This episode features a conversation between Sameer Gandhi, partner at Accel, and George Kurtz, CEO and co-founder of CrowdStrike. The conversation explores the journey of CrowdStrike from its early days to becoming a cybersecurity leader with a market cap of $72 billion as it approaches its 5th IPO anniversary.

The discussion covers George's experience as a second-time founder, how he structures investors and his board, and his approach to solving difficult problems. This episode is part of a series highlighting previous conversations with cybersecurity leaders ahead of this year's RSA conference.

Timestamp: [0:00-0:30]

Sameer Gandhi recounts how Accel pursued a meeting with George Kurtz after learning he had left his position as CTO of McAfee and was working on something new in Southern California. Despite George not actively raising money and limiting the meeting to just 30 minutes, the initial conversation extended into a multi-hour discussion where they discovered their shared vision for the future of cybersecurity.

"Okay like it's Accel you got to you know you got to meet with Accel you got top yourself top uh person obviously the firm."Kurtz, explaining why he finally agreed to meet after Accel's persistence"

The meeting almost started poorly, with George arriving late from an eye doctor appointment with dilated eyes and wearing protective glasses, but quickly evolved into a productive conversation about taking a fresh approach to cybersecurity.

Timestamp: [0:30-4:30]

What started as a reluctant meeting transformed into a discussion between kindred spirits who shared a vision for building "the Salesforce of security." George was particularly impressed by Accel's willingness to take a longer-term view of the opportunity, focusing on building something significant rather than just getting a quick product to market.

"I think one of the things that stood out which got me excited is the longer term view that that you guys were taking which was not like hey we can be thoughtful we're going to hang in here... but there was a willingness to what's the art of the possible how do we build something big rather than you know let's just get something to market quick and hopefully a quick turn and and we move on."

The discussion centered around an ambitious but specifically targeted approach: starting with endpoint security and expanding from there. At the time of investment, CrowdStrike's Falcon platform had only about $1 million in ARR, but that has since grown to over $3 billion.

Timestamp: [4:30-5:30]

George shares how CrowdStrike got started with their intelligence business almost by accident. The team was writing blog posts about security intelligence from an adversary-centric approach, which generated significant interest. On a whim, George suggested adding an email address at the end of a blog post for anyone interested in purchasing their intelligence.

George recounting his conversation with Adam, who still runs the Intel team today

"Well we have a problem... Well we don't have an intel @ crowdrike.com... We don't have an Intel anything but we can make an email address."

They quickly created the email address, published the blog post, and were immediately flooded with inquiries. This minimal viable product (MVP) test, along with their incident response services, became the foundation that supported their product development while building customer relationships and gathering crucial insights into adversary tactics.

Timestamp: [5:30-7:46]

CrowdStrike's early business model leveraged intelligence and incident response services not just as revenue streams but as strategic components of their product development. By providing incident response services, they gained deeper insights into how adversaries operate, which informed their product development.

"If you're in the middle of a breach and you understand how the adversary works you can build better products."

This integrated approach allowed CrowdStrike to:

1. Generate revenue while building their core platform
2. Establish trust relationships with customers
3. Gather essential knowledge about adversary tactics, techniques, and procedures (TTPs)
4. Create a feedback loop between services and product development

George notes that this approach was inspired by his experience at Foundstone, his previous company, where incident response work provided valuable insights that led to building better security products.

Timestamp: [7:46-8:56]

Sameer asks George to reflect on CrowdStrike's journey from startup to cybersecurity leader and his outlook for the company's future. George acknowledges that the path has been challenging, with many ups and downs behind the scenes despite the company's outward appearance of smooth sailing.

"It's never a clear path to success and there's been a lot of ups and downs and trials and tribulations and I always equated to a duck on the water you know it looks calm but there's there's a lot of pedaling that goes behind the scenes."

He emphasizes that focus has been key to their success—staying true to their original mission while adapting to unexpected challenges like the pandemic that hit shortly after their IPO. George's approach has been to "deal with what's in front of you and be able to execute no matter what comes your way."

Sameer notes that unlike many companies at this stage that may have tapped out their market opportunity, CrowdStrike still seems to be in its early chapters with significant growth potential ahead.

Timestamp: [8:56-10:52]

Sameer highlights how CrowdStrike's early approach was unconventional in the cybersecurity industry, particularly their all-in commitment to cloud technology when others doubted it was possible. He asks George about the insight behind this decision and where he found the conviction to go against industry trends.

George begins to explain how his experience at Foundstone (founded in 1999 and sold in 2004) influenced his approach to CrowdStrike, setting up the context for how his background shaped his vision for a different kind of cybersecurity company.

Timestamp: [10:52-11:32]

• Persistence pays off in business relationships - Accel's continued efforts to meet with George despite initial reluctance led to a transformative partnership
• Long-term vision matters - The shared ambition to build "the Salesforce of security" rather than seeking quick returns established a foundation for sustainable growth
• An adversary-centric approach to security is more effective than focusing solely on malware
• Service offerings can serve multiple strategic purposes: generating revenue, building customer relationships, and informing product development
• Maintaining focus on your original mission while adapting to unexpected challenges is crucial for sustainable success
• Going against industry trends (like CrowdStrike's early cloud commitment) requires strong conviction but can lead to significant competitive advantages
• Building a successful company isn't as smooth as it appears from the outside - "like a duck on the water" with calm appearance but intense effort beneath the surface

Timestamp: [0:00-11:32]

Companies & Products:

• CrowdStrike - Cybersecurity company co-founded by George Kurtz, approaching its 5th IPO anniversary with a $72B market cap
• Falcon - CrowdStrike's platform that grew from $1M ARR to over $3B
• Accel - Venture capital firm that invested in CrowdStrike, represented by Sameer Gandhi
• Foundstone
• McAfee - Company where George Kurtz previously served as CTO

People:

• George Kurtz - CEO and co-founder of CrowdStrike, former CTO of McAfee
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike
• Adam - Executive who still runs CrowdStrike's Intel team

Concepts:

• Adversary-centric approach - Security strategy focused on understanding attacker behavior rather than just stopping malware
• Intel business - CrowdStrike's intelligence offerings that share information about threat actors
• Incident response - Service helping organizations recover from security breaches
• Cloud-first security - CrowdStrike's unconventional approach of building security solutions in the cloud

Timestamp: [0:00-11:32]

George reflects on his time at McAfee, where he initially turned down the worldwide CTO position multiple times before eventually accepting it. That role proved invaluable, giving him deeper insights into how the industry worked and its challenges. His key observation was that companies were spending money on security but not getting the outcome they deserved—protection from breaches.

"The biggest thing for me was companies were buying security and spending money on security but I didn't think we're getting the outcome they deserve which was not being breached. If the whole industry is trying to stop malware rather than stopping breaches I just looked at a little bit differently."

This perspective shift—focusing on stopping breaches rather than just stopping malware—became a fundamental part of CrowdStrike's thesis. George wanted to create a system that could handle "silent failure," meaning if one part of the security system failed, you'd still be able to identify a breach since not everything is always detectable.

He saw that while SaaS platforms like Workday, ServiceNow, and Salesforce existed, there was no foundational cloud platform security company. His vision was for CrowdStrike to fill that gap, delivering "cloud security and security from the cloud" using a new architecture—even though many thought they were crazy.

Timestamp: [11:32-13:33]

Sameer recalls how CrowdStrike maintained an unwavering commitment to their cloud-first approach, even when many potential Fortune 50 customers initially rejected the cloud model. George refused to create on-premises or hybrid solutions, maintaining a pure cloud stance despite the business challenges this created.

"We're not going to go on prem we're not going to do a hybrid model."

When pitching to large Swiss banks, George would often hear positive feedback about their solution followed by questions about when they could "ship the box" for on-premises installation. His response was to point out the many cloud services these companies were already using (Dropbox, Box, Salesforce) while claiming they "don't do cloud."

"If you're not ready for the cloud journey, you will be at some point because the cloud is much bigger than CrowdStrike, and when you're ready, we'll be here but we're not going to change our model."

He also emphasized two key selling points for maintaining their pure cloud model:

1. Developing both on-prem and cloud solutions would dilute their resources and hinder innovation
2. The crowdsourced security benefits of their platform required the cloud model

This conviction paid off—customers who initially refused their cloud solution came back two years later to become major clients.

Timestamp: [13:33-16:41]

Sameer points out that CrowdStrike's cloud-first stance was made even more challenging by the competitive landscape, where other startups were already making progress in the endpoint security space. Despite the pressure to catch up with competitors that appeared to be ahead, George maintained his focus on building the right architecture first—what he calls "goldplated plumbing."

"How do we build the right architecture from the beginning? This wasn't how fast can we get to it and how many corners could we cut."

George references conversations with one of their original architects who insisted on building a strong foundation even though it took longer and cost more money. While competitors were getting to market faster with next-generation antivirus solutions based on machine learning and AI, CrowdStrike focused on creating "one of the most elegant and efficient agent data cloud architectures."

This approach—focusing on getting data in and out of their cloud at scale before adding AI algorithms and workflows—meant starting with the hardest part of the problem. CrowdStrike's competitors started with the easier parts (next-gen antivirus) and gained early traction, but once CrowdStrike added all their capabilities, they "blew everybody out of the water."

George credits Accel for supporting this long-term approach rather than pushing for shortcuts to generate quick revenue.

Timestamp: [16:41-20:00]

• Solving for outcomes (stopping breaches) rather than features (stopping malware) creates more customer value
• Having strong conviction in your business model and refusing one-off exceptions is critical for long-term success
• Distinguishing between business model (subscription) and technology delivery model (cloud) provides clarity
• Cloud-based security enables better capabilities through crowdsourced threat intelligence
• Patience pays off - customers who initially rejected cloud solutions eventually became major clients
• Focusing on building the right foundation and architecture first, even if it takes longer, enables greater scale and flexibility later
• Starting with the hardest technical problems (data architecture) before moving to flashier features (AI/ML) creates sustainable competitive advantage
• In competitive markets, resist the temptation to chase short-term market trends at the expense of your long-term vision

Timestamp: [11:32-20:00]

Companies & Products:

• CrowdStrike - Cybersecurity company co-founded by George Kurtz focused on cloud-based security
• McAfee - Company where George Kurtz previously served as worldwide CTO
• Salesforce - Cloud-based CRM platform mentioned as comparison for CrowdStrike's vision
• ServiceNow - SaaS platform mentioned as example of cloud transformation
• Workday - SaaS platform mentioned as example of cloud transformation
• Dropbox - Cloud storage service mentioned as example of companies already using cloud solutions
• Box - Cloud storage service mentioned as example of companies already using cloud solutions

People:

• George Kurtz - CEO and co-founder of CrowdStrike, former CTO of McAfee
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike

Concepts:

• Silent failure - Security concept where if one part of the system fails, you can still identify a breach
• Business model vs. technology delivery model - George's distinction between subscription services (business model) and cloud-based delivery (technology model)
• Gold-plated plumbing - Term used to describe building a robust foundation architecture that enables future growth
• NextGen antivirus - Machine learning/AI-based approach to malware detection that competitors focused on
• Agent data cloud architecture - CrowdStrike's approach to building efficient data collection and analysis at scale

Timestamp: [11:32-20:00]

Sameer references George's early vision about platform expansion and diversification beyond endpoint security, noting that they had discussed this years before the market recognized it. He asks about the framework George used to determine when it was the right time to expand beyond simply being a "next-gen endpoint company."

