 Hi everybody, welcome back to theCUBE's continuous coverage RSA 2023. This is, we're winding up day three Wednesday. We'll be here tomorrow as well. Michael Santonis, the series, the newly minted president of CrowdStrike. Congratulations, I'm glad to see you didn't screw that up. Thank you, good to see you again, Dave. Well deserved, amazing. You joined CrowdStrike on an unreal run. And from CTO, now president, must be excited. It's very exciting. It's a exciting time for the company. We're trying to continue our growth plans and build out the organization. And ultimately just do what we are there to do every day and let's keep our customers safe, keep our customers happy. Yeah, I hear George on the radio all the time. We stop preaches. I'm like, I love when the CEO goes on the radio and says, this is what we do. And I stand behind it. Well, it's actually an interesting part because you're very lucky to get into that president role and have a CEO that's here. I've never seen George work as hard as I have seen him now. The guy lives on a plane. He's always talking to customers, he's talking to partners, always at events. And it's awesome. It's great partnership working very closely. I'm very lucky to be able to work that closely with the CEO and co-founder of the company. Well, he's kind of, I mean, he comes across as low key. He's not like a big hype master, but he's proud. And he's obviously forceful, but it seems like the culture is still humble. I don't know. Well, it's something that he's driven into the company from day one, but I've known George since 2004. And I remember in the very early days, he always used to say to me, if you look after the customer and you keep the customer safe, everything else takes care of itself. And it's the way that he's built CrowdStrike. It's being fanatical about the customer, always putting the customer first, keeping them safe, making sure that you service them the best you possibly can at all hours of the day. And everyone loves that. Everyone rallies around that, keeping customers safe and stopping bad guys. So part of the challenge of doing that is the customer a lot of times, they're so busy, a lot of the wounds that they face are self-inflicted. And I mean, to be too critical of that, but it's just that it's hard, right? They don't have the talent. They're under budget pressures. And okay, we did that maybe 10 years ago. We have all this technical debt. So what are you hearing from customers today at this event and just generally, since we last talked in, I guess it was September? Well, look, it is hard. You've got very capable adversaries, but you've also got a lot of tradecraft that the adversaries use in becoming very, very cheap. You don't have to be an expert attacker. And I've been in the security space for 25 years. Time has flown, but for me, it was always very hands-on my entire career. Now, you don't need to be a hands-on person to carry out an attack. You just need a bit of money. You need to be comfortable to break the law and you can effectively rent or get somebody else to do the attack for you. So the odds are against the end user. The organizations are trying to keep themselves safe. But then if you think about the complexity, every organization primarily uses an operating system that fails every month, that has a vulnerability every month, that gets exploited by adversaries every month. And the complexity of the architecture, plus the fact that you need to patch, you need to respond, you've got an adversary trying to get in the back door, the front door, they're trying to compromise and exploit your users. It's hard. It really is hard. So I feel for organizations, you know, every time that there's a vulnerability and everyone's saying, well, they should have patched, it's hard for especially the larger, the organization, but then small business, which the world is made up of small businesses. We did some research between five to 250 users. There's probably 50 million organizations around the world. Where do they go? Where do they go for resource? Where do they go for support? They're not there to be security experts. So the odds are against every organization, large to small. Well, those small companies, no, they don't have a sock, right? I mean, even a lot of mid-size and even some large companies don't have a security operations center. It was interesting. It was, you know, we obviously follow your business closely and you had a great last quarter, small business came back. So you did a deal with Dell, which is going to be another boost, we think to the small business. So what's the message to small businesses? I mean, tell a small business owner, how can you help? Well, we're really excited to partner again with Dell. Importantly, the Dell announcement is not baked into any of our next fiscal year numbers. It's a new partnership that we've announced. And the great thing about it is there's a number of different ways that you can get access to CrowdStrike through the Dell partnership. It can be through buying the hardware and effectively getting CrowdStrike when you buy a whole bunch of Dell equipment. People these days are leasing Dell equipment, including the software, and they can have CrowdStrike bundled as part of that. The Dell account team can actually sell CrowdStrike as part of their go-to-market. And then Dell bringing a managed service to their customers that's powered by CrowdStrike. So we're really excited by that. We had a partnership with Dell in the past. They obviously had some changes and acquisitions and used different technology, not having to do that anymore. They partnered with us very, very quickly. So we're really proud of that. They're a great organization, and we're looking forward to getting the technology out to their customers. So asking you to put on your CTO hat for a minute, obviously everybody's talking about large language models. I don't know if you know, AI was invented in November of 2022. We've been joking about that all week, and that's what everybody's talking about. But I've asked, has anybody seen clear evidence of the attackers using foundation models like GPT? And nobody said, yes, it's very clear we've seen the signature, but you got to believe they're doing it. Of course, the obvious thing is, you get these emails that are poorly written or grammatical errors and they're going to clean that up. But how do you, a lot of your job as a defender is trying to think about the creativity of the attacker, and I don't want to give them any ideas, but I'm sure they've thought of many of them. But what are your thoughts on generative AI? Where do you see it being applied? Where are the high-risk, sorry, high-reward, low-risk opportunities? Well, I am smiling because the industry that we're in that I love is never short of good marketing, and as you say, AI just came out a couple of months ago. But look, in the industry, we've been talking about things like adversarial AI for quite a while. Could there be a scenario where adversaries were using AI to create malware very quickly, very cheaply, reduce the cost and the complexity? People have been talking about how adversarial AI could effectively circumvent a lot of the countermeasures that we use. The concept is not new. We've been talking about it for over a decade. From a crush-right perspective, we leverage AI, we leverage our models to defend against the adversaries, but we also build in capability to make sure that it can't be misused and it can't fall victim to a lot of the attackers. One of the reasons why we have a number of different models that we use to work simultaneously is so that you don't have single points of failure. So that's kind of the first part of the answer. From a generative AI perspective, look, one of the things that concerns me is the opportunity for attackers to be creating malware very, very quickly, very cheaply, and to be able to create malware that's constantly changing and dynamically evolving so it can circumvent any technologies, especially technologies that are primarily based on signature tech. So I don't think it's that far away where we're gonna see malware that's developed by a lot of this technology that can circumvent any product that uses a signature and effectively they would be useless products. So it's something that we obviously are keeping an eye on, but then there's also hugely positive use cases for things like chat and GPT. I mean, I look at the natural language searches that we can build into our product, make it easier to do things like threat hunting, make it easier to traverse threat intelligence which can be somewhat complex. So if we can also lower the barrier to get people to become better cyber security professionals, that's a good thing. So staying with some of the attack strategies I was reading, it was a mandiant report on the three CX double supply chain hacks. Somebody told me today, actually it was a crowd strike, discovered that, I don't know if that's true, I don't know if you even know that, you're smiling. But anyway, you know, mandate did a good job of packaging it up and explaining it, but good for them. They did some good incident response and we partner very closely. They did some great work on that. They're kind of game, I mean it was good, it was very well written and read, I mean I had to read it a couple of times to really truly understand it. But in that report I saw it was the first sort of known, you've been suspecting this is happening all the time, but that sort of double supply chain hack. So I mean, is that new? A lot of times I think it's new because I just read about it, but you guys are like, I don't know, we knew about that years ago. Yeah, not really new. I mean look, supply chain attacks are more and more common, we've been talking about it for a very long time. Adversaries, you've got to give them credit. They're incredibly resourceful, they're incredibly talented, they're incredibly patient. If they want to go after someone, they're going to do everything possible to be successful to carry out the operation that they're there to carry out. And again, when we're talking about how hard it is for an organization to defend themselves, the odds are against the average organization that's trying to run their business. You know, it's funny, you've got to give them credit and you're right, it's the creativity. And they've made the industry better in a large way. It reminds me of a, there's this podcast called Crime Town and it's about a bunch of mobsters in Rhode Island, which is Rhode Island, it's serious mobsters back in the whatever it was, 70s. And at the end of the series, they brought together the criminals and the cops, the FBI agents, and they put them in the room together and they had great respect for each other. You know, it sort of reminds me of that. So I don't know, maybe that's overstating it, but yeah, I mean, you must learn a lot from watching what the attackers are doing and get ideas maybe as to how to sort of prevent what their next move is. You're playing chess. Well look, there's again, you know, we talked about marketing in this industry. A lot of people talk about prevention and detection and a lot of people talking about autonomous diss. And the reality is when you move away from the marketing discussion, you need to have visibility into everything that runs inside your network. You know, it's a no brainer. If