CynergisTek, Inc.

Welcome to Synergistic's 2024th quarter and year-end earnings conference call. Today's conference is being recorded. Joining us today from the company are Mr. Caleb Barlow, President and Chief Executive Officer, and Mr. Paul Anthony, Chief Financial Officer. Before we begin the formal presentation, I would like to remind everyone that some statements made on the call and webcast, including those regarding future financial results and industry prospects, among others, are forward-looking. These forward-looking statements can be identified by the use of forward-looking terminology such as believes, expects, anticipates, would, could, intends, may, will, or similar expressions, and are subject to a number of risks and uncertainties that could cause actual results to differ materially from those described in the conference call. Certain of these risks and uncertainties are or will be described in greater detail in the company's SEC filings. Given the risk of uncertainties, listeners should not place undue reliance on any forward-looking statement and should recognize that the statements are predictions of future results which may not occur as anticipated. Synergistic is under no obligation and expressly disclaims any such obligation to update or alter its forward-looking statements, whether as a result of new information, future events, or otherwise. At this time, I would like to turn the call over to Caleb Barlow.

2020 is behind us, and it's great to be talking with all of you now. As a company that is heavily penetrated in the healthcare provider market, our clients have been and continue to be on the front lines of this pandemic. And our business saw the impact almost immediately as hospitals made room for COVID-19 patients, put elective procedures on hold, and stopped doing anything that was not directly tied to patient care. Last year, about this time when our business slowed down abruptly, we did not stop working. Instead, we started asking, what changes? What does this new normal look like? And how do we refine our strategy? Telemedicine is accelerated by five to ten years. Working from home, outside the protection of the corporate network, is now the norm versus the exception. And the concept of a healthcare breach is no longer just about losing data. It likely means your entire institution is locked up with ransomware and it becomes difficult to treat patients. As customers pulled back, we started to innovate and developed entirely new post-COVID relevant offerings that would be in demand by our clients, compromise assessments, privileged access management services, and security validation, just to name a few. We also focused on expanding our addressable market and our relevancy in close adjacencies to healthcare. while at the same time we open the door to new regulated markets that can leverage our skills, processes, technologies, and our existing resources. In Q4, we saw the start of a rebound of our professional services, which we highlighted in an announcement in January of a $700,000 deal with a large health system. We saw a new logo, a sign that our services continue to be in demand, including deals with Valley Health and Fairview Health, We started to see the benefits of our diversification strategy into close adjacencies in healthcare that are collecting world volumes of protected data during the pandemic. We've been signing of a deal with a large state department of public health and our announcement of a contract with Ball State University. And we saw expansion in existing clients across our base, including a large academic medical center system and an expanded deal with Logitech. Now, late in Q4, budgets began to free up, and we saw the first increase in our bookings for the quarter in over a year, which manifested itself in a 10% increase in our pre-sold revenue and a more diversified pipeline positioning us well for growth in 2021. And as vaccines become available, healthcare workers have been the first to get shots in their arms. And while that makes us opportunistic and optimistic that this will also accelerate a return to pre-pandemic business conditions, So that's the story in healthcare, but it's by no means all we've been up to. In my first investor call just over a year ago, I talked about the opportunity we saw to expand the company beyond healthcare. That diversification has been core to my strategy, and today I want to talk with you about the opportunity we see to be a big part of securing the defense industrial base. Unfortunately, cyber attacks on America's defense industrial base are, well, not unusual, as evidenced by the most recent SolarWinds breach and the Microsoft Exchange vulnerabilities making headlines this month. It's estimated that the United States is losing $600 billion a year to foreign adversaries through exfiltration, data theft, and the loss of intellectual property. To address this threat, U.S. military defense acquisition is moving from a self-assessment model to a rigorous framework that requires third-party assessment for all 300,000 vendors in the defense industrial base that handle controlled, unclassified information. This new initiative, known as the Cybersecurity Maturity Model Certification, or CMMC. CMMC is unlike other cybersecurity regulations, as it requires a comprehensive security maturity that has both breadth and depth, but it also has real teeth. Simply put, if you do not meet the requisite security requirements, you will not win your government contract. To prepare, secure, and assess 300,000 defense contractors over the next few years will require a small army of consultants and assessors, likely several thousand strong. We believe the emerging market opportunity for both assessment and the remediation services which we expect to be three times the opportunity of assessments alone, to be in the tens of billions over the next five years. We recognize the opportunity more than a year ago, and we believe we are uniquely positioned to capitalize on it. We are not a government supplier to that. We are completely independent, and that's an advantage. All of our current employees are U.S. citizens, and approximately 17% of them are U.S. military veterans. The CMMC leverages nearly identical frameworks to what we use in healthcare, where we already have intellectual property in place, including automation, training, and quality control. Most importantly, we have 60 assessors already in position that we believe can meet the required qualifications once the certification process fully opens up, allowing us to enter this market with existing resources and capabilities. Now, becoming a CM&C assessor is not a trivial process. The required training, credentialing, and background checks with people, along with new controls, procedures, and an enhanced security posture of our organization is significant. We are one of the first companies to be approved as a third-party assessment organization. We have a provisional certified assessor in our ranks that represents one of the first 100 in the program. And we are a registered provider organization, authorizing us to do consulting work now. And I want to announce today that we have already begun closing consulting deals, helping government suppliers prepare for the CMMC initiative. The next critical step for us in this process which is already underway and will continue over the next few months, is to have the Department of Defense conduct a review of our security posture. Our strategy is twofold. We remain focused in health care, and we are seeing the signs of recovery. But we also believe that the CMMC effort, along with customer diversification efforts and investment in our go-to-market in these new industries, can get us growing at a much higher rate than our baseline growth strategy. With that, let me turn the call over to Paul.

Thank you, Caleb. This year was all about constantly reacting to what the market threw at us during the pandemic. This reaction included numerous efforts to reduce costs, improve efficiencies, and respond to customer pullback due to budgetary constraints. As a result of the impacts from the pandemic last year, we expect Q1 2021 to be our revenue low point, down approximately 10% from Q4 of 2020. But as Caleb said, we are seeing strong signs of a rebound with an increase in our pre-sold revenue and our Q4 bookings were the highest we experienced in over two years. Given that our revenue in some cases can lag bookings by several quarters and our emphasis on closing long-term recurring revenue contracts, it will take some time to show in our numbers. From a balance sheet and financial resourcing perspective, we ended the year with $5.6 million in cash, that included a net issuance of $1.8 million of the $5 million eligible takedown of the ATM under our shelf registration. This was done at an average price of $1.54 and a total share issuance of 1.3 million shares. We still have the $2.8 million in debt that we received under the Paycheck Protection Program, and we expect the majority of the loan will be forgiven. We are also expecting tax relief as a result of the CARES Act, where we expect to carry back available losses from this year to the extent possible, which at this point exceeds $1 million. Outlining our Q4 standard financial disclosures, revenue decreased $1.1 million to $4.7 million, but it was up 4% over Q3. The decrease from prior year was due to lower revenue from managed services, which reduced by $0.3 million to $2.8 million due to the impact of some customers canceling or delaying renewals, and a reduction in net new customers due to the pandemic. Professional consulting services decreased to $0.8 million to $1.9 million due to lower revenue from synergistic business as a result of the pandemic, offset by an increase of $0.2 million of revenues from backbone. Again, this backbone increase was lower than we had projected due to a pullback by our customers' use of third-party services, again, directly related to the pandemic. Gross margin was 37% for Q4 2020 compared to 40% in 2019, and it improved from 35% at Q3. As I mentioned in my highlights, the improvement in gross margin is due to the staff and expense reductions we made over the last couple quarters, along with reduced travel in reaction to the lower revenue and the COVID-related travel restrictions. Sales and marketing expenses decreased to $1.1 million for Q4 2020, compared to $1.4 million for the same period in 2019. This decrease was due to lower headcount as we looked to rebuild part of the sales team and lower stock-based comp. We do expect this to increase as we get back to full headcount levels in our investment in marketing to support our increased go-to-market activities. DNA expense decreased by $1 million to $1.1 million for Q4 2020 compared to the same period in 2019. The decrease is due to $1.1 million in temporary and permanent expense reduction efforts taken to improve operating margins for 2020, offset $5.1 million in additional costs for backbone. We do expect expenses to increase going into 2021 as we start to reinstate some employee benefits that were suspended in 2020 in reaction to the pandemic, but we will react as we see how 2021 shapes up. During the quarter, we did record a non-cash impairment to Goodwill and Intangibles, amounting to $16.5 million. Our non-GAAP adjusted EBITDA loss was $0.3 million for Q4 2020 compared to $0.4 million for Q4 2019 and $0.8 million in Q3 of this year. Full-year financials and reconciliation of GAAP to non-GAAP information can be found in the earnings release that came out today. Caleb highlighted our growth strategy during his discussion earlier. Funding through the ATM was a step in supporting these initiatives with a small infusion of capital. We're bullish on the long-term prospects for the company, and any subsequent capital raises would be with a mind to accelerating growth and creating incremental value for shareholders beyond the current plan. This concludes the financials and prepared remarks for Q4 2020. Operator, please open the floor for questions.

Certainly. And everyone, to ask a question, please press star then 1 on your telephone keypad. Please note that if you're on a speakerphone, please forget the handset or depress your mute function to allow that signal to reach our system. Again, that is star 1 to ask a question. And we'll go first to Matt Hewitt of Craig Helm Capital Group.

Good afternoon. Thank you for taking the questions. And it's nice to hear that things are starting to free up a little bit here today. I guess a few questions. First off, on the CMMC opportunity, you said that you started to close some deals. Maybe if you could help provide a little bit of detail regarding size, timing, IT's evaluations versus consulting, any additional color would be helpful.

Sure. First of all, thanks for asking the question, Matt. Okay, so the way you have to look at this is this is a government initiative and, you know, throw in all the bias and things are slow and bureaucratic and there are multiple hurdles you go through and, you know, that's not unusual in this space, but I'm going to explain in a second, Matt, why that's actually proven to be very advantageous. The reality here is that we today can go out and make money doing consulting work to help companies prepare for the CMFC initiative and It's an enormous amount of work. We just went through it ourselves, and we're a security company. We have lots of these policies and procedures in place, but we had to put new solutions in place, enormous amounts of documentation. It's not unlike what financial folks go through in a Sarbanes-Oxley audit in preparing for that. It's rigorous. It's detailed. You have to have multiple forms of evidence to prove that each control is in place and working properly. So that work, we're actually authorized to do right now, and we've started closing deals there. On the other side, actually doing the assessments, we're one of the first companies that's kind of cleared the hurdles to be authorized to do that. And what's most important there is there's only 100 people out there today that have the credentials. that have been trained and authorized by the DOD to do this work during their provisional period. We have one of those assessors on our staff. What we are waiting for now before the DOD will open this up more widely is the actual assessment of our security posture. So us and the other leading companies that are in the first wave are going through that security assessment now. And as soon as that is completed, then the actual assessment work will open up now. So the prep work, the consulting work, I mean, these deals can vary anything from, hey, I need a few hours of time from somebody to understand what's really involved here to, I need help building the comprehensive documentation, which could be literally thousands of hours of work.

Okay, got it. So as far as timing for revenues from this, it's probably more we should be thinking about Q2, Q3 when these will start to layer in?

We're starting to see revenue for it now. I would say when I think this is really going to heat up, is when the government starts opening up contracts that will actually require the CMMC certification. The initial approach was to have 1,500 government contractors through the process this calendar year. It looks like they're a little bit behind in that. Now, I'll tell you, as much as this is cumbersome and there's a lot of steps to go through, you got to remember every step, every hurdle that we have to go to also weeds out competition in this space. So, you know, I just become more and more bullish the further we get into this, realize the sophistication of it and the fact that a lot of companies aren't going to be able to handle it.