George explains that when CrowdStrike launched, they had just one module focused on getting data in and out of the cloud and providing basic reporting and detection. However, they always knew that data would be foundational to their future growth.

"We knew data was going to be a big part of it and in the early days... when you're trying to sell to the largest banks in the world and largest enterprises... you got to throw everything in the kitchen sink in right because you're five guys a dog in a garage, you've got some relationships and you want to get in."

Their strategy evolved from initially offering everything bundled together to eventually modularizing their platform. Once they had their Next-Gen Antivirus solution, they were able to break out separate modules and create distinct categories, pioneering a modular approach to security.

Timestamp: [19:41-21:46]

George emphasizes that he spent as much time thinking about CrowdStrike's business model as he did about its technical architecture. The key insight was building a "collect once, reuse many" approach to data.

"If you collect it once and reuse many that's an incredible gross margin story right because you collect it once and then you're just basically selling each module is almost pure margin."

This approach became a game-changer for their profitability. However, in the early days, their gross margins appeared poor to potential investors. George recalls having to explain to Series C investors how they would eventually reach 80% gross margins—something many investors couldn't envision and later regretted missing.

Sameer confirms this was a challenge during fundraising, remembering how Accel had to create a "gross margin bridge" to show the path from 30% to 80% margins. He notes that their CFO "still has scars" from that process, but Accel led the round because they could see the long-term vision.

This long-term approach to building from the ground up enabled CrowdStrike to expand into different product modules and categories, increasing their total addressable market (TAM). In contrast, competitors who took shortcuts by focusing solely on next-gen antivirus or accepting on-premises deals couldn't easily pivot or rearchitect their solutions.

"Every new on-prem deal is another barnacle... it's going to be a disaster faster for them to try to rearchitect and deal with all their on-prem customers and transition them over. - Sameer Gandhi"

Timestamp: [21:46-23:53]

Sameer brings up CrowdStrike's distinctive approach to mergers and acquisitions, noting that while M&A is natural for companies at their scale, CrowdStrike's approach is different. He asks George to elaborate on how they think about bringing in external capabilities to fill gaps in their product portfolio.

George explains their M&A framework has three key priorities, in order:

1. Team and chemistry: "If we don't have the right people in the team and the chemistry we won't do the deal. Could be the best tech in the world but if... we don't like them, we don't trust them, we can't get along with them, we don't think they'll execute, deal's not going to get done."

2. Technology: They maintain a high bar due to CrowdStrike's engineering culture.

3. Go-to-market: They prefer acquiring great teams and technology where CrowdStrike can provide the go-to-market strategy.

"We tend to like great teams and great technology and we can fill in the blank on the go to market, and that's been a really good formula for us."

George highlights their acquisition of Preempt (identity security) as an example. Despite having a great team and technology, CrowdStrike showed remarkable discipline by not selling the acquired product for nearly two years. Instead, they integrated it into their single-agent architecture, completely rewriting the agent to fit their platform.

"We didn't sell it for the better part of two years which is an incredible amount of discipline because our brand promise is single agent architecture."

The result was impressive growth—from $7 million ARR at acquisition to over $300 million ARR at the time of this recording.

Timestamp: [23:53-26:42]

Sameer shifts the conversation to team building and organizational development, noting that he and George interviewed many executives together over the years with mixed results. He asks what lessons George has learned about building teams and organizations.

George explains that organizations go through distinct phases, each requiring different types of talent:

1. Evangelical phase: Early-stage companies need people who can sell a vision with just a PowerPoint, get others excited, and convince them to join the journey.

2. Scaling phase: Once you have product-market fit, you need "scalers" who can build infrastructure and go-to-market capabilities to help the company reach adolescence.

3. Coin-operated phase: As the company matures, you need people who can effectively harvest existing accounts, drive high net retention, and add new offerings to the platform.

"The people who got you to 100 million won't necessarily be the ones to get you to 500 million to a billion to 5 billion to 10 billion."

When Sameer asks how to stay ahead of these transitions rather than scrambling to catch up, George offers a simple but powerful framework:

"Would I hire that person today for the role they're in today?"

If the answer isn't "yes," then changes need to be made. George emphasizes that this doesn't mean these are bad people or that they lack talent—just that their skill set may not match the company's current phase. He maintains relationships with many former employees he's helped find roles elsewhere because they were no longer the right fit for CrowdStrike's stage.

"It's never easy to move someone on but you have to have a framework to be able to say look this is not working out we got to get to the next phase."

