sell Falcon Flex because it you move away from, "Hey, here's another module to sell you," to, "Let's sit down and create a demand plan. Let's go through your roadmap. Let's understand what we have. Let's understand how we consolidate, how we save you money, and what you're gonna use and when you're gonna use it." That's a different muscle, right? So you have to have that muscle memory. So we took last year to actually build that with our sales team. And now this is the year that we're building it with our partners in channel. And I spoke to, you know, most of the large GSIs or CEOs. I went to a few sales kickoffs, and it was all about Falcon Flex and the investment there. So we think that's gonna be, you know, an accelerant to the larger deals this year and then going forward.
Got it. And how should investors think about the cash flow conversion impacts of kinda moving to those more flexible payment terms that come along with, Falcon Flex?
Well, from a cash flow perspective, I think if you have flexible payment terms because you did, you know, you went through a Customer Commitment Package, right? That's a little bit different. You know, and we talked about the impact of some of those in Q1 as well. When we think about Falcon Flex, it doesn't mean that there's delayed payment terms, right? I mean, there are payment terms, either we're getting paid all upfront or we're getting paid annually, or one of the reasons why we created CrowdStrike Financial Services and we've done very well with it in some really big deals is that we can supersize the Falcon Flex deals, and then we can actually finance it. And we got some great results from that. Then obviously, you know, that's a very quick conversion.
Got it. Got it. I wanna switch gears a little bit, start talking about some technology. I would lose my license as a software analyst if I didn't start talking about generative AI pretty quickly. How do you see generative AI changing kinda the cybersecurity landscape, both in terms of what's going on in the threat environment but also the tools it gives you to better address those threats?
So let's talk about the threat environment for a little bit. So just to level set with everybody, when we think about the threat environment, we break it down into adversary kind of groups. And you can think about it as a pyramid. So at the top of the pyramid, you've got nation-state adversaries. So you've got the most threat sophistication at the top and the smallest number of adversaries that are that sophisticated. Then in the middle band of this pyramid is your eCrime actors. So you've got more of those but not quite as sophisticated as the top. And at the bottom, you have hacktivists. And those are the least sophisticated, but there's lots of them. So we start there.
So essentially, when we think about the nation-state adversaries being the most sophisticated, what that means is, you know, in the grand scheme of 8 billion people in the world, there's a you know, a handful of really smart folks that know what they're doing and can create a lot of these technologies. Now, obviously, there's a lot of them, but in the grand scheme of 8 billion, it's a small number. What AI does is it really democratizes that level of destruction. And it now is bringing these very sophisticated techniques, the ability to rapidly create malware, to disassemble, you know, patches and look for vulnerabilities, to execute attacks, to you know, create end-to-end attacks very efficiently. It now brings that to the masses. So what you're gonna see is a proliferation of new attack groups.
So I'd like to say that the threat environment is gonna get better. It never does, you know, every year. And it's gonna even get worse, I think, at a faster rate. So that's kinda the threat environment. When we think about generative AI with respect to CrowdStrike, Charlotte AI has been a big success for us. And we were building generative AI before it was called generative AI. And it was really designed to go beyond just a chatbot. And we wired it into the workflows that we have. And the whole idea is how do you save time and how do you take and money, of course, and how do you take a level one analyst and make them a level three analyst?
S ome of the results of that, with our detection triage, we're saving, you know, on average, 40 hours a week, for customers in just this one area of detection, with 98% accuracy, and you know, customers continue to use it. My last point on that is we really thought it would be tier one analysts, and they are using it. The tier three analysts are using it more than anyone because they actually understand how to get the most out of it.
Got it, so that starts to go after what has been one of the real constraints within cybersecurity is enough security analysts to be able to handle all the volume, to be able to respond, so Charlotte AI, you're basically massively improving the productivity of those security analysts and trying to get at that fundamental shortage.
Correct. Just not enough smart people in the world from a security perspective. And we always wanna grow more of them. And as the threats proliferate, you need more smart folks. And you can't, like anything else, you just can't keep adding people. It's really hard to find them and keep them, but you can't keep adding them. So anything for me, when I look at GenAI, it's like, well, what's a kind of a rote task that I can automate? Like, lots of data, lots of things to go through. You understand what patterns are. It's a perfect use case for it. And then you can focus the humans on the higher-order tasks. So it doesn't mean you're getting rid of a whole bunch of people, maybe not hiring as many, but you're focusing on them on what humans do really well.