Got it. Got it. Okay. And then on the healthcare side, it sounds like things have started to free up. And obviously as we start to see the vaccinations having an impact and we start to see the you know, elective procedures happening in hospital budgets, you know, starting to improve a little bit. Maybe walk through, are there, I would assume you've got a pipeline of opportunities, some of which maybe were put on pause last year, some of which are maybe new given even the Microsoft situation here a couple weeks ago, but how quickly do you anticipate being able to close some of those and how will that start to be reflected in the financials?

So what happened here, Q4 obviously saw a list of opportunities that, in my opinion, had been delayed during the year. Those that had budget left spent it in Q4. I think as we kind of look forward from there, we are definitely starting to see things pick up. In almost every case, the actual buyer is ready to go. We may still see some extra hurdles with procurement and financial teams as, you know, they work through the challenges of recalibrating finances and budgets coming out the other side of the pandemic. But, you know, overall, we're really starting to see that return. The other thing not to lose sight of is there were some very significant, somewhat catastrophic impacts late in Q4 to many hospitals due to ransomware. And this was no longer the case of just a hospital going down. Adversaries were targeting entire systems. We saw in two cases the remediation cost exceed $60 million. And I think those have the attention of cyber insurers that are now looking at, you know, real risk in this case, but also the recognition from many systems that they're realizing if they don't show up their defenses, they're not going to be able to stay open in a ransomware incident.

Interesting. Okay. And maybe one last question for Paul. I think in your prepared remarks, you talked about expenses starting to maybe ramp up a little bit here in fiscal 21. And just for point of clarification, are you talking about kind of recovering a little bit versus Q4, or are you talking year on year? So, for example, sales and marketing, call it $1.1 million in Q4. That was down from $1.5 million in Q1 of 2020. Will Q1, do you start to see that go off of the $1.1 million and maybe getting closer to where you were in Q1 of 20 or just to help us think about the ramp in those expenses over the course of the year? Thank you.

Yeah, specifically as it relates to sales and marketing, that's exactly right. We're looking for the Q1 numbers to ramp back Q1 and really into Q2 to get back up to that Q1 number. And that's what we're expecting the run rate to be, about the same as we saw in Q1 of 20. Okay.

Got it. All right. Thank you.

Thanks, Matt. Our next question will come from Jeff Batch of FinTech.

Hi, Caleb. Hi, Jeff. Hi, Jeff. I have a couple of housekeeping questions for Paul, but I'll ask mine of you first, Caleb. When What would you guess is your goal or your hope for achievement of the distribution of the business of the company in a few years between healthcare and the defense industrial space? Is it like 50-50? What's your image of what you'd like to see?

Great question, Jeff. I mean, the first thing to remember is, you know, although we say healthcare and government I think most people's first reactions, those sound like two very different animals. The reality on our side, if you put yourself in the seat of one of our assessors, it's almost identical work. So even though we're moving more into government, it's a lot of the same thing we do today. Here's the way I look at it. There are about 5,000-ish hospitals in the United States, so that equates to, this is a rough map, you know, let's say roughly 1,500 systems that are slowly consolidating down to even less. So that's your addressable market in healthcare, right? 1,500 systems. Obviously, they're adjacencies to healthcare, but if we think of providers, which is, you know, kind of our strong suit. If we then pivot over to the government side, there's 300,000 military contractors, and that's just to the U.S. military. There are already signs and interest in other parts of the government, particularly Homeland Security, in leveraging the same model for their suppliers. So You know, the addressable market here on the government side is, what, 35, 40 times larger than the addressable market on the healthcare side. And, you know, I think we've done a nice job at capturing a decent market share in healthcare providers. I'd like to do the same thing as part of the CMMC initiative.

That suggests, I presume, that your growth rate could be vastly higher down the road. Is that a fair assessment?

Well, I think it is a – let's put it this way. I would love to say yes to your question. The only thing holding me back from that, Jeff, is – It's government, right? There are hurdles we have to get through, and a lot of this is going to come down to the number of contracts and the pace of contracts that the government decides to put underneath this initiative. They have said that they want to get all 300,000 vendors through this program in the next five years, and if that is the case, I do think the growth rate here could be quite significant.