there's something that you can prevent, stop it. Stop it in real time. The faster you can stop attacks, the better you are going to be. But there's a whole bunch of attacks that don't use any malware at all. There's a whole bunch of attacks that are primarily related or involve social engineering. They involve profiling the target. I befriend you online. I connect to you. I talk to you after a couple of hours, weeks, months, I get you to run something on your machine. I trick you into clicking on a link. And then we did a demo yesterday where we showed people how easy it is to carry out an end to end attack from getting into the organization, to laterally moving to Excel trading data and cleaning up, just removing your USB and leaving no trace behind. So the thing is people need to understand there's a huge human element to this. When you're doing threat hunting, there's a huge element for the threat hunter. We're not at a stage where the technology's going to detect and defend itself. So it's a combination of tech plus the people that gives you the best outcome. You know, that's a good point because I always say bad user behavior is going to trump good security every time. And so there's this sort of narrative, you say get through the marketing, I appreciate that. Because there's this narrative, hey, spend more. We spend more every year. You know, you feel like, okay, we're less safe even though we're more capable as an industry. But what do you suggest customers do to just to educate the workforce? You know, we were talking about security moved into the boardroom and it did many, many years ago. It's now moved throughout the organization, but still there's a sort of a lack of, I think, appreciation. And you just gave a really good example. Somebody befriends you online, could be months and hey, check this out, boom. We'll click on the link and then you're dead. So how about that sort of educational aspect and sort of investing there? What do you recommend companies do? Well, some of the best, most progressive organizations that I've had the privilege of working with and meeting are organizations that target the layer eight problem, right? That target the user and educating the user and helping them understand what these adversaries do using gamification, making it fun, getting people involved, running phishing tests but not in a way that penalizes people or makes people afraid. Really having fun around there and having weeks where if you're an employee in a bank, you can walk downstairs, you can chat to one of the teams inside there, you can learn a little bit more and it just raises a skill level. We're also living in a different world, right? If you go back to the days when I started, I'm trying to make myself sound old for some reason but if you go back to the early days when I got into this space, if I spoke to my friends and told them what I did, they were like, what are you doing? If you told your parents and your family members what you're doing, it was just, people were just not really sure what it is that you're doing but now when your personal information is stolen every week, now when healthcare companies are targeted, now when people go to hospitals and they can't be admitted because there's a cyber attack, everybody knows about it, everybody knows this space so people want to know more. You don't have to work as hard to try to educate users because they're hearing it all the time and it's impacting them personally. It's one thing to see it on the news but it's another thing to have to change all of your personal information. There was a big attack in Australia recently where people were trying to work out. What do I do now? Do I go to the passport office and apply for a new passport? Do I go to my equivalent of the DMV here in the US to get a new license? Even the people that were putting out the new licenses didn't know what to do because you've got a license number and you kept that. It's like a social security number. You get the number, you keep it. What do you mean you need a new number? So it's impacting people in a big, big way personally which people are now taking that learning and that thinking to the office. You know, it's funny you mentioned that some companies will have, they'll have you take, I don't know if I'm speaking out of turn, I don't think I am, but we were talking about Dell earlier. I was talking to folks from Dell the other day, they said, oh yeah, they have the phishing test that they have to pass. And if you know, is this a spam phishing email or if they fail, they've got to go to class, all right, so. And that's good, I'd like to take that test, see if I can pass. You have to do things. We do a lot to educate our internal staff. I mean, we obviously as a cybersecurity company, we're fingerprinting staff, we're doing background checks constantly, recording everything everyone does. People come to us because they trust us. Security is about trust and we have to do that. But I think it's a good thing but do it in a way so people aren't intimidated by a phishing test. Do it in a way that they want to get involved, they want to learn, but they're not scared about doing it. You know, Lena, smart MongoDB, so what she told us is that what she does is she takes the brainiest, geekiest security people that can just talk deep, dark web and she puts them in a room with the average everyday user and they say, just talk. Talk about security and over time they sort of get empathy, the technical people get empathy for how little the non-technical people know and the reverse is true and over time it floats through the organization. I thought that was a sort of clever, organic way to create. Do you have