SEC Filing | CrowdStrike Holdings, Inc.

View:

Use these links to rapidly review the document
TABLE OF CONTENTS
CROWDSTRIKE HOLDINGS, INC. INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

Table of Contents

As confidentially submitted to the Securities and Exchange Commission on April 17, 2019
This draft registration statement has not been publicly filed with the Securities and Exchange Commission and all
information herein remains strictly confidential.

Registration No. 333-

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549

FORM S-1
REGISTRATION STATEMENT
UNDER
THE SECURITIES ACT OF 1933

CROWDSTRIKE HOLDINGS, INC.
(Exact name of Registrant as specified in its charter)


Delaware (State or other jurisdiction of incorporation or organization)		7372 (Primary Standard Industrial Classification Code Number)		45-3788918 (I.R.S. Employer Identification Number)

150 Mathilda Place, Suite 300
Sunnyvale, California 94086
(888) 512-8906
(Address, including zip code, and telephone number, including
area code, of Registrant's principal executive offices)

George Kurtz
President and Chief Executive Officer
CrowdStrike Holdings, Inc.
150 Mathilda Place, Suite 300
Sunnyvale, California 94086
(888) 512-8906
(Name, address, including zip code, and telephone number, including area code, of agent for service)


Copies to:
Alan F. Denenberg Stephen Salmon Davis Polk & Wardwell LLP 1600 El Camino Real Menlo Park, California 94025 (650) 752-2000		David J. Segre, Esq. Jon C. Avina, Esq. Jonie I. Kondracki, Esq. Cooley LLP 3175 Hanover Street Palo Alto, California 94304 (650) 843-5000

Approximate date of commencement of proposed sale to the public:
As soon as practicable after this Registration Statement becomes effective.

If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act, check the following box: o

If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, please check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o

If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o

If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of "large accelerated filer," "accelerated filer," "smaller reporting company," and "emerging growth company" in Rule 12b-2 of the Exchange Act.


Large accelerated filer o		Accelerated filer o		Non-accelerated filer ý		Smaller reporting company o Emerging growth company ý

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 7(a)(2)(B) of the Securities Act. o

CALCULATION OF REGISTRATION FEE

Title of Each Class of Securities to be Registered	Proposed Maximum Aggregate Offering Price(1)(2)	Amount of Registration Fee




Class A Common Stock, $0.0005 par value per share	$	$

(1): Estimated solely for the purpose of computing the amount of the registration fee pursuant to Rule 457(o) under the Securities Act of 1933, as amended.
(2): Includes the aggregate offering price of additional shares that the underwriters have the option to purchase.

The Registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933, as amended, or until the Registration Statement shall become effective on such date as the Commission, acting pursuant to said Section 8(a), may determine.

Table of Contents

The information in this preliminary prospectus is not complete and may be changed. These securities may not be sold until the registration statement filed with the Securities and Exchange Commission is effective. This preliminary prospectus is not an offer to sell nor does it seek an offer to buy these securities in any jurisdiction where the offer or sale is not permitted.

Subject to Completion. Dated , 2019.

CrowdStrike Holdings, Inc.

Class A Common Stock

This is the initial public offering of shares of Class A common stock of CrowdStrike Holdings, Inc.

We have two classes of authorized common stock, Class A common stock and Class B common stock. The rights of the holders of Class A common stock and Class B common stock are identical, except with respect to voting and conversion rights. Each share of Class A common stock is entitled to one vote per share. Each share of Class B common stock is entitled to ten votes per share and is convertible into one share of Class A common stock. Outstanding shares of Class B common stock will represent approximately % of the voting power of our outstanding capital stock immediately following the completion of this offering.

Prior to this offering, there has been no public market for shares of our Class A common stock. It is currently estimated that the initial public offering price per share will be between $ and $ .

We have applied to list our Class A common stock on the Nasdaq Global Select Market under the symbol "CRWD".

We are an "emerging growth company" as defined under the federal securities laws and, as such, may elect to comply with certain reduced public company reporting requirements for future filings.

See the section titled "Risk Factors" beginning on page 20 to read about factors you should consider before buying shares of our Class A common stock.

Neither the Securities and Exchange Commission nor any other regulatory body has approved or disapproved of these securities or passed upon the accuracy or adequacy of this prospectus. Any representation to the contrary is a criminal offense.


	Per Share	Total

Initial public offering price	$	$
Underwriting discounts⁽¹⁾	$	$
Proceeds, before expenses, to CrowdStrike Holdings, Inc.	$	$

(1): See the section titled "Underwriting" beginning on page 175 for a description of the compensation payable to the underwriters.

To the extent that the underwriters sell more than shares of our Class A common stock, the underwriters have an option to purchase up to an additional shares from us at the initial public offering price, less the underwriting discount.

The underwriters expect to deliver the shares of our Class A common stock against payment in New York, New York on , 2019.


Goldman Sachs & Co. LLC		J.P. Morgan		BofA Merrill Lynch		Barclays


Credit Suisse		Jefferies		RBC Capital Markets		Stifel


HSBC		Macquarie Capital		Piper Jaffray		SunTrust Robinson Humphrey


BTIG		JMP Securities		Mizuho Securities		Needham & Company		Oppenheimer & Co.

Prospectus dated , 2019.

Table of Contents

TABLE OF CONTENTS

		Page

Prospectus Summary		1
Risk Factors		20
Special Note Regarding Forward-Looking Statements		60
Market and Industry Data		62
Use of Proceeds		63
Dividend Policy		64
Capitalization		65
Dilution		68
Selected Consolidated Financial and Other Data		71
Management's Discussion and Analysis of Financial Condition and Results of Operations		75
Business		110
Management		131
Executive Compensation		141
Certain Relationships and Related Party Transactions		153
Principal Stockholders		159
Description of Capital Stock		162
Shares Eligible for Future Sale		169
Material U.S. Federal Income and Estate Tax Consequences to Non-U.S. Holders of Our Class A Common Stock		172
Underwriting		175
Legal Matters		181
Experts		181
Where You Can Find Additional Information		181
Index to Consolidated Financial Statements		F-1

Neither we nor any of the underwriters have authorized anyone to provide you with any information or to make any representations other than those contained in this prospectus or in any free writing prospectus we have prepared and filed with the SEC. We and the underwriters take no responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. This prospectus is an offer to sell only the shares offered hereby, but only under the circumstances and in jurisdictions where it is lawful to do so. The information contained in this prospectus is current only as of its date, regardless of the time of delivery of this prospectus or of any sale of our Class A common stock.

For investors outside of the United States: Neither we nor the underwriters have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. You are required to inform yourselves about and to observe any restrictions relating to this offering and the distribution of this prospectus outside of the United States.

Table of Contents

PROSPECTUS SUMMARY

This summary highlights selected information that is presented in greater detail elsewhere in this prospectus. This summary does not contain all of the information you should consider before investing in our Class A common stock. You should read this entire prospectus carefully, including the sections titled "Risk Factors," "Selected Consolidated Financial and Other Data," "Management's Discussion and Analysis of Financial Condition and Results of Operations," and "Business" and our consolidated financial statements and the related notes included elsewhere in this prospectus, before making an investment decision. Unless the context otherwise requires, the terms "CrowdStrike" "the company," "we," "us," and "our" in this prospectus refer to CrowdStrike Holdings, Inc. and its consolidated subsidiaries. Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. Our fiscal years ended January 31, 2017, January 31, 2018, and January 31, 2019 are referred to herein as fiscal 2017, fiscal 2018, and fiscal 2019, respectively.

CROWDSTRIKE HOLDINGS, INC.

Our Mission

We don't have a mission statement—we are on a mission to protect our customers from breaches.

Overview

We founded CrowdStrike in 2011 to reinvent security for the cloud era. When we started the company, cyberattackers had a decided, asymmetric advantage over existing security products. We turned the tables on the adversaries by taking a fundamentally new approach that leverages the network effects of crowdsourced data applied to modern technologies such as artificial intelligence, or AI, cloud computing, and graph databases. Realizing that the nature of cybersecurity problems had changed but the solutions had not, we built our CrowdStrike Falcon platform to detect threats and stop breaches.

We believe we are defining a new category called the Security Cloud, with the power to transform the security industry much the same way the cloud has transformed the CRM, HR, and service management industries. With our Falcon platform, we created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and Internet of Things, or IoT, devices. Our Falcon platform is composed of two tightly integrated proprietary technologies: our easily deployed intelligent lightweight agent and our cloud-based, dynamic graph database called Threat Graph. Our solution benefits from crowdsourcing and economies of scale, which we believe enables our AI algorithms to be uniquely effective. Today, we offer 10 cloud modules on our Falcon platform via a SaaS subscription-based model that spans multiple large security markets, including endpoint security, security and IT operations (including vulnerability management), and threat intelligence.

Organizations everywhere are becoming more distributed as they adopt the cloud, increase workforce mobility, and grow their number of connected devices. They are adding more workloads to a myriad of different endpoints beyond the traditional security perimeter, exposing an increasingly broad attack surface to adversaries. In addition, the sophistication of cyberattacks has increased, often coming from nation-states, well-funded criminal organizations, and hackers using advanced, easily obtained methods of attack. On a number of occasions, adversaries have launched devastating, destructive attacks that have caused significant business disruption and billions of dollars in cumulative losses. The architectural limitations of legacy security products, coupled with a

Table of Contents

dynamic and intensifying threat landscape, are creating the need for a fundamentally new approach to security.

Our unique approach starts with our single intelligent lightweight agent that enables frictionless deployment of our platform at scale. Our customers can rapidly adopt our technology across any type of workload running on a variety of endpoints. Our lightweight agent offloads computationally intensive tasks to the cloud, while retaining local detection and prevention capabilities that are necessary on the endpoint. The agent is nonintrusive to the end user and continues to protect the endpoint and track activity even when offline. By utilizing a single agent, customers are able to leverage all the capabilities of our platform without burdening the endpoint with multiple agents. Our lightweight agent intelligently streams high fidelity endpoint data to the cloud, where Threat Graph provides a simple, flexible, and scalable way to model highly interconnected data sets. Threat Graph processes, correlates, and analyzes over one trillion endpoint-related events per week in real time and maintains an index of these events for future use. Threat Graph continuously looks for malicious activity by applying graph analytics and AI algorithms to the data streamed from the endpoints.

We founded our company on the principle that the future of security would be driven by AI and that a cloud-native architecture would enable the collection of high fidelity data and scalability necessary for an effective solution. We call this cloud-scale AI. From the beginning, our strategy was focused on collecting data at scale, centrally storing such data in a singular model, and training our algorithms on these vast amounts of high fidelity data, which we believe is a fundamental differentiator from our competitors. Our cloud-scale AI means that the more data that is fed into our Falcon platform, the more intelligent Threat Graph becomes and the more our customers benefit, creating a powerful network effect that increases the overall value we provide. AI is revolutionizing many technology fields, including security solutions. To be truly effective, algorithms that enable artificial intelligence depend on the quality and volume of data that trains them and the selection of the right differentiating features from that data. We are uniquely effective because we have more high fidelity data to train our AI models and more security expertise to guide our feature selection—all resulting in industry-leading efficacy and low false positives. By leveraging a multi-tenant, cloud native solution, the data we analyze to stop breaches is both larger and more meaningful than the data from on-premise or single instance private cloud products. If Threat Graph discovers something in one customer environment, all customers benefit automatically and in real time. Taken together, our platform enables intelligent, dynamic automation at scale to detect threats and stop breaches.

We primarily sell our platform and cloud modules through our direct sales team that leverages our network of channel partners to maximize effectiveness and scale. We amplify our sales presence by leveraging our technology alliance partners that can deliver, embed, or build applications with data and analytics from our Falcon platform. We recently announced a strategic technology and go-to-market partnership with Dell Inc. that will enable Dell's business customers to seamlessly add the Falcon platform to their purchase of Dell hardware. In addition, Dell and SecureWorks Corp. have agreed to take our Falcon platform to market as their preferred endpoint security offering through their global sales organizations. We are also enhancing our go-to-market strategy using a low-touch, trial-to-pay approach. In May 2018, we launched a free trial of Falcon Prevent, our next-generation antivirus module, available from our website or the AWS Marketplace. We are beginning to see a number of these trial users convert to paying customers. We believe this approach will enable a higher velocity of new customer acquisition and expansion, and will extend our reach to customers of all sizes.

Table of Contents

cloud-delivered modules includes next-generation antivirus, endpoint detection and response, or EDR, device control, managed threat hunting, IT hygiene, vulnerability management, and threat intelligence. Once customers experience the benefits of our Falcon platform, they often expand their adoption over time by adding more endpoints or purchasing additional modules. Our dollar-based net retention rate, which measures expansion in existing customers' subscriptions over a 12 month period, was 147% as of January 31, 2019, demonstrating the power of our land-and-expand strategy.

Some of the world's largest enterprises, government organizations, and high profile brands trust us to protect their business. As of January 31, 2019, we had 2,516 subscription customers worldwide, including 44 of the Fortune 100, 37 of the top 100 global companies, and nine of the top 20 major banks. We began as a large enterprise solution, but the flexibility and scalability of our Falcon platform and enhanced go-to-market approach enable us to protect customers of any size—from hundreds of thousands of endpoints to as few as three. We have been recognized as a security market leader by numerous independent third-party analysts, including Gartner, Inc., Forrester Research Inc., and International Data Corporation, or IDC.

We have recently experienced significant growth, with total revenue increasing from $52.7 million for fiscal 2017 to $118.8 million for fiscal 2018, representing year-over-year growth of 125%, and from $118.8 million for fiscal 2018 to $249.8 million for fiscal 2019, representing year-over-year growth of 110%. Subscription revenue grew from $37.9 million for fiscal 2017 to $92.6 million for fiscal 2018, a 144% increase, and from $92.6 million for fiscal 2018 to $219.4 million for fiscal 2019, a 137% increase. Our annual recurring revenue, or ARR, has grown from $58.8 million as of January 31, 2017 to $141.3 million as of January 31, 2018, a 140% increase, and from $141.3 million as of January 31, 2018 to $312.7 million as of January 31, 2019, a 121% increase. Our net loss increased from $91.3 million for fiscal 2017 to $135.5 million for fiscal 2018, and from $135.5 million for fiscal 2018 to $140.1 million for fiscal 2019. We expect to continue to incur net losses for the foreseeable future as we continue to invest in our business, and our sales capabilities in particular, to address our large market opportunity.

Industry Background

Cybersecurity Threats are Greater than Ever

Today's cybersecurity threat landscape is more dangerous than ever. Breaches are complex and often executed over multiple steps known in the industry as the threat lifecycle. The typical threat lifecycle starts with an initial exploit to enter a system, historically using malware, but increasingly using malware-free or fileless methods, to penetrate endpoints and establish a beachhead inside the corporate perimeter. Once inside, adversaries move laterally across the corporate environment where they collect credentials and escalate privileges enabling the typical adversary to download a larger, more destructive malware program or connect with an external control source. At this stage in the threat lifecycle, the adversary is able to encrypt, destroy, or silently exfiltrate sensitive data.

Increasingly, adversaries are well-trained, possess significant technological and human resources, and are highly deliberate and targeted in their attacks. Adversaries today range from militaries and intelligence services of well-funded nation-states to sophisticated criminal organizations who are motivated by financial gains to hackers leveraging readily available advanced techniques. These groups and individuals are responsible for many breaches that involve theft or holding hostage financial data, intellectual property, and trade secrets. On a number of occasions, adversaries have launched devastating, destructive attacks that have caused significant business disruption and billions of dollars in cumulative losses.

Table of Contents

Proliferation of Workloads Expanding the Attack Surface

The rise of cloud computing, workforce mobility, and growth in connected devices has created a rapid expansion of workloads across endpoints and industries. According to a 2018 Cisco white paper, the number of connected devices is expected to reach 28.5 billion by 2022, up from 18 billion in 2017. As a result, devices, applications, and data are highly distributed and diverse, challenging organizations to monitor and protect all of their workloads running on various endpoints. The adoption of many of these technologies and the resulting disappearance of the corporate perimeter have expanded the attack surface and left many organizations increasingly vulnerable to breach. Today, workloads running on endpoints, such as laptops and servers, are the primary targets in a security attack since they are vulnerable and frequently are repositories of valuable and sensitive data, including intellectual property, authentication credentials, personally identifiable information, financial information, and other digital assets. As new workloads are provisioned on emerging mobile and IoT devices, oftentimes residing outside of the corporate perimeter, increasingly more sensitive and mission critical data will be generated and stored on these endpoints as well.

On-Premise Security Architectures are Constrained

On-premise products are siloed, lack integration, and have limited ability to collect, process, and analyze vast amounts of data—attributes that are required to be effective in today's increasingly dynamic threat landscape. Legacy vendors often deploy more agents to the endpoint as they layer on a patchwork of additional point product capabilities. This approach burdens endpoints by consuming additional storage space, memory, and processor capacity, degrading end user experience without providing effective security. In addition, integrating and maintaining numerous products, data repositories, and infrastructures across highly distributed enterprise environments is a costly and resource-intensive process for already thinly-staffed security teams.

Other Existing Security Products have Limitations

Legacy Signature-based Products. Signature-based products are designed to detect attacks that are already catalogued in a repository of previously identified threats, but are not capable of preventing unknown threats or stopping associated breaches. Many significant breaches seen in the last two decades have involved a failure of the legacy signature-based antivirus product to detect a previously unknown or modified version of a previously known attack.

Malware-focused Machine Learning Products. Traditionally, organizations have focused on protecting their networks and endpoints against malware-based attacks. These attacks involve malware built for the specific purpose of performing malicious activities, stealing data, or destroying systems. A malware-centric defensive approach will leave the organization vulnerable to attacks that do not leverage malware. According to data from our customer base indexed by Threat Graph, 40% of detections in the second quarter of fiscal 2018 were not malware-based, but instead leveraged legitimate tools built into modern operating systems, enabling attackers to accomplish their objectives without writing files to the endpoint, making them more difficult for a traditional antivirus product to detect.

Application Whitelisting Products. Application whitelisting products resort to an "always allow" or "always block" policy on an endpoint in order to allow or prevent processes from executing. Whitelisting relies in part on manually creating and maintaining a complex list of rules, burdening end users and IT organizations. In order to avoid these management challenges, IT organizations often create special exceptions to the whitelist that attackers leverage to compromise endpoints. Furthermore, fileless attacks can exploit legitimate whitelisted applications, compromising the integrity of the whitelisting product.

Table of Contents

Network-centric Security Products. Traditional network security vendors have focused their products on perimeter-based protection. However, these approaches have decreased in relevance and effectiveness as employees and workplace devices have expanded beyond the firewall and the use of encrypted traffic has increased, creating blind spots and vulnerabilities that attackers are able to exploit. As the number of endpoints proliferates, this layer of defense cannot adequately protect information-rich endpoints and workloads that are outside the corporate perimeter.

Bolt-on Cloud Products. Many on-premise vendors have introduced cloud offerings by putting their on-premise products in the cloud. Such single-tenant products were not designed to run in the cloud and therefore continue to be siloed, lack integration, and possess limited scalability to identify threats across their customer base in real time. In addition, such products are complex to deploy, difficult to scale, brittle to maintain, costly to own, and can be ineffective in stopping breaches. Any product that was originally designed for on-premise deployments and migrated to the cloud cannot, by definition, be a cloud native solution.

Creation of the Security Cloud

Over the last 15 years, cloud computing has revolutionized many industries in enterprise software and created significant shifts in market share away from incumbents with on-premise or single instance cloud offerings. The purpose-built, cloud native leaders that began from scratch with multi-tenant architectures, single data models, and SaaS business models have defined entirely new categories such as CRM Cloud, HR Cloud, and Service Management Cloud. We believe we are doing the same for security.

An effective solution to address the modern cybersecurity threat landscape should combine multiple methods into an integrated, data-driven, automated, and open cloud-based platform in order to provide comprehensive breach protection across the entire threat lifecycle. Such a platform requires collecting, processing, analyzing, and correlating vast amounts of high fidelity endpoint events in the cloud. This platform needs to operate at web-scale, process events in real time, possess an open architecture, and benefit from the network effects of crowdsourced data to understand attacks that happen across millions of endpoints. We believe only a cloud native approach can address today's threat landscape.

We believe we are defining a new category called the Security Cloud.

Our Solution

With our Falcon platform, we created the first multi-tenant, cloud native, open, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and IoT devices. Our solution consists of our single intelligent lightweight agent and our powerful and dynamic cloud-based database Threat Graph. These two tightly integrated proprietary technologies continually collect, process, analyze and correlate vast amounts of high fidelity data across the entire threat lifecycle using a combination of AI and behavioral pattern-matching techniques to stop breaches. We implement this approach by crowdsourcing data across our entire customer base and taking advantage of economies of scale, which we believe enables our AI algorithms to be uniquely effective. Our cloud-based AI is also automatically shared with every customer in our community in real time. We combine multiple methods of detection, prevention, and response to known and unknown threats as well as malware and malware-free techniques across the threat lifecycle.

Our Falcon platform integrates 10 cloud modules via a SaaS subscription-based model that spans multiple large security markets, including endpoint security, security and IT operations (including vulnerability management), and threat intelligence to deliver comprehensive breach

Table of Contents

protection even against today's most sophisticated attacks. Our single data model and open cloud architecture enable us and third-party partners to rapidly innovate, build, and deploy new cloud modules to provide our customers with additional functionality across a myriad of use cases.

Our cloud modules currently span the following categories:

•: Endpoint Security: Our next-generation antivirus, EDR, and device control modules combine machine learning and advanced behavioral techniques to defend against malware and malware-free attacks, allow for continuous and comprehensive visibility and analysis of endpoint activity, and provide administrators with visibility and granular control across USB peripheral devices.
•: Security and IT Operations: We offer modules addressing IT hygiene, scan-less vulnerability management, a turnkey response and remediation solution, as well as a threat hunting solution that is powered by a team of elite security experts leveraging Threat Graph.
•: Threat Intelligence: Our threat research, malware search engine, and malware analysis modules provide automated assistance to review detected threats, conduct malware research, and detonate suspicious files securely.

We recently launched the CrowdStrike Store, which is the first open cloud-based application Platform as a Service, or PaaS, for cybersecurity. The CrowdStrike Store introduces a unified Security Cloud ecosystem of trusted partners and applications to our customers. The CrowdStrike Store allows customers to rapidly and easily discover, try, and purchase applications from both trusted partners and CrowdStrike without needing to deploy and manage additional agents and infrastructures or go through lengthy sales, integration, or implementation processes. The CrowdStrike Store allows partners to bring new security applications to the market and efficiently target our customer base. Leveraging our Falcon platform, partners can develop applications that address our customers' needs without having to develop and support their own agents, invest in underlying infrastructure, or hire additional sales personnel. We believe the CrowdStrike Store will cultivate a rich, innovative, and trusted ecosystem between our partners and customers, increasing the overall value of our Falcon platform.

Earlier this year, we announced CrowdStrike Falcon for Mobile, the first enterprise EDR solution for mobile devices, which we expect will be commercially available later this year. Falcon for Mobile enables security teams to hunt for advanced threats on mobile devices while providing enhanced visibility into malicious, unwanted, or accidental access to sensitive corporate data, while protecting user privacy and without impacting device performance. Falcon for Mobile closes the gap between disparate mobile endpoint and enterprise defense solutions by leveraging our cloud-native platform and single-agent architecture.

Key Benefits of Our Solution

•: The Power of the Crowd. Our crowdsourced data enables all of our customers to benefit from contributing to Threat Graph. As more high fidelity data is fed into our Falcon platform, there is more data to train our AI models with, increasing the overall efficacy of our Falcon platform. This benefits our customers and supports our efforts to gain more customers, creating a powerful network effect.
•: High Efficacy with Low False Positives. Our Falcon platform collects, processes, correlates, and analyzes high fidelity data on both real-world attacks and benign behavioral patterns to continually train and enhance our algorithms, resulting in industry-leading threat detection and low false positive rates.

Table of Contents

•: Consolidation of Siloed Products. Our platform enables our customers to reduce or streamline their siloed and layered security products, simplifying operations while providing a comprehensive solution.
•: Consolidation of Agents. All of our cloud modules are powered by a single intelligent agent, allowing customers to consolidate and remove numerous agents from their infrastructure and restore endpoint performance.
•: Rapid Time to Value. We streamline the deployment process by providing cloud-delivered security with protection policies that work from day one, eliminating lengthy implementation periods and professional services engagements.
•: Constant Protection Anywhere. Our cloud-based model allows us to secure any type of workload across a variety of customer endpoints such as laptops, desktops, servers, virtual machines, and IoT devices. In addition, once our agent is deployed on an endpoint it continues to protect the endpoint and track activity even when offline.
•: Elite Security Team as a Force Multiplier. OverWatch, our threat hunting cloud module, combines world class human intelligence from our elite security experts with the power of Threat Graph.
•: Bridging the Security Skills Gap through Automation. Our solution automates certain previously manual tasks, freeing up personnel to focus on their most important objectives. Our Falcon Complete module provides a turnkey solution that combines endpoint security with remediation and response capabilities.
•: Lowering Total Cost of Ownership. Our cloud-based platform eliminates our customers' need for initial or ongoing purchases of hardware and does not require their personnel to configure, implement, or integrate disparate point products.

Our Opportunity

Our customers utilize our Falcon platform and cloud modules across a wide variety of use cases. Our total addressable market initially began as a replacement opportunity in the corporate endpoint security market, but has significantly expanded due to rapid innovation and adoption of our cloud modules across additional security and non-security markets. In addition, our increasing market opportunity is driven by the proliferation of enterprise mobility, adoption of cloud computing, the benefits of big data, and an increasingly dynamic and intensifying threat landscape.

Our approach to protecting workloads running on the endpoint is unique and innovative. Because of our architecture, our Falcon platform is the first solution to natively address multiple security markets, including markets not typically associated with endpoint security. Today, the five markets we address are comprised of:

Corporate Endpoint Security. In 2013, we launched what is now Falcon OverWatch and our Falcon Insight cloud module, and in 2017 we launched Falcon Prevent, to disrupt the EDR and next-generation antivirus markets, respectively. IDC estimates that the global market for these segments will be $7.6 billion in 2019, and is expected to reach $8.7 billion in 2021.

Threat Intelligence. In 2012, we released what is now our Falcon X cloud module to address the threat intelligence market. IDC estimates that the global market for this segment will be $1.6 billion in 2019, and is expected to reach $2.0 billion in 2021.

Security and Vulnerability Management. In 2017, we released our Falcon Spotlight cloud module to address the vulnerability management market. IDC estimates that the global market for this segment will be $8.4 billion in 2019, and is expected to reach $10.4 billion in 2021.

Table of Contents

IT Service Management Software. In 2017, we released our Falcon Discover cloud module to address our first non-security market of IT Asset Management. IDC estimates that the global market for this segment will be $2.6 billion in 2019, and is expected to reach $3.1 billion in 2021.

Managed Security Services. In 2018, we released our Falcon Complete cloud module to address the managed security services market. IDC estimates the global market for this segment will be $24.8 billion in 2019, and is expected to reach $29.6 billion in 2021. We estimate that our directly addressable opportunity in this segment is approximately $4.4 billion in 2019 and will reach $5.1 billion in 2021. In assessing the size of our addressable opportunity in this segment, we compared estimates from third party reports of the size of the corporate endpoint security market in which we operate to the size of the total IT security products market in the relevant year to infer the portion of the managed security services market in such year that would be addressable by our offerings.

Combining these segments, our global opportunity is estimated to be $24.6 billion in 2019, and is expected to reach $29.2 billion in 2021.

We believe our Falcon platform provides broad applicability and functionality across the security and IT operations markets. We plan on continuing to leverage our endpoint data sets to rapidly innovate and create new cloud modules that we believe will significantly expand our market opportunity over time. In addition, we believe more workloads will be run on endpoints such as IoT devices, generating and storing increasing amounts of sensitive, mission critical data. We believe our Falcon platform will be best suited to address such workloads that often reside outside of the corporate perimeter and require a cloud native solution for pervasive protection.

Growth Strategy

•: Grow Our Customer Base by Replacing Legacy and Other Endpoint Security Products. We grew our subscription customer base by 1,274 customers from 1,242 at January 31, 2018 to 2,516 at January 31, 2019, representing a 103% increase. We will continue to invest in customer acquisition programs, including our channel partnerships, and new programs like our recently launched free trial program of Falcon Prevent that is easily downloaded from our website and AWS Marketplace.
•: Further Penetrate Existing Customers. When customers deploy our lightweight agent, they can easily add additional cloud modules. While some new customers initially deploy our Falcon platform broadly across the organization, others elect to deploy only in selected business units and later deploy on additional endpoints and subscribe to additional modules. The power of our land-and-expand strategy is evidenced by our 147% dollar-based net retention rate as of January 31, 2019.
•: Leverage our Falcon Platform to Enter New Markets. Since 2016, we have launched seven new cloud modules on our platform. Because our lightweight agent collects diverse endpoint data once for repeated use, we can expand our addressable market by rapidly adding new cloud modules that leverage this data. We intend to continue to develop new cloud modules for broader endpoint use cases such as IT configuration management, performance monitoring, and IT operations that leverage this data as well as new classes of endpoints such as those created by IoT.
•: Broaden Reach into New Customer Segments. While we initially targeted large sophisticated enterprises, we have expanded our go-to-market efforts to include customers of all sizes with a dedicated inside sales team focused on smaller organizations. We continue to look for new ways to broaden our reach into new customer segments.

Table of Contents

•: Broaden Reach into the U.S. Federal Government Vertical. We are investing in the acquisition of customers in the U.S. federal government vertical. Our platform recently received Federal Risk and Authorization Management Program, or FedRAMP, compliance certification and has been added to the Department of Homeland Security's Continuous Diagnostics and Mitigation Approved Products List to provide federal agencies with innovative security tools. In addition, our platform is deployed in the AWS GovCloud.
•: Expand Our International Footprint. We intend to grow our international customer base by increasing our investments in our overseas operations, including adding headcount in Europe, the Middle East, Asia-Pacific, and Japan, and establishing overseas data centers.
•: Extend our Falcon Platform and Ecosystem. We designed our architecture to be open, interoperable, and highly extensible. We intend to invest in our ecosystem and partner relationships to extend the functionality of our platform and support new use cases that take advantage of the high fidelity data in our Threat Graph. As one such example, we recently launched the CrowdStrike Store, the first open cloud-based application PaaS for cybersecurity and the industry's first unified security cloud ecosystem of trusted third-party applications.

Risks Associated with Our Business

Our business is subject to numerous risks and uncertainties, including those highlighted in the section titled "Risk Factors" immediately following this prospectus summary. These risks include, but are not limited to, the following:

•: We have experienced rapid growth in recent periods, and if we do not manage our future growth, our business and results of operations will be adversely affected.
•: We have a history of losses and may not be able to achieve or sustain profitability in the future.
•: Our limited operating history makes it difficult to evaluate our current business and future prospects, and may increase the risk of your investment.
•: If organizations do not adopt cloud-based SaaS-delivered endpoint security solutions, our ability to grow our business and results of operations may be adversely affected.
•: If we are unable to attract new customers, our future results of operations could be harmed.
•: If our customers do not renew their subscriptions for our products and add additional cloud modules to their subscriptions, our future results of operations could be harmed.
•: We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.
•: If our solutions fail or are perceived to fail to detect or prevent incidents or have or are perceived to have defects, errors, or vulnerabilities, our brand and reputation would be harmed, which would adversely affect our business and results of operations.
•: As a cybersecurity provider, we have been, and expect to continue to be, a target of cyberattacks. If our internal networks, systems, or data are or are perceived to have been breached, our reputation may be damaged and our financial results may be negatively affected.
•: Our business is focused on cloud-based data analytics, and cybersecurity, privacy, and other regulations may affect how we collect and process certain types of data.

Table of Contents

•: We rely on third-party data centers, such as Amazon Web Services, and our own colocation data centers, to host and operate our Falcon platform, and any disruption of or interference with our use of these facilities may negatively affect our ability to maintain the performance and reliability of our Falcon platform, which could cause our business to suffer.
•: If we do not effectively expand and train our direct sales force, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.
•: Our results of operations may fluctuate significantly, which could make our future results difficult to predict and could cause our results of operations to fall below expectations.
•: Claims by others that we infringe their proprietary technology or other intellectual property rights could result in significant costs and substantially harm our business, financial condition, results of operations, and prospects.
•: The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock (or options or other securities convertible into or exercisable for our capital stock) prior to the completion of this offering, including our executive officers, employees, directors, current principal stockholders, and their affiliates, which will limit your ability to influence the outcome of matters submitted to our stockholders for approval. Upon the completion of this offering, our executive officers, directors, each of our stockholders that currently owns more than five percent of our outstanding capital stock, and their respective affiliates will hold, in aggregate, % of the voting power of our outstanding capital stock. Furthermore, three of our current stockholders and their affiliates will hold, in aggregate, % of the voting power of our outstanding capital stock.

Channels for Disclosure of Information

Following the completion of this offering, we intend to announce material information to the public through filings with the SEC, the investor relations page on our website (www.crowdstrike.com), press releases, public conference calls, and public webcasts.

Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website.

Corporate Information

CrowdStrike, Inc. was incorporated in the state of Delaware in August 2011. We then incorporated CrowdStrike Holdings, Inc. in the state of Delaware in November 2011, which acquired all shares of CrowdStrike, Inc. held by Warburg Pincus Private Equity X, L.P. and Warburg Pincus X Partners, L.P., or Warburg Pincus, such that CrowdStrike, Inc. became our wholly-owned subsidiary. Our principal executive offices are located at 150 Mathilda Place, Suite 300, Sunnyvale, California 94086, and our telephone number is (888) 512-8906. Our website address is www.crowdstrike.com. Information contained on, or that can be accessed through, our website does not constitute part of this prospectus and inclusions of our website address in this prospectus are inactive textual references only.

The CrowdStrike design logo, "CrowdStrike," "CrowdStrike Falcon," "CrowdStrike Threat Graph," and our other registered or common law trademarks, service marks, or trade names appearing in this prospectus are the property of CrowdStrike Holdings, Inc. Other trademarks and trade names referred to in this prospectus are the property of their respective owners.

Table of Contents

Implications of Being an Emerging Growth Company

We are an "emerging growth company" as defined in the Jumpstart Our Business Startups Act of 2012, or the JOBS Act. An emerging growth company may take advantage of specified reduced reporting requirements that are otherwise applicable generally to public companies. These reduced reporting requirements include:

•: the requirement to present only two years of audited financial statements and only two years of related management's discussion and analysis in this prospectus;
•: an exemption from compliance with the auditor attestation requirement on the effectiveness of our internal control over financial reporting;
•: an exemption from compliance with any requirement that the Public Company Accounting Oversight Board may adopt regarding mandatory audit firm rotation or a supplement to the auditor's report providing additional information about the audit and the financial statements;
•: reduced disclosure about our executive compensation arrangements; and
•: an exemption from the requirements to obtain a non-binding advisory vote on executive compensation or stockholder approval of any golden parachute arrangements.

We may take advantage of these exemptions until such time that we are no longer an emerging growth company. Accordingly, the information contained herein may be different than the information you receive from other public companies in which you hold stock. We will remain an emerging growth company until the earliest to occur of: (i) the first fiscal year following the fifth anniversary of our initial public offering; (ii) the first fiscal year after our annual gross revenue is $1.07 billion or more; (iii) the date on which we have, during the previous three-year period, issued more than $1.0 billion in non-convertible debt securities; or (iv) as of the end of any fiscal year in which the market value of our common stock held by non-affiliates exceeded $700.0 million as of the end of the second quarter of that fiscal year.

Further, pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to take advantage of the extended transition period for complying with new or revised accounting standards until those standards would otherwise apply to private companies. As a result, our results of operations and financial statements may not be comparable to the results of operations and financial statements of other companies who have adopted the new or revised accounting standards. It is possible that some investors will find our Class A common stock less attractive as a result, which may result in a less active trading market for our Class A common stock and higher volatility in our stock price. See the section titled "Risk Factors—Risks Related to Our Business—Our reported financial results may be affected by changes in accounting principles generally accepted in the United States, such as the adoption of ASC 606, and difficulties in implementing these changes could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors' confidence in us."

Table of Contents

The Offering


Class A common stock offered by us		shares
Class A common stock to be outstanding after this offering		shares ( shares, if the underwriters exercise their option to purchase additional shares in full)
Class B common stock to be outstanding after this offering		shares
Total Class A and Class B common stock to be outstanding after this offering		shares
Underwriters' option to purchase additional shares of Class A common stock from us		shares ( shares, if the underwriters exercise their option to purchase additional shares in full)
Use of proceeds		We estimate that the net proceeds from the sale of shares of our Class A common stock in this offering will be approximately $ million (or approximately $ million if the underwriters' option to purchase additional shares of our Class A common stock from us is exercised in full), based upon the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.
		We intend to use the net proceeds we receive from this offering for general corporate purposes, including working capital, sales and marketing activities, research and development, general and administrative matters, and capital expenditures. We may also use a portion of the net proceeds for the acquisition of, or investment in, technologies, solutions, products, or businesses that complement our business, although we have no present commitments or agreements to enter into any such acquisitions or investments. See the section titled "Use of Proceeds" for additional information.
Voting rights		Shares of our Class A common stock will be entitled to one vote per share.
		Shares of our Class B common stock will be entitled to ten votes per share.

Table of Contents


		The holders of our Class A common stock and Class B common stock will generally vote together as a single class on all matters submitted to a vote of our stockholders unless otherwise required by Delaware law or our amended and restated certificate of incorporation. See "Description of Capital Stock."
Concentration of ownership		The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock (or options or other securities convertible into or exercisable for our capital stock) prior to the completion of this offering, including our executive officers, employees, directors, current principal stockholders, and their affiliates, which will limit your ability to influence the outcome of matters submitted to our stockholders for approval, including the election of our directors and the approval of any change in control transaction. Upon the completion of this offering, our executive officers, directors, each of our stockholders that currently owns more than five percent of our outstanding capital stock, and their respective affiliates will hold, in aggregate, % of the voting power of our outstanding capital stock. Furthermore, three of our current stockholders and their affiliates will hold, in aggregate, % of the voting power of our outstanding capital stock. For more information, see "Principal Stockholders."
		All shares of Class B common stock will automatically convert into shares of our Class A common stock on the earliest of (i) the date specified by the holders of two-thirds of the then outstanding shares of our Class B common stock, (ii) the date on which the number of outstanding shares of our Class B common stock represents less than 5% of the number of outstanding shares of our Class A common stock and our Class B common stock, taken together as a single class, which calculation excludes certain Acquisition Securities, as defined in our amended and restated certificate of incorporation to be in effect after the completion of this offering and (iii) the date that is nine months after the death or permanent and total disability of our founder, George Kurtz, provided that such date may be extended by a majority of the independent members of our board of directors to a date that is not longer than 18 months from the date of such death or disability. For more information, see "Description of Capital Stock."
Proposed Nasdaq Global Select Market trading symbol		"CRWD"

The number of shares of our common stock that will be outstanding after this offering is based on 178,688,971 shares of our Class B common stock (including shares of our redeemable

Table of Contents

convertible preferred stock on an as-converted basis) outstanding as of January 31, 2019, and excludes:

•

26,535,487 shares of our Class B common stock issuable upon the exercise of options to purchase shares of our common stock outstanding as of January 31, 2019, with a weighted-average exercise price of $3.87 per share;

•

4,059,407 shares of our Class B common stock issuable upon the satisfaction of a performance-based vesting condition pursuant to restricted stock units, or RSUs, outstanding as of January 31, 2019;

•

336,386 shares of our Class B common stock, on an as-converted basis, issuable upon the exercise of warrants to purchase 336,386 shares of our redeemable convertible preferred stock that were outstanding as of January 31, 2019, with a weighted-average exercise price of $2.94 per share; and

•

shares of our Class A common stock reserved for future issuance under our equity compensation plans, including:

•: shares of our Class A common stock to be reserved for future issuance under our 2019 Equity Incentive Plan, or our 2019 Plan, which will become effective prior to the completion of this offering;
•: 1,540,071 shares of our Class B common stock reserved for future issuance under our Amended and Restated 2011 Stock Incentive Plan, or our 2011 Plan, as of January 31, 2019. Shares reserved for issuance under our 2011 plan will be added to the shares of our Class A common stock to be reserved for future issuance under our 2019 Plan upon its effectiveness; and
•: shares of our Class A common stock to be reserved for future issuance under our 2019 Employee Stock Purchase Plan, or our ESPP, which will become effective prior to the completion of this offering.

Our 2019 Plan and ESPP each provide for annual automatic increases in the number of shares of our Class A common stock reserved thereunder, and our 2019 Plan also provides for increases to the number of shares of our Class A common stock that may be granted thereunder based on shares under our 2011 Plan that expire, are forfeited, or otherwise repurchased by us, as more fully described in the section titled "Executive Compensation—Employee Benefit and Stock Plans."

Except as otherwise indicated, all information in this prospectus assumes:

•: the filing and effectiveness of our amended and restated certificate of incorporation and the adoption of our amended and restated bylaws, each of which will occur immediately prior to the completion of this offering;
•: the automatic conversion of an aggregate of 131,267,586 shares of our redeemable convertible preferred stock outstanding as of January 31, 2019, into an equivalent number of shares of our Class B common stock, which will occur immediately prior to the completion of this offering;
•: the automatic conversion of our redeemable convertible preferred stock warrants to Class B common stock warrants, and the resulting reclassification of our redeemable convertible preferred stock warrant liability to additional paid-in-capital, which will occur immediately prior to the completion of this offering;
•: no exercise of outstanding options or warrants and no settlement of outstanding RSUs subsequent to January 31, 2019; and
•: no exercise by the underwriters of their option to purchase additional shares of our Class A common stock from us.

Table of Contents

Summary Consolidated Financial and Other Data

The following table summarizes our consolidated financial data. The summary consolidated statements of operations data presented below for fiscal 2017, fiscal 2018, and fiscal 2019 and the consolidated balance sheet data presented below as of January 31, 2019 are derived from our audited consolidated financial statements included elsewhere in this prospectus. The following summary consolidated financial data should be read together with our audited consolidated financial statements and the related notes, as well as the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations," included elsewhere in this prospectus. Our historical results are not necessarily indicative of our results in any future period.

	Year Ended January 31,

	2017			2018			2019
	(in thousands, except per share data)
Consolidated Statement of Operations Data:
Revenue
Subscription	$	37,895		$	92,568		$	219,401
Professional services		14,850			26,184			30,423

Total revenue		52,745			118,752			249,824

Cost of revenue(1)
Subscription		24,378			39,857			69,208
Professional services		9,628			14,629			18,030

Total cost of revenue		34,006			54,486			87,238

Gross profit		18,739			64,266			162,586

Operating expenses
Sales and marketing(1)		53,748			104,277			172,682
Research and development(1)		39,145			58,887			84,551
General and administrative(1)		16,402			32,542			42,217

Total operating expenses		109,295			195,706			299,450

Loss from operations		(90,556	)		(131,440	)		(136,864	)
Interest expense		(615	)		(1,648	)		(428	)
Other expense, net		(82	)		(1,473	)		(1,418	)

Loss before provision for income taxes		(91,253	)		(134,561	)		(138,710	)
Provision for income taxes		(87	)		(929	)		(1,367	)

Net loss	$	(91,340	)	$	(135,490	)	$	(140,077	)



Accretion of redeemable convertible preferred stock		(17,012	)		(5,853	)		—

Net loss attributable to common stockholders	$	(108,352	)	$	(141,343	)	$	(140,077	)



Net loss per share attributable to common stockholders, basic and diluted(2)	$	(2.73	)	$	(3.38	)	$	(3.12	)



Weighted-average shares used in computing net loss per share attributable to common stockholders, basic and diluted(2)		39,706			41,876			44,863



Pro forma net loss per share, basic and diluted (unaudited)(2)							$	(0.80	)



Weighted-average shares used in computing pro forma net loss per share, basic and diluted (unaudited)(2)								171,202

Table of Contents

(1): Includes stock-based compensation expense as follows:

	Year Ended January 31,

	2017		2018		2019
	(in thousands)
Cost of revenue	$	91	$	341	$	894
Sales and marketing		638		1,386		5,175
Research and development		561		3,429		7,815
General and administrative		704		7,187		6,621

Total stock-based compensation expense	$	1,994	$	12,343	$	20,505

(2): See Note 2 and Note 15 to our consolidated financial statements elsewhere in this prospectus for an explanation of the method used to calculate our basic and diluted net loss per share attributable to our common stockholders, our basic and diluted pro forma net loss per share, and the weighted-average number of shares used in the computation of the per share amounts.

	As of January 31, 2019

	Actual			Pro Forma(1)			Pro Forma As Adjusted(2)(3)
	(in thousands)
Consolidated Balance Sheet Data:
Cash and cash equivalents	$	88,408		$	88,408
Working capital⁽⁴⁾		49,968			49,968
Total assets		433,219			433,219
Deferred revenue, current and noncurrent		290,067			290,067
Redeemable convertible preferred stock		557,912			—
Accumulated deficit		(519,126	)		(529,488	)
Total stockholders' equity (deficit)		(487,793	)		74,656

(1): The pro forma column in the balance sheet data above reflects (i) the automatic conversion of an aggregate of 131,267,586 shares of our outstanding redeemable convertible preferred stock into an equivalent number of Class B common stock immediately prior to the completion of this offering, (ii) the automatic conversion of the redeemable convertible preferred stock warrants to Class B common stock warrants, and the resulting reclassification of the redeemable convertible preferred stock warrant liability to additional paid-in-capital, (iii) stock-based compensation expense of approximately $10.4 million associated with RSUs subject to service-based and performance-based vesting conditions, which we will recognize upon the completion of this offering, as further described in Note 2 to our consolidated financial statements included elsewhere in this prospectus, and (iv) the filing and effectiveness of our amended and restated certificate of incorporation in Delaware.
(2): The pro forma as adjusted column further reflects the receipt of $ million in net proceeds from our sale of shares of Class A common stock in this offering at an assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.
(3): Each $1.00 increase or decrease in the assumed initial public offering price of $ per share, which is the midpoint of the assumed offering price range set forth on the cover of this prospectus, would increase or decrease, as applicable the amount of our pro forma cash and cash equivalents, working capital, total assets, and total stockholders' equity by $ million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, after deducting estimated underwriting discounts and commissions payable by us. We may also increase or decrease the number of shares we are offering. An increase or decrease of 1.0 million shares in the number of shares offered by us would increase or decrease, as applicable, the amount of our pro forma cash and cash equivalents, working capital, total assets, and total stockholders' equity by $ million, assuming the assumed initial public offering price remains the same, and after deducting estimated underwriting discounts and commissions.
(4): Working capital is defined as current assets less current liabilities.

Key Metrics

We monitor the following key metrics to help us evaluate our business, identify trends affecting our business, formulate business plans, and make strategic decisions. We believe the following metrics are useful in evaluating our business.

Table of Contents

Subscription Customers

We believe that our ability to increase the number of subscription customers on our platform is an indicator of our market penetration, the growth of our business, and our potential future business opportunities. We have a history of growing the number of customers who subscribe to our Falcon platform, which does not include customers solely of our incident response and proactive services. We have consistently increased the number of subscription customers period-over-period, and we expect this trend to continue as we increase the number of subscription customers who are small and medium sized businesses, and as larger enterprises continue to replace or supplement their legacy on-premise security products. The following table sets forth the number of subscription customers as of the dates presented:

	As of January 31,

	2017			2018			2019
Subscription customers		450			1,242			2,516
Year-over-year growth		173	%		176	%		103	%

Annual Recurring Revenue

	As of January 31,

	2017			2018			2019
	(dollars in thousands)
Annual recurring revenue	$	58,758		$	141,314		$	312,656
Year-over-year growth		110	%		140	%		121	%

Dollar-Based Net Retention Rate

We believe that our ability to retain and grow the subscription revenue generated from our existing subscription customers is an indicator of the long-term value of our subscription customer relationships and our potential future business opportunities. We track our performance in this area by measuring our dollar-based net retention rate, which compares our ARR from a set of subscription customers against the same metric for those subscription customers from the prior year. Our dollar-based net retention rate reflects customer renewals, expansion, contraction and churn, and excludes revenue from our incident response and proactive services. Since January 2016, our dollar-based net retention rate has consistently exceeded 100%, which is primarily attributable to an expansion of endpoints within, and cross-selling additional cloud modules to, our existing subscription customers. We calculate our dollar-based net retention rate as of a period end by starting with the ARR from all subscription customers as of 12 months prior to such period end, or Prior Period ARR. We then calculate the ARR from these same subscription customers as of the current period end, or Current Period ARR. Current Period ARR includes any expansion and is net of contraction or churn over the trailing 12 months but excludes revenue from new subscription customers in the current period. We then divide the Current Period ARR by the Prior Period ARR to

Table of Contents

arrive at our dollar-based net retention rate. The following table sets forth the dollar-based net retention rates as of the dates presented:

	As of January 31,

	2017			2018			2019
Dollar-based net retention rate		104	%		119	%		147	%

Non-GAAP Financial Measures

We believe that, in addition to our results determined in accordance with U.S. generally accepted accounting principles, or GAAP, non-GAAP subscription gross profit, non-GAAP subscription gross margin, non-GAAP loss from operations, non-GAAP operating margin, free cash flow, and free cash flow margin are useful in evaluating our business, results of operations and financial condition.

See the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations—Non-GAAP Financial Measures" for explanations of how we calculate these measures and for reconciliation to the most directly comparable financial measure stated in accordance with GAAP.

	Year Ended January 31,

	2017			2018			2019
	(dollars in thousands)
Subscription gross profit	$	13,517		$	52,711		$	150,193
Non-GAAP subscription gross profit	$	13,664		$	53,087		$	151,209
Subscription gross margin		36	%		57	%		68	%
Non-GAAP subscription gross margin		36	%		57	%		69	%
Loss from operations	$	(90,556	)	$	(131,440	)	$	(136,864	)
Non-GAAP loss from operations	$	(88,465	)	$	(118,302	)	$	(115,776	)
Operating margin		(172	)%		(111	)%		(55	)%
Non-GAAP operating margin		(168	)%		(100	)%		(46	)%
Net cash used in operating activities	$	(51,998	)	$	(58,766	)	$	(22,968	)
Net cash used in investing activities	$	(11,854	)	$	(28,330	)	$	(142,030	)
Net cash provided by financing activities	$	17,460		$	126,831		$	190,389
Free cash flow	$	(64,645	)	$	(94,992	)	$	(65,613	)
Net cash used in operating activities as a percentage of revenue		(99	)%		(49	)%		(9	)%
Free cash flow margin		(123	)%		(80	)%		(26	)%

Non-GAAP Subscription Gross Profit and Non-GAAP Subscription Gross Margin

We define non-GAAP subscription gross profit and non-GAAP subscription gross margin as GAAP subscription gross profit and GAAP subscription gross margin, respectively, excluding stock-based compensation expense and amortization of acquired intangible assets. We believe non-GAAP subscription gross profit and non-GAAP subscription gross margin provide our management and investors consistency and comparability with our past financial performance and facilitate period-to-period comparisons of operations, as these eliminate the effects of certain variables from period to period for reasons unrelated to our overall operating performance.

Table of Contents

Non-GAAP Loss from Operations and Non-GAAP Operating Margin

We define non-GAAP loss from operations and non-GAAP operating margin as GAAP loss from operations and GAAP operating margin, respectively, excluding stock-based compensation expense, amortization of acquired intangible assets, and acquisition related expenses. We believe non-GAAP loss from operations and non-GAAP operating margin provide our management and investors consistency and comparability with our past financial performance and facilitate period-to-period comparisons of operations, as these metrics generally eliminate the effects of certain variables from period to period for reasons unrelated to our overall operating performance.

Free Cash Flow and Free Cash Flow Margin

Free cash flow is a non-GAAP financial measure that we define as net cash used in operating activities less purchases of property and equipment, capitalized internal-use software, acquisition of intangible assets, and cash used for business combinations. Free cash flow margin is calculated as free cash flow divided by total revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors, even if negative, as they provide useful information about the amount of cash consumed by our operating activities that is not available to be used for purchases of property and equipment and other strategic initiatives. For example, as free cash flow is negative, we will need to access cash reserves or other sources of capital for these investments. One limitation of free cash flow and free cash flow margin is that they do not reflect our future contractual commitments. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.

Table of Contents

RISK FACTORS

Investing in our Class A common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information contained in this prospectus, including our consolidated financial statements and the related notes thereto, before making a decision to invest in our Class A common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that affect us. If any of the following risks occur, our business, financial condition, results of operations, and prospects could be materially and adversely affected. In that event, the price of our Class A common stock could decline, and you could lose part or all of your investment.

Risks Related to Our Business and Industry

We have experienced rapid growth in recent periods, and if we do not manage our future growth, our business and results of operations will be adversely affected.

We have experienced rapid revenue growth in recent periods and we expect to continue to invest broadly across our organization to support our growth. For example, our headcount grew from 324 employees as of January 31, 2016, to 550 employees as of January 31, 2017, to 910 employees as of January 31, 2018, to 1,455 employees as of January 31, 2019. Although we have experienced rapid growth historically, we may not sustain our current growth rates nor can we assure you that our investments to support our growth will be successful. The growth and expansion of our business will require us to invest significant financial and operational resources and the continuous dedication of our management team. We have encountered and will continue to encounter risks and difficulties frequently experienced by rapidly growing companies in evolving industries, including market acceptance of our Falcon platform, adding new customers, intense competition, and our ability to manage our costs and operating expenses. Our future success will depend in part on our ability to manage our growth effectively, which will require us to, among other things:

•: effectively attract, integrate, and retain a large number of new employees, particularly members of our sales and marketing and research and development teams;
•: further improve our Falcon platform, including our cloud modules, and IT infrastructure, including expanding and optimizing our data centers, to support our business needs;
•: enhance our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners and customers; and
•: improve our financial, management, and compliance systems and controls.

If we fail to achieve these objectives effectively, our ability to manage our expected growth, ensure uninterrupted operation of our Falcon platform and key business systems, and comply with the rules and regulations applicable to our business could be impaired. Additionally, the quality of our platform and services could suffer and we may not be able to adequately address competitive challenges. Any of the foregoing could adversely affect our business, results of operations, and financial condition.

We have a history of losses and may not be able to achieve or sustain profitability in the future.

We have incurred net losses in all periods since our inception, and we may not achieve or maintain profitability in the future. We experienced net losses of $91.3 million, $135.5 million,

Table of Contents

$140.1 million for fiscal 2017, fiscal 2018, and fiscal 2019, respectively. As of January 31, 2019, we had an accumulated deficit of $519.1 million. While we have experienced significant growth in revenue in recent periods, we cannot predict when or whether we will reach or maintain profitability. We also expect our operating expenses to increase in the future as we continue to invest for our future growth, which will negatively affect our results of operations if our total revenue does not increase. We cannot assure you that these investments will result in substantial increases in our total revenue or improvements in our results of operations. In addition to the anticipated costs to grow our business, we also expect to incur significant additional legal, accounting, and other expenses as a newly public company. Any failure to increase our revenue as we invest in our business or to manage our costs could prevent us from achieving or maintaining profitability or positive cash flow.

Our limited operating history makes it difficult to evaluate our current business and future prospects, and may increase the risk of your investment.

We were founded in November 2011 and launched our first endpoint security solution in 2013. Our limited operating history makes it difficult to evaluate our current business, future prospects, and other trends, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks, uncertainties, and difficulties frequently experienced by rapidly growing companies in evolving industries, including our ability to achieve broad market acceptance of cloud-based, SaaS-delivered endpoint security solutions and our Falcon platform, attract additional customers, grow partnerships, compete effectively, build and maintain effective compliance programs, and manage increasing expenses as we continue to invest in our business. If we do not address these risks, uncertainties, and difficulties successfully, our business, and results of operations will be harmed. Further, we have limited historical financial data, and we operate in a rapidly evolving market. As a result, any predictions about our future revenue and expenses may not be as accurate as they would be if we had a longer operating history or operated in a more predictable market.

If organizations do not adopt cloud-based SaaS-delivered endpoint security solutions, our ability to grow our business and results of operations may be adversely affected.

We believe our future success will depend in large part on the growth, if any, in the market for cloud-based SaaS-delivered endpoint security solutions. The use of SaaS solutions to manage and automate security and IT operations is at an early stage and rapidly evolving. As such, it is difficult to predict its potential growth, if any, customer adoption and retention rates, customer demand for our solutions, or the success of existing competitive products. Any expansion in our market depends on a number of factors, including the cost, performance, and perceived value associated with our solutions and those of our competitors. If our solutions do not achieve widespread adoption or there is a reduction in demand for our solutions due to a lack of customer acceptance, technological challenges, competing products, privacy concerns, decreases in corporate spending, weakening economic conditions or otherwise, it could result in early terminations, reduced customer retention rates, or decreased revenue, any of which would adversely affect our business, results of operations, and financial results. We do not know whether the trend in adoption of cloud-based SaaS-delivered endpoint security solutions we have experienced in the past will continue in the future. Furthermore, if we or other SaaS security providers experience security incidents, loss or disclosure of customer data, disruptions in delivery, or other problems, the market for SaaS solutions as a whole, including our security solutions, will be negatively affected. You should consider our business and prospects in light of the risks and difficulties we encounter in this new and evolving market.

Table of Contents

If we are unable to attract new customers, our future results of operations could be harmed.

To expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our Falcon platform. Our sales efforts often involve educating our prospective customers about the uses and benefits of our Falcon platform. Enterprises and governments that use legacy security products, such as signature-based or malware-based products, firewalls, intrusion prevention systems, and antivirus, for their IT security may be hesitant to purchase our Falcon platform if they believe that these products are more cost effective, provide substantially the same functionality as our Falcon platform or provide a level of IT security that is sufficient to meet their needs. We may have difficulty convincing prospective customers of the value of adopting our solution. Even if we are successful in convincing prospective customers that a cloud native platform like ours is critical to protect against cyberattacks, they may not decide to purchase our Falcon platform for a variety of reasons some of which are out of our control. For example, any future deterioration in general economic conditions may cause our customers to cut their overall security and IT operations spending, and such cuts may fall disproportionately on cloud-based security solutions like ours. Economic weakness, customer financial difficulties, and constrained spending on security and IT operations may result in decreased revenue and adversely affect our results of operations and financial conditions. Additionally, if the incidence of cyberattacks were to decline, or enterprises or governments perceive that the general level of cyberattacks has declined, our ability to attract new customers and expand sales of our solutions to existing customers could be adversely affected. If organizations do not continue to adopt our Falcon platform, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations, and financial condition would be harmed.

If our customers do not renew their subscriptions for our products and add additional cloud modules to their subscriptions, our future results of operations could be harmed.

In order for us to maintain or improve our results of operations, it is important that our customers renew their subscriptions for our Falcon platform when existing contract terms expire, and that we expand our commercial relationships with our existing customers by selling additional cloud modules and by deploying to more endpoints in their environments. Our customers have no obligation to renew their subscription for our Falcon platform after the expiration of their contractual subscription period, which is generally one year, and in the normal course of business, some customers have elected not to renew. In addition, our customers may renew for shorter contract subscription lengths or cease using certain cloud modules. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers' satisfaction with our services, our pricing, customer security and networking issues and requirements, our customers' spending levels, decreases in the number of endpoints to which our customers deploy our solutions, mergers and acquisitions involving our customers, industry developments, competition and general economic conditions. If our efforts to maintain and expand our relationships with our existing customers are not successful, our business, results of operations, and financial condition may materially suffer.

We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition, and results of operations.

The market for security and IT operations solutions is intensely competitive, fragmented, and characterized by rapid changes in technology, customer requirements, industry standards, increasingly sophisticated attackers, and by frequent introductions of new or improved products to combat security threats. We expect to continue to face intense competition from current competitors, as well as from new entrants into the market. If we are unable to anticipate or react to

Table of Contents

these challenges, our competitive position could weaken, and we could experience a decline in revenue or reduced revenue growth, and loss of market share that would adversely affect our business, financial condition, and results of operations. Our ability to compete effectively depends upon numerous factors, many of which are beyond our control, including, but not limited to:

•: product capabilities, including performance and reliability, of our Falcon platform, including our cloud modules, services, and features compared to those of our competitors;
•: our ability, and the ability of our competitors, to improve existing products, services, and features, or to develop new ones to address evolving customer needs;
•: our ability to attract, retain, and motivate talented employees;
•: our ability to establish and maintain relationships with channel partners;
•: the strength of our sales and marketing efforts; and
•: acquisitions or consolidation within our industry, which may result in more formidable competitors.

Our competitors include the following by general category:

•: legacy antivirus product providers, such as McAfee, Inc. and Symantec Corporation, who offer a broad range of approaches and solutions with traditional antivirus and signature-based protection;
•: alternative endpoint security providers, such as Cylance, Inc. and Carbon Black, Inc., who offer point products based on malware-only or application whitelisting techniques; and
•: network security vendors, such as Palo Alto Networks, Inc. and FireEye, Inc., who are supplementing their core perimeter-based offerings with endpoint security solutions.

Many of these competitors have greater financial, technical, marketing, sales, and other resources, greater name recognition, longer operating histories, and a larger base of customers than we do. They may be able to devote greater resources to the development, promotion, and sale of services than we can, and they may offer lower pricing than we do. Further, they may have greater resources for research and development of new technologies, the provision of customer support, and the pursuit of acquisitions, or they may have other financial, technical, or other resource advantages. Our larger competitors have substantially broader and more diverse product and services offerings as well as routes to market, which may allow them to leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our platform, including our cloud modules. Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering or acquisitions by our competitors or continuing market consolidation. Some of our current or potential competitors have made or could make acquisitions of businesses or establish cooperative relationships that may allow them to offer more directly competitive and comprehensive solutions than were previously offered and adapt more quickly to new technologies and customer needs. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses and loss of market share. Further, many competitors that specialize in providing protection from a single type of security threat may be able to deliver these targeted security products to the market quicker than we can or convince organizations that these limited products meet their needs. Even if there is significant demand for cloud-based security solutions like ours, if our competitors include functionality that is, or is perceived to be, equivalent to or better than ours in legacy products that are already generally accepted as necessary components of an organization's IT security architecture, we may have difficulty increasing the market penetration of

Table of Contents

our platform. Furthermore, even if the functionality offered by other security and IT operations providers is different and more limited than the functionality of our platform, organizations may elect to accept such limited functionality in lieu of adding products from additional vendors like us. If we are unable to compete successfully, or if competing successfully requires us to take aggressive pricing or other actions, our business, financial condition, and results of operations would be adversely affected.

Competitive pricing pressure may reduce our gross profits and adversely affect our financial results.

If we are unable to maintain our pricing due to competitive pressures or other factors, our margins will be reduced and our gross profits, business, results of operations, and financial condition would be adversely affected. The subscription prices for our Falcon platform, cloud modules, and professional services may decline for a variety of reasons, including competitive pricing pressures, discounts, anticipation of the introduction of new solutions by our competitors, or promotional programs offered by us or our competitors. Competition continues to increase in the market segments in which we operate, and we expect competition to further increase in the future. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions.

If our solutions fail or are perceived to fail to detect or prevent incidents or have or are perceived to have defects, errors, or vulnerabilities, our brand and reputation would be harmed, which would adversely affect our business and results of operations.

Real or perceived defects, errors or vulnerabilities in our Falcon platform and cloud modules, the failure of our platform to detect or prevent incidents, including advanced and newly developed attacks, misconfiguration of our solutions, or the failure of customers to take action on attacks identified by our platform could harm our reputation and adversely affect our business, financial position and results of operations. Because our cloud native security platform is complex, it may contain defects or errors that are not detected until after deployment. We cannot assure you that our products will detect all cyberattacks, especially in light of the rapidly changing security threat landscape that our solution seeks to address. Due to a variety of both internal and external factors, including, without limitation, defects or misconfigurations of our solutions, our solutions could become vulnerable to security incidents (both from intentional attacks and accidental causes) that cause them to fail to secure endpoints and detect and block attacks. In addition, because the techniques used by computer hackers to access or sabotage networks and endpoints change frequently and generally are not recognized until launched against a target, there is a risk that an advanced attack could emerge that our cloud native security platform is unable to detect or prevent until after some of our customers are affected. Additionally, our Falcon platform may falsely indicate a cyberattack or threat that does not actually exist, which may lessen customers' trust in our solutions.

Moreover, as our cloud native security platform is adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced cyberattacks will begin to focus on finding ways to defeat our security platform. If this happens, our systems and subscription customers could be specifically targeted by attackers and could result in vulnerabilities in our platform or undermine the market acceptance of our Falcon platform and could adversely affect our reputation as a provider of security solutions. Because we host customer data on our cloud platform, which in some cases may contain personally-identifiable information or potentially confidential information, a security compromise, or an accidental or intentional misconfiguration or malfunction of our platform could result in personally-identifiable information

Table of Contents

and other customer data being accessible to attackers or to other customers. Further, if a high profile security breach occurs with respect to another next-generation or cloud-based security system, our customers and potential customers may lose trust in cloud solutions generally, and cloud-based security solutions such as ours in particular.

Organizations are increasingly subject to a wide variety of attacks on their networks, systems, and endpoints. No security solution, including our Falcon platform, can address all possible security threats or block all methods of penetrating a network or otherwise perpetrating a security incident. If any of our customers experiences a successful cyberattack while using our solutions or services, such customer could be disappointed with our Falcon platform, regardless of whether our solutions or services blocked the theft of any of such customer's data or were implicated in failing to block such attack. Similarly, if our solutions detect attacks against a customer but the customer does not address the vulnerability, customers and the public may erroneously believe that our solutions were not effective. Security breaches against customers that use our solutions may result in customers and the public believing that our solutions failed. Our Falcon platform may fail to detect or prevent malware, viruses, worms or similar threats for any number of reasons, including our failure to enhance and expand our Falcon platform to reflect the increasing sophistication of malware, viruses and other threats. Real or perceived security breaches of our customers' networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, and other customer relations issues, and may adversely affect our revenue and results of operations.

As a cybersecurity provider, we have been, and expect to continue to be, a target of cyberattacks. If our internal networks, systems, or data are or are perceived to have been compromised, our reputation may be damaged and our financial results may be negatively affected.

As a provider of security solutions, our Falcon platform has in the past been, and may in the future be, specifically targeted by bad actors for attacks intended to circumvent our security capabilities or to exploit our Falcon platform as an entry point into customers' endpoints, networks, or systems. In particular, because we have been involved in the identification of organized cybercriminals and nation-state actors, we have been the subject of intense efforts by sophisticated cyber adversaries who seek to compromise our systems. We are also susceptible to inadvertent compromises of our systems and data, including those arising from process, coding, or human errors. A successful attack or other incident that compromises our or our customers' data or results in an interruption of service could have a significant negative effect on our operations, reputation, financial resources, and the value of our intellectual property. We cannot assure you that any of our efforts to manage this risk, including adoption of a comprehensive incident response plan and process for detecting, mitigating, and investigating security incidents that we regularly test through table-top exercises, testing of our security protocols through additional techniques, such as penetration testing, debriefing after security incidents, to improve our security and responses, and regular briefing of our directors and officers on our cybersecurity risks, preparedness, and management, will be effective in protecting us from such attacks.

It is virtually impossible for us to entirely eliminate the risk of such compromises, interruptions in service, or other security incidents affecting our internal systems or data. Organizations are subject to a wide variety of attacks on their networks, systems, and endpoints, and techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently. Furthermore, employee error or malicious activity could compromise our systems. As a result, we may be unable to anticipate these techniques or implement adequate measures to prevent an intrusion into our networks, which could result in unauthorized access to customer data, intellectual property including access to our source code,

Table of Contents

and information about vulnerabilities in our product, which in turn, could reduce the effectiveness of our solutions, or lead to cyberattacks or other intrusions of our customers' networks, litigation, governmental audits and investigations and significant legal fees, could damage our relationships with our existing customers and could have a negative effect on our ability to attract and retain new customers. We have expended, and anticipate continuing to expend, significant amounts and resources in an effort to prevent security breaches and other security incidents impacting our systems and data. Since our business is focused on providing reliable security services to our customers, we believe that an actual or perceived security incident affecting, our internal systems or data or data of our customers would be especially detrimental to our reputation, customer confidence in our solution, and our business.

In addition, while we maintain insurance policies that may cover certain liabilities in connection with a cybersecurity incident, we cannot be certain that our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on commercially reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, results of operation and reputation.

We rely on third-party data centers, such as Amazon Web Services, and our own colocation data centers to host and operate our Falcon platform, and any disruption of or interference with our use of these facilities may negatively affect our ability to maintain the performance and reliability of our Falcon platform which could cause our business to suffer.

Our customers depend on the continuous availability of our Falcon platform. We currently host our Falcon platform and serve our customers using a mix of third-party data centers, primarily Amazon Web Services, Inc., or AWS, and our data centers, hosted in colocation facilities. Consequently, we may be subject to service disruptions as well as failures to provide adequate support for reasons that are outside of our direct control. We have experienced, and expect that in the future we may experience interruptions, delays and outages in service and availability from time to time due to a variety of factors, including infrastructure changes, human or software errors, website hosting disruptions and capacity constraints.

The following factors, many of which are beyond our control, can affect the delivery, availability, and the performance of our Falcon platform:

•: the development and maintenance of the infrastructure of the internet;
•: the performance and availability of third-party providers of cloud infrastructure services, such as AWS, with the necessary speed, data capacity and security for providing reliable internet access and services;
•: decisions by the owners and operators of the data centers where our cloud infrastructure is deployed to terminate our contracts, discontinue services to us, shut down operations or facilities, increase prices, change service levels, limit bandwidth, declare bankruptcy or prioritize the traffic of other parties;
•: physical or electronic break-ins, acts of war or terrorism, human error or interference (including by disgruntled employees, former employees or contractors) and other catastrophic events;
•: cyberattacks, including denial of service attacks, targeted at us, our data centers, or the infrastructure of the internet;

Table of Contents

•: failure by us to maintain and update our cloud infrastructure to meet our data capacity requirements;
•: errors, defects or performance problems in our software, including third-party software incorporated in our software;
•: improper deployment or configuration of our solutions;
•: the failure of our redundancy systems, in the event of a service disruption at one of our data centers, to provide failover to other data centers in our data center network; and
•: the failure of our disaster recovery and business continuity arrangements.

The adverse effects of any service interruptions on our reputation, results of operations, and financial condition may be disproportionately heightened due to the nature of our business and the fact that our customers have a low tolerance for interruptions of any duration. Interruptions or failures in our service delivery could result in a cyberattack or other security threat to one of our customers during such periods of interruption or failure. Additionally, interruptions or failures in our service could cause customers to terminate their subscriptions with us, adversely affect our renewal rates, and harm our ability to attract new customers. Our business would also be harmed if our customers believe that a cloud-based SaaS-delivered endpoint security solution is unreliable. While we do not consider them to have been material, we have experienced, and may in the future experience, service interruptions and other performance problems due to a variety of factors. The occurrence of any of these factors, or if we are unable to rapidly and cost-effectively fix such errors or other problems that may be identified, could damage our reputation, negatively affect our relationship with our customers or otherwise harm our business, results of operations and financial condition.

If we do not effectively expand and train our direct sales force, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.

We depend on our direct sales force to obtain new customers and increase sales with existing customers. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel, particularly in international markets. We have expanded our sales organization significantly in recent periods and expect to continue to add additional sales capabilities in the near term. There is significant competition for sales personnel with the skills and technical knowledge that we require. New hires require significant training and may take significant time before they achieve full productivity, and this delay is accentuated by our long sales cycles. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, a large percentage of our sales force is new to our company and selling our solutions, and therefore this team may be less effective than our more seasoned sales personnel. Furthermore, hiring sales personnel in new countries, or expanding our existing presence, requires upfront and ongoing expenditures that we may not recover if the sales personnel fail to achieve full productivity. We cannot predict whether, or to what extent, our sales will increase as we expand our sales force or how long it will take for sales personnel to become productive. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business and results of operations will be adversely affected.

Table of Contents

Because we recognize revenue from subscriptions to our platform over the term of the subscription, downturns or upturns in new business will not be immediately reflected in our results of operations.

We generally recognize revenue from customers ratably over the terms of their subscription, which is generally one year. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decline in new sales or renewals in any one period will not be immediately reflected in our revenue for that period. Any such change, however, would affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. We may also be unable to timely reduce our cost structure in line with a significant deterioration in sales or renewals that would adversely affect our results of operations and financial condition.

Our results of operations may fluctuate significantly, which could make our future results difficult to predict and could cause our results of operations to fall below expectations.

Our results of operations may vary significantly from period to period, which could adversely affect our business, financial condition and results of operations. Our results of operations have varied significantly from period to period, and we expect that our results of operations will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

•: our ability to attract new and retain existing customers;
•: the budgeting cycles, seasonal buying patterns, and purchasing practices of customers;
•: the timing and length of our sales cycles;
•: changes in customer or channel partner requirements or market needs;
•: changes in the growth rate of the cloud-based SaaS-delivered endpoint security solutions market;
•: the timing and success of new product and service introductions by us or our competitors or any other competitive developments, including consolidation among our customers or competitors;
•: the level of awareness of cybersecurity threats, particularly advanced cyberattacks, and the market adoption of our Falcon platform;
•: our ability to successfully expand our business domestically and internationally;
•: decisions by organizations to purchase security solutions from larger, more established security vendors or from their primary IT equipment vendors;
•: changes in our pricing policies or those of our competitors;
•: any disruption in our relationship with channel partners;
•: insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our solutions;
•: significant security breaches of, technical difficulties with or interruptions to, the use of our Falcon platform;
•: extraordinary expenses such as litigation or other dispute-related settlement payments or outcomes;

Table of Contents

•: general economic conditions, both domestic and in our foreign markets;
•: future accounting pronouncements or changes in our accounting policies or practices;
•: the amount and timing of operating costs and capital expenditures related to the expansion of our business; and
•: increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates.

Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other results of operations from period to period. As a result of this variability, our historical results of operations should not be relied upon as an indication of future performance. Moreover, this variability and unpredictability could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, our stock price could fall substantially, and we could face costly lawsuits, including securities class action suits.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.

Our revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our Falcon platform, particularly with respect to large organizations and government entities. Customers often view the subscription to our Falcon platform as a significant strategic decision and, as a result, frequently require considerable time to evaluate, test and qualify our Falcon platform prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular often undertake a significant evaluation process that further lengthens our sales cycle.

Our direct sales team develops relationships with our customers, and works with our channel partners on account penetration, account coordination, sales and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Security solution purchases are frequently subject to budget constraints, multiple approvals and unanticipated administrative, processing and other delays. As a result, it is difficult to predict whether and when a sale will be completed. The failure of our efforts to secure sales after investing resources in a lengthy sales process could adversely affect our business and results of operations.

We rely on our key technical, sales and management personnel to grow our business, and the loss of one or more key employees could harm our business.

Our future success is substantially dependent on our ability to attract, retain, and motivate the members of our management team and other key employees throughout our organization. In particular, we are highly dependent on the services of George Kurtz, our Chief Executive Officer, who is critical to our future vision and strategic direction. We rely on our leadership team in the areas of operations, security, research and development, marketing, sales, support and general and administrative functions. Although we have entered into employment agreements with our key personnel, our employees, including our executive officers, work for us on an "at-will" basis, which means they may terminate their employment with us at any time. If Mr. Kurtz, or one or more of our key employees, or members of our management team resigns or otherwise ceases to provide us with their service, our business could be harmed.

Table of Contents

If we are unable to attract and retain qualified personnel, our business could be harmed.

There is also significant competition for personnel with the skills and technical knowledge that we require across our technology, cyber, sales, professional services, and administrative support functions. Competition for these personnel in the San Francisco Bay Area, where our headquarters are located, and in other locations where we maintain offices, is intense, especially for experienced sales professionals and for engineers experienced in designing and developing cloud applications and security software. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications. For example, in recent years, recruiting, hiring and retaining employees with expertise in the cybersecurity industry has become increasingly difficult as the demand for cybersecurity professionals has increased as a result of the recent cybersecurity attacks on global corporations and governments. Additionally, our incident response and proactive services team is small and comprised of personnel with highly technical skills and experience, who are in high demand, and who would be difficult to replace. Many of the companies with which we compete for experienced personnel have greater resources than we have. Our competitors also may be successful in recruiting and hiring members of our management team or other key employees, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. We have in the past, and may in the future, be subject to allegations that employees we hire have been improperly solicited, or that they have divulged proprietary or other confidential information or that their former employers own such employees' inventions or other work product, or that they have been hired in violation of non-compete provisions or non-solicitation provisions.

In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. Volatility or lack of performance in our stock price may also affect our ability to attract and retain our key employees. Also, many of our employees have become, or will soon become, vested in a substantial amount of equity awards, which may give them a substantial amount of personal wealth. This may make it more difficult for us to retain and motivate these employees, and this wealth could affect their decision about whether or not they continue to work for us. Any failure to successfully attract, integrate or retain qualified personnel to fulfill our current or future needs could adversely affect our business, results of operations and financial condition.

If we are not able to maintain and enhance our CrowdStrike and Falcon brand and our reputation as a provider of high-efficacy security solutions, our business and results of operations may be adversely affected.

We believe that maintaining and enhancing our CrowdStrike and Falcon brand and our reputation as a provider of high-efficacy security solutions is critical to our relationship with our existing customers, channel partners, and technology alliance partners and our ability to attract new customers and partners. The successful promotion of our CrowdStrike and Falcon brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop additional cloud modules and features for our Falcon platform, our ability to successfully differentiate our Falcon platform from competitive cloud-based or legacy security solutions and, ultimately, our ability to detect and stop breaches. Although we believe it is important for our growth, our brand promotion activities may not be successful or yield increased revenue.

In addition, independent industry or financial analysts and research firms often test our solutions and provide reviews of our Falcon platform, as well as the products of our competitors, and perception of our Falcon platform in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive as compared to those of our competitors' products, our brand may be adversely affected. Our solutions may fail to detect or prevent threats in any particular test for a number of reasons that may or may not be related to the efficacy of our

Table of Contents

solutions in real world environments. To the extent potential customers, industry analysts or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our solutions or services do not provide significant value, we may lose customers, and our reputation, financial condition and business would be harmed. Additionally, the performance of our channel partners and technology alliance partners may affect our brand and reputation if customers do not have a positive experience with these partners. In addition, we have in the past worked, and continue to work, with high profile customers as well as assist in analyzing and remediating high profile cyberattacks. Our work with such customers and cyberattacks may expose us to negative publicity and media coverage. Negative publicity about us, including about the efficacy and reliability of our Falcon platform, our products offerings, our professional services, and the customers we work with, even if inaccurate, could adversely affect our reputation and brand.

If we are unable to maintain successful relationships with our channel partners and technology alliance partners, or if our channel partners or technology alliance partners fail to perform, our ability to market, sell and distribute our Falcon platform will be limited, and our business, financial position and results of operations will be harmed.

In addition to our direct sales force, we rely on our channel partners to sell and support our Falcon platform. A vast majority of sales of our Falcon platform flow through our channel partners, and we expect this to continue for the foreseeable future. Additionally, we have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans. The loss of a substantial number of our channel partners or technology alliance partners, or the failure to recruit additional partners, could adversely affect our results of operations. Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our channel partners and in training our channel partners to independently sell and deploy our Falcon platform. If we fail to effectively manage our existing sales channels, or if our channel partners are unsuccessful in fulfilling the orders for our solutions, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality channel partners in each of the regions in which we sell solutions and keep them motivated to sell our products, our ability to sell our products and results of operations will be harmed.

Our business depends, in part, on sales to government organizations, and significant changes in the contracting or fiscal policies of such government organizations could have an adverse effect on our business and results of operations.

Our future growth depends, in part, on increasing sales to government organizations. Demand from government organizations is often unpredictable, subject to budgetary uncertainty and typically involves long sales cycles. We have made significant investment to address the government sector, but we cannot assure you that these investments will be successful, or that we will be able to maintain or grow our revenue from the government sector. Although we anticipate that they may increase in the future, sales to U.S. federal, state, and local governmental agencies have not accounted for, and may never account for, a significant portion of our revenue. U.S. federal, state and local government sales are subject to a number of challenges and risks that may adversely impact our business. Sales to such government entities include the following risks:

•: selling to governmental agencies can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;
•: government certification requirements applicable to our products may change and, in doing so, restrict our ability to sell into the U.S. federal government sector until we have attained the revised certification. For example, although we are currently certified under the Federal

Table of Contents

Risk and Authorization Management Program, or FedRAMP, such certification is costly to maintain and if we lost our certification in the future it would restrict our ability to sell to government customers;

•: government demand and payment for our Falcon platform may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our Falcon platform;
•: governments routinely investigate and audit government contractors' administrative processes, and any unfavorable audit could result in the government refusing to continue buying our Falcon platform, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit were to uncover improper or illegal activities; and
•: governments may require certain products to be manufactured, hosted, or accessed solely in their country or in other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet these requirements, affecting our ability to sell these products to governmental agencies.

The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions in the future or otherwise have an adverse effect on our business and results of operations.

We may not timely and cost-effectively scale and adapt our existing technology to meet our customers' performance and other requirements.

Our future growth is dependent upon our ability to continue to meet the needs of new customers and the expanding needs of our existing customers as their use of our solutions grow. As our customers gain more experience with our solutions, the number of endpoints and events, the amount of data transferred, processed and stored by us, the number of locations where our platform and services are being accessed, have in the past, and may in the future, expand rapidly. In order to meet the performance and other requirements of our customers, we intend to continue to make significant investments to increase capacity and to develop and implement new technologies in our service and cloud infrastructure operations. These technologies, which include databases, applications and server optimizations, network and hosting strategies, and automation, are often advanced, complex, new and untested. We may not be successful in developing or implementing these technologies. In addition, it takes a significant amount of time to plan, develop and test improvements to our technologies and infrastructure, and we may not be able to accurately forecast demand or predict the results we will realize from such improvements. To the extent that we do not effectively scale our operations to meet the needs of our growing customer base and to maintain performance as our customers expand their use of our solutions, we may not be able to grow as quickly as we anticipate, our customers may reduce or cancel use of our solutions and we may be unable to compete as effectively and our business and results of operations may be harmed.

Additionally, we have and will continue to make substantial investments to support growth at our data centers and improve the profitability of our cloud platform. For example, because of the importance of AWS' services to our business and AWS' position in the cloud-based server industry, any renegotiation or renewal of our agreement with AWS may be on terms that are significantly less favorable to us than our current agreement. If our cloud-based server costs were to increase, our business, results of operations and financial condition may be adversely affected. Although we expect that we could receive similar services from other third parties, if any of our arrangements with AWS are terminated, we could experience interruptions on our Falcon platform and in our ability to make our solutions available to customers, as well as delays and additional expenses in

Table of Contents

arranging alternative cloud infrastructure services. Ongoing improvements to cloud infrastructure may be more expensive than we anticipate, and may not yield the expected savings in operating costs or the expected performance benefits. In addition, we may be required to re-invest any cost savings achieved from prior cloud infrastructure improvements in future infrastructure projects to maintain the levels of service required by our customers. We may not be able to maintain or achieve cost savings from our investments, which could harm our financial results.

Certain of our market opportunity estimates and growth forecasts included in this prospectus could prove to be inaccurate, and any real or perceived inaccuracies may harm our reputation and negatively affect our business.

This prospectus includes our internal estimates of the addressable market for our cloud-based SaaS-delivered endpoint security solution. Market opportunity estimates and growth forecasts, whether obtained from third-party sources or developed internally, are subject to significant uncertainty and are based on assumptions and estimates that may not prove to be accurate. The estimates and forecasts in this prospectus relating to the size and expected growth of our target markets may prove to be inaccurate. In particular, our estimates regarding our current and projected market opportunity are difficult to predict. In addition, our internal estimates of the addressable market for cloud-based SaaS-delivered endpoint security solutions reflect the opportunity available from all participants and potential participants in the market and we cannot predict with precision our ability to address this demand or the extent of market adoption of our solution. The addressable market we estimate may not materialize for many years, if ever, and even if the markets in which we compete meet the size estimates and growth forecasted in this prospectus, our business could fail to grow at similar rates, if at all. Accordingly, the forecasts of market growth included in this prospectus should not be taken as indicative of our future growth.

The success of our business depends in part on our ability to protect and enforce our intellectual property rights.

We believe our intellectual property is an essential asset of our business, and our success and ability to compete depend in part upon protection of our intellectual property rights. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights in the United States and abroad, all of which provide only limited protection. The efforts we have taken to protect our intellectual property may not be sufficient or effective, and our trademarks, copyrights and patents may be held invalid or unenforceable. Moreover, we cannot assure you that any patents will be issued with respect to our currently pending patent applications in a manner that gives us adequate defensive protection or competitive advantages, or that any patents issued to us will not be challenged, invalidated or circumvented. We have filed for patents in the United States and in certain non-U.S. jurisdictions, but such protections may not be available in all countries in which we operate or in which we seek to enforce our intellectual property rights, or may be difficult to enforce in practice. For example, many foreign countries have compulsory licensing laws under which a patent owner must grant licenses to third parties. In addition, many countries limit the enforceability of patents against certain third parties, including government agencies or government contractors. In these countries, patents may provide limited or no benefit. Moreover, we may need to expend additional resources to defend our intellectual property rights in these countries, and our inability to do so could impair our business or adversely affect our international expansion. Our currently issued patents and any patents that may be issued in the future with respect to pending or future patent applications may not provide sufficiently broad protection or they may not prove to be enforceable in actions against alleged infringers.

Table of Contents

We may not be effective in policing unauthorized use of our intellectual property, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. Protecting against the unauthorized use of our intellectual property rights, technology and other proprietary rights is expensive and difficult, particularly outside of the United States. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive and could divert management's attention, which could harm our business and results of operations. Further, attempts to enforce our rights against third parties could also provoke these third parties to assert their own intellectual property or other rights against us, or result in a holding that invalidates or narrows the scope of our rights, in whole or in part. The inability to adequately protect and enforce our intellectual property and other proprietary rights could seriously harm our business, results of operations and financial condition. Even if we are able to secure our intellectual property rights, we cannot assure you that such rights will provide us with competitive advantages or distinguish our services from those of our competitors or that our competitors will not independently develop similar technology, duplicate any of our technology, or design around our patents.

Claims by others that we infringe their proprietary technology or other intellectual property rights could result in significant costs and substantially harm our business, financial condition, results of operations, and prospects.

Claims by others that we infringe their proprietary technology or other intellectual property rights could harm our business. A number of companies in our industry hold a large number of patents and also protect their copyright, trade secret and other intellectual property rights, and companies in the networking and security industry frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. As we face increasing competition and grow, the possibility of intellectual property rights claims against us also grows. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that such personnel have divulged proprietary or other confidential information to us. From time to time, third parties have in the past and may in the future assert claims of infringement of intellectual property rights against us. For example, we are currently involved in proceedings before the Trademark Trial and Appeal Board at the U.S. Patent and Trademark Office regarding our U.S. trademark registrations for CrowdStrike Falcon and our U.S. application to register our Falcon OverWatch trademark. Fair Isaac Corporation, or FICO, petitioned to cancel our trademark registrations and opposed our application. If the appeal board were to find against us, it would cancel our trademark registrations for CrowdStrike Falcon and reject our application to register Falcon OverWatch. If FICO were to file an infringement action in court and if we do not prevail in that action, we could ultimately be required to change the names of our solutions, which would force us to incur significant marketing expense in establishing an alternative brand to our existing Falcon brand. We cannot assure you that we will be successful in these rebranding efforts.

Third parties may in the future also assert claims against our customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our solutions infringe the intellectual property rights of third parties. As the number of products and competitors in the security and IT operations market increases and overlaps occur, claims of infringement, misappropriation, and other violations of intellectual property rights may increase. While we intend to increase the size of our patent portfolio, many of our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve non-practicing entities, companies or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. Any claim of intellectual property infringement by a third party, even a claim without merit, could cause us to incur substantial costs defending against such claim, could distract our management from our business and could require us to cease use of such intellectual property.

Table of Contents

Additionally, our insurance may not cover intellectual property rights infringement claims that may be made. In the event that we fail to successfully defend ourselves against an infringement claim, a successful claimant could secure a judgment or otherwise require payment of legal fees, settlement payments, ongoing royalties or other costs or damages; or we may agree to a settlement that prevents us from offering certain services or features; or we may be required to obtain a license, which may not be available on reasonable terms, or at all, to use the relevant technology. If we are prevented from using certain technology or intellectual property, we may be required to develop alternative, non-infringing technology, which could require significant time, during which we could be unable to continue to offer our affected services or features, effort and expense and may ultimately not be successful.

Although third parties may offer a license to their technology or other intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be adversely affected. In addition, some licenses may be nonexclusive, and therefore our competitors may have access to the same technology licensed to us. If a third party does not offer us a license to its technology or other intellectual property on reasonable terms, or at all, we could be enjoined from continued use of such intellectual property. As a result, we may be required to develop alternative, non-infringing technology, which could require significant time, during which we could be unable to continue to offer our affected products, subscriptions or services, effort, and expense and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain products, providing certain subscriptions or performing certain services or that requires us to pay substantial damages, royalties or other fees. Any of these events could harm our business, financial condition and results of operations.

We license technology from third parties, and our inability to maintain those licenses could harm our business.

We currently incorporate, and will in the future incorporate, technology that we license from third parties, including software, into our solutions. We cannot be certain that our licensors do not or will not infringe on the intellectual property rights of third parties or that our licensors have or will have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our Falcon platform. Some of our agreements with our licensors may be terminated by them for convenience, or otherwise provide for a limited term. If we are unable to continue to license technology because of intellectual property infringement claims brought by third parties against our licensors or against us, or if we are unable to continue our license agreements or enter into new licenses on commercially reasonable terms, our ability to develop and sell solutions and services containing that technology would be limited, and our business could be harmed. Additionally, if we are unable to license technology from third parties, we may be forced to acquire or develop alternative technology, which we may be unable to do in a commercially feasible manner or at all, and may require us to use alternative technology of lower quality or performance standards. This could limit or delay our ability to offer new or competitive solutions and increase our costs. As a result, our margins, market share, and results of operations could be significantly harmed.

If we are not able to satisfy data protection, security, privacy, and other government- and industry-specific requirements or regulations, our business, results of operations, and financial condition could be harmed.

Personal privacy, data protection, information security, telecommunications regulations, and other laws applicable to specific categories of information are significant issues in the United States, Europe and in other jurisdictions where we offer our solutions. The data that we collect, analyze,

Table of Contents

and store is subject to a variety of laws and regulations, including regulation by various government agencies. The U.S. federal government, and various state and foreign governments, have adopted or proposed limitations on the collection, distribution, use, and storage of certain categories of information, such as personally identifiable information of individuals, health information, and other sector-specific types of data, including the Federal Trade Commission, the Electronic Communication Privacy Act, Computer Fraud and Abuse Act, HIPAA, and the Gramm Leach Bliley Act. Laws and regulations outside the United States, and particularly in Europe, often are more restrictive than those in the United States. Such laws and regulations may require companies to implement privacy and security policies, permit customers to access, correct, and delete personal information stored or maintained by such companies, inform individuals of security breaches that affect their personal information, and, in some cases, obtain individuals' consent to use personally identifiable information for certain purposes. In addition, some foreign governments require that any information of certain categories, such as financial or personally identifiable information collected in a country not be disseminated outside of that country. We also may find it necessary or desirable to join industry or other self-regulatory bodies or other information security or data protection-related organizations that require compliance with their rules pertaining to information security and data protection. We also may be bound by additional, more stringent contractual obligations relating to our collection, use and disclosure of personal, financial, and other data.

We also expect that there will continue to be new proposed laws, regulations, and industry standards concerning privacy, data protection, information security, specific categories of data, electronic, and telecommunications services in the United States, the European Union and other jurisdictions in which we operate or may operate, and we cannot yet determine the impact such future laws, regulations, standards, or perception of their requirements may have on our business. For example, the European Commission recently adopted the European General Data Protection Regulation, or GDPR, that became fully effective in May 2018, and applies to the processing (which includes the collection and use) of certain personal data. As compared to previously-effective data protection law in the European Union, the GDPR imposes additional obligations and risk upon our business and increases substantially the penalties to which we could be subject in the event of any non-compliance. Administrative fines under the GDPR can amount up to 20 million Euros or four percent of our worldwide annual revenue for the prior fiscal year, whichever is higher. We have incurred substantial expense in complying with the obligations imposed by the GDPR and we may be required to do so in the future, potentially making significant changes in our business operations, which may adversely affect our revenue and our business overall. Additionally, because there have been very few GDPR actions enforced against companies, we are unable to predict how they will be applied to us or our customers. Despite our efforts to attempt to comply with the GDPR, a regulator may determine that we have not done so and subject us to fines and public censure, which could harm our company. Among other requirements, the GDPR regulates transfers of personal data subject to the GDPR to third countries that have not been found to provide adequate protection to such personal data, including the United States. We have undertaken certain efforts to conform transfers of personal data from the European Economic Area, or EEA, to the United States and other jurisdictions based on our understanding of current regulatory obligations and the guidance of data protection authorities. Despite this, we may be unsuccessful in establishing or maintaining conforming means of transferring such data from the EEA, in particular as a result of continued legal and legislative activity within the European Union that has challenged or called into question the legal basis for existing means of data transfers to countries that have not been found to provide adequate protection for personal data.

The implementation of the GDPR has led other jurisdictions to either amend, or propose legislation to amend their existing data privacy and cybersecurity laws to resemble all or a portion of the requirements of the GDPR (e.g., for purposes of having an adequate level of data protection to facilitate data transfers from the EU) or enact new laws to do the same. Accordingly, the

Table of Contents

challenges we face in the EU will likely also apply to other jurisdictions outside the EU that adopt laws similar in construction to the GDPR or regulatory frameworks of equivalent complexity. For example, on June 28, 2018, California adopted the California Consumer Privacy Act of 2018, or CCPA. The CCPA has been characterized as the first "GDPR-like" privacy statute to be enacted in the United States because it contains a number of provisions similar to certain provisions of the GDPR. Because of this, we may need to engage in data mapping to identify any consumer information that we may be collecting from our customers through our Falcon platform. In addition, we will need to ensure that our policies permit our customers to recognize the rights granted to consumers by the CCPA. All of this will need to be done before the effective date of the CCPA on January 1, 2020.

Evolving and changing definitions of personal data and personal information within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expand our business, including limiting technology alliance partnerships that may involve the sharing of data. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent. In addition, changes in laws or regulations that adversely affect the use of the internet, including laws impacting net neutrality, could impact our business. We expect that existing laws, regulations and standards may be interpreted in new manners in the future. Future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could require us to modify our solutions, restrict our business operations, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.

Beyond broader data processing regulations affecting our business, the cybersecurity industry may face direct regulation. In 2018, Singapore introduced what is believed to be the world's first cybersecurity licensing requirement, mandating that providers of specific types of incident response services receive a government license before providing such services. License requirements such as these may impose upon CrowdStrike significant organizational costs and high barriers of entry into new markets.

Although we work to comply with applicable laws and regulations, certain applicable industry standards with which we represent compliance, and our contractual obligations and other legal obligations, those laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another. In addition, they may conflict with other requirements or legal obligations that apply to our business or the security features and services that our customers expect from our solutions. As such, we cannot assure ongoing compliance with all such laws, regulations, standards and obligations. Any failure or perceived failure by us or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations, or applicable industry standards that we represent compliance with or that may be asserted to apply to us, or to comply with employee, customer, partner, and other data privacy and data security requirements pursuant to contract and our stated notices or policies, could result in enforcement actions against us, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business. Any inability of us or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to adequately address privacy and security concerns, even if unfounded, or comply with applicable laws, regulations, standards and obligations, could result in additional cost and liability to us, damage our reputation, inhibit sales, and adversely affect our business and results of operations.

Table of Contents

Failure to comply with laws and regulations applicable to our business could subject us to fines and penalties and could also cause us to lose customers in the public sector or negatively impact our ability to contract with the public sector.

Our business is subject to regulation by various federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing privacy and data protection laws and regulations, employment and labor laws, workplace safety, product safety, environmental laws, consumer protection laws, anti-bribery laws, import and export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than in the United States. Noncompliance by us, our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties with applicable regulations or requirements could subject us to:

•: investigations, enforcement actions and sanctions;
•: mandatory changes to our Falcon platform;
•: disgorgement of profits, fines and damages;
•: civil and criminal penalties or injunctions;
•: claims for damages by our customers or channel partners;
•: termination of contracts;
•: loss of intellectual property rights; and
•: temporary or permanent debarment from sales to government organizations.

If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations and financial condition could be adversely affected. In addition, responding to any action will likely result in a significant diversion of management's attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, results of operations and financial condition.

We endeavor to properly classify employees as exempt versus non-exempt under applicable law. Although there are no pending or threatened material claims or investigations against us asserting that some employees are improperly classified as exempt, the possibility exists that some of our current or former employees could have been incorrectly classified as exempt employees.

These laws and regulations impose added costs on our business, and failure by us, our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with these or other applicable regulations and requirements could lead to claims for damages, penalties, termination of contracts, loss of exclusive rights in our intellectual property and temporary suspension or permanent debarment from government contracting. Any such damages, penalties, disruptions or limitations in our ability to do business with the public sector could result in reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, and other sanctions, any of which could harm our business, reputation, and results of operations.

We are subject to laws and regulations, including governmental export and import controls, sanctions, and anti-corruption laws, that could impair our ability to compete in our markets and subject us to liability if we are not in full compliance with applicable laws.

We are subject to laws and regulations, including governmental export controls, that could subject us to liability or impair our ability to compete in our markets. Our products are subject to U.S. export controls, including the U.S. Department of Commerce's Export Administration

Table of Contents

Regulations, and we and our employees, representatives, contractors, agents, intermediaries, and other third parties are also subject to various economic and trade sanctions regulations administered by the U.S. Treasury Department's Office of Foreign Assets Control. We incorporate standard encryption algorithms into our products, which, along with the underlying technology, may be exported outside of the U.S. only with the required export authorizations, including by license, license exception or other appropriate government authorizations, which may require the filing of an encryption registration and classification request. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain cloud-based solutions to countries, governments, and persons targeted by U.S. sanctions. We also collect information about cyber threats from open sources, intermediaries, and third parties that we make available to our customers in our threat industry publications. While we have implemented certain procedures to facilitate compliance with applicable laws and regulations in connection with the collection of this information, we cannot assure you that these procedures have been effective or that we, or third parties, many of whom we do not control, have complied with all laws or regulations in this regard. Failure by our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties to comply with applicable laws and regulations in the collection of this information also could have negative consequences to us, including reputational harm, government investigations and penalties.

Although we take precautions to prevent our information collection practices and services from being provided in violation of such laws, our information collection practices and services may have been in the past, and could in the future be, provided in violation of such laws. If we or our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties fail to comply with these laws and regulations, we could be subject to civil or criminal penalties, including the possible loss of export privileges and fines. We may also be adversely affected through reputational harm, loss of access to certain markets, or otherwise. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities.

Various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers' ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, results of operations, and financial condition.

We are also subject to the U.S. Foreign Corrupt Practices Act of 1977, or FCPA, the UK Bribery Act 2010, or Bribery Act, and other anti-corruption, sanctions, anti-bribery, anti-money laundering and similar laws in the United States and other countries in which we conduct activities. Anti-corruption and anti-bribery laws, which have been enforced aggressively and are interpreted broadly, prohibit companies and their employees, agents, intermediaries, and other third parties from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. We leverage third parties, including intermediaries, agents, and channel partners, to conduct our business in the U.S. and abroad, to sell subscriptions to our Falcon platform and to collect information about cyber threats. We and these third-parties may have

Table of Contents

direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and we may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, channel partners, agents, intermediaries, and other third parties, even if we do not explicitly authorize such activities. While we have policies and procedures to address compliance with FCPA, Bribery Act and other anti-corruption, sanctions, anti-bribery, anti-money laundering and similar laws, we cannot assure you that they will be effective, or that all of our employees, representatives, contractors, channel partners, agents, intermediaries, or other third parties have taken, or will not take actions, in violation of our policies and applicable law, for which we may be ultimately held responsible. As we increase our international sales and business, our risks under these laws may increase. Noncompliance with these laws could subject us to investigations, severe criminal or civil sanctions, settlements, prosecution, loss of export privileges, suspension or debarment from U.S. government contracts, other enforcement actions, disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, whistleblower complaints, adverse media coverage and other consequences. Any investigations, actions or sanctions could harm our reputation, business, results of operations and financial condition.

Some of our technology incorporates "open source" software, which could negatively affect our ability to sell our Falcon platform and subject us to possible litigation.

Our products and subscriptions contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products and subscriptions. The use and distribution of open source software may entail greater risks than the use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Many of the risks associated with use of open source software cannot be eliminated and could negatively affect our business. In addition, the wide availability of source code used in our solutions could expose us to security vulnerabilities.

Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public, including authorizing further modification and redistribution, or otherwise be limited in the licensing of our services, each of which could provide an advantage to our competitors or other entrants to the market, create security vulnerabilities in our solutions, require us to re-engineer all or a portion of our Falcon platform, and could reduce or eliminate the value of our services. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.

The terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize products and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open source software in our products and subscriptions will be effective. From time to time, we may face claims from third parties asserting ownership of, or demanding release of, the open source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions. Responding to any infringement or noncompliance claim by an open source vendor, regardless of its validity, discovering certain open

Table of Contents

source software code in our Falcon platform, or a finding that we have breached the terms of an open source software license, could harm our business, results of operations and financial condition, by, among other things:

•: resulting in time-consuming and costly litigation;
•: diverting management's time and attention from developing our business;
•: requiring us to pay monetary damages or enter into royalty and licensing agreements that we would not normally find acceptable;
•: causing delays in the deployment of our Falcon platform or service offerings to our customers;
•: requiring us to stop offering certain services or features of our Falcon platform;
•: requiring us to redesign certain components of our Falcon platform using alternative non-infringing or non-open source technology, which could require significant effort and expense;
•: requiring us to disclose our software source code and the detailed program commands for our software; and
•: requiring us to satisfy indemnification obligations to our customers.

We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service and our business could suffer.

Certain of our customer agreements contain service level commitments, which contain specifications regarding the availability and performance of our Falcon platform. Any failure of or disruption to our infrastructure could impact the performance of our Falcon platform and the availability of services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our Falcon platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions, and, in certain cases, refunds. To date, there has not been a material failure to meet our service level commitments, and we do not currently have any material liabilities accrued on our balance sheet for such commitments. Our revenue, other results of operations and financial condition could be harmed if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.

We may become involved in litigation that may adversely affect us.

We are regularly subject to claims, suits, and government investigations and other proceedings including patent, product liability, class action, whistleblower, personal injury, property damage, labor and employment, commercial disputes, compliance with laws and regulatory requirements and other matters, and we may become subject to additional types of claims, suits, investigations and proceedings as our business develops. For example, we, along with certain other cybersecurity providers, currently are subject to litigation and a civil investigation regarding participation in cybersecurity testing standard-setting and allegations that this standard-setting facilitated a concerted refusal to deal with cybersecurity testing organizations that did not adhere to those standards. While we believe that we have acted in compliance in all material respects with applicable antitrust laws, such litigation, investigation, as well as any other claims, suits, and government investigations and proceedings that may be asserted against us in the future are inherently uncertain and their results cannot be predicted with certainty. Regardless of the outcome, any of these types of legal proceedings can have an adverse impact on us because of legal costs

Table of Contents

and diversion of management attention and resources, and could cause us to incur significant expenses or liability, adversely affect our brand recognition, and/or require us to change our business practices. The expense of litigation and the timing of this expense from period to period are difficult to estimate, subject to change and could adversely affect our results of operations. It is possible that a resolution of one or more such proceedings could result in substantial damages, settlement costs, fines and penalties that could adversely affect our business, consolidated financial position, results of operations, or cash flows in a particular period. These proceedings could also result in reputational harm, sanctions, consent decrees, or orders requiring a change in our business practices. Because of the potential risks, expenses and uncertainties of litigation, we may, from time to time, settle disputes, even where we have meritorious claims or defenses, by agreeing to settlement agreements. Because litigation is inherently unpredictable, we cannot assure you that the results of any of these actions will not have a material adverse effect on our business, financial condition, results of operations, and prospects. Any of these consequences could adversely affect our business and results of operations.

Our ability to maintain customer satisfaction depends in part on the quality of our customer support.

Once our Falcon platform is deployed within our customers' networks, our customers depend on our customer support services to resolve any issues relating to the implementation and maintenance of our Falcon platform. If we do not provide effective ongoing support, our ability to sell additional modules as part of our Falcon platform to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many larger organizations have more complex networks and require higher levels of support than smaller customers and we offer premium services for these customers. Failure to maintain high-quality customer support could have a material adverse effect on our business, results of operations, and financial condition.

We may need to raise additional capital to expand our operations and invest in new solutions, which capital may not be available on terms acceptable to us, or at all, and which could reduce our ability to compete and could harm our business.

We expect that our existing cash and cash equivalents and marketable securities will be sufficient to meet our anticipated cash needs for working capital and capital expenditures for at least the next 12 months. Retaining or expanding our current levels of personnel and products offerings may require additional funds to respond to business challenges, including the need to develop new products and enhancements to our Falcon platform, improve our operating infrastructure, or acquire complementary businesses and technologies. Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business. Accordingly, we may need to engage in additional equity or debt financings to secure additional funds. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the market price of our Class A common stock could decline. If we engage in debt financing, the holders of debt would have priority over the holders of our Class A common stock, and we may be required to accept terms that restrict our operations or our ability to incur additional indebtedness or to take other actions that would otherwise be in the interests of the debt holders. Any of the above could harm our business, results of operations, and financial condition.

Table of Contents

Our business is subject to the risks of warranty claims, product returns, product liability, and product defects from real or perceived defects in our solutions or their misuse by our customers or third parties and indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.

We may be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our products may harm our business and results of operations. Although we generally have limitation of liability provisions in our terms and conditions of sale, these provisions do not cover our indemnification obligations as described in the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations—Indemnification" and they may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our products also entails the risk of product liability claims.

Additionally, our agreements with customers and other third parties typically include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims regarding intellectual property infringement, breach of agreement, including confidentiality, privacy and security obligations, violation of applicable laws, damages caused by failures of our solutions or to property or persons, or other liabilities relating to or arising from our products and services, or other acts or omissions. These contractual provisions often survive termination or expiration of the applicable agreement. We have not to date received any indemnification claims from third parties. However, as we continue to grow, the possibility of these claims against us will increase.

If our customers or other third parties we do business with make intellectual property rights or other indemnification claims against us, we will incur significant legal expenses and may have to pay damages, license fees, and/or stop using technology found to be in violation of the third party's rights. We may also have to seek a license for the technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain solutions or features. We may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our products and services, which could harm our business. Large indemnity obligations, whether for intellectual property or other claims, could harm our business, results of operations, and financial condition.

Additionally, our Falcon platform may be used by our customers and other third parties who obtain access to our solutions for purposes other than for which our platform was intended. For example, our Falcon platform might be misused by a customer to monitor its employee's activities in a manner that violates the employee's privacy rights under applicable law.

During the course of performing certain solution-related services and our professional services, our teams may have significant access to our customers' networks. We cannot be sure that a disgruntled employee may not take advantage of such access which may make our customers vulnerable to malicious activity by such employee. Any such misuse of our Falcon platform could result in negative press coverage and negatively affect our reputation, which could result in harm to our business, reputation, and results of operations.

We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management's time and other resources, and harm our business and reputation. We offer our customers a limited warranty, subject to certain conditions, with our Falcon Complete cloud module and our potential liability under this warranty is provided by our insurance carrier to

Table of Contents

us. Any failure or refusal of our insurance providers to provide the expected insurance benefits to us after we have paid the warranty claims would cause us to incur significant expense or cause us to cease offering this warranty which could damage our reputation, cause us to lose customers, expose us to liability claims by our customers, negatively impact our sales and marketing efforts, and have an adverse effect on our business, financial condition and results of operations.

Our debt agreement contains restrictive covenants that limit our ability to borrow more money, to make distributions to our stockholders, and to engage in certain other activities.

Our existing credit agreement contains a number of covenants that limit our ability and our subsidiaries' ability to, among other things, transfer or dispose of assets, pay dividends or make distributions, incur additional indebtedness, create liens, make investments, loans and acquisitions, engage in transactions with affiliates, merge or consolidate with other companies, or sell substantially all of our assets. Our credit agreement is guaranteed by us and certain of our subsidiaries and secured by substantially all of the assets of the borrower subsidiary, us, and the guarantor subsidiaries. The terms of our credit agreement may restrict our current and future operations and could adversely affect our ability to finance our future operations or capital needs or to execute preferred business strategies. In addition, complying with these covenants may make it more difficult for us to successfully execute our business strategy and compete against companies who are not subject to such restrictions. Additionally, our obligations to repay principal and interest on our indebtedness make us vulnerable to economic or market downturns.

If we are unable to comply with our payment requirements, our lender may accelerate our obligations under our credit agreement and foreclose upon the collateral, or we may be forced to sell assets, restructure our indebtedness or seek additional equity capital, which would dilute our stockholders' interests. If we fail to comply with any covenant it could result in an event of default under the agreement and our lender could make the entire debt immediately due and payable. If this occurs, we might not be able to repay our debt or borrow sufficient funds to refinance it. Even if new financing is available, it may not be on terms that are acceptable to us.

The requirements of being a public company may strain our resources, divert managements' attention, and if we fail to maintain an effective system of internal controls, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

As a public company, we will be subject to the reporting requirements of the Securities Exchange Act of 1934, as amended, or the Exchange Act, the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, and the rules and regulations of . We expect that the requirements of these rules and regulations will increase our legal, accounting and financial compliance costs; make some activities more difficult, time-consuming and costly, and place significant strain on our personnel, systems and resources. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We are continuing to develop and refine our disclosure controls, internal control over financial reporting and other procedures that are designed to ensure information required to be disclosed by us in our financial statements and in the reports that we will file with the SEC is recorded, processed, summarized and reported within the time periods specified in SEC rules and forms, and information required to be disclosed in reports under the Exchange Act is accumulated and communicated to our principal executive and financial officers.

Our current controls and any new controls we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our results of operations, may

Table of Contents

result in a restatement of our financial statements for prior periods, cause us to fail to meet our reporting obligations, and could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in the periodic reports we will file with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the market price of our Class A common stock. We are not currently required to comply with the SEC rules that implement Sections 302 and 404 of the Sarbanes-Oxley Act, and we are therefore not required to make a formal assessment of the effectiveness of our internal control over financial reporting for that purpose. Upon becoming a public company, we will be required to comply with certain of these rules, which will require management to certify financial and other information in our quarterly and annual reports and provide an annual management report on the effectiveness of our internal control over financial reporting commencing with our second Annual Report on Form 10-K. In order to improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight may be required. As a result, management's attention may be diverted from other business concerns, which could harm our business, financial condition, and results of operations.

Our independent registered public accounting firm is not required to formally attest to the effectiveness of our internal control over financial reporting until after we are no longer an emerging growth company. At such time, our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our controls are documented, designed or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could have a material and adverse effect on our business and results of operations and could cause a decline in the price of our stock.

Future acquisitions, strategic investments, partnerships, or alliances could be difficult to identify and integrate, divert the attention of key management personnel, disrupt our business, dilute stockholder value and adversely affect our results of operations and financial condition.

As part of our business strategy, we have in the past and are likely to continue to make investments in and/or acquire complementary companies, services or technologies, such as our acquisition of Payload Security, UG. Our ability as an organization to acquire and integrate other companies, services or technologies in a successful manner in the future is not guaranteed. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or ability to achieve our business objectives, and any acquisitions we complete could be viewed negatively by our end-customers or investors. In addition, if we are unsuccessful at integrating such acquisitions, or the technologies associated with such acquisitions, into our company, the revenue and results of operations of the combined company could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition and the market price of our Class A common stock. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our stockholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

Table of Contents

Additional risks we may face in connection with acquisitions include:

•: diversion of management time and focus from operating our business to addressing acquisition integration challenges;
•: coordination of research and development and sales and marketing functions;
•: integration of product and service offerings;
•: retention of key employees from the acquired company;
•: changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;
•: cultural challenges associated with integrating employees from the acquired company into our organization;
•: integration of the acquired company's accounting, management information, human resources and other administrative systems;
•: the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures and policies;
•: financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that we don't adequately address and that cause our reported results to be incorrect;
•: liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and other known and unknown liabilities;
•: unanticipated write-offs or charges; and
•: litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties.

Our failure to address these risks or other problems encountered in connection with acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally.

If we cannot maintain our company culture as we grow, we could lose the innovation, teamwork, passion, and focus on execution that we believe contribute to our success and our business may be harmed.

We believe that our corporate culture has been a contributor to our success, which we believe fosters innovation, teamwork, passion and focus on building and marketing our Falcon platform. As we grow and develop the infrastructure of a public company, we may find it difficult to maintain our corporate culture. Any failure to preserve our culture could harm our future success, including our ability to retain and recruit personnel, innovate and operate effectively and execute on our business strategy. Additionally, our productivity and the quality of our solutions may be adversely affected if we do not integrate and train our new employees quickly and effectively. If we experience any of these effects in connection with future growth, it could impair our ability to attract new customers, retain existing customers and expand their use of our Falcon platform, all of which would adversely affect our business, financial condition and results of operations.

Table of Contents

Our international operations and plans for future international expansion expose us to significant risks, and failure to manage those risks could adversely impact our business.

We derived approximately 13%, 16%, and 23% of our total revenue from our international customers for fiscal 2017, fiscal 2018, and fiscal 2019, respectively. We are continuing to adapt to and develop strategies to address international markets and our growth strategy includes expansion into target geographies, but there is no guarantee that such efforts will be successful. We expect that our international activities will continue to grow in the future, as we continue to pursue opportunities in international markets. These international operations will require significant management attention and financial resources and are subject to substantial risks, including:

•: greater difficulty in negotiating contracts with standard terms, enforcing contracts and managing collections, and longer collection periods;
•: higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;
•: management communication and integration problems resulting from cultural and geographic dispersion;
•: risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our Falcon platform that may be required in foreign countries;
•: greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties;
•: compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.S. Travel Act and the UK Bribery Act 2010, violations of which could lead to significant fines, penalties, and collateral consequences for our company;
•: heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
•: the uncertainty of protection for intellectual property rights in some countries;
•: general economic and political conditions in these foreign markets;
•: foreign exchange controls or tax regulations that might prevent us from repatriating cash earned outside the United States;
•: political and economic instability in some countries;
•: double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States or the foreign jurisdictions in which we operate;
•: unexpected costs for the localization of our services, including translation into foreign languages and adaptation for local practices and regulatory requirements;
•: requirements to comply with foreign privacy, data protection, and information security laws and regulations and the risks and costs of noncompliance;
•: greater difficulty in identifying, attracting and retaining local qualified personnel, and the costs and expenses associated with such activities;
•: greater difficulty identifying qualified channel partners and maintaining successful relationships with such partners;

Table of Contents

•: differing employment practices and labor relations issues; and
•: difficulties in managing and staffing international offices and increased travel, infrastructure, and legal compliance costs associated with multiple international locations.

Additionally, all of our sales contracts are currently denominated in U.S. dollars. However, a strengthening of the U.S. dollar could increase the cost of our solutions to our international customers, which could adversely affect our business and results of operations. In addition, an increasing portion of our operating expenses is incurred outside the United States, is denominated in foreign currencies, such as the British Pound, Indian Rupee, and Euro, and is subject to fluctuations due to changes in foreign currency exchange rates. If we become more exposed to currency fluctuations and are not able to successfully hedge against the risks associated with currency fluctuations, our results of operations could be adversely affected.

As we continue to develop and grow our business globally, our success will depend in large part on our ability to anticipate and effectively manage these risks. The expansion of our existing international operations and entry into additional international markets will require significant management attention and financial resources. Our failure to successfully manage our international operations and the associated risks could limit the future growth of our business.

The requirements of being a public company may strain our resources and divert management's attention.

As a public company, we will be subject to the reporting and corporate governance requirements of the Exchange Act, the listing requirements of and other applicable securities rules and regulations, including the Sarbanes-Oxley Act and the Dodd-Frank Wall Street Reform and Consumer Protection Act. Compliance with these rules and regulations will increase our legal and financial compliance costs, make some activities more difficult, time-consuming, or costly and increase demand on our systems and resources, particularly after we are no longer an "emerging growth company" as defined in the JOBS Act. Among other things, the Exchange Act requires that we file annual, quarterly and current reports with respect to our business and results of operations and maintain effective disclosure controls and procedures and internal control over financial reporting. In order to improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight may be required. As a result, management's attention may be diverted from other business concerns, which could harm our business, financial condition, and results of operations.

U.S. federal income tax reform could adversely affect us.

In December 2017, the United States adopted new tax law legislation commonly referred to as the Tax Cuts and Jobs Act of 2017, or the Tax Act, which significantly reforms the Internal Revenue Code of 1986, as amended, or the Internal Revenue Code. The Tax Act, among other things, includes changes to U.S. federal tax rates, imposes significant additional limitations on the deductibility of interest and the use of net operating losses generated in tax years beginning after December 31, 2017, allows for the expensing of certain capital expenditures, and puts into effect the migration from a "worldwide" system of taxation to a territorial system. Further changes to U.S. tax laws, including limitations on the ability of taxpayers to claim and utilize foreign tax credits, as well as changes to U.S. tax laws that may be enacted in the future, could impact the tax treatment of our foreign earnings. Due to expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate and adversely affect our financial condition and results of operations. The enactment of legislation implementing changes in the U.S. taxation of international business activities or the adoption of other tax reform policies could adversely impact our financial position and results of operations.

Table of Contents

The Tax Act did not have a material impact on our financial statements for fiscal 2019, other than disclosures in our year-end financial statements.

Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.

As of January 31, 2019, we had aggregate U.S. federal and state net operating loss carryforwards of $376.0 million and $287.8 million, respectively, which may be available to offset future taxable income for income tax purposes. If not utilized, the federal net operating loss carryforwards will begin to expire in 2031, and the state net operating loss carryforwards will begin to expire in 2021. As of January 31, 2019, we had federal and California research and development credit carryforwards of $7.4 million and $3.7 million, respectively. The federal research and development credit carryforwards begin to expire in 2031, and the California carryforwards are carried forward indefinitely. Realization of these net operating loss and research and development credit carryforwards depends on future income, and there is a risk that our existing carryforwards could expire unused and be unavailable to offset future income tax liabilities, which could adversely affect our results of operations.

In addition, under Sections 382 and 383 of the Internal Revenue Code, if a corporation undergoes an "ownership change," generally defined as a greater than 50% change (by value) in ownership by "5 percent shareholders" over a rolling three-year period, the corporation's ability to use its pre-change net operating loss carryovers and other pre-change tax attributes, such as research and development credits, to offset its post-change income or taxes may be limited. We do not expect to experience an ownership change in connection with this offering, although we may experience an ownership changes in the future as a result of shifts in our stock ownership. As a result, if we earn net taxable income, our ability to use our pre-change net operating loss carryforwards to offset U.S. federal taxable income may be subject to limitations, which could potentially result in increased future tax liability to us.