Got it. When I think about generative AI and sort of the, we're seeing, I think we're about to come into sort of a proliferation of new use cases, new applications that are being driven by the expansion of the capabilities of generative AI, but that also, to your point, creates more surface area to be protected. You described the endpoint as the beachfront real estate within cybersecurity. Why is that? Why is the endpoint so important? And how does that help CrowdStrike in this broader AI conversation?
It's a beachfront real estate because when you look at stopping breaches, right, which is our tagline, where does the breach happen? It doesn't happen in the network 'cause the network is the highway. The bad guys just drive the highway, and then they get to the server or the workloads, and then they exploit those and, you know, get data, take them down, encrypt them, whatever. So that is the last mile of stopping a breach. A, that's why it's important. Two is you can get the most visibility and data out of the endpoint. Think about a network device. There's only so many things you can glean from the network, right? And a lot of it is encrypted. So you're getting some basic, you know, information as packets flow. But on the endpoint or in a workload, you actually know what's happening.
And that level of data goes beyond just threat data. So when we first started the company, you know, our goal was to do something different. We really pioneered cloud-based EDR and these sort of things. It wasn't even called EDR, okay? We were collecting data and then figuring out where threats and threat actors were and stopping them. But what we found is we built one of the most scalable agent cloud architectures on the planet. And we can collect security telemetry and IT telemetry at scale. So we actually collect asset information, the health of the system, the user IDs. I mean, there's a whole bunch of things that go beyond just threat data. And that has allowed us to be able to monetize all these new modules. So the whole business model is really collect once, reuse many.
But you have to have the agent. That's why it's beachfront real estate. So whenever we add a new module, we're not building a new product. We've already collected the data, right? We're just building a new workflow.
Got it, so the data becomes the connective tissue through the entire portfolio.
Exactly.
I wanna step through the portfolio and starting kinda where you guys started, in terms of endpoint protection. CrowdStrike came into the marketplace and fundamentally disrupted how we're doing endpoint protection with that cloud-based, EDR. How much runway is left from sort of the older, endpoint protection systems to EDR? Is that still a opportunity for you? There's still legacy replacements left to go in that core part of the business.
Yeah. So when we think about sort of endpoint protection, I'm just gonna bucket that. We have a few modules that focus on endpoint protection, like protecting the endpoint, getting EDR data. It's just a few out of the 29. But that market, almost half the market is still using legacy technologies, almost half. So there's still a long way to go. We've been very successful in the enterprise over the, and we started in the enterprise. And, you know, over the years, we've gone down into the SMB market, and have had success with MSSPs. But there's still a long way to go. There's a lot, a lot of legacy technology out there that needs to be converted. And that's why there's still a long runway in those areas.
And then when you convert them, then obviously you keep adding new modules, exposure management or cloud or what have you.
Got it. So the push into small businesses, that's Falcon Go?
It's Falcon Go. And it could be Falcon delivered through a managed service provider.
Got it. How does the go-to-market have to shift to address those smaller customers? 'Cause it's a much different kind of selling process for a large enterprise, different set of requirements versus what, what a small or midsize business would be, thinking about?
Yeah. From a small business perspective, they normally have, you know, relationships with some IT groups, a lot of managed service providers, right? And they typically just buy what, you know, they're told to buy. I kinda use the AV. I don't know if you have a home AV system. Like, you just have a guy that makes it all work, and half the time it doesn't work, right? And then he tells you, "You gotta buy this," and you go, "Okay, I buy that," right? That's the way it works in the SMB. They're like, "You just need CrowdStrike. Put it in and don't worry about it." So what we've done is we've worked with these managed service providers and massively expanded the business, and when they go into a customer, it could be three. We did a deal yesterday.
It was five endpoints. Well, how do I know that? Because there was some wire fraud in a small company I know. And we actually found it. And they're like, "We need CrowdStrike," right? So it was five, and we did it through a managed service provider. And they were up and running in 10 minutes.
Unfortunately, I'm the one doing the AV in our household, and none of it works.
Okay. You're not alone.
Can you talk to us about Falcon Complete? It, it's been gaining traction over the past couple of years. What's the economic value for the end customer from Falcon Complete?
So Falcon Complete, this is, again, one of these stories. You, you never know until you put it in the market. So the whole idea, you were talking about smaller businesses. Smaller businesses are key to larger businesses. And when we think about all the interactions, they need to be protected. And the larger companies are looking at them. And from a supply chain perspective, third-party risks are saying, "Hey, we're doing business with you. You might be a billion, you might be 500 million, you might be, you know, 10 million. But you have something that we're doing business with you, and we're worried about what you have to do, whether it's connected to a large enterprise or not, thinking about all the wire transfer fraud." So, from that perspective, the small business still needs to be protected.