Timestamp: [26:42-30:17]

• The "collect once, reuse many" data approach creates superior gross margins and enables platform expansion
• A modular platform architecture allows for expansion into new security categories over time
• Business model architecture is as important as technical architecture for long-term success
• Early-stage gross margins may appear poor until scale is achieved with a platform approach
• Avoiding on-premises deployments prevents future technical debt and "barnacles" that hinder growth
• M&A success depends first on team and cultural fit, then technology quality, and finally go-to-market capabilities
• Maintaining product integrity (like single-agent architecture) is worth delaying revenue from acquisitions
• Companies go through distinct phases requiring different talent profiles: evangelical, scaling, and coin-operated
• Regularly ask: "Would I hire this person today for this role?" to assess team fit with company stage
• Making personnel changes earlier rather than later is almost never regretted

Timestamp: [19:41-30:17]

Companies & Products:

• CrowdStrike - Cybersecurity company that evolved from a single-module product to a 27-module platform
• Preempt - Identity security company acquired by CrowdStrike, grew from $7M to $300M+ ARR after integration

People:

• George Kurtz - CEO and co-founder of CrowdStrike
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike
• Burt - Mentioned as CrowdStrike's CFO who worked on financial modeling during fundraising

Concepts:

• Modular platform - CrowdStrike's approach to breaking security functions into separate modules on a single platform
• Collect once, reuse many - Data architecture that enables high gross margins by leveraging the same data across multiple modules
• Gross margin bridge - Financial modeling showing path from early-stage lower margins to mature high margins
• Single-agent architecture - CrowdStrike's approach ensuring all security functions operate through one software agent
• Company growth phases - Evangelical (vision selling), Scaling (building infrastructure), and Coin-operated (optimizing established business)
• Total Addressable Market (TAM) - The revenue opportunity available for a product or service

Timestamp: [19:41-30:17]

Sameer notes that George thoughtfully constructed CrowdStrike's board early on, including bringing in an outside chairman. He points out that many of those early board members remain in place today and asks George to share lessons about board construction and how to leverage a board effectively.

George emphasizes that board construction is critical because you'll be working with these people for a long time. Some board members come with investment capital, while others are recruited specifically for their expertise. He warns that entrepreneurs often fall into the trap of selecting people based solely on their background or experience, which doesn't always work out as expected.

"When you think about constructing a board it's it's really critical because you're going to be living with these board members and some of them you're going to choose because they're part of the cap table and others you're going to go out and you're going to recruit."

For George, key considerations for board members include:

1. People who buy into the vision of building a big company for the long term
2. People with relevant skill sets (financial, sales, etc.)
3. People you can get along with personally

"I would take less money to work with somebody I like than more money and have someone on the board that was problematic. It's just not worth it."

Beyond selection, George emphasizes the importance of leveraging each board member's unique strengths or "superpower." CrowdStrike did something unconventional by tracking "Board Influence Revenue" (BIR) with a leaderboard for board members, having them commit to specific contributions for the next 12 months and tracking their impact on pipeline development through their networks and contacts.

"If you're on the board... we had a leaderboard for the board members. This I think is a good one for the audience. What's your board delivering? What are they going to deliver? Have them write it down over the next 12 months."

George's summary: pick people you can work with who have specific skills or superpowers, and if they're going to hold you accountable, ensure there's mutual accountability for what they're contributing to the company.

Timestamp: [30:19-33:03]

Sameer shifts the conversation to discuss how CrowdStrike maintains its innovative edge despite its significant scale. He notes that George has set ambitious public goals, including reaching $10 billion in ARR within 5-7 years—a target that few companies have achieved, especially in such a compressed timeframe. He asks how the company maintains startup intensity and creativity at its current size without becoming a legacy company.

George explains their approach using the concept of a "scaled insurgent." He reflects on how CrowdStrike disrupted legacy players like McAfee and Symantec, and emphasizes that they don't want to end up on the receiving end of disruption themselves.

"What got us to where we are is we disrupted all the legacy players... They're all gone or changed or something right because we were able to disrupt them. And we obviously don't want to be on the other side of being disrupted."

This scaled insurgent mindset means:

• Staying on the forward edge of the curve
• Continuously focusing on customer problems
• Executing quickly
• Thinking like an insurgent ("if you're not doing it, someone's doing it to you")

While maintaining this startup mentality, CrowdStrike also leverages its scale advantages:

• Extensive distribution channels
• Large team and relationships
• Tens of thousands of customers
• Established moats around the business

"We still have to think like a startup like it was the first day and the last day. Like every day you come in should be thinking about 'Man, there's a whole new world in front of me.' And when you go home you should be thinking about 'Man if I didn't get this thing done I'm going to be out of business.' And I don't care whether we're 3 billion or you know 3 million, that's kind of the way we think."

George acknowledges this becomes harder as the company grows beyond 300 people to thousands and goes through the IPO process. However, maintaining a culture focused on solving customer problems, keeping them safe, and nurturing a sense of mission remains crucial.

Timestamp: [33:03-36:08]

Sameer observes that George is deeply immersed in the company, with CrowdStrike's identity wrapped around him as the founder. He asks what George does to maintain his insurgent mindset beyond his natural competitiveness.

George emphasizes building a culture centered on winning that makes work enjoyable and creates positive momentum. He believes winning should be celebrated, but losing should hurt—a lesson he relates to childhood sports experiences.

"It should be fun to be at work and it should be fun to win. And it's not so fun when you lose, right? So it should actually hurt when you lose."

"When I grew up not everybody got a trophy and when you didn't get a trophy it really sucked."

The key elements of this winning culture include:

• Celebrating wins and building momentum
• Ensuring customer success is at the center ("we're winning but the customer is winning")
• Focusing on the mission of "stopping the bad guys"
• Having the right team and people with the right philosophy

George warns against complacency, even when achieving impressive growth milestones like reaching $1 billion or $3 billion ARR faster than most companies. Simply assuming continued success without maintaining urgency is dangerous.

"Complacency kills. For me I talk a lot about time and urgency and have a saying that I'm looking at a watch not a calendar. And that's the kind of sense of urgency that we need."