Great. I have a couple of housekeeping questions for Paul. Paul, on the $16.5 million write-off, a casual view would suggest, well, that means that the former management, not including Caleb, paid twice as much as they should have for the synergistic acquisition. But it might have been just driven by the stock price having declined to a point where you're forced to review it, if I understand the accounting rules right. Could you give us a little more color on the right conclusion to draw from this write-off?

Yeah, you understand the accounting rules better than most, yes. So, Jeff, you're absolutely right. The stock price in and of itself put us in a position where we definitely had to analyze the business in more detail and take the steps that we did. In addition, when we came to our conclusions, we had to use our market cap at the end of the year as a barometer for what the ultimate fair value comes to. So really, the share price at the end of the year had a lot to do with ultimately where we ended up.

Okay. I thought that was the case, but I just wanted to be sure. And the other question is your 2.8 million PPP loan, are you still expecting – or almost all of it to be written off within a reasonable period of time.

That's our expectation. We've submitted all the paperwork. It's with the SBA. Our bank has authorized the submission to the SBA, so they did their part and put forward that recommendation. And then given the requirement, given the size of the loan, we had to fill out the necessity questionnaires. That was the last-minute addition to the process. We're in, so it's in submission and then it's really a black hole to me right now.

Okay, thank you very much.

Thank you, John. And next we have Avi Fisher of Longcast Advisors.

Hi, Kayla. Thanks for taking our questions. Hey, Paul. Two quick questions. What is the share count today And where are we with pre-sold revenues as of today?

In the 10K, we announced we've got $17.2 million in pre-sold.

And then from an outstanding share count, $12.1 million. So is the pre-sold through where we are today, is it higher than it was at the end of the year?

It should be, yes. But we don't have final numbers still. We haven't closed a quarter.

Okay. And if I gathered what you said in the prepared remarks, you're looking at one Q. I mean, we're almost done with one Q. You're looking at it down 10% year over year.

for revenue, down 10% from Q4.

Right. Oh, from Q4. From Q4 2020, correct. Okay, more than 10% here. And is most of this driven by, I mean, you talked about a client who either didn't renew or a client, does most of it do from that? Is that a single client?

There's a large percentage of the drop in pre-sold and the drop in revenue was from a specific client, our largest managed services client at the time when they had to cancel due to budgetary reasons.

So again, just to clarify, a large percentage of this decline is because of a client that you previously talked about?

Correct. The revenue didn't. The contract continued through the first quarter of this year. Cancellation was for the renewal and go forward expansion of the business.

I'm a little confused now. The first quarter for 1Q21, you were guiding a 10% sequential decline. That still includes that client or that is due to that client?

It does. We had the base business was if the base business went through Q1 of this year. That's correct.

So can you elaborate a little bit on the decline? If it's not because of this large client who was canceled, why do we see such a big decline? And more broadly speaking, you know, Caleb talked about a lot of the issues.

It wasn't a full quarter. It wasn't a full quarter. It wasn't a full quarter of revenue. So that's one of the – we had a number of cancellations and things that occurred throughout the year. Those cancellations, again, didn't occur upon the date they canceled. They may have extended for additional periods. They just indicated they wouldn't be renewing the business. And so we still had revenue tailing off or trailing off through this first quarter.

And have any of these cancellations or non-renewals indicated that now that business has improved for them, they would come back?

Not at this point. For those that had actually canceled, we have not seen that. For those that have delayed, we have seen delays come back and ultimately sign renewal.

Caleb, just a quick question for you, and then I'll turn it over. But, you know, you talked about the dynamics in the healthcare space. I've talked to some other cybersecurity companies that do, smaller than you, but are in their approach to healthcare space. They're talking about a massive rebound in 2021. And I'm just trying to get an understanding of what aspect of your business isn't working properly so that you're not participating in what seems to be a rebound in the cybersecurity in the hospital and healthcare space that some of your competitors are seeing. Thank you.

I think that's your conclusion, not mine, Avi. I mean, we're absolutely seeing things pick up. I think the you know, not only are you seeing budgets come back, but, you know, in fact, you know, many of you have asked us before, when does healthcare start to take security seriously? Many of them saw that during the pandemic. I mean, imagine having an entire system locked up with ransomware for a month where you can barely treat patients in the middle of a pandemic. Multiple hospitals, 12 hospitals went through that in November of last year. So the whole dynamic has changed, and I think that They're starting to take security very seriously. Budgets are starting to open up. And I'm very bullish on where we're headed over 2021.

So you expect, I guess in brief, that one Q will be the low point of revenues for the year?

Yeah, I mean, the challenge you've got here on revenue is it's always trailing because of the managed services business, right? So where, you know, where we were getting beat up in March, April, May, and, you know, the heat of the pandemic when everything's closed down and hospitals had to clear out all of their elective surgeries, you know, that trail just works its way through in this quarter, right? So, you know, in a lot of ways, you're seeing the tail of that work its way through the system. Okay. Thank you for your questions.

Thanks, Avi.

Our next question will come from Michael Potter of Monarch Capital.

Hey, guys. Hey, Michael. Good tone seems to be improving, so certainly good to hear. I just want to follow up on the last theme, Caleb. We're seeing activity pick up with health systems. Do you anticipate that we're going to start hearing about more contract signings over the next 60, 90 days? I mean, they can't put this off for too long.

They've already pushed a lot of this out. Sorry, go ahead. Yeah, I mean, the simple math on this, right, is I'm right at the end of the quarter. So, you know, our focus right now, as you can imagine, is on doing everything we can to get every deal over the wall here before the end of the month. and then we'll regroup and start figuring out how we want to talk about the successes we got.

Okay. Considering what the shareholders have gone through, it would be great if it was sooner rather than later that we, you know, have more of an indication of how our company is doing. You mentioned something in your script in regards to the insurer's seem to be getting more involved now in regards to the requirements of the health systems, and perhaps do you anticipate that they're going to require a cyber assessment in order to write some of these policies?

You know, it's a very timely question. We started to see signs of things, you know, so we obviously get involved with insurance in some cases when clients get breached or when they call us if they've been breached. We also started to see a flurry of questions over the last month about renewing insurance policies, and I didn't understand where it was coming from, so we started digging in and actually talked with some underwriters. What we're seeing now that we've never seen before is that underwriters are calling out specific solutions that they expect to be in place. Things like endpoint detection response, multi-factor authentication. We had not historically seen that called out with the same rigor that we're seeing it called out in these contracts. The other thing is there have been some very significant payouts in the insurance space specific to healthcare in 2020. You know, I am by no means an expert on insurance, but all the signs I'm seeing is that insurance, and specifically in the underwriting process, they're starting to require things. I think it is very reasonable that we start moving to a posture where either insurance companies are requiring some form of inspection, and we are aware of one company that is... allowing a third party to provide input on the insurability of a client. But in addition to that, what's probably going to drive it even more is this SolarWinds breach. I mean, 18,000 impacted companies. It's utterly staggering, and it's a supply chain issue. So the problem here is that Any company of significance is looking out at their supply chain, suddenly being concerned that that's going to be the pathway an adversary is going to get in. I actually think the supply chain is where we're going to see the movement in the short term, where what we do today in most cases to check out a supply chain is help people answer a questionnaire. I think we're going to start to see much more definitive requirements around testing and assessments start to pop up in that space, and we'll probably start to see some of that this year.

Okay. A couple questions on the CMNC opportunity as well and what it's going to take for our company to truly leverage that opportunity to really build up Redspin, the brand. And so I guess we were one of the first 20 certified third-party assessment organizations, and that's based upon one person having the right certification inside of our organization?

No, it's based on a, so there's a couple of pieces to this, and this gets fairly complex, but the individual needs to have an assessment. So we have one individual in the provisional program. I don't think anybody has more than one. The second piece of this is the company had to go through a background check and have certain policies and procedures in place and certain trained individuals. That has also been done. The last remaining piece is that we have to have our security posture validated by the DOD. So we have already passed all of the steps to do consulting work, and now we are at the very final step to be able to actually go do the assessment work. And there isn't anybody in front of us. We're in the same path with the initial group here to get through this security assessment from the DOD.

And when do you anticipate that will be concluded?

Well, I would have liked to have been done already. We're dealing with some delays there as they've been trying to get these security assessments done. We're in the middle of ours right now.

Okay. Do you anticipate this is another 30 days, 90 days?

Yeah, I would say it's, you know, I think they finished talking to us at the end of May. And I don't know how long it takes them to dot the I's and cross the T's, but their interaction with us will be completed in May.

Okay. And then what is it going to take for us to truly support this business going forward? I mean, we're going to have to train staff. And, you know, again, if we think there is in the health care opportunity, is going to be enormous this year. We don't want to take people kind of off of that focus that are already trained and ready to go, ready to generate revenue. Are we going to have to train some of our existing staff or are we going to bring in potentially new people and train them in order to be able to make these assessments for CMMC?

Well, the short answer to your question is yes to all of it. But here's my basic strategy. We're in a very unique position, unlike a lot of other players in this space, in that we can swim in two lanes. So I have the ability to move assessors back and forth between the lanes. Now, it will likely take... and I'm guessing here, but it will take a brand new assessor to get fully certified to be able to do a CM&C assessment. It's probably a six-month to a year process. So what that allows me to do is bring them into the healthcare space, get them tooled up, maybe even give them a few years of experience, and then start taking those more experienced individuals and slowly matriculating them into the CMMC space. So in a lot of ways, I've got a built-in on-ramp. The other thing we did during the pandemic is we retooled everything. Our executive team literally met in an agile scrum every single day. And what we've done is become much more efficient in what we do in our healthcare delivery so that we don't need as many people to deliver the same work product. Now, what that does then also is create, you know, a bit of capacity so that, you know, we can go tackle the CMMC work at least in the early days of this without having to hire any people. And I think that's a huge advantage.

Great. And then I guess one other question on the Deals that we've signed so far, how many deals have we signed for the CMMC and can you give us an aggregate dollar amount?

We haven't released that yet. These are early deals, so they're still relatively small, but I look forward to talking with you guys more about that when we've got some material deals in there. That would definitely be something we'd want to talk about broadly as we start to see bigger and more material deals there.

Very good.

Thanks, guys.

Thank you, sir. Thanks, Mike.

And now we'll take our next question from William Brimmer of Vanquish Capital Partners.

Good afternoon, gentlemen. How do you hear me okay?

Yep, Mr. Cameron.

How are you doing today? All right. Hey, I'm fine. Just adding on to the last question on CNMC activity. Congratulations on getting some revenue contributions already. I think that's for some time on. Secondly, can you give us an idea of the structure of these? Are they multi-year platforms that you'll be on, or is it just simply lump sum certifications, lump sum projects initially?

Great question. So the short answer is it's complicated, but you asked, so I'll explain it. So think of this as two parts, right? There's all the upfront work to get ready, to get your documentation in order to test that these controls actually work. Let's just call that consulting. And then on the other side is actually doing the assessment. Much like a financial auditor coming in and validating, do you do what you say, do you say what you do, and can you prove it? No company can swim in both lanes in the same client. So you have to pick your lane. You're either the auditor or you're the consultant in a client. Now, if you're the consultant, that work is significant up front and likely continues on in perpetuity because when you get certified to go win government contracts at a level one, you might decide six months later, geez, I want to go bid on a contract that's a level three. Well, I got to go back and Add a whole bunch of new security provisions. And remember, security is not a formula. It's constantly evolving and bad guys are changing their techniques. So there's work that you always have to do to be able to maintain that CNOC certification. So if your relationship with a client is in that consulting lane, it is likely a longer-term arrangement with lots of renewal work and lots of remediation work. If you are in the assessment lane with that particular client, you are only brought in when the assessment work needs to be done. You are prohibited from providing them any guidance or support along the way. And that's really kind of a once and done type of work. Now, it has to be redone every three years and might be done more often if they decide to move levels. Let's say they want to go from a level one to a level three to a level four. But those are kind of the two lanes. And, you know, part of my assertion in this is that I think it's important to be strong in the assessment business because that will lead to strength in the consulting business. I mean, who would you rather bring in as a consultant? Someone that has never done an assessment or someone that's a fully certified assessor? So we're trying to swim strongly in both lanes. But the money and the repeat business is certainly on the consultant side.