Falcon Complete was designed to be able to protect those businesses who didn't have even a full-time CISO. Now, what we found is that the larger businesses really like this as well. So what we do is we install it, we triage any alerts, and we actually have the ability to take an action. And we've built a lot of workflow and automation in the product. So customers go to bed at night, they don't think about it. And if anything happens, you know, we're there to deal with it. We thought it would be really good for the kinda the medium-sized business. And it turns out it is, but it's really good for the enterprise.
Some of our largest customers are Falcon Complete customers because when they did the math on what it would take in terms of people and just the ability to deal with all the kinda threats, they're like, "You guys do that. We can't replicate it. And we're gonna have our folks focus on sort of the higher-order bits.
Got it. Got it. We talked a little bit about, that's a platform before. It's a question that I get a lot from investors and our bankers. Every company calls themselves a platform company. How do you differentiate what the real platforms are from just kinda point solutions trying to fluff themselves up, if you will? My kind of point of view is you look at the results. You look at whether they're able to sell in adjacent categories. And that's been, from my perspective, one of the most impressive parts of the CrowdStrike story is how you've been able to ramp up new product additions. You have over 100, $1.3 billion in ARR growing 50% from products beyond that core within endpoint protection. And you've done it without having to discount aggressively. It's not like you're just giving the product away. So what's been the secret sauce for CrowdStrike in proving out that platform of being able to go into these adjacencies so effectively?
Yeah, sure. So first, you know, when you talk about platform, everybody has their own PowerPoint with a platform. And as I say, I've never seen a PowerPoint that was wrong. Like, you know, you just everyone has something, and they never look wrong until you actually try to use it. So the real key to a platform is the number of module adoption. You know, when we first started it, and we first started reporting, it was like one, two, three. And then it was two, three, four, you know, three, four, five. Now we're actually deprecating five or more because we're at 67% adoption in the customer base. So you have to look at what's adopted, and you have to actually look if it's really a module or something like a support offering or something. So first, we have that in spades.
Then we look at these businesses that we talk about, $1.3 billion collectively in these three areas of identity, cloud, and Next-Gen SIEM. You could see the growth rates on them. That's really the traditional definition in my mind of a platform, the ability to do that. Now, why are we able to do that? I spent as much time on the technology architecture when I was building the company as I did the business architecture. The whole model is if you believe security data can solve a security use case and can solve a lot of problems, if you collect that data, then you can reuse it in many different ways. So the key to our success is that we collect data one time, we create workflows on top of it, and then we monetize those. By the way, it's all integrated.
We have one platform. Our competitors have three or four or five or six, right? Pick one. So we have one, they have more. And when it's all integrated, guess what we do? We have in-app trials. If someone wants to try identity or exposure management, they go in, they click it, it gives them a trial for, you know, 15-30 days. And then we follow up, we make sure there's success, and then we convert it.
Got it. I wanna click into a couple of those, starting with the public cloud. Public cloud ARR surpassed $600 million this quarter. It's grown 45%. What's the opportunity there as we see kind of the market consolidating to fewer vendors? And how does CrowdStrike differentiate to sort of ensure your continued success in that market?
Yeah. So when we think about public cloud, we did $600 million in our cloud business. So, you know, one of the biggest cloud businesses around. We've got a lot of relationships with folks like AWS. We did over $1 billion in marketplace transactions through AWS in one year. So, you know, we've got an incredible cloud platform offering everything from code to runtime. And one of the keys there is that if you wanna stop breaches, you have to have runtime protection. And really, that's where we started. Like, we are the best in that area. And you have to. It's a lot of hard work. You don't just shortcut your way to get there and have the high ground to be able to run on these critical servers. And over time, we've added things like CSPM, ASPM, DSPM, right? CIEM, alphabet soup of, you know, IAMs.
But it's what customers want, and by putting that together in a very cost-efficient package, very easy to deploy and use, we've had tremendous success in those areas.
Got it. I think the largest emerging module, identity protection, from what we're seeing, it's continuing to become more and more important within that security architecture. Why does it fit so well into the CrowdStrike portfolio? What's the affinity between sort of the endpoint protection and the identity side of the equation?
It goes back to when we acquired this company. It was Preempt a number of years back. We took the time and effort to actually integrate their agent into ours. We actually rewrote it, but it, and we put it into ours. Okay? Now, why is that important? Because we have a single-agent architecture. It's part of our brand promise, the single agent. Again, you look at our competitors, they got three, four, five different agents that are, you know, or they say one, but they're, you know, four of them sort of masked as one. They're, they're really not one. And this is really important because customers want less agents. On average, in an enterprise, there's 13 agents that are there.
