A poorly kept secret of the cybersecurity business: For all the talk of entrepreneurs determined to build strong, independent public companies atop impenetrable, hack-proof platforms, the vast majority supply merely a tool or two in the fight against the world’s many digital adversaries. It’s true: Most cybersecurity founders build features, not companies. More often than not, these firms get snapped up by larger organizations. Or they fold.
Exhibit RSA: Just look at how many exhibitors presented at the last RSA Conference! Select few will ever ring the fabled bourse bell.
Yet for as long as I’ve known George Kurtz, CEO and cofounder of CrowdStrike, the Alphabet-backed no-longer-a-startup that debuted on the Nasdaq stock exchange to stunning success this week, his doggedness—and the clarity of his vision—have stood apart. Here was a man dead-set: Cloud at all costs. Platform or nothing. IPO or bust. Kurtz has been describing his business as “the Salesforce of cybersecurity” since I first met him in 2015, and that’s precisely how he described it when I caught up with him after his company’s ravenously received initial public offering in the middle of the week. His marketing tagline offers an apt, if aspirational, comparison.
Investors have subscribed to Kurtz’s vision too. (It probably helped that they got to know CrowdStrike when it cleaned up the hacking mess at the Democratic National Committee amid the last U.S. presidential election.) On Wednesday, people gobbled up the company’s shares, nearly doubling its already marked up price. CrowdStrike had set its IPO price at $34 per share, a 62% premium above the midpoint of its initially planned range between $19 and $23. Even this proved conservative: The stock opened above $60 per share—and surged almost as high as $70 in the coming days. CrowdStrike’s fervent reception, which lent a market capitalization of $12.6 billion, has made it the second most valuable U.S.-based cybersecurity company on the public markets today; only $19.5 billion Palo Alto Networks, which has been inking acquisition deals left and right to keep up with the times, tops it.
Besieged by data breaches, investors are clamoring to place bets on digital defense. A number of well-performing cybersecurity IPOs over the past year or so—Carbon Black, Tenable, Zscaler—has made that clear. But a word of warning: This industry is prone to froth. Remember Intel purchasing McAfee, the antivirus firm where Kurtz worked for seven years before founding CrowdStrike, for a regrettable $8 billion in 2011? The chipmaker has since spun out the business at a multibillion-dollar loss. Or recall how, in 2014, shares in FireEye, then less than a year public, surged, unexpectedly, above $80 per share? The stock promptly crashed and has rarely poked its head above the $20 mark in the past three years.
Investors are crowd-struck right now, but this company will need to prove it can get to profitability, and continue to fend off hackers, if it is to come anywhere near the sustained success of Kurtz’s business hero, Marc Benioff. Here no clouded vision will do.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Ad nauseam. People have been fuming about Google’s purported decision to nuke ad blockers from its Chrome web browser. But Google claims it’s doing no such thing. “We are not preventing the development of ad blockers or stopping users from blocking ads,” writes Devlin Cronin, a member Chrome extensions team, on the company’s blog. “Instead, we want to help developers, including content blockers, write extensions in a way that protects users’ privacy.”
Robbing St. Petersburg to pay Paul. Alphabet’s Jigsaw division, which incubates technologies to counter extremism and protect free speech online, paid a Russian troll farm to run a disinformation campaign as a part of a research study in March 2018. The unit hired mercenaries to attack a website it created featuring anti-Stalin propaganda (a seemingly odd choice that actually does have a bearing on contemporary Russian politics). For $250, a service called SEOTweet attacked the site for two weeks with a barrage of Tweets, blog posts, and comments on random websites. Some commentators have criticized Jigsaw for meddling, however slightly, in Russian politics.
Swamp tour. Political campaigns are not up on their cybersecurity hygiene, despite all the hacking that occurred during the last presidential election, the Wall Street Journal warns. Senator majority leader Mitch McConnell is blocking election security legislation, the New York Times says. John Bolton, the White House’s national security advisor, said at a conference this week that the U.S. is expanding its offensive cyber operations to counter espionage and other hacks. And U.S. President Donald Trump seems open to accepting dirt on opponents from foreign powers.
Have I been owned? Troy Hunt, proprietor of the HaveIBeenPwned, an ever-expanding repository of 8 billion data breach records people can use freely to check which of their online accounts may have been compromised, is looking for a buyer. Hunt is working with consulting firm KPMG to find the site a new home. He says he will remain involved with the site, and the core service, which has 3 million subscribers, will remain free to use.
Pleading the Fourth. Two months after Facebook CEO Mark Zuckerberg published a manifesto outlining his “privacy-focused vision” for the company, his lawyers were arguing before a California judge that people who use Facebook have no expectation of privacy. (Shocker!) To quote Facebook’s lawyer: “There is no privacy interest, because by sharing with a hundred friends on a social media platform, which is an affirmative social act to publish, to disclose, to share ostensibly private information with a hundred people, you have just, under centuries of common law, under the judgment of Congress, under the SCA, negated any reasonable expectation of privacy.” In case you had any doubt about it…
Someone call the Karma Police.
Share today’s Cyber Saturday with a friend:
Looking for previous Data Sheets? Click here
Give me a sign. Leslie Berlin, a historian at Stanford University, wrote a deeply personal story for the New York Times about how, in order to salvage memories of her dead mother, she had to hack into the woman’s iPhone. A security measure on handset would allow only 10 tries before wiping everything for good. The stakes were high. I won’t spoil how the story ends; here’s how it begins.
Here’s How the FCC’s Aggressive New Plan to Combat Robocalls Will Work by Bernhard Warner
U.S. and Iran Tensions Are Escalating: How We Got to This Point by The Associated Press
Mark Zuckerberg’s Privacy Practices by David Meyer
Private Equity’s Cybersecurity Funding Frenzy Continues by Polina Marinova
KKR Mints a New Cybersecurity Unicorn by Rey Mashayekhi
ONE MORE THING
Me not read so good. Let’s face it: Privacy policies are a trash fire. Just because every Internet service is required to have one doesn’t mean they have to make it legible. The New York Times performed a delightful analysis of these terms of service agreements. The paper found that Airbnb’s legalese is more difficult to read than German philosopher Immanuel Kant’s metaphysical mind-boggler Critique of Pure Reason.
Perhaps these policies are to be, to quote Kant, regarded as mere representations and not things in themselves. Whatever that means, it sounds profound.