He concludes by emphasizing the importance of healthy paranoia—always being aware that someone might be trying to disrupt and replace CrowdStrike, just as they disrupted legacy players in the security industry.

Timestamp: [36:08-38:12]

• Board construction should prioritize alignment with company vision, relevant skills, and personal compatibility
• Track board member contributions through metrics like "Board Influence Revenue" to ensure mutual accountability
• The concept of a "scaled insurgent" combines startup mentality with the advantages of scale and distribution
• Maintain a startup mindset where every day feels like both the first day and potentially the last day
• Build a culture focused on winning that makes work enjoyable while serving customers' security needs
• Balance celebrating wins with feeling the sting of losses to maintain competitive drive
• Focus on customer success as the foundation of company success
• Combat complacency by maintaining urgency—"looking at a watch, not a calendar"
• Cultivate healthy paranoia about potential disruption to avoid becoming like the legacy companies you displaced
• As companies grow larger, maintaining the original mission and culture becomes more challenging but even more critical

Timestamp: [30:19-38:12]

Companies & Products:

• CrowdStrike - Cybersecurity company with ambitions to reach $10B ARR in 5-7 years
• McAfee - Legacy security company disrupted by CrowdStrike, mentioned as an example
• Symantec - Legacy security company disrupted by CrowdStrike, referenced indirectly

People:

• George Kurtz - CEO and co-founder of CrowdStrike
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike
• Ghart - Board member mentioned by Sameer
• Roxan - Board member mentioned by Sameer

Concepts:

• Board Influence Revenue (BIR) - CrowdStrike's metric for tracking board member contributions to pipeline and revenue
• Scaled insurgent - Concept of maintaining startup mentality while leveraging the advantages of scale
• Winning culture - Organizational environment that celebrates successes while learning from failures
• Watch not a calendar - George's phrase describing the urgent timeframe needed for execution

Timestamp: [30:19-38:12]

Sameer transitions the conversation to discuss a shared passion with George—racing. While Sameer describes it as a hobby for himself, he notes that for George it's a true passion, essentially making him a professional race car driver in the AM class who happens to have a full-time job. Sameer asks George to share how he got into racing and what connections he sees between racing and leading a business.

George explains that he got into racing around 2007 when Dennis Ori, who was on the McAfee board (and is now on CrowdStrike's board), took him to a racetrack for a few days of driver instruction in a Radical car. George performed well, eventually bought his own car, and continued to advance up the racing ladder to "bigger and better things."

"I got into it uh in 2007ish I think uh when Dennis Ori one of our board members uh we went out to a racetrack he was on the McAfee board so went out to racetrack and took a few days of just driver instruction in a radical was pretty good at it."

George identifies several key parallels between racing and business leadership:

1. Accountability and objective measurement: In racing, "the stopwatch doesn't lie" despite drivers' tendency to make excuses. Similarly in business, particularly sales, leaderboards show clear performance regardless of excuses.

"The thing I love about racing is the stopwatch doesn't lie... It's easy to come up with excuses... But end of the day it's what places you on a leaderboard and what's the time period. Nothing else really matters."

2. Data-driven decision making: Both racing and business benefit from focusing on data and numbers to drive behavior.

3. Team dependency: Although George drives the car, success depends on having the right vehicle, preparation, and team support.

"I can race the car but if I don't have the right car if I don't have the right preparation if I don't have the team doesn't change the tires the right way all this stuff will go awry if you don't have the team."

4. Team-first mentality: George looks for people at CrowdStrike "who want to play for the name on the front of the jersey not the back of the jersey" because collective success requires everyone's contribution.

5. Attention to detail: In professional racing, drivers may be separated by mere tenths of a second, making small details critically important—similar to the fine margins in business competition.

"When the pros race they're all couple of tents apart literally they're like robots right it's the little details of the car and just the little extras that make the difference between first and 20th place within a second."

Racing has become deeply integrated into CrowdStrike's identity, including their involvement with Formula 1 and CXO events. George notes that competitors have even copied their Formula 1 presence, wondering "what do those guys know."

Timestamp: [38:01-41:25]

Sameer mentions that George is one of the few people who've had the opportunity to drive a Formula 1 car and asks him to share that experience.

George recounts how the opportunity began during a dinner with Toto Wolff (Team Principal of the Mercedes-AMG Petronas Formula One Team). They were discussing potential customer experiences when Toto suggested getting five major CEOs together for an event where they would be trained to drive a Formula 1 car.

"We were just sitting there having some wine and thinking about it he says 'Well what if we got like five of the biggest CEOs around to an event and we would train them to drive a Formula 1 car?'"

What started as a conceptual idea between "two CEOs with a PowerPoint" quickly faced engineering constraints when the Mercedes team got involved. The parameters were extremely restrictive:

• Must be under 6'1" tall
• Must weigh under 180 lbs
• Must have a 32-inch waist or smaller

These requirements dramatically limited who could physically fit in the car, regardless of driving ability. With time running short, Toto offered George the opportunity to drive.

George fit most criteria but needed to lose an inch from his waist—a challenge he called "Project 32." He underwent extensive preparation:

• Completed the training program
• Visited Brackley (Mercedes F1 headquarters)
• Trained in Simulator 6, a highly secretive facility that "like 10 people in the whole company have seen"

Finally, George was put into Lewis Hamilton's 2021 car—a "priceless" vehicle. The team had him drive on rain tires (rather than slicks) due to concerns about keeping heat in the tires and applying enough pressure on the brakes (needing to hit 100 bar of pressure, which George describes as "like pushing your foot through a wall").