Okay, good call there. Do you need to then educate adjacent markets on this or are the IT and the cyber in-house gurus, are they familiar with this certification?

You should talk to my own team. They've been in a forced march on this every single morning for the last year. This impacts HR, marketing, finance. You know, Paul has been in, Paul had to rewrite procedures. He's had to, you know, make sure every time he changes a policy or procedure, it's being updated. We, you know, today was social media training for our marketing team. of what do they do if someone accidentally posts a comment to one of our social media channels with government information in it? How do we respond to that? It is an all-of-business activity, and the entire business needs to become security aware. So, you know, I guess the short answer to that is it's a lot of work to get ready for this. And that's the case for any business that's going to be certified.

And correct me if I'm wrong, our peers that are publicly traded, how many others have this at this time that you're aware of?

So, okay, so you've got to break this into two lanes here, right? There's government suppliers that will be required to pass this in order to win a government contract. There's roughly 300,000 of those. And there are companies from very small mom-and-pop shops all the way up to massive government contractors. In terms of the companies that have gone forward, and there are effectively two lanes in this program. You can sign up to be and do consulting work, and there's several hundred companies that have stepped into that lane. And then you can sign up to be an assessment assessor, which is what they call a C3PAO, or a Certified Third Party Assessment Organization. I think there are, I think the last number on this, it's certainly around 100 and maybe as many as 400 that are applying to that. But the reality is when we went out and looked at everybody that was in the mix and what we found was most of those organizations were very small shops, three, four, five people. And you find that often in government contracting, but the reality is they're probably not going to have the infrastructure to operate on their own because of the security requirements of their own organization. So a big thing that's evolving in this is the ability of 1099 contractors to operate underneath another company as their umbrella. And that's one of the business models we're looking at with this is that many of these other entities, we may leverage them to be our hands and feet operating under our umbrella as a certified organization.

Okay. And my last question is just on the pricing. I know it's a difficult question to answer, but broadly, how are the margins on both of these divisions? How do I look upon this?

Paul, you want to touch on that, and then I'll add some commentary?

Yeah, we're not expecting any, at least at this point, this early in the CMMC effort, we're not expecting a difference in the margins necessarily between the different types of... Let me just interrupt here quickly. If the margins are pretty much the same, then I guess you can sort of leverage... your wins in the marketplace as well with these government agencies, correct? I'm not sure I follow what you mean. Yeah, I'm not sure I understand your question, sorry. Meaning, once you start to land these contracts with the DOD, does it help you on other ones that you would be bidding on?

Oh, I see what you're saying. So first of all, let me clarify one thing. We are actually not contracting directly with the DOD. We are contracting directly with the party that is looking to be assessed and approved. So our authorization, if you will, is done through a group called the CMMC Accreditation Body. They're a nonprofit that was set up to do this work. So, you know, I think probably the biggest example of what you're talking about is imagine a prime sub-relationship. So, you know, there's some, let's say there's some engine you're making for a government aircraft, let's say. You might have three, four hundred subcontractors. Well, when you bid on that contract, let's say that contract requires a minimum of a CM&C Level 3, that means that you and any of the subcontractors that are going to touch that controlled information have to all be operating at that level. So one of the things we're hoping will happen, we'll see how this evolves, is that those prime subrelationships might be very interesting opportunities to drive repeat business on either the consulting side or the assessment side, because think of it this way. If you're a prime and you know your contract – your contract date is coming up in, let's say, October, you want to work with companies that have the scale to get all two, three, 400 of your subcontractors ready for that in time.

Okay. All right. And one last one. Just in general on your base business with healthcare and some adjacent markets that you're seeing, is it fair to say, given what has occurred in the marketplace over the last six months, that the cycle time to close contracts with your sales team has been quicker than in the past?

Yeah, our sales VP and I were just talking about this literally yesterday. We are definitely noticing an acceleration there. And I'm cautiously optimistic. What I don't know yet is, is that a product of pent-up demand just because of the pandemic? Or have