any other sort of recommendations and techniques that you use? Look, I've seen a lot of things over the years where people, I talked about gamification and people had scores. So if your machine is kept safe and secure or you passed your test, you get a score. People are getting t-shirts made up. Suddenly different departments have bonuses. If the department score is higher than the other one, they get a day off, they get a spiff and people are walking around. I've seen a whole range of different examples. All of it is fantastic. The more that you do, the better it is. So how, tell me about this new role, what you're looking forward to, how do you see yourself spending your time? What are your priorities? Well, we're bringing together the entire product and engineering org and getting it very closely aligned with the Sales and Marketing Organization. It's bringing together policy and privacy teams. It's bringing together the M&A teams, Corporate Development side. You had Daniel Bernard on, I think it was yesterday. I've really enjoyed getting to learn DB as we call him and partnering so closely with him. In many ways, I haven't seen, certainly our organization or anywhere that I've worked before, where Sales and Marketing are partnering so closely. Goals on Pipeline, everyone's carrying a quota, the product teams are closely aligned with the sales team. If the sales team sell, the product teams benefit. If the product teams build great products and the engineering teams get it out on time, sales people can sell it. Everyone benefits from that. So a big part of it is alignment and a big part of what has made CrowdStrike unique is how agile we've been to respond to the market, to service our customers and we want to just keep building on that. We've talked with the market about our success but we've made it very clear that we have a pathway to $5 billion in net new ARR and we want to make sure that we hit those guidelines that we've talked about to the street and we want to make sure that we keep customers safe. Yeah, so I mean, there was a narrative for a while that the security industry was insulated from any of the macro and then last summer we saw sort of a road of peace security sort of reverts to the mean and then we've seen some mixed results as a group. You guys had a little softness in your small business and then last quarter you crushed it so we'll see what happens going forward. But generally what's the macro like? I'm presuming you're going to tell me it takes a little bit longer, maybe bigger deals are getting smaller, people are chunking things up, maybe you got to get to the CFO to get approvals, I mean all of that, right? Is that still the same? Is it changing at all? Is it getting better or worse? Yeah, we talked a lot about it on our last earnings call that the requirement for security hasn't gone away, the requirement for security and people wanting to evaluate products hasn't slowed down, the demand for trials hasn't slowed down, but just the decision making process just takes a little bit longer. We talked on our earnings call about requiring an extra signature, something that used to be signed off by the CFO now goes to the CFO, something that goes to the CFO traditionally now goes to the CEOs. Just that elongation in the process that we talked about, but the core requirement, the core requirement to defend against the TAC, that hasn't changed. All right, so we got something from the crowd. They, let's see, oh, big news about Chrome OS, right? You guys, that's right, you guys made an announcement, right? With Google. We did. Yep, tell us about that. We did, the user base for Chrome OS is growing all the time, people are buying Chromebooks, schools, universities, people want a lightweight device, a lot cheaper, they open the lid, they get to use it, it works, it's configured, safety built into the device, so growing popularity. With that closed down operating system, security built in, you can't install the traditional endpoint security agents that you would on a Windows device or a MacBook or a Linux operating system. So we worked very closely with Google, they want to make sure that they're providing a safe and secure platform and device to their customers, and rather than install anything, the telemetry coming off the device goes into the Google Cloud, and then in the back end, we're bringing it into the Kraus-Reich Falcon platform. As a customer. Oh, I don't have to do anything. You don't have to do anything. I'm a Chrome user, right? That's my primary. There we go. You're ready for Kraus-Reich. Despite my Mac, I prefer Chrome over Safari or any other browser. Duck-Duck-Go sometimes, but just for kicks. I still can't get it to bing. I just, you know, it just doesn't do it for me. I don't know about you guys, but you know, even with all the chat GPT stuff, it just hasn't hooked me yet. I don't know. Look, the best thing for us, pick whatever you feel comfortable using and we'll secure it. We're not going to drive you one way or the other. We want to make sure that you use any technology that allows you to be really to do your job, to be successful in your business, to use it for entertainment, but you're doing it safely and securely. So we're not going to drive you into anyone platform. We'll secure all of them. Yeah, I mean, look, different preferences, different strokes for different folks, of course. Michael, thank you for stopping breaches and the work that you do. Really appreciate you coming on theCUBE. Thanks for having me. Good to see you again. All right, keep it right there. We're back to wrap up day three, Wednesday here. It's Wednesday, right? Yeah, okay, RSA conference 2023. You're watching theCUBE.