"It literally was... trying to explain to someone how to fly an F-16 that's never been in an F-16. It's like an out-of-body experience."

The experience was captured in a series of videos, and George reflects that what began as a "crazy idea" about putting CEOs in Formula 1 cars turned into a remarkable opportunity.

Timestamp: [41:25-44:35]

• Clear, objective measurement is crucial in both racing and business—"the stopwatch doesn't lie" and neither do sales leaderboards
• Excuses don't change results; focus on the data and metrics that matter regardless of circumstances
• Success in both racing and business requires a strong supporting team, not just individual performance
• Look for people who prioritize team success over individual recognition ("the name on the front of the jersey, not the back")
• Small details make the difference between winning and losing when competition is tight
• Having a passion outside of business can provide valuable leadership insights and analogies
• Ambitious ideas ("putting CEOs in Formula 1 cars") often face practical constraints but can evolve into unique opportunities
• Personal challenges (like "Project 32" to meet physical requirements) demonstrate commitment to achieving difficult goals
• External interests can become integrated into company culture and identity (CrowdStrike's Formula 1 connections)
• The best experiences are often those that push us beyond our comfort zones into "out-of-body" learning opportunities

Timestamp: [38:01-44:35]

Companies & Organizations:

• CrowdStrike - Cybersecurity company founded by George Kurtz
• Formula 1 - Premier motorsport series that CrowdStrike has partnered with
• Mercedes-AMG Petronas Formula One Team - F1 team mentioned in relation to George's driving experience

People:

• George Kurtz - CEO and co-founder of CrowdStrike, amateur race car driver
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike, also enjoys racing as a hobby
• Dennis Ori - Board member who introduced George to racing
• Toto Wolff - Team Principal of the Mercedes-AMG Petronas Formula One Team
• Lewis Hamilton - Formula 1 driver whose 2021 car George drove

Racing Terms:

• AM class - Amateur classification in racing
• Radical - Type of race car George first trained in
• Brackley - Location of Mercedes F1 headquarters
• Simulator 6 - Secret high-level simulator used by Mercedes F1
• Rain tires - Special tires designed for wet conditions
• Slicks - Smooth racing tires designed for dry conditions
• Bar - Unit of pressure measurement for brakes (100 bar being extremely high)

Concepts:

• Project 32 - George's personal challenge to reduce his waist size to 32 inches to fit in the F1 car
• Front of the jersey vs. back of the jersey - Metaphor for team orientation vs. individual recognition

Timestamp: [38:01-44:35]

Sameer shifts the conversation to AI, noting with some humor that while everyone is talking about AI now, CrowdStrike has essentially been an "AI-native" company since its founding. He points out that the company's original premise of putting data in the cloud and delivering security from the cloud involved principles of machine learning and AI from the beginning, though now CrowdStrike has released an entire suite of products leveraging this foundational technology.

George confirms this observation, explaining that when he started CrowdStrike, they were focused on three major themes:

1. Cloud
2. Big data ("we don't hear much about that term anymore")
3. Machine learning (what we now market as AI)

"Obviously we were doing AI before it was fashionable... We thought having the data and using machine learning to solve these problems was going to be the way forward because we didn't want signatures. That was the problem with legacy technology—you need a signature every time there was something bad."

CrowdStrike built a strong data science team that has done "incredible work" over the years. In the past 18-20 months, they've launched Charlotte AI, their generative AI product that George believes will transform Security Operations Centers (SOCs) by "compressing 8 hours of mundane work into 10 minutes."

"For us it's always been part of our ethos. Now what we're doing is leveraging AI across the company. We call it... 'AI everywhere' so whether it's in legal or marketing or anywhere we can be efficient."

Sameer acknowledges the impressive capabilities of Charlotte AI, noting the dramatic time savings it provides and emphasizing that being "AI-native" isn't something companies can simply add on—it requires building from the foundation up.

Timestamp: [44:41-47:56]

George explains that being AI-native starts with data, but more importantly, it's about how you curate that data. He criticizes companies that claim to have "the most data" without proper organization or training of that data.

"It starts with data but then it's how you actually curate the data. You hear a lot of companies talk about 'well we have the most data.' Okay you have the most data but if it's a pile of data that is not really trained or organized it doesn't make any sense."

This understanding led CrowdStrike to create their Threat Graph early on to properly organize data. George also notes that over the past decade, they've annotated much of their collected data and threat pairings in ways that make training large language models (LLMs) more efficient, without requiring additional human review—something he attributes partly to luck but emphasizes its importance.

"Is it the most relevant data that is trained the right way with the right algorithms to get the right outcome? If that's the case great, but if not just telling me you have the most data doesn't mean anything to me."

Beyond data organization, George highlights the importance of implementing guardrails in security applications of AI. Unlike ChatGPT, which will always provide an answer even if it has to fabricate one, security AI cannot afford to make up responses when it doesn't know the answer.

"In ChatGPT if you ask a question you'll always get an answer. In security if we don't know the answer we shouldn't just make one up."

CrowdStrike had to build multiple layers of protection around their AI to ensure they're providing accurate information to customers and not encouraging potentially harmful actions.

Timestamp: [47:56-49:33]

When asked about his predictions for how AI will affect the security industry going forward, George identifies several key points:

1. Industry transformation: AI will transform security because it involves large amounts of data, many mundane tasks that take significant time, and a shortage of trained security professionals—making it "a perfect area for generative AI to help."

2. Adversarial use: Hackers are already using generative AI and LLMs without guardrails, which George sees as particularly concerning.

