Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My experience working with Crowdstrike was that they were super arrogant about these risks. I was working on a ~50k enterprise rollout, and our CS guy was very belligerent about how long we were taking to do it, how much testing we wanted to do, the way that we were staggering roll outs and managing rollback plans. He didn’t think any of this was necessary, that we should roll it out in one fell swoop, have everything to auto-update all the time, and constantly yapped about how many bigger enterprises than ours completed their rollouts in just a couple of weeks.

He actually threatened to fire us as a client because he claimed he didn’t want the CS brand associated with an org that wasn’t “fully protected” by CS. By far the worst vendor contact I’ve ever had. I’ve had nicer meetings with Oracle lawyers than I was having with this guy. I hope this sort of thing humbles them a little.




> constantly yapped about how many bigger enterprises than ours completed their rollouts in just a couple of weeks.

Evidence is pointing towards him actually being right about this, despite likely being wrong about everything else.

It'd be worth giving him a call, just to check in how he's going, and take him up on the offer to fire you as a client.


I was just a contractor there, and don’t work with them at the moment. But I’m a customer of theirs and they’re definitely having an outage right now, so I’m guessing it’s all still in place.


Mind rephrasing? I don't understand what you're saying.


I don’t work there any more. But they were having an outage, so I’m guessing they never got fired as a client (guessing that they’re still using Crowdstrike) and could still take that offer (of being fired as a client) if they wanted to.


What evidence are you referring to? Was there a company that was breached for taking a few days or weeks to update crowdstrike?


>I hope this sort of thing humbles them a little.

Hopefully not. It would be better that this company is sued into oblivion by all the customers that were affected by this huge outage.


Maybe humbles all the other surviving companies? We can only dream


> I hope this sort of thing humbles them a little.

What I hope, is that they stop to exist as a product and as a company. They have caused inconvenience, economic damage in global scale and probably also loss of life, given that many hospitals, ER units had outages. It has been proven that their whole way of working is wrong, from the very foundation to the top.


Ouch, considering the devil works under Oracles lawyers, thats bad!


sounds like a very inexperienced person.

If their mission is to protect businesses they should understand your concerns.

Speed is useless without control.


He was pretty senior for his role, but really I have no idea whether he was representative of the wider company culture.

We had a buggy client release during the rollout which consumed all the CPU in one of our test environments (something he assured us could never happen), and he calmed down a bit after that. Prior to that though he was doing stuff like finding our CISO on LinkedIn to let him know how worried he was about our rollout pace, and that without CS protection a major breach could be imminent.


I'm guessing he's not typical, only because of he was, CrowdStrike would be known far and wide for this behavior.

For example, the way Oracle's lawyers are known.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: