Q&A: New Crowdstrike Exec On What It Takes To Succeed In Next-Gen Endpoint Security Market

Crowdstrike's Carpenter On New Role, 2017 Predictions And More

Earlier this month, Michael Carpenter jumped from Tanium to Crowdstrike to lead the next-generation endpoint security company's sales as president, global sales and field operations. A longtime veteran of the endpoint security market, Carpenter said in an interview with CRN that he is seeing a drastic evolution of the market, a shift that is embracing next-generation technologies and ultimately will drive consolidation. In his new role, Carpenter said he will look to meet that growth by setting the stage for scale in the Crowdstrike business, including driving investments in its growing channel program. Take a look at what he had to say and what to expect in the months to come.

Why did you decide to join Crowdstrike?

I spent about 13 years at McAfee and about two years at Tanium. Over the past couple of months prior to joining Crowdstrike, I put together my own little board of security experts and CIOs and partner experts. … In the due diligence that I had done, the outcome was pretty remarkable. There were a lot of great companies out in the market. I had probably 10 written offers and multiple more verbal offers. I was fortunately in a position to really take my time and make sure I made the right selection. … I had worked with [Crowdstrike co-founder and CTO] Dmitri [Alperovitch] and [co-founder and CEO] George [Kurtz] in the past and also Chairman Gerhard [Watzinger], so I had a lot of respect for their knowledge of the space. … Being able to see the evolution of those two minds coming together to develop [Crowdstrike's flagship endpoint detection and response offering] Falcon Host just blew me away, [and] as I saw the tech I thought: This is the best-kept secret in the world. If I can take my skill sets and go to market in channel development and help drive this across the universe, I think we can be in a pretty remarkable space in the next couple of years.

You've been in the endpoint security space for a long time, how did you look at where Crowdstrike stands in the market today coming in?

What I saw about Crowdstrike had blown me away. In the past three years, the company has gone through some major evolutionary changes following the vision of becoming a complete endpoint protection technology that is enabled by vast capabilities that add speed and scale to the business. What I was looking at ... was very different than where the market had perceived them over the past two years coming out of the intel business and really being well-known for some of the larger IR engagements they had done and what they were doing around adversaries. To see what they had built over the past few years [with] a product that’s in 171 countries and a platform that had record low customer service calls because the product just works, and adding what I thought was a world-class speed and scale by leveraging the cloud, and bringing in an incredibly rich IR content to be able to provide protection while you're providing hygiene awareness -- to me, that was game-changing.

Where do you see Crowdstrike differentiating itself as the endpoint security market gets more crowded by the day?

Every time you come into the market, and I've been selling endpoint for a long time, customers say, 'What can you do for me and what can you take off my endpoint and consolidate, but then be able to expand my protection capabilities and put me in a better security position?' … But, also building in the early days of Crowdstrike such a strong IR practice and being able to build the content and work with some of the biggest customers in the world to solve those problems and provide a level of expertise that needs to be inherently present if you are going to be a successful security company. Marrying those two worlds was a very unique offering. … What I have seen in the past few years is that customers are done with the hub-and-spoke model. If you're a larger customer and have 10,000-plus nodes, it's really hard to collect information in real time and get that information back to the client in a posture that would be somewhat useful. … The experience and the discipline that comes into play when you're a security executive looking at all of this information and being able to identify hundreds a week, you build the rigor and intelligence into the process that is really only found at scale.

Crowdstrike has been on a pretty strong growth trajectory. How do you look at it coming in from a sales perspective – are they where they need to be?

That was the other nice part of the business. You look at businesses that have the go-to-market wrong or they need to change out the human capital and make a lot of changes at the personnel level, but in this business it was more of bringing in someone that has the ability to run at scale, has the ability of creating scale and then managing it. … We're growing incredibly fast. Over the past three years it's over 2,600 percent growth. The team has done a good job. Now, how do you look internationally? When do you open in France, in Germany and in Italy? We're looking at adding people in the U.S., but when do you go from 30 to 60? Or when do you make additional investments in your inside sales organization? ... I think bringing that part of my background and that part of the sales operations and the discipline and history I have in doing it is really going to help catapult from where we are to where we're going. We've been ahead of schedule from a growth perspective, and I hope to continue that and accelerate that.

What levers do you anticipate pulling to create that scale?

I think there are some things that are low-hanging fruit. … The company has done a great job investing in the sales operations of the business. … I think they have great visibility, so I think taking a breath and going back through all of that and saying what has worked over the past three years and let's do more of that. Some of the things I see really working is their inside build has done a great job, they have done a really good job building out their channel program and their channel portfolio – they went from 50 percent of the business running through the channel to 82 percent of the business through the channel. … These are some really good areas, but now [we can] broaden that and look internationally and then simplify so we can work off of one playing field so it's really easy to transact business as you go up and go down from a company-size perspective. Then, the final piece that to me is super important is … making sure people can be successful [in their sales goals]. We're spending some time on that and we're prepared to walk into 2017 [with these] growth plans.

How do you look at Crowdstrike's channel strategy? Is it where you'd like it to be?

I'm not at the place where I know every partner, but I think we've done a really good job on the recruitment process, but I think there's probably more that we can do. …The infrastructure has a massive set of APIs and these APIs allow partners to go develop on top of the platform and use the content and data warehousing they've been building up ... and start to create and differentiate themselves with it and add capabilities on top of it. One of the big things for me in building out the channel and getting to the next phase of the channel is working on building out a premier MSSP offering and being able to help customers monetize our content and bring value to the market. Those are really the next-gen style of delivering value as a VAR -- everyone is looking to differentiate. You don't want it to just be off of price or off of relationships. You want to be able to have some level of secret sauce to what you do. So enabling that, training that, and then developing the go-to-market resources for them to be successful there will be pretty important to us.

How is the approach at Crowdstrike different from what you had to do at Tanium or Intel Security? Or is it a similar approach?

I think there's a very different approach. I would say at Intel Security there were so many partners that it was tough to create mutual dependence on those relationships where you can invest and get value out of it. When it is built over 30 years in the business, it can become very difficult to reinvent. It's very difficult to move a battleship in a bathtub. At Crowdstrike, what we have here is very unique. We have a culture of partnership that is really infused through everyone at Crowdstrike. A lot of the discussions I've had with executives over the past week-plus has been about change, simplifying and making it easier to do business, and advancing programs so we have a lucrative program that creates value for customers, the partners and Crowdstrike. That is going to make a massive difference. I've already noticed from a culture perspective that this is an organization that thrives off partnerships. … That bleeds through the entire vein across Crowdstrike.

How do you look at, from a sales perspective, how you go about differentiating Crowdstrike in a very crowded market for endpoint security?

There is a lot of fluff out there today in the marketing. … The reality is that everyone is telling a story. What we owe to the industry as professionals in this market is we have to get off the fluff. We have to start showing customers real protection capabilities and you can't just keep throwing up words on a website that you're coming out with it this week, or next month, and promising it will be free. I think there's just a lot of fictitious fluff in the market. It's a unique time. I do believe the only way to get through this is with truth-based marketing and then being able to deliver it with your solution. Get your customers talking for you. It's one thing for me to get on a podium and tell people how great we are and pound my chest, but it's another thing when ADP does it. … Then, just making sure to continue the maniacal focus on the company's culture to actually make change, do something different and have the products work … It's a big difference in what I'm experiencing.

Do you expect we will see a lot of industry consolidation in the endpoint space?

Absolutely. … I see this problem being so big and there's so much scorched earth from inherent providers not being able to provide value on seven-figure or eight-figure investments, that the market is ready for a change. There is so much new infrastructure being built that you are basically trying to retrofit and put a digital camera into a Polaroid. None of us would buy that. Being able to protect against virtualized environments and the advancements in mobility-based computing and consumerization and understand the scale and the sophistication of the attacks. … You need a monumental shift. … Endpoint security is crowded, there's a lot of money being invested and there's a lot of opportunity. I think we will be one of the companies that prevailed to change the market. It's a winning combination: We have the right people, the right products and really the right attitude to go about the business.

I'll tell you one thing I've experienced in my 20 years [in the business]: Altruism and having a company that is just so focused on their people and on their customers is unbelievable. I think that's part of winning. I don't think people get there if they don't do that and this company certainly hasn't.

Why did you decide to leave Tanium?

I think it was a good run. I got the business up to pretty significant value and scale. For me, there is always a new chapter and a new change. I wanted to be part of a business that could provide the complete value system, not just scale and speed, but protection. I wanted to be part of a management team that has experience being leaders in the past and in scaling businesses. I wanted to have a product set I felt would solve the entire problem. There is a living, breathing culture that exists in companies, and if you're part of a smaller, scaling business, that culture has to be accepting of change, it has to be respectful of people's lives, and it has to be altruistic. … For me, this had the winning combination.