"We know the adversaries are using generative AI. They're using LLMs that don't have guardrails on them."

3. Democratization of attacks: Previously, sophisticated security attacks required rare expertise, but AI is changing that dynamic.

"A lot of these security attacks are pretty esoteric. In the grand scheme of 8 billion people on planet Earth, there's relatively a handful that are really smart that can create these attacks... If you can take that expertise and now democratize it through evil LLMs, dark LLMs, that's a real problem."

4. Compressed attack timelines: The speed from vulnerability discovery to exploit development is accelerating dramatically.

"Microsoft comes out with a patch... generative AI and sort of an AI factory will be able to disassemble that patch, figure out where the vulnerabilities are, write the exploits, write the exploit kits, and put it up on the website and have it for sale in hours... which would have taken days in the past."

George concludes that the threat landscape will only become more challenging, making the right AI approach critical for keeping customers safe.

Timestamp: [49:33-51:02]

• Being truly "AI-native" means building with AI principles from the foundation up, not adding AI features later
• The quality, organization, and annotation of data matters far more than the quantity of data
• Security AI requires specialized guardrails that consumer AI like ChatGPT doesn't have—in security, saying "I don't know" is better than providing a potentially harmful incorrect answer
• AI is transforming security operations by automating mundane tasks that previously required hours of human effort
• The democratization of attack capabilities through "dark LLMs" means sophisticated attacks that once required rare expertise are becoming accessible to many more threat actors
• AI is dramatically accelerating the exploit development timeline from days to hours
• Companies that were early adopters of machine learning and big data technologies have a significant advantage in implementing today's generative AI solutions
• Truly effective AI implementation requires cross-organizational adoption ("AI everywhere")
• The combination of AI acceleration and the existing shortage of security professionals makes AI an essential component of modern security strategies
• The security industry must innovate with AI to keep pace with adversaries who are already leveraging AI without ethical constraints

Timestamp: [44:41-51:02]

Companies & Products:

• CrowdStrike - Cybersecurity company founded by George Kurtz
• Charlotte AI - CrowdStrike's generative AI product that transforms security operations
• Microsoft - Mentioned in the context of security patches that are analyzed by attackers
• ChatGPT - Referenced as an example of AI that will always provide an answer, even if incorrect

People:

• George Kurtz - CEO and co-founder of CrowdStrike
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike

Concepts & Technologies:

• AI-native - Building systems with artificial intelligence as a foundational element rather than an add-on
• Machine learning - Early form of AI that CrowdStrike has used since its founding
• Generative AI - More recent AI capability that can create content and automate complex tasks
• Big data - Term popular when CrowdStrike was founded, referring to large datasets requiring specialized processing
• Threat Graph - CrowdStrike's technology for organizing security data in a meaningful way
• LLM (Large Language Model) - AI models that understand and generate human language
• Dark LLMs/Evil LLMs - Language models used by attackers without ethical guardrails
• SOC (Security Operations Center) - Team responsible for monitoring and defending against cybersecurity threats
• Data annotation - Process of labeling data to make it more useful for machine learning
• AI guardrails - Safety measures implemented to prevent AI from generating harmful or inaccurate outputs
• AI factory - Automated systems for rapidly developing attack tools using AI

Timestamp: [44:41-51:02]

Sameer notes that George's approach to funding CrowdStrike from its earliest days through its IPO offers valuable lessons for founders and asks him to share his principles about funding rounds and investors.

George begins by reflecting on his experience with his first company, Foundstone, which he started at age 29 without an established track record. He raised $3.5 million at a $6 million pre-money valuation—"those were the days," he notes, comparing it to today's much higher seed round valuations. This early experience taught him the importance of capital efficiency.

The key lesson George learned from that Series A experience came in 2004 when McAfee wanted to acquire Foundstone. Most of his investors were from 1999 vintage funds looking for liquidity to return money to their LPs, and Foundstone was "the only company that was worth anything" in their portfolios. While the acquisition worked out well, George wasn't necessarily ready to sell.

This experience shaped his investor selection criteria for CrowdStrike:

1. Long-term investors: "The number one thing was having long-term investors."

2. Established firms: "I didn't want the investor to make their name on CrowdStrike." He cites Accel's involvement with Facebook as an example—since Accel was already established, they didn't need CrowdStrike to "make Accel Accel."

"That gave me a lot of comfort in that the fact that we were going to be able to not have to worry about taking shortcuts or sell the company."

3. Aligned vision: Investors who understood and supported the vision of building "a generational security company."

4. Win-win economics: Ensuring that deals were good for both employees/founders and investors.

George emphasizes that he deliberately curated CrowdStrike's entire cap table to include investors who didn't need the company's success to make their reputations or fund returns.

Timestamp: [51:08-54:23]

Sameer asks George about specific examples where he chose to accept lower valuations than what was available in the market, particularly in later funding rounds. George explains his rationale:

1. Insider preference: He preferred working with existing investors rather than bringing in new players.

"Adding a new player both in an equity partner and a board member or a board adviser is just more complexity."

2. Group dynamics: "Smaller is better and you can just get more done with less personalities around the table." While diverse perspectives are valuable, George notes the practical difference between managing 12 people versus 6 people.

3. Relationship continuity: "Life is pretty short so you want to be working with people that you like." George points out the risk of building a relationship with a partner who then leaves their firm, forcing you to work with someone you didn't choose.

"The more you bring in, the more likely you are to make a mistake or have something go wrong."

4. Focus preservation: By keeping the investor base manageable, George could focus on building the business rather than managing investor relationships.

This approach allowed CrowdStrike to maintain consistency in their investor base and board, creating a more stable environment for long-term decision-making.

Timestamp: [54:23-56:14]

Sameer shifts the conversation to CrowdStrike's IPO, noting they had "healthy debates" about pricing. He points out that despite strong demand allowing for a higher price, George chose pricing at the lower end of the range and asks what drove that decision.

George explains that their IPO preparation began long before the actual 2019 offering—as early as 2017, when they started building relationships with sell-side and buy-side analysts. When they finally launched their roadshow, the response was overwhelmingly positive.

"We were oversubscribed so many times. There was only two buy-side folks that didn't invest... out of all the meetings that we had. So it was wildly successful."

The initial price range was $24-28, but based on strong interest, it increased to approximately $34-40. During the pricing discussions, there was significant debate about "not leaving money on the table," with various stakeholders expressing different opinions.

However, George and CFO Burt Podbere had two primary considerations:

1. Long-term shareholders: They wanted investors committed to holding the stock for the long term.

2. Protecting the IPO price: "We wanted to be in a position where we never broke the IPO price." George believed that pricing too aggressively would create resentment among investors.

"We wanted to create that relationship which is like we are here for the long term and we want our investor base to be there for the long term."

After the board sent George and Burt to determine the final price (a 45-minute deliberation that George humorously admits took "30 seconds" for the actual decision and the rest of the time "calling our wives and doing other things"), they settled on $34 per share. George notes that while the stock may have briefly dipped to $34, it never closed below the IPO price.

"If you have a broken IPO it becomes really hard to recover after that."

Sameer observes that this approach was consistent with George's long-term orientation throughout CrowdStrike's journey—prioritizing sustainable growth over maximizing short-term gains.

Timestamp: [56:14-1:00:36]

George shares a revealing anecdote from the IPO roadshow. During a meeting with a potential investor, he was asked what he planned to do with the $600 million they were raising—specifically, if he would "have a party and go to Vegas," as another CEO had done after their IPO.

George's response illustrated his commitment to customers and ongoing business growth:

"I'm going to tell you what I'm going to do. We're going to do the IPO, we're going to have a dinner, and then the very next week I'm going to continue the road show."

When the investor expressed confusion about continuing a roadshow after the IPO, George clarified:

"No, I'm going to continue the road show with our customers and I'm going to meet 100 customers and prospects in 100 days."

George not only met this ambitious goal but exceeded it, meeting over 130 customers in that timeframe. This initiative, which became known as "100 in 100," sent a powerful message both externally and internally:

"The IPO is the green flag, it's not the checkered flag."

This approach highlighted that going public was just the beginning of CrowdStrike's journey, not the end goal. It also set an important tone for employees who had become wealthy from the IPO, emphasizing that their work was far from finished.

Sameer confirms the impact of this initiative, noting that while most companies celebrate with elaborate parties after their IPO, CrowdStrike had a small team dinner, and George was "off basically the next day" to begin his customer meetings. He praises George's leadership through actions, showing the team that "tomorrow's the next day and we're back at work."

The conversation concludes with mutual appreciation, with Sameer thanking George for sharing his insights and George expressing his willingness to return to the podcast in the future.

Timestamp: [1:00:36-1:03:21]

• Investor selection should prioritize long-term partners who don't need your success to make their reputation or fund returns
• Keeping your investor base and board small reduces complexity and allows greater focus on building the business
• When choosing investors, consider who you'll enjoy working with since these relationships often last many years
• IPO pricing strategy should balance immediate proceeds against long-term shareholder relationships
• Avoiding a "broken IPO" (where stock trades below the IPO price) creates a stronger foundation for public market success
• The IPO should be viewed as "the green flag, not the checkered flag"—the beginning of a new phase, not the end goal
• Demonstrating leadership through actions (like the "100 in 100" initiative) sets cultural expectations more effectively than words
• Consistent principles throughout a company's life cycle—from early funding through IPO—create alignment and stability
• Preparation for major milestones like an IPO should begin years in advance through relationship building
• Capital efficiency remains important even when fundraising becomes easier
• The best business decisions often balance short-term opportunities against long-term relationships

Timestamp: [51:08-1:03:21]

Companies & Organizations:

• CrowdStrike - Cybersecurity company founded by George Kurtz that completed a successful IPO in 2019
• Foundstone - George Kurtz's first company, acquired by McAfee in 2004
• McAfee - Company that acquired Foundstone
• Accel - Venture capital firm that invested in CrowdStrike, represented by Sameer Gandhi
• Facebook - Referenced by George as a company that helped establish Accel's reputation

People:

• George Kurtz - CEO and co-founder of CrowdStrike
• Sameer Gandhi - Partner at Accel who led the investment in CrowdStrike
• Burt Podbere - CrowdStrike's CFO, who worked with George on IPO pricing

Concepts:

• IPO (Initial Public Offering) - Process by which CrowdStrike became a publicly traded company
• Broken IPO - Situation where a stock trades below its IPO price, which CrowdStrike deliberately avoided
• Road show - Presentations to potential investors before an IPO
• 100 in 100 - George's initiative to meet 100 customers in 100 days following the IPO
• Green flag vs. checkered flag - Racing metaphor used by George to describe the IPO as the beginning (green flag) rather than the end (checkered flag)
• Pre-money valuation - Company valuation before investment, referenced in the context of Foundstone's early funding
• Limited Partners (LPs) - Investors in venture capital funds, mentioned regarding the pressure on early Foundstone investors
• Vintage fund - Refers to the year a venture capital fund was raised

Timestamp: [51:08-1:03:21]