Taxing authorities may successfully assert that we should have collected or in the future should collect sales and use, value added or similar taxes, and we could be subject to liability with respect to past or future sales, which could adversely affect our results of operations.

We do not collect sales and use, value added or similar taxes in all jurisdictions in which we have sales because we have been advised that such taxes are not applicable to our services in certain jurisdictions. Sales and use, value added and similar tax laws and rates vary greatly by jurisdiction. Certain jurisdictions in which we do not collect such taxes may assert that such taxes are applicable, which could result in tax assessments, penalties and interest, to us or our customers for the past amounts, and we may be required to collect such taxes in the future. If we are unsuccessful in collecting such taxes from our customers, we could be held liable for such costs, which may adversely affect our results of operations.

Our corporate structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.

We are expanding our international operations and staff to support our business in international markets. We generally conduct our international operations through wholly-owned subsidiaries and are or may be required to report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our

Table of Contents

international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.

We are subject to federal, state, and local income, sales, and other taxes in the United States and income, withholding, transaction, and other taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes, sales taxes and value added taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have an adverse effect on our results of operations or cash flows in the period or periods for which a determination is made.

Our reported financial results may be affected by changes in accounting principles generally accepted in the United States, such as the adoption of ASC 606, and difficulties in implementing these changes could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors' confidence in us.

Accounting principles generally accepted in the United States, or U.S. GAAP, are subject to interpretation by the Financial Accounting Standards Board, or FASB, the SEC, and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results, and could affect the reporting of transactions completed before the announcement of a change. In particular, in May 2014, the FASB issued ASC 606, Revenue from Contracts with Customers, which supersedes the revenue recognition requirements in ASC 605, Revenue Recognition. The core principle of ASC 606 is that an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services. As an "emerging growth company," we are allowed under the JOBS Act to delay adoption of new or revised accounting pronouncements applicable to public companies until such pronouncements are made applicable to private companies. We have elected to take advantage of this extended transition period under the JOBS Act, which resulted in ASC 606 becoming effective for us beginning on February 1, 2019. We plan to adopt using the modified retrospective transition method. Any difficulties in implementing these pronouncements could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors' confidence in us.

Table of Contents

If our estimates or judgments relating to our critical accounting policies prove to be incorrect or financial reporting standards or interpretations change, our results of operations could be adversely affected.

The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as discussed in the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations." The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to revenue recognition; allowance for doubtful accounts; valuation of common stock and redeemable convertible preferred stock warrants; carrying value and useful lives of long-lived assets; loss contingencies; and the provision for income taxes and related deferred taxes. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of industry or financial analysts and investors, resulting in a decline in the market price of our Class A common stock.

Additionally, we regularly monitor our compliance with applicable financial reporting standards and review new pronouncements and drafts thereof that are relevant to us. As a result of new standards, changes to existing standards and changes in their interpretation, we might be required to change our accounting policies, alter our operational policies and implement new or enhance existing systems so that they reflect new or amended financial reporting standards, or we may be required to restate our published financial statements. Such changes to existing standards or changes in their interpretation may have an adverse effect on our reputation, business, financial position and profit, or cause an adverse deviation from our revenue and operating profit target, which may negatively impact our financial results.

Our business is subject to the risks of earthquakes, fire, floods, and other natural catastrophic events, and to interruption by man-made problems such as power disruptions, computer viruses, data security breaches or terrorism.

Our corporate headquarters are located in the San Francisco Bay Area, a region known for seismic activity. A significant natural disaster, such as an earthquake, a fire, a flood, or significant power outage could have a material adverse impact on our business, results of operations, and financial condition. Natural disasters could affect our personnel, data centers, supply chain, manufacturing vendors, or logistics providers' ability to provide materials and perform services such as manufacturing products or assisting with shipments on a timely basis. In addition, climate change could result in an increase in the frequency or severity of natural disasters. In the event that our or our service providers' information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in missed financial targets, such as revenue and shipment targets, for a particular quarter. In addition, computer malware, viruses and computer hacking, fraudulent use attempts and phishing attacks have become more prevalent in our industry, and our internal systems may be victimized by such attacks. Although we maintain incident management and disaster response plans, in the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, breaches of data security and loss of critical data, and our insurance may not cover such events or may be insufficient to compensate us for the potentially significant losses we may incur. Acts of terrorism and other geo-political unrest could also cause

Table of Contents

disruptions in our business or the business of our supply chain, manufacturers, logistics providers, partners, or customers or the economy as a whole. Any disruption in the business of our supply chain, manufacturers, logistics providers, partners or end-customers that impacts sales at the end of a fiscal quarter could have a significant adverse impact on our financial results. All of the aforementioned risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, or the delay in the manufacture, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.

Risks Related to the Offering and Ownership of Our Class A Common Stock

The market price of our Class A common stock may be volatile, and you could lose all or part of your investment.

We cannot predict the prices at which our Class A common stock will trade. The initial public offering price of our Class A common stock will be determined by negotiations between us and the underwriters and may not bear any relationship to the market price at which our Class A common stock will trade after this offering or to any other established criteria of the value of our business and prospects and the market price of our Class A common stock following this offering may fluctuate substantially and may be lower than the initial public offering price. The market price of our Class A common stock following this offering will depend on a number of factors, including those described in this "Risk Factors" section, many of which are beyond our control and may not be related to our operating performance. In addition, the limited public float of our Class A common stock following this offering will tend to increase the volatility of the trading price of our Class A common stock. These fluctuations could cause you to lose all or part of your investment in our Class A common stock, since you might not be able to sell your shares at or above the price you paid in this offering. Factors that could cause fluctuations in the market price of our Class A common stock include the following:

•: actual or anticipated changes or fluctuations in our results of operations;
•: the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;
•: announcements by us or our competitors of new products or new or terminated significant contracts, commercial relationships or capital commitments;
•: industry or financial analyst or investor reaction to our press releases, other public announcements and filings with the SEC;
•: rumors and market speculation involving us or other companies in our industry;
•: price and volume fluctuations in the overall stock market from time to time;
•: changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;
•: the expiration of market stand-off or contractual lock-up agreements and sales of shares of our Class A common stock by us or our stockholders;
•: failure of industry or financial analysts to maintain coverage of us, changes in financial estimates by any analysts who follow our company, or our failure to meet these estimates or the expectations of investors;
•: actual or anticipated developments in our business or our competitors' businesses or the competitive landscape generally;

Table of Contents

•: litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
•: developments or disputes concerning our intellectual property rights or our solutions, or third-party proprietary rights;
•: announced or completed acquisitions of businesses or technologies by us or our competitors;
•: new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
•: any major changes in our management or our board of directors, particularly with respect to Mr. Kurtz;
•: general economic conditions and slow or negative growth of our markets; and
•: other events or factors, including those resulting from war, incidents of terrorism or responses to these events.

In addition, the stock market in general, and the market for technology companies in particular, has experienced extreme price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry factors may seriously affect the market price of our Class A common stock, regardless of our actual operating performance. In addition, in the past, following periods of volatility in the overall market and the market prices of a particular company's securities, securities class action litigation has often been instituted against that company. Securities litigation, if instituted against us, could result in substantial costs and divert our management's attention and resources from our business. This could have an adverse effect on our business, results of operations and financial condition.

No public market for our Class A common stock currently exists, and an active public trading market may not develop or be sustained following this offering.

Prior to this offering, there has been no public market or active private market for our Class A common stock. We have applied to list our Class A common stock on the Nasdaq Global Select Market; however, an active trading market may not develop following the completion of this offering or, if developed, may not be sustained. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the market price of your shares of Class A common stock. An inactive market may also impair our ability to raise capital by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

Sales of substantial amounts of our Class A common stock in the public markets, or the perception that they might occur, could reduce the price that our Class A common stock might otherwise attain and may dilute your voting power and your ownership interest in us.

Sales of a substantial number of shares of our Class A common stock in the public market after this offering, particularly sales by our directors, executive officers and significant stockholders, or the perception that these sales could occur, could adversely affect the market price of our Class A common stock and may make it more difficult for you to sell your Class A common stock at a time and price that you deem appropriate. Based on the total number of shares outstanding as of January 31, 2019, upon completion of this offering, we will have shares of Class A common stock outstanding and shares of Class B common stock outstanding, assuming no exercise by the underwriters of their option to purchase additional shares of Class A common stock and no exercise of outstanding options or warrants and after giving effect to the conversion of all

Table of Contents

outstanding shares of our redeemable convertible preferred stock into shares of Class B common stock immediately upon the closing of this offering.

All of the shares of Class A common stock sold in this offering will be freely tradable without restrictions or further registration under the Securities Act of 1933, as amended, or the Securities Act, except for any shares held by our affiliates as defined in Rule 144 under the Securities Act.

Subject to certain exceptions, we, all of our directors and executive officers and record holders of substantially all of our securities outstanding immediately prior to this offering, are subject to market stand-off agreements or have agreed not to offer, sell or agree to sell, directly or indirectly, any shares of capital stock without the permission of Goldman Sachs & Co. LLC on behalf of the underwriters, for a period of 180 days from the date of this prospectus. However, such period may be shortened in certain circumstances to as few as 120 days from the date of this prospectus. See the section titled "Underwriting." When the lock-up period expires, we and our security holders subject to a lock-up agreement or market stand-off agreement will be able to sell our shares in the public market. In addition, Goldman Sachs & Co. LLC may, in its sole discretion, release all or some portion of the shares subject to lock-up agreements prior to the expiration of the lock-up period. See the section titled "Shares Eligible for Future Sale" for more information. Sales of a substantial number of such shares upon expiration of the lock-up and market stand-off agreements, or the perception that such sales may occur, or early release of these agreements, could cause our market price to fall or make it more difficult for you to sell your Class A common stock at a time and price that you deem appropriate.

In addition, following this offering, holders of an aggregate of up to 163,916,832 shares of our Class B common stock will be entitled to rights with respect to registration of these shares under the Securities Act pursuant to our amended and restated registration rights agreement, or RRA. If these holders of our Class B common stock, by exercising their registration rights, sell a large number of shares, they could adversely affect the market price for our Class A common stock. We also intend to register the offer and sale of all shares of Class A common stock that we may issue under our equity compensation plans.

We may also issue our shares of Class A common stock or securities convertible into shares of our Class A common stock from time to time in connection with a financing, acquisition, investments or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our Class A common stock to decline.

If industry or financial analysts do not publish research or reports about our business, or if they issue inaccurate or unfavorable research regarding our Class A common stock, our stock price and trading volume could decline.

The trading market for our Class A common stock will be influenced by the research and reports that industry or financial analysts publish about us or our business. We do not control these analysts or the content and opinions included in their reports. As a new public company, we may be slow to attract research coverage and the analysts who publish information about our Class A common stock will have had relatively little experience with our company, which could affect their ability to accurately forecast our results and make it more likely that we fail to meet their estimates. In the event we obtain industry or financial analyst coverage, if any of the analysts who cover us issues an inaccurate or unfavorable opinion regarding our stock price, our stock price would likely decline. In addition, the stock prices of many companies in the technology industry have declined significantly after those companies have failed to meet, or significantly exceed, the financial guidance publicly announced by the companies or the expectations of analysts. If our financial results fail to meet, or significantly exceed, our announced guidance or the expectations of analysts or public investors, analysts could downgrade our Class A common stock or publish unfavorable

Table of Contents

research about us. If one or more of these analysts cease coverage of our company or fail to publish reports on us regularly, our visibility in the financial markets could decrease, which in turn could cause our stock price or trading volume to decline.

The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock (or options or other securities convertible into or exercisable for our capital stock) prior to the completion of this offering, including our executive officers, employees, directors, current principal stockholders, and their affiliates, which will limit your ability to influence the outcome of matters submitted to our stockholders for approval.

Our Class B common stock has 10 votes per share, and our Class A common stock, which is the stock we are offering in this initial public offering, has one vote per share. The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock (or options or other securities convertible into or exercisable for our capital stock) prior to the completion of this offering, including our executive officers, employees, directors, current principal stockholders, and their affiliates, which will limit your ability to influence the outcome of matters submitted to our stockholders for approval, including the election of our directors and the approval of any change in control transaction. Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, which will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who retain their shares in the long term.

Upon the completion of this offering, our executive officers, directors, each of our stockholders that currently owns more than five percent of our outstanding capital stock, and their respective affiliates will hold, in aggregate, % of the voting power of our outstanding capital stock. Furthermore, three of our current stockholders and their affiliates will hold, in aggregate, % of the voting power of our outstanding capital stock. For more information, see "Principal Stockholders." As a result, these stockholders, acting together, will have control over most matters that require approval by our stockholders, including the election of directors and approval of significant corporate transactions. They may also have interests that differ from yours and may vote in a way with which you disagree and which may be adverse to your interests. Corporate action might be taken even if other stockholders, including those who purchase shares in this offering, oppose them. This concentration of ownership may have the effect of delaying, preventing or deterring a change of control or other liquidity event of our company, could deprive our stockholders of an opportunity to receive a premium for their shares of common stock as part of a sale or other liquidity event and might ultimately affect the market price of our common stock.

Further, our amended and restated certificate of incorporation will provide that, to the fullest extent permitted by law, the doctrine of "corporate opportunity" will not apply to Accel and Warburg Pincus, or their respective affiliates, in a manner that would prohibit them from investing in competing businesses or doing business with our partners or customers.

Shares of our common stock are subordinate to our debts and other liabilities, resulting in a greater risk of loss for stockholders.

Shares of our common stock are subordinate in right of payment to all of our current and future debt. We cannot assure that there would be any remaining funds after the payment of all of our debts for any distribution to our common stockholders.

Table of Contents

We have broad discretion to determine how to use the funds raised in this offering, and we may use them in ways that may not enhance our results of operations or the price of our Class A common stock.

The principal purposes of this offering are to increase our capitalization and financial flexibility, to create a public market for our stock and thereby enable access to the public equity markets for our employees and stockholders, to obtain additional capital and to increase our visibility in the marketplace. We currently intend to use the net proceeds from this offering for general corporate purposes, including for any of the purposes described in the section titled "Use of Proceeds." However, we do not currently have any specific or preliminary plans for the net proceeds from this offering and will have broad discretion in how we use the net proceeds of this offering. We could spend the proceeds from this offering in ways that our stockholders may not agree with or that do not yield a favorable return. You will not have the opportunity as part of your investment decision to assess whether the net proceeds are being used appropriately. Investors in this offering will need to rely upon the judgment of our management with respect to the use of proceeds. If we do not use the net proceeds that we receive in this offering effectively, our business, financial condition, results of operations and prospects could be harmed, and the market price of our Class A common stock could decline.

We do not intend to pay dividends in the foreseeable future. As a result, your ability to achieve a return on your investment will depend on appreciation in the price of our Class A common stock.

We have never declared or paid any cash dividends on our capital stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors. Additionally, our ability to pay dividends is limited by restrictions on our ability to pay dividends or make distributions under the terms of our credit facility. Accordingly, investors must rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

We are an "emerging growth company" and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our Class A common stock less attractive to investors.

For so long as we remain an "emerging growth company" as defined in the JOBS Act, we may take advantage of certain exemptions from various requirements that are applicable to public companies that are not "emerging growth companies," including, but not limited to, not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We may take advantage of these exemptions until we are no longer an emerging growth company. We would cease to be an emerging growth company upon the earliest to occur of: (i) the first fiscal year following the fifth anniversary of our initial public offering; (ii) the first fiscal year after our annual gross revenue is $1.07 billion or more; (iii) the date on which we have, during the previous three-year period, issued more than $1.0 billion in non-convertible debt securities; or (iv) as of the end of any fiscal year in which the market value of our common stock held by non-affiliates exceeded $700.0 million as of the end of the second quarter of that fiscal year. Further, pursuant to Section 107 of the JOBS Act, as an emerging growth company, we have elected to take advantage of the extended transition period for complying with new or revised

Table of Contents

accounting standards until those standards would otherwise apply to private companies. As a result, our results of operations and financial statements may not be comparable to the results of operations and financial statements of other companies who have adopted the new or revised accounting standards. We cannot predict if investors will find our Class A common stock less attractive because we may rely on these exemptions. If some investors find our Class A common stock less attractive as a result, there may be a less active trading market for our Class A common stock and our stock price may be more volatile.

Because the initial public offering price of our Class A common stock will be substantially higher than the pro forma net tangible book value per share of our outstanding Class A and Class B common stock following this offering, new investors will experience immediate and substantial dilution.

The initial public offering price of our Class A common stock will be substantially higher than the pro forma net tangible book value per share of our Class A and Class B common stock outstanding immediately following this offering, based on the total value of our tangible assets less our total liabilities. Therefore, if you purchase shares of our Class A common stock in this offering, you will experience immediate dilution of $ per share, the difference between the price per share you pay for our Class A common stock and its pro forma net tangible book value per share as of January 31, 2019, after giving effect to the issuance of shares of our Class A common stock in this offering. Furthermore, if the underwriters exercise their option to purchase additional shares in full, outstanding options are exercised, we issue awards to our employees under our equity incentive plans or we otherwise issue additional shares of our Class A common stock, you could experience further dilution. See the section titled "Dilution" for more information.

The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, or otherwise will dilute all other stockholders.

Our amended and restated certificate of incorporation that will be in effect upon completion of this offering authorizes us to issue up to shares of Class A common stock, up to shares of Class B common stock, and up to shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue shares of Class A common stock or securities convertible into shares of our Class A common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the market price of our Class A common stock to decline.

Certain provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove members of our board of directors or current management, and may adversely affect the market price of our Class A common stock.

Our amended and restated certificate of incorporation and amended and restated bylaws that will be in effect upon completion of this offering contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors that are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:

•: our dual class common stock structure, which provides our holders of Class B common stock with the ability to significantly influence the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the shares of our outstanding Class A and Class B common stock;

Table of Contents

•: a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;
•: the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;
•: the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;
•: a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders, which prohibition will take effect on the first date on which the number of outstanding shares of our Class B common stock represents less than 10% of the aggregate number of outstanding shares of our Class A common stock and our Class B common stock, taken together as a single class;
•: the requirement that a special meeting of stockholders may be called only by the chairperson of our board of directors, chief executive officer or by the board of directors acting pursuant to a resolution adopted by a majority of our board of directors, which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;
•: certain amendments to our amended and restated certificate of incorporation will require the approval of two-thirds of the then-outstanding voting power of our capital stock; and
•: advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders' meeting, which may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer's own slate of directors or otherwise attempting to obtain control of us.

These provisions may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a certain period of time. See the section titled "Description of Capital Stock—Anti-takeover Provisions."

Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware will be the exclusive forum for certain disputes between us and our stockholders, which could limit our stockholders' ability to obtain a favorable judicial forum for disputes with us or our directors, officers or employees.

Our amended and restated bylaws, which will become effective immediately prior to the completion of this offering, provide that the Court of Chancery of the State of Delaware is the exclusive forum for:

•: any derivative action or proceeding brought on our behalf;
•: any action asserting a breach of fiduciary duty;
•: any action asserting a claim against us arising under the Delaware General Corporation Law, our amended and restated certificate of incorporation or our amended and restated bylaws;
•: any action to interpret, apply, enforce or determine the validity of our amended and restated certificate of incorporation or our amended and restated bylaws; and
•: any action asserting a claim against us that is governed by the internal-affairs doctrine.

Table of Contents

However, this exclusive forum provision would not apply to suits brought to enforce a duty or liability created by the Exchange Act. Furthermore, this provision applies to Securities Act claims and Section 22 of the Securities Act creates concurrent jurisdiction for federal and state courts over all suits brought to enforce any duty or liability created by the Securities Act or the rules or regulations thereunder. Accordingly, there is uncertainty as to whether a court would enforce such provision, and our stockholders will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder.

This exclusive-forum provision may limit a stockholder's ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers or other employees, which may discourage lawsuits against us and our directors, officers and other employees.

Table of Contents

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This prospectus, including the sections titled "Prospectus Summary," "Risk Factors," "Use of Proceeds," "Management's Discussion and Analysis of Financial Condition and Results of Operations," and "Business," contain forward-looking statements. The words "believe," "may," "will," "potentially," "estimate," "continue," "anticipate," "intend," "could," "would," "project," "plan," "expect," and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.

These forward-looking statements include, but are not limited to, statements concerning the following:

•: our future financial performance, including our expectations regarding our revenue, cost of revenue, gross profit or gross margin, operating expenses (including changes in research and development, sales and marketing and general and administrative expenses), and our ability to achieve, and maintain, future profitability;
•: the growth in the market for cloud-based security solutions and future cybersecurity spending;
•: our business plan and our ability to effectively manage our growth and associated investments;
•: anticipated trends, growth rates and challenges in our business and in the markets in which we operate;
•: market acceptance of recently introduced solutions;
•: beliefs and objectives for future operations;
•: our ability to increase our market share of the overall security and IT operations market with our solutions;
•: our ability to increase sales of our solutions;
•: our ability to attract and retain customers;
•: our ability to cross-sell to our existing customers;
•: our ability to maintain and expand our customer base and our relationships with channel and technology alliance partners;
•: our ability to timely and effectively scale and adapt our existing solutions;
•: our ability to continue to innovate and enhance our cloud-based platform;
•: our ability to develop new solutions and bring them to market in a timely manner;
•: our ability to maintain, protect and enhance our brand and intellectual property;
•: our ability to continue to expand internationally;
•: the effects of increased competition in our markets and our ability to compete effectively;
•: the sufficiency of our cash to meet our cash needs for at least the next 12 months;
•: future acquisitions or investments;
•: our ability to stay in compliance with laws and regulations that currently apply or become applicable to our business both in the United States and internationally;
•: economic and industry trends or trend analysis;

Table of Contents

•: the attraction and retention of qualified employees and key personnel;
•: the estimates and estimate methodologies used in preparing our consolidated financial statements and determining option exercise prices;
•: the future trading prices of our Class A common stock;
•: our estimated total addressable market; and
•: our anticipated use of the net proceeds from this offering.

We caution you that the foregoing list may not contain all of the forward-looking statements made in this prospectus.

These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in the section titled "Risk Factors" and elsewhere in this prospectus. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this prospectus may not occur and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements.

Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that the future results, levels of activity, performance, or events and circumstances reflected in the forward-looking statements will be achieved or occur. The forward-looking statements made in this prospectus relate only to events as of the date on which the statements are made. We undertake no obligation to update publicly any forward-looking statements for any reason after the date of this prospectus to conform these statements to actual results or to changes in our expectations, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments we may make.

In addition, statements that "we believe" and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the date of this prospectus, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and investors are cautioned not to unduly rely upon these statements.

You should read this prospectus and the documents that we reference in this prospectus and have filed with the SEC as exhibits to the registration statement of which this prospectus is a part with the understanding that our actual future results, levels of activity, performance, and events and circumstances may be materially different from what we expect.

Table of Contents

MARKET AND INDUSTRY DATA

This prospectus contains estimates and information concerning our industry, including market size of the markets in which we participate, that are based on industry publications and reports. This information involves a number of assumptions and limitations, and you are cautioned not to give undue weight to these estimates. We have not independently verified the accuracy or completeness of the data contained in these industry publications and reports. While we believe the industry, market, and competitive position data included in this prospectus are reliable and are based on reasonable assumptions, these data are necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the section titled "Risk Factors." These and other factors could cause results to differ materially from those expressed in these publications and reports.

The sources of certain statistical data, estimates and forecasts contained in this prospectus are the following independent industry publications or reports:

•: Cisco Systems, Inc., Cisco Visual Networking Index: Forecast and Trends, 2017-2022, November 2018.
•: International Data Corporation, Market Analysis Perspective: Worldwide Managed Security Services Providers, 2018, September 2018.
•: International Data Corporation, Market Forecast—Worldwide IT Asset Management Software Forecast, 2018-2022: Asset Management Accelerates as Digital Transformation Changes What Assets Must Be Managed, September 2018.
•: International Data Corporation, Market Forecast—Worldwide Corporate Endpoint Security Forecast, 2018-2022, July 2018.
•: International Data Corporation, Market Forecast—Worldwide Security and Vulnerability Forecast, 2018-2022: SVM Vendors Fight Off New Market Entrants, July 2018.
•: International Data Corporation, Market Forecast—Worldwide Threat Intelligence Security Services Forecast, 2017-2021, November 2017.