If you guys and gals see all the computers up here when you boot them up and it takes forever to run, you know, these are all the things that kinda make it slow. Nobody wants that, right? They wanna get less, get rid of those. So by being able to do that, we've integrated Preempt into the agent. So if you want identity, you know what you do? You turn it on. There's no installation. It's there. You know, there's some configuration. That's why it's been on fire. And in fact, even the numbers that we've reported are probably a little underrepresented because that was one of the most demanded CCP-type modules. So I think we'll see the results of that, you know, down the road, when those CCPs burn off. But it's been phenomenal.
It does what others can't do, integrated into the agent and stopping identity breaches at the agent.
Got it. The last product I wanna sort of dig into, LogScale, that's the next-generation SIEM solution from CrowdStrike, surpassed $330 million in ARR in Q4, growing 115%. Why is now kinda the right time for kinda SIEM and bringing in the next-generation SIEM? We've been talking about security analytics for decades now. Is there a technology kind of evolution? Is there a better way of us kind of addressing this problem that's enabling you to come and kinda displace this existing marketplace?
I really do think we're at an inflection point for Next-Gen SIEM. Why we are is really the question. A few things. One, I think people understand the more data they have, the more use cases they can solve with security, with that data. What that also means is that it's right for AI automation. Let's take a legacy SIEM. You know, there's a lot of manual things that you have to go through. There's a lot of triage. There's a lot of pointing and clicking and hunting and filtering and querying, right? That takes time and expertise. There's a lot of expertise when you're using some of these legacy products. And there's a lot of cost.
So when you look at the traditional models of ingest costs that were just killing customers, and you look at the fact that about 80% of the data that is being put into a SIEM was taken out of something like CrowdStrike. So customers are buying CrowdStrike, and then they're putting 80% of the data in the SIEM and paying for it in the SIEM, and they already have it at CrowdStrike. So over the years, the customers have said, "You guys should just ingest the 20% that you don't have," things like firewall logs and, you know, network-type devices. And with the Humio acquisition, which became LogScale, we did that. And now Next-Gen SIEM is built into the entire platform. Guess what happens when we wanna turn it on for the customer? We flip the switch. It's there.
Like, so, you know, our competitors take six months to roll this stuff out. You know, we're up and running, you know, that day. And that's why we're at the right time. Plus, you've had acquisitions in the space. So you have a confluence of all this coming together. And this is one of the businesses I'm most bullish on. Every customer we're talking to is talking about Next-Gen SIEM. And by the way, every GSI from the CEO down is looking to build hundreds of millions of dollars of practice around our technology, for Next-Gen SIEM in LogScale.
Got it. We have about a minute left. I wanna wrap this all up. I'm a big free cash flow guy. I like good free cash flow stories. You guys have been a great free cash flow story. There's investments that you're making, today.
Yeah.
Investments in go-to-market. There's been investments in terms of stuff like CCPs.
Yeah.
I would look at it as an investment. But you guys have a lot of conviction of free cash flow margins. Exiting this year back at 27% and have room on a go-forward basis. Can you help us kinda construct that almost mechanical argument of why free cash flow margins are going to improve into the back half of the year? What gives you confidence in that forecast?
Sure. Well, I mean, obviously, when you look at coming out of the incident, we had things that are gonna hit in Q1 and Q2. You've got expenses like commissions, right? You've got some deferred payments, which we called out in our last quarterly report. That's all gonna hit in Q1. You've got sort of, you know, consultants and kinda legal fees. That's all a drain, you know, in the early part of the year, right? That stuff begins to burn off. And then obviously, you got the reacceleration of ARR and the investments that we're making, obviously, on the sales side, you're gonna have ramp reps, etc. So some investments early on that begin to pay off in the back half of the year. And that's what gives us conviction to get back to the 27%.
And then even Burt, you know, what he normally doesn't do, but he wanted to make sure that he was very clear getting back to the 30% for the following year, right? So we gotta deal with the, you know, the near term here. But I can tell you, Burt and I are maniacally focused on cash flow. And we look at ARR and cash flow. That's kind of our gauge. So that's why we have confidence in the back half of the year and the 27% exit rate.
Outstanding. Really exciting times at CrowdStrike. Continues to be a really dynamic story. Thank you so much for coming and joining, talking to us about it.
Great. Thank you. Have a great conference.