Table of Contents

USE OF PROCEEDS

We estimate that the net proceeds to us from the sale of shares of our Class A common stock offered by us in this offering at the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us, will be approximately $ million, or approximately $ million if the underwriters exercise their option to purchase additional shares of our Class A common stock from us in full.

Each $1.00 increase (decrease) in the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, would increase (decrease) the net proceeds to us from this offering by approximately $ million, assuming the number of shares of our Class A common stock offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions payable by us. Similarly, each 1.0 million increase (decrease) in the number of shares of our Class A common stock offered by us would increase (decrease) the net proceeds to us from this offering by approximately $ million, assuming the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions payable by us.

We currently intend to use the net proceeds we receive from this offering primarily for general corporate purposes, including working capital, sales and marketing activities, research and development, general and administrative matters, and capital expenditures, although we do not currently have any specific or preliminary plans with respect to the use of proceeds for such purposes. We may also use a portion of the net proceeds for the acquisition of, or investment in, technologies, solutions, products, or businesses that complement our business, although we have no present commitments or agreements to enter into any such acquisitions or investments.

We cannot specify with certainty the particular uses for the net proceeds from this offering. Accordingly, we will have broad discretion over the uses of the net proceeds of this offering. Pending these uses, we intend to invest the net proceeds in short-term, investment-grade interest-bearing securities, such as money market accounts, certificates of deposit, commercial paper, and guaranteed obligations of the U.S. government.

Table of Contents

DIVIDEND POLICY

We have never declared or paid any cash dividends on our capital stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not expect to pay any dividends on our capital stock in the foreseeable future. Additionally, our ability to pay dividends is limited by restrictions on our ability to pay dividends or make distributions under the terms of our credit facility. Any future determination to declare dividends will be made at the discretion of our board of directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that our board of directors may deem relevant.

Table of Contents

CAPITALIZATION

The following table sets forth cash and cash equivalents, as well as our capitalization, as of January 31, 2019, as follows:

•: on an actual basis;
•: on a pro forma basis, giving effect to (i) the automatic conversion of an aggregate of 131,267,586 shares of our outstanding redeemable convertible preferred stock into an equivalent number of shares of our Class B common stock, (ii) the reclassification of all of our outstanding common stock into an equal number of shares of Class B common stock, (iii) the automatic conversion of the redeemable convertible preferred stock warrants to Class B common stock warrants, and the resulting reclassification of the redeemable convertible preferred stock warrant liability to additional paid-in-capital, (iv) stock-based compensation expense of approximately $10.4 million associated with RSUs subject to service-based and performance-based vesting conditions, which we will recognize upon the completion of this offering, as further described in Note 2 to our consolidated financial statements included elsewhere in this prospectus, and (iv) the filing and effectiveness of our amended and restated certificate of incorporation in Delaware, each of which will occur immediately prior to the completion of this offering; and
•: on a pro forma as adjusted basis, giving effect to the pro forma adjustments set forth above and the sale and issuance by us of shares of our Class A common stock in this offering, based upon the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

The information below is illustrative only and our capitalization following this offering will be adjusted based on the actual initial public offering price and other terms of the offering determined at pricing. You should read this information together with our consolidated financial statements and related notes, and the sections titled "Selected Consolidated Financial and Other Data" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" that are included elsewhere in this prospectus.

Table of Contents

	As of January 31, 2019

	Actual			Pro Forma			Pro Forma As Adjusted(1)
	(in thousands, except share and per share data)
Cash and cash equivalents	$	88,408		$	88,408		$



Redeemable convertible preferred stock warrant liability	$	4,537		$	—		$

Redeemable convertible preferred stock, par value $0.0005 per share: 137,418,875 shares authorized, 131,267,586 issued and outstanding, actual; no shares authorized, issued and outstanding, pro forma and pro forma as adjusted		557,912			—

Stockholders' equity (deficit):
Preferred stock, par value $0.0005 per share: no shares authorized, issued and outstanding, actual; shares authorized, no shares issued and outstanding, pro forma and pro forma as adjusted		—			—
Common stock, par value $0.0005 per share: 220,000,000 shares authorized, 47,421,385 shares issued and outstanding, actual; no shares authorized, issued and outstanding, pro forma and pro forma as adjusted		24			—
Class A common stock, par value $0.0005 per share: no shares authorized, issued and outstanding, actual; shares authorized, no shares issued and outstanding, pro forma; shares authorized, shares issued and outstanding, pro forma as adjusted		—			—
Class B common stock, par value $0.0005 per share: no shares authorized, issued and outstanding, actual; shares authorized, 178,688,971 shares issued and outstanding, pro forma; shares authorized, shares issued and outstanding, pro forma as adjusted		—			90
Additional paid-in capital		31,211			603,956
Accumulated deficit		(519,126	)		(529,488	)
Accumulated other comprehensive income		98			98

Total stockholders' equity (deficit)		(487,793	)		74,656

Total capitalization	$	74,656		$	74,656		$

(1): Each $1.00 increase (decrease) in the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, would increase (decrease) the amount of our pro forma as adjusted cash and cash equivalents, additional paid-in capital, total stockholders' equity, and total capitalization by approximately $ million, assuming the number of shares of our Class A common stock offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting estimated underwriting discounts and commissions payable by us. Similarly, each 1.0 million increase (decrease) in the number of shares of our Class A common stock offered by us would increase (decrease) the net proceeds to us from this offering by approximately $ million, assuming the assumed initial public offering price of $ per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions payable by

Table of Contents

us. The pro forma as adjusted information discussed above is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing.

The number of shares of our common stock that will be outstanding after this offering is based on 178,688,971 shares of our Class B common stock (including shares of our redeemable convertible preferred stock on an as-converted basis) outstanding as of January 31, 2019, and excludes:

•

4,059,407 shares of our Class B common stock issuable upon the satisfaction of a performance-based vesting condition pursuant to RSUs outstanding as of January 31, 2019;

•

shares of our Class A common stock reserved for future issuance under our equity compensation plans, including:

•: shares of our Class A common stock to be reserved for future issuance under our 2019 Plan, which will become effective prior to the completion of this offering;
•: 1,540,071 shares of our Class B common stock reserved for future issuance under our 2011 Plan as of January 31, 2019. Shares reserved for issuance under our 2011 plan will be added to the shares of our Class A common stock to be reserved for future issuance under our 2019 Plan upon its effectiveness; and
•: shares of our Class A common stock to be reserved for future issuance under our ESPP, which will become effective upon completion of this offering.

Table of Contents

DILUTION

If you invest in our Class A common stock, your interest will be diluted to the extent of the difference between the amount per share paid by purchasers of shares of Class A common stock in this initial public offering and the pro forma as adjusted net tangible book value per share of common stock immediately after this offering.

Our historical net tangible book value (deficit) as of January 31, 2019, was $(538.4) million, or $(11.35) per share of common stock. Our pro forma net tangible book value as of January 31, 2019 was $24.0 million, or $0.13 per share of common stock. Our pro forma net tangible book value per share represents the amount of our total tangible assets reduced by the amount of our total liabilities and divided by the total number of shares of our Class A and Class B common stock outstanding as of January 31, 2019, assuming the conversion of all 131,267,586 outstanding shares of our redeemable convertible preferred stock into an equivalent number of shares of Class B common stock and the resulting reclassification of the redeemable convertible preferred stock warrant liability to additional paid-in-capital.

After giving effect to our sale in this offering of shares of our Class A common stock, at an assumed initial public offering price of $ per share, the midpoint of the estimated offering price range reflected on the cover page of this prospectus, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us, our pro forma as adjusted net tangible book value as of January 31, 2019, would have been approximately $ million, or $ per share. This represents an immediate increase in pro forma net tangible book value of $ per share to our existing stockholders and an immediate dilution of $ per share to investors purchasing shares in this offering.

The following table illustrates this dilution:


Assumed initial public offering price per share				$
Historical net tangible book value (deficit) per share as of January 31, 2019	$	(11.35	)
Pro forma net tangible book value per share as of January 31, 2019		0.13
Increase in pro forma net tangible book value per share attributable to this offering

Pro forma net tangible book value, as adjusted to give effect to this offering				$

Dilution in pro forma net tangible book value per share to new investors in this offering				$

The dilution information discussed above is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. A $1.00 increase (decrease) in the assumed initial public offering price of $ per share, the midpoint of the estimated offering price range reflected on the cover page of this prospectus, would increase (decrease) our pro forma net tangible book value, as adjusted to give effect to this offering, by $ per share, the increase (decrease) attributable to this offering by $ per share, and the dilution in pro forma as adjusted net tangible book value per share to new investors in this offering by $ per share, assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting estimated underwriting discounts and commissions and estimated expenses payable by us. Each 1.0 million increase (decrease) in the number of shares offered by us as set forth on the cover page of this prospectus, would increase (decrease) our pro forma net tangible book value, as adjusted to give effect to this offering, by $ per share, the increase (decrease) attributable to this offering by $ per share, and the dilution in pro forma as adjusted net tangible book value per share to new investors in this offering by $ per share, assuming that the assumed initial public offering price of

Table of Contents

$ per share, the midpoint of the estimated offering price range on the cover of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us.

If the underwriters exercise their option to purchase additional shares of Class A common stock in full, the pro forma net tangible book value per share after giving effect to this offering would be $ per share, and the dilution in net tangible book value per share to investors in this offering would be $ per share.

The following table summarizes, on a pro forma as adjusted basis as of January 31, 2019, after giving effect to the sale of shares of Class A common stock by us in this offering at an assumed initial public offering price of $ per share, the midpoint of the estimated offering price range on the cover of this prospectus, the difference between existing stockholders and new investors with respect to the number of shares of Class A common stock purchased from us, the total consideration paid to us and the average price per share paid or to be paid to us at an assumed offering price of $ per share, the midpoint of the estimated offering price range on the cover of this prospectus, before deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us:

	Shares Purchased					Total Consideration

	Shares Purchased					Total Consideration					Average Price Per Share
	Number		Percent			Amount		Percent			Average Price Per Share
Existing stockholders		178,688,971			%	$	502,596,355			%	$	2.81
New public investors

Total				100	%	$			100	%

The information discussed above is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. Each $1.00 increase (decrease) in the assumed initial public offering price of $ per share, the midpoint of the estimated offering price range set forth on the cover of this prospectus, would increase (decrease) total consideration paid by new investors and total consideration paid by all stockholders by approximately $ million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus remains the same and after deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us. Each 1.0 million increase (decrease) in the number of shares offered by us as set forth on the cover page of this prospectus, would increase (decrease) our pro forma net tangible book value, as adjusted to give effect to this offering, by $ per share, the increase (decrease) attributable to this offering by $ per share, and the dilution in pro forma as adjusted net tangible book value per share to new investors in this offering by $ per share, assuming that the assumed initial public offering price of $ per share, the midpoint of the estimated offering price range reflected on the cover of this prospectus, remains the same and after deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us.

Except as otherwise indicated, the above discussion and tables assume no exercise of the underwriters' option to purchase additional shares of our Class A common stock from us. If the underwriters exercise their option to purchase additional shares of our Class A common stock in full, our existing stockholders would own % and the investors purchasing shares of our Class A common stock in this offering would own % of the total number of shares of our common stock outstanding immediately after completion of this offering.

The number of shares of our common stock that will be outstanding after this offering is based on 178,688,971 shares of our Class B common stock (including shares of our redeemable

Table of Contents

convertible preferred stock on an as-converted basis) outstanding as of January 31, 2019, and excludes:

•

4,059,407 shares of our Class B common stock issuable upon the satisfaction of a performance-based vesting condition pursuant to RSUs outstanding as of January 31, 2019;

•

shares of our Class A common stock reserved for future issuance under our equity compensation plans, including:

•: shares of our Class A common stock to be reserved for future issuance under our 2019 Plan, which will become effective prior to the completion of this offering;
•: 1,540,071 shares of our Class B common stock reserved for future issuance under our 2011 Plan as of January 31, 2019. Shares reserved for issuance under our 2011 plan will be added to the shares of our Class A common stock to be reserved for future issuance under our 2019 Plan upon its effectiveness; and
•: shares of our Class A common stock to be reserved for future issuance under our ESPP, which will become effective upon completion of this offering.

Our 2019 Plan and ESPP each provide for annual automatic increases in the number of shares of our Class A common stock reserved thereunder, and our 2019 Plan also provides for increases to the number of shares of our Class A common stock that may be granted thereunder based on shares under our 2011 Plan that expire, are forfeited, or otherwise repurchased by us. See the section titled "Executive Compensation—Employee Benefit and Stock Plans" for further explanation.

To the extent that any outstanding options or warrants are exercised or we issue any securities or convertible debt in the future, investors will experience further dilution.

Table of Contents

SELECTED CONSOLIDATED FINANCIAL AND OTHER DATA

We derived the selected consolidated statements of operations data for fiscal 2017, fiscal 2018, and fiscal 2019 and the consolidated balance sheet data as of January 31, 2018 and 2019 from our audited consolidated financial statements included elsewhere in this prospectus. The following summary consolidated financial data should be read together with our audited consolidated financial statements and the related notes, as well as the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations" included elsewhere in this prospectus. Our historical results are not necessarily indicative of financial results to be achieved in future periods.

	Year Ended January 31,

	2017			2018			2019
	(in thousands, except per share data)
Consolidated Statement of Operations Data:
Revenue
Subscription	$	37,895		$	92,568		$	219,401
Professional services		14,850			26,184			30,423

Total revenue		52,745			118,752			249,824

Cost of revenue(1)
Subscription		24,378			39,857			69,208
Professional services		9,628			14,629			18,030

Total cost of revenue		34,006			54,486			87,238

Gross profit		18,739			64,266			162,586

Operating expenses
Sales and marketing(1)		53,748			104,277			172,682
Research and development(1)		39,145			58,887			84,551
General and administrative(1)		16,402			32,542			42,217

Total operating expenses		109,295			195,706			299,450

Loss from operations		(90,556	)		(131,440	)		(136,864	)
Interest expense		(615	)		(1,648	)		(428	)
Other expense, net		(82	)		(1,473	)		(1,418	)

Loss before provision for income taxes		(91,253	)		(134,561	)		(138,710	)
Provision for income taxes		(87	)		(929	)		(1,367	)

Net loss	$	(91,340	)	$	(135,490	)	$	(140,077	)



Accretion of redeemable convertible preferred stock		(17,012	)		(5,853	)		—

Net loss attributable to common stockholders	$	(108,352	)	$	(141,343	)	$	(140,077	)



Net loss per share attributable to common stockholders, basic and diluted(2)	$	(2.73	)	$	(3.38	)	$	(3.12	)



Weighted-average shares used in computing net loss per share attributable to common stockholders, basic and diluted(2)		39,706			41,876			44,863



Pro forma net loss per share, basic and diluted (unaudited)(2)							$	(0.80	)



Weighted-average shares used in computing pro forma net loss per share, basic and diluted (unaudited)(2)								171,202

Table of Contents

(1): Includes stock-based compensation expense as follows:

	Year Ended January 31,

	2017		2018		2019
	(in thousands)
Cost of revenue	$	91	$	341	$	894
Sales and marketing		638		1,386		5,175
Research and development		561		3,429		7,815
General and administrative		704		7,187		6,621

Total stock-based compensation expense	$	1,994	$	12,343	$	20,505

(2): See Note 2 and Note 15 to our consolidated financial statements elsewhere in this prospectus for an explanation of the method used to calculate our basic and diluted net loss per share attributable to our common stockholders, our basic and diluted pro forma net loss per share, and the weighted-average number of shares used in the computation of the per share amounts.

	As of January 31,

	2018			2019
	(in thousands)
Consolidated Balance Sheet Data:
Cash and cash equivalents	$	63,179		$	88,408
Working capital (deficit)⁽¹⁾		(12,279	)		49,968
Total assets		217,703			433,219
Deferred revenue, current and noncurrent		158,950			290,067
Redeemable convertible preferred stock		358,016			557,912
Accumulated deficit		(378,948	)		(519,126	)
Total stockholders' deficit		(369,474	)		(487,793	)

(1): Working capital (deficit) is defined as current assets less current liabilities.

Key Metrics

Subscription Customers

Our subscription customers include all paid subscribers to our Falcon platform, and excludes customers solely of our incident response and proactive services. The following table sets forth the number of subscription customers as of the dates presented:

	As of January 31,

	2017			2018			2019
Subscription customers		450			1,242			2,516
Year-over-year growth		173	%		176	%		103	%

Table of Contents

Annual Recurring Revenue

ARR is calculated as the annualized value of our customer subscription contracts as of the measurement date, assuming any contract that expires during the next 12 months is renewed on its existing terms. The following table sets forth our ARR as of the dates presented:

	As of January 31,

	2017			2018			2019
	(dollars in thousands)
Annual recurring revenue	$	58,758		$	141,314		$	312,656
Year-over-year growth		110	%		140	%		121	%

Dollar-Based Net Retention Rate

Our dollar-based net retention rate compares our ARR from a set of subscription customers against the same metric for those subscription customers from the prior year. Our dollar-based net retention rate reflects customer renewals, expansion, contraction, and churn, and excludes revenue from our incident response and proactive services. We calculate our dollar-based net retention rate as of period end by starting with the ARR from all subscription customers as of 12 months prior to such period end, or Prior Period ARR. We then calculate the ARR from these same subscription customers as of the current period end, or Current Period ARR. Current Period ARR includes any expansion and is net of contraction or churn over the trailing 12 months but excludes revenue from new subscription customers in the current period. We then divide the Current Period ARR by the Prior Period ARR to arrive at our dollar-based net retention rate. The following table sets forth the dollar-based net retention rates as of the dates presented:

	As of January 31,

	2017			2018			2019
Dollar-based net retention rate		104	%		119	%		147	%

Non-GAAP Financial Measures

We believe that, in addition to our results determined in accordance with GAAP, non-GAAP subscription gross profit, non-GAAP subscription gross margin, non-GAAP loss from operations, non-GAAP operating margin, free cash flow, and free cash flow margin are useful in evaluating our business, results of operations, and financial condition.

See the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations—Non-GAAP Financial Measures" for explanations of how we calculate these

Table of Contents

measures and for reconciliation to the most directly comparable financial measure stated in accordance with GAAP.

	Year Ended January 31,

	2017			2018			2019
	(dollars in thousands)
Subscription gross profit	$	13,517		$	52,711		$	150,193
Non-GAAP subscription gross profit	$	13,664		$	53,087		$	151,209
Subscription gross margin		36	%		57	%		68	%
Non-GAAP subscription gross margin		36	%		57	%		69	%
Loss from operations	$	(90,556	)	$	(131,440	)	$	(136,864	)
Non-GAAP loss from operations	$	(88,465	)	$	(118,302	)	$	(115,776	)
Operating margin		(172	)%		(111	)%		(55	)%
Non-GAAP operating margin		(168	)%		(100	)%		(46	)%
Net cash used in operating activities	$	(51,998	)	$	(58,766	)	$	(22,968	)
Net cash used in investing activities	$	(11,854	)	$	(28,330	)	$	(142,030	)
Net cash provided by financing activities	$	17,460		$	126,831		$	190,389
Free cash flow	$	(64,645	)	$	(94,992	)	$	(65,613	)
Net cash used in operating activities as a percentage of revenue		(99	)%		(49	)%		(9	)%
Free cash flow margin		(123	)%		(80	)%		(26	)%

Non-GAAP Subscription Gross Profit and Non-GAAP Subscription Gross Margin

Non-GAAP Loss from Operations and Non-GAAP Operating Margin

Free Cash Flow and Free Cash Flow Margin

Table of Contents

MANAGEMENT'S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS

You should read the following discussion of our financial condition and results of operations in conjunction with the consolidated financial statements and the notes thereto included elsewhere in this prospectus. The following discussion contains forward-looking statements that reflect our plans, estimates and beliefs. Our actual results could differ materially from those discussed in the forward-looking statements. Factors that could cause or contribute to these differences include those discussed below and elsewhere in this prospectus, particularly in the sections titled "Special Note Regarding Forward-Looking Statements" and "Risk Factors." Our fiscal year end is January 31, and our fiscal quarters end on April 30, July 31, October 31, and January 31. Our fiscal years ended January 31, 2017, January 31, 2018, and January 31, 2019 are referred to herein as fiscal 2017, fiscal 2018, and fiscal 2019, respectively.

Overview

We founded CrowdStrike in 2011 to reinvent security for the cloud era. When we started the company, cyberattackers had a decided, asymmetric advantage over existing security products. We turned the tables on the adversaries by taking a fundamentally new approach that leverages the network effects of crowdsourced data applied to modern technologies such as AI, cloud computing, and graph databases. Realizing that the nature of cybersecurity problems had changed but the solutions had not, we built our CrowdStrike Falcon platform to detect threats and stop breaches.

We believe we are defining a new category called the Security Cloud, with the power to transform the security industry much the same way the cloud has transformed the CRM, HR, and service management industries. With our Falcon platform, we created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as desktops, laptops, servers, virtual machines, and IoT devices. Our Falcon platform is composed of two tightly integrated proprietary technologies: our easily deployed intelligent lightweight agent and our cloud-based, dynamic graph database called Threat Graph. Our solution benefits from crowdsourcing and economies of scale, which we believe enables our AI algorithms to be uniquely effective. We call this cloud-scale AI. We initially provided intelligence and incident response services while we developed our Falcon platform. In June 2013, we first began providing EDR capabilities as a single solution. In February 2017, as we executed on our Falcon platform expansion strategy, we began offering these and additional capabilities as separate cloud modules. This strategic move facilitated new customer adoption and allowed us to further expand within our customer base. Today, we offer 10 cloud modules on our Falcon platform via a SaaS subscription-based model that spans multiple large security markets, including endpoint security, security and IT operations (including vulnerability management), and threat intelligence.

Since our founding, we have achieved a number of milestones such as:

•: July 2012: We launched our threat intelligence product.
•: June 2013: We launched our EDR capabilities as a single solution.
•: August 2013: We launched our threat hunting cloud module.
•: August 2015: We were named 2015 Technology Pioneer by World Economic Forum.
•: August 2016: We were named to the 2016 Inc. 500--5000 list.
•: February 2017: We launched our full next-generation antivirus cloud module.

Table of Contents

•: February 2017: We launched our IT hygiene cloud module and our multi-SKU go-to-market strategy.
•: May 2017: We were named to CNBC's 2017 Disruptor 50 list.
•: July 2017: We launched our malware search cloud module.
•: November 2017: We launched our sandbox and vulnerability management cloud modules.
•: April 2018: We received the SC Award for Best Security Company for the second year in a row, as well as for Best Enterprise Security Solution, and also launched our Falcon Complete cloud module.
•: August 2018: We launched our device control cloud module.
•: September 2018: We received FedRAMP authorization.
•: September 2018: We were ranked number six in Forbes Cloud 100 List (second consecutive year on list).
•: October 2018: We were named to the Fortune Best Companies To Work For list (second consecutive year on list).
•: November 2018: We received the highest overall score among Customers' Choice vendors in Gartner Peer Insights for Endpoint Security and Endpoint Protection.
•: February 2019: We launched the first open cloud-based application platform for endpoint security and the industry's first unified security cloud ecosystem of trusted third-party applications.
•: March 2019: We announced the first enterprise EDR solution for mobile devices, which we expect will be commercially available later this year.

We have recently experienced significant growth, with total revenue increasing from $52.7 million for fiscal 2017 to $118.8 million for fiscal 2018, representing year-over-year growth of 125%, and from $118.8 million for fiscal 2018 to $249.8 million for fiscal 2019, representing year-over-year growth of 110%. Subscription revenue grew from $37.9 million for fiscal 2017 to $92.6 million for fiscal 2018, a 144% increase, and from $92.6 million for fiscal 2018 to $219.4 million for fiscal 2019, a 137% increase. Our ARR has grown from $58.8 million as of January 31, 2017 to $141.3 million as of January 31, 2018, a 140% increase, and from $141.3 million as of January 31, 2018 to $312.7 million as of January 31, 2019, a 121% increase. Our net loss increased from $91.3 million for fiscal 2017 to $135.5 million for fiscal 2018 and from $135.5 million for fiscal 2018 to $140.1 million for fiscal 2019. Our accumulated deficit as of January 31, 2019 was $519.1 million. We expect to continue to incur net losses for the foreseeable future as we continue to invest in our business and our sales capabilities to address our large market opportunity.

Our Go-To-Market Strategy

We have a diverse and highly efficient go-to-market strategy through which we sell subscriptions to our Falcon platform and cloud modules to organizations across multiple industries. We primarily sell subscriptions to our Falcon platform and cloud modules through our direct sales

Table of Contents

team that leverages our network of channel partners. Our direct sales team is comprised of field sales and inside sales professionals who are segmented by a customer's number of endpoints.

We have a low friction land-and-expand sales strategy. When customers deploy our Falcon platform, they can start with any number of cloud modules and we can activate additional cloud modules in real time on the same agent already deployed on the endpoint. This architecture has also allowed us to begin to offer a free trial of our Falcon Prevent module directly from our website or the AWS Marketplace, and we plan to extend this capability to additional modules in the future. Once customers experience the benefits of our Falcon platform, they often expand their adoption over time by adding more endpoints or purchasing additional modules. We also use our sales team to identify current customers who may be interested in free trials of additional cloud modules, which serves as a powerful driver of our land-and-expand model. By segmenting our sales teams, we can deploy a low-touch sales model that efficiently identifies prospective customers.

We began as a solution for large enterprises, but the flexibility and scalability of our Falcon platform has enabled us to seamlessly offer our solution to customers of any size—from those with hundreds of thousands of endpoints to as few as three. We have expanded our sales focus to include any organization without the need to modify our Falcon platform for small and medium sized businesses.

A substantial majority of our customers purchase subscriptions with a term of one year. Our subscriptions are generally priced on a per-endpoint and per-module basis. We recognize revenue from our subscriptions ratably over the term of the subscription. We also generate revenue from our incident response and proactive professional services, which are generally priced on a time and materials basis. We view our professional services business primarily as an opportunity to cross-sell subscriptions to our Falcon platform and cloud modules.

Certain Factors Affecting Our Performance

Adoption of Our Solutions. We believe our future success depends in large part on the growth in the market for cloud-based SaaS-delivered endpoint security solutions. The limitations of legacy on-premise products, coupled with a dynamic and growing threat landscape, are intensifying the need for organizations to reevaluate their approach to cybersecurity. As organizations grow and become more distributed and diverse, adding more endpoints and workloads, they expand the attack surface available to sophisticated adversaries targeting their data and IT infrastructure. As security threats multiply, organizations often find themselves unable to hire sufficient security professionals to address all security gaps and vulnerabilities, underscoring the need for automated systems to effectively address these threats. Many organizations have not yet abandoned the on-premise legacy products in which they have invested substantial personnel and financial resources to design and maintain. As a result, it is difficult to predict customer adoption rates and demand for our cloud-based solutions. On-premise legacy products are siloed, lack integration, and have limited ability to collect, process, and analyze vast amounts of data, attributes that are required to be effective in today's increasingly dynamic threat landscape. Legacy security products have tried to address these attacks but firewalls are ineffective at protecting endpoints outside the corporate perimeter and signature-based products are not capable of protecting against unknown threats. Other alternatives such as malware-focused machine learning products are useless against cyberattacks that do not leverage malware, and approaches based on creating a manual list of approved programs, or whitelisting, are cumbersome to implement and enforce and are also vulnerable to attacks that exploit legitimate applications. To ensure comprehensive threat protection, we believe organizations need to adopt an integrated, data-driven, and automated cloud-based approach to security.

Table of Contents

New Customer Acquisition. Our future growth depends in large part on our ability to acquire new customers. If our efforts to attract new customers are not successful, our revenue and rate of revenue growth may decline. We believe our ability to add new customers is a key indicator of the market's increased adoption of our solution. Our subscription customer count grew from 450 as of January 31, 2017, to 1,242 as of January 31, 2018, representing a year-over-year increase of 176% and from 1,242 as of January 31, 2018, to 2,516 as of January 31, 2019, representing a year-over-year increase of 103%. Our go-to-market strategy and the flexibility and scalability of our Falcon platform allow us to rapidly expand our customer base. Our incident response and proactive services also help drive new customer acquisitions, as many of these professional services customers subsequently purchase subscriptions to our Falcon platform. Many organizations have not yet adopted cloud-based security solutions, and since our Falcon platform has offerings for organizations of all sizes, worldwide, and across industries, we believe this presents a significant opportunity for growth.

Maintain Customer Retention and Increase Sales. Our ability to increase revenue depends in large part on our ability to retain our existing customers and increase the ARR of their subscriptions. We typically enjoy a high rate of customer retention. For example, our dollar-based gross retention rate was 96% and 98% as of January 31, 2018 and January 31, 2019, respectively. We calculate our dollar-based gross retention rate as of the period end by starting with the ARR from all subscription customers as of 12 months prior to such period, or Prior Period ARR. We then deduct from the Prior Period ARR any ARR from subscription customers who are no longer customers as of the current period end, or Current Period Remaining ARR. We then divide the total Current Period Remaining ARR by the total Prior Period ARR to arrive at our dollar-based gross retention rate, which is the percentage of ARR from all subscription customers as of the year prior that is not lost to customer churn. Our dollar-based gross retention rate reflects only customer losses and does not reflect customer expansion or contraction, so it demonstrates that the vast majority of our customers continue to use our solution and renew their subscriptions. We also focus on increasing sales to our existing customers by expanding their deployments to more endpoints and selling additional cloud modules for increased functionality. However, our customer retention and expansion may decline or fluctuate as a result of a number of factors, and if our efforts to expand our relationships with our customers are not successful, our business, results of operations, and financial condition may suffer.

The chart below illustrates our strong relationship with existing customers by presenting our dollar-based net retention rate over the past eight fiscal quarters. Consistent with the execution of our platform strategy beginning in the first quarter of fiscal 2018, the ARR of our existing customer accounts has generally increased. Our dollar-based net retention rate, which measures existing customers' subscriptions over a 12 month period, was 147% as of January 31, 2019, demonstrating the power of our land-and-expand strategy. In order for us to increase the ARR from our existing customers, we need to expand our commercial relationships with these customers by deploying to more endpoints in their environment and selling additional modules. See the section titled "Key Metrics—Dollar-Based Net Retention Rate" below for additional information about how we define dollar-based net retention rate. The chart below also illustrates that the vast majority of our

Table of Contents

customers continue to use our solution and renew their subscriptions by presenting our dollar-based gross retention rates over the same periods.

In February 2017, we transitioned our platform from a single offering into highly-integrated offerings of multiple SKU cloud modules. We initially launched this strategy with our IT hygiene, next-generation antivirus, EDR, managed threat hunting, and intelligence modules, and added five additional modules between February 2017 and October 2018. As our platform has become more integral to our customers' security strategy and we have continued to innovate and release new modules, we have experienced increased adoption of our cloud modules. Some of our subscription customers begin with one module and purchase additional modules over time, while others immediately deploy multiple modules. The chart below demonstrates the success we have had

Table of Contents

executing on our platform strategy, as 47% of our subscription customers have adopted four or more cloud modules as of January 31, 2019.

Invest in Growth. We believe that our market opportunity is large and requires us to continue to invest significantly in sales and marketing efforts to further grow our customer base, both domestically and internationally. Our open cloud architecture and single data model have allowed us to rapidly build and deploy new cloud modules, and we expect to continue investing in those efforts to further enhance our technology platform and product functionality. In addition to our ongoing investment in research and development, we may also pursue acquisitions of businesses, technologies, and assets that complement and expand the functionality of our Falcon platform, add to our technology or security expertise, or bolster our leadership position by gaining access to new customers or markets. Furthermore, we expect our general and administrative expenses to increase in dollar amount for the foreseeable future given the additional expenses for accounting, compliance, and investor relations as we become a public company. While we expect these investments will contribute to our long-term growth, they may adversely affect our profitability in the near term, until such time as we are able to sufficiently grow our number of customers and increase the value of ARR with existing customers. We plan to balance these investments in future growth with a continued focus on managing our results of operations.

Key Metrics

We monitor the following key metrics to help us evaluate our business, identify trends affecting our business, formulate business plans, and make strategic decisions.

Subscription Customers

Table of Contents

our Falcon platform, which does not include customers solely of our incident response and proactive services. We define a subscription customer as a separate legal entity that has entered into a distinct subscription agreement for access to Falcon platform for which the term has not ended or with which we are negotiating a renewal contract. We do not consider our channel partners as customers, and we treat managed service security providers, who may purchase our products on behalf of multiple companies, as a single customer. Historically, we have consistently increased the number of subscription customers period-over-period, and we expect this trend to continue as we increase the number of our subscription customers who are small and medium sized businesses, and as larger enterprises continue to replace or supplement their legacy on-premise security products.

The following table sets forth the number of our subscription customers as of the dates presented:

	As of January 31,

	2017			2018			2019
Subscription customers		450			1,242			2,516
Year-over-year growth		173	%		176	%		103	%

Annual Recurring Revenue

We believe that ARR is a key metric to measure our business because it is driven by our ability to acquire new subscription customers and to maintain and expand our relationship with existing subscription customers. ARR is calculated as the annualized value of our customer subscription contracts as of the measurement date, assuming any contract that expires during the next 12 months is renewed on its existing terms. To the extent that we are negotiating a renewal with a customer after the expiration of the subscription, we continue to include that revenue in ARR if we are actively in discussion with such an organization for a new subscription or renewal, or until such organization notifies us that it is not renewing its subscription.

The following table sets forth our ARR as of the dates presented:

	As of January 31,

	2017			2018			2019
	(dollars in thousands)
Annual recurring revenue	$	58,758		$	141,314		$	312,656
Year-over-year growth		110	%		140	%		121	%

Table of Contents

The chart below illustrates our robust growth in ARR by presenting the ARR from the prior period plus the new ARR added during the period, net of any churn or contraction.

Dollar-Based Net Retention Rate

Our dollar-based net retention rate as of a given point in time is calculated as Current Period ARR divided by Prior Period ARR, where prior Period ARR is the ARR from all subscription customers as of 12 months prior to such period end and Current Period ARR is the ARR from these same subscription customers as of the current period end, which includes any expansion and is net of contraction or churn over the trailing 12 months, but excludes revenue from new subscription customers in the current period.

The following table sets forth our dollar-based net retention rates as of the dates presented:

	As of January 31,

	2017			2018			2019
Dollar-based net retention rate		104	%		119	%		147	%

Table of Contents

Since January 2016, our dollar-based net retention rate has consistently exceeded 100%, which is primarily attributable to an expansion of endpoints within, and cross-selling additional cloud modules to, our existing subscription customers. Our dollar-based net retention rate can fluctuate from period to period due to large customer contracts in a given period, which may reduce our dollar-based net retention rate in subsequent periods if the customer makes a larger upfront purchase and does not continue to increase purchases.

Non-GAAP Financial Measures

In addition to our results determined in accordance with U.S. generally accepted accounting principles, or GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the following non-GAAP financial information to evaluate our ongoing operations and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively, may be helpful to investors because it provides consistency and comparability with past financial performance. However, non-GAAP financial information is presented for supplemental informational purposes only, has limitations as an analytical tool, and should not be considered in isolation or as a substitute for financial information presented in accordance with GAAP. In particular, free cash flow is not a substitute for cash used in operating activities. Additionally, the utility of free cash flow as a measure of our financial performance and liquidity is further limited as it does not represent the total increase or decrease in our cash balance for a given period. In addition, other companies, including companies in our industry, may calculate similarly-titled non-GAAP measures differently or may use other measures to evaluate their performance, all of which could reduce the usefulness of our non-GAAP financial measures as tools for comparison. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures and not rely on any single financial measure to evaluate our business.

We believe that these non-GAAP financial measures as presented in the below table, when taken together with the corresponding GAAP financial measures, provide meaningful supplemental

Table of Contents

information regarding our performance by excluding certain items that may not be indicative of our business, results of operations, or outlook.

	Year Ended January 31,

	2017			2018			2019
	(dollars in thousands)
Subscription gross profit	$	13,517		$	52,711		$	150,193
Non-GAAP subscription gross profit	$	13,664		$	53,087		$	151,209
Subscription gross margin		36	%		57	%		68	%
Non-GAAP subscription gross margin		36	%		57	%		69	%
Loss from operations	$	(90,556	)	$	(131,440	)	$	(136,864	)
Non-GAAP loss from operations	$	(88,465	)	$	(118,302	)	$	(115,776	)
Operating margin		(172	)%		(111	)%		(55	)%
Non-GAAP operating margin		(168	)%		(100	)%		(46	)%
Net cash used in operating activities	$	(51,998	)	$	(58,766	)	$	(22,968	)
Net cash used in investing activities	$	(11,854	)	$	(28,330	)	$	(142,030	)
Net cash provided by financing activities	$	17,460		$	126,831		$	190,389
Free cash flow	$	(64,645	)	$	(94,992	)	$	(65,613	)
Net cash used in operating activities as a percentage of revenue		(99	)%		(49	)%		(9	)%
Free cash flow margin		(123	)%		(80	)%		(26	)%

Non-GAAP Subscription Gross Profit and Non-GAAP Subscription Gross Margin

We define non-GAAP subscription gross profit and non-GAAP subscription gross margin as GAAP subscription gross profit and GAAP subscription gross margin, respectively, excluding stock-based compensation expense and amortization of acquired intangible assets. We believe non-GAAP subscription gross profit and non-GAAP subscription gross margin provide our management and investors consistency and comparability with our past financial performance and facilitate period-to-period comparisons of operations, as these measures eliminate the effects of certain variables unrelated to our overall operating performance.

The following table presents a reconciliation of our non-GAAP subscription gross profit to our GAAP subscription gross profit and of our non-GAAP subscription gross margin to our GAAP subscription gross margin as of the periods presented:

	Year Ended January 31,

	2017			2018			2019
	(dollars in thousands)
Subscription revenue	$	37,895		$	92,568		$	219,401
Subscription gross profit	$	13,517		$	52,711		$	150,193
Add: Stock-based compensation expense		50			89			689
Add: Amortization of acquired intangible assets		97			287			327

Non-GAAP subscription gross profit	$	13,664		$	53,087		$	151,209



Subscription gross margin		36	%		57	%		68	%
Non-GAAP subscription gross margin		36	%		57	%		69	%

Table of Contents

Non-GAAP Loss from Operations and Non-GAAP Operating Margin

We define non-GAAP loss from operations and non-GAAP operating margin as GAAP loss from operations and GAAP operating margin, respectively, excluding stock-based compensation expense, amortization of acquired intangible assets, and acquisition-related expenses. We believe non-GAAP loss from operations and non-GAAP operating margin provide our management and investors consistency and comparability with our past financial performance and facilitate period-to-period comparisons of operations, as these metrics generally eliminate the effects of certain variables unrelated to our overall operating performance.

The following table presents a reconciliation of our non-GAAP loss from operations to our GAAP loss from operations and our non-GAAP operating margin to our GAAP operating margin as of the periods presented:

	Year Ended January 31,

	2017			2018			2019
	(dollars in thousands)
Total revenue	$	52,745		$	118,752		$	249,824
Loss from operations	$	(90,556	)	$	(131,440	)	$	(136,864	)
Add: Stock-based compensation expense		1,994			12,343			20,505
Add: Amortization of acquired intangible assets		97			628			583
Add: Acquisition-related expenses		—			167			—

Non-GAAP loss from operations	$	(88,465	)	$	(118,302	)	$	(115,776	)



Operating margin		(172	)%		(111	)%		(55	)%
Non-GAAP operating margin		(168	)%		(100	)%		(46	)%

Free Cash Flow and Free Cash Flow Margin

Free cash flow margin is calculated as free cash flow divided by total revenue. We believe that free cash flow and free cash flow margin are useful indicators of liquidity that provide information to management and investors, even if negative, as they provide useful information about the amount of cash consumed by our operating activities that is not available to be used for purchases of property and equipment and other strategic initiatives. For example, as free cash flow is negative, we will need to access cash reserves or other sources of capital for these investments. One limitation of free cash flow and free cash flow margin is that they do not reflect our future contractual commitments. Additionally, free cash flow does not represent the total increase or decrease in our cash balance for a given period.

Table of Contents

The following table presents a reconciliation of free cash flow and free cash flow margin to net cash used in operating activities:

	Year Ended January 31,

	2017			2018			2019
	(dollars in thousands)
Total revenue	$	52,745		$	118,752		$	249,824
Net cash used in operating activities		(51,998	)		(58,766	)		(22,968	)
Less: Purchases of property and equipment		(6,591	)		(22,906	)		(35,851	)
Less: Capitalized internal-use software		(5,556	)		(6,542	)		(6,794	)
Less: Acquisition of intangible assets		(500	)		(307	)		—
Less: Cash used for business combinations		—			(6,471	)		—

Free cash flow	$	(64,645	)	$	(94,992	)	$	(65,613	)



Net cash used in investing activities	$	(11,854	)	$	(28,330	)	$	(142,030	)
Net cash provided by financing activities	$	17,460		$	126,831		$	190,389
Net cash used in operating activities as a percentage of revenue		(99	)%		(49	)%		(9	)%
Less: Purchases of property and equipment as a percentage of revenue		(12	)%		(19	)%		(14	)%
Less: Capitalized internal-use software as a percentage of revenue		(11	)%		(6	)%		(3	)%
Less: Acquisition of intangible assets as a percentage of revenue		(1	)%		0	%		0	%
Less: Cash used for business combinations as a percentage of revenue		0	%		(6	)%		0	%

Free cash flow margin		(123	)%		(80	)%		(26	)%

Components of Our Results of Operations

Revenue

Subscription Revenue. Subscription revenue primarily consists of subscription fees for our Falcon platform and additional cloud modules that are supported by our cloud-based platform. Subscription revenue is driven primarily by the number of subscription customers, the number of endpoints per customer, and the number of cloud modules included in the subscription. We recognize subscription revenue ratably over the term of the agreement, which is generally one to three years. Because our subscription customers are generally billed upfront, we have recorded significant deferred revenue. Consequently, a substantial portion of the revenue that we report in each period is attributable to the recognition of deferred revenue relating to subscriptions that we entered into during previous periods.

Professional Services Revenue. Professional services revenue includes incident response and proactive services, forensic and malware analysis, and attribution analysis. Professional services are generally sold separately from subscriptions to our Falcon platform, although customers frequently enter into a separate arrangement to purchase subscriptions to our Falcon platform at the conclusion of a professional services arrangement. Professional services are available through hourly rate and fixed fee contracts, one-time and ongoing engagements, and retainer-based agreements.

We recognize revenue when the following criteria are met: (1) persuasive evidence of the contract exists in the form of a written contract, amendments to that contract, or purchase orders

Table of Contents

from a third party; (2) delivery has occurred, or services have been rendered; (3) the price is fixed or determinable; and (4) collectability is reasonably assured based on customer creditworthiness and history of collection. Revenue for time and materials and retainer-based arrangements is recognized as services are performed. For professional services fixed fee contracts, we recognize revenue by applying the proportional performance method.

Cost of Revenue

Subscription Cost of Revenue. Subscription cost of revenue consists primarily of costs related to hosting our cloud-based Falcon platform in data centers, amortization of our capitalized internal-use software, employee-related costs such as salaries, bonuses, stock-based compensation expense, benefits costs associated with our operations and support personnel, software license fees, property and equipment depreciation, and an allocated portion of facilities and administrative costs.

As new customers subscribe to our platform and existing subscription customers increase the number of endpoints on our Falcon platform, our cost of revenue will increase due to greater cloud hosting costs related to powering new cloud modules and the incremental costs for storing additional data collected for such cloud modules and employee-related costs. We intend to continue to invest additional resources in our cloud platform and our customer support organizations as we grow our business. The level and timing of investment in these areas could affect our cost of revenue in the future.

Professional Services Cost of Revenue. Professional services cost of revenue consists primarily of employee-related costs, technology, property and equipment depreciation, and an allocated portion of facilities and administrative costs.

Gross Profit and Gross Margin

Gross profit and gross margin have been and will continue to be affected by various factors, including the timing of our acquisition of new subscription customers, renewals from existing subscription customers, sales of additional modules to existing subscription customers, the data center and bandwidth costs associated with operating our cloud platform, the extent to which we expand our customer support and cloud operations organizations, and the extent to which we can increase the efficiency of our technology, infrastructure, and data centers through technological improvements. We expect our gross profit to increase in dollar amount and our gross margin to increase modestly over the long term, although our gross margin could fluctuate from period to period depending on the interplay of these factors. Demand for our incident response services is driven by the number of breaches experienced by non-customers. Also, we view our professional services solutions in the context of our larger business and as a significant lead generator for new subscriptions. Because of these factors, our services revenue and gross margin may fluctuate over time.

Operating Expenses

Our operating expenses consist of sales and marketing, research and development and general administrative expenses. For each of these categories of expense, employee-related expenses are the most significant component, which include salaries, employee benefit costs, bonuses, sales commissions, travel and entertainment related expenses, and stock-based compensation expense. Operating expenses also include an allocated portion of overhead costs for facilities, IT, and depreciation expense.

Sales and Marketing. Sales and marketing expenses primarily consist of employee-related expenses. Sales and marketing expenses also include expenses related to our Fal.Con customer

Table of Contents

conference and other marketing events and an allocated portion of facilities and administrative expenses, and cloud hosting and related services costs related to proof of value efforts. Incremental expenses to obtain a subscription contract, such as sales commissions, are capitalized and amortized over the term of the subscription. We currently amortize sales commissions on a straight-line basis to sales and marketing expense over the term of the subscription. Once we adopt ASC 606 in the fiscal year ending January 31, 2020, sales commissions and any other incremental expenses to obtain a subscription and upsells to existing customers that are paid upon the initial acquisition of a subscription will be amortized to sales and marketing expense over the estimated customer life, and any such expenses paid for the renewal of a subscription will be amortized to sales and marketing expense over the term of the renewal.

We expect sales and marketing expenses to increase in dollar amount as we continue to make significant investments in our sales and marketing organization to drive additional revenue, further penetrate the market, and expand our global customer base.

Research and Development. Research and development expenses primarily consist of employee-related expenses, consulting expenses related to the design, development, testing, and enhancements of our subscription services, and an allocated portion of facilities and administrative expenses. Our cloud platform is software-driven, and our research and development teams employ software engineers in the design, and the related development, testing, certification, and support of these solutions.

We expect research and development expenses to increase in dollar amount as we continue to increase investments in our technology architecture and software platform. However, we anticipate research and development expenses to decrease as a percentage of our total revenue over time, although our research and development expenses may fluctuate as a percentage of our total revenue from period-to-period depending on the timing of these expenses.

General and Administrative. General and administrative expenses consist of employee-related expenses and related expenses for our executive, finance, human resources, and legal organizations. In addition, general and administrative expenses include outside legal, accounting, and other professional fees, and an allocated portion of facilities and administrative expenses. Following the completion of this offering, we expect to incur additional expenses as a result of operating as a public company. As a result, we expect our general and administrative expenses to increase in dollar amount. However, we anticipate general and administrative expenses to decrease as a percentage of our total revenue over time.

Table of Contents

Results of Operations

The following tables set forth our consolidated statements of operations in dollar amounts and as a percentage of total revenue for each period presented:

Fiscal Years Ended January 31, 2018 and 2019

The following table summarizes our results of operations for fiscal 2018 as compared to fiscal 2019:

	Year Ended January 31,				Change

	2018		2019		$		%
	(dollars in thousands)
Revenue
Subscription	$	92,568	$	219,401	$	126,833		137	%
Professional services		26,184		30,423		4,239		16	%

Total revenue		118,752		249,824		131,072		110	%

Cost of revenue⁽¹⁾
Subscription		39,857		69,208		29,351		74	%
Professional services		14,629		18,030		3,401		23	%

Total cost of revenue		54,486		87,238		32,752		60	%

Gross profit		64,266		162,586		98,320		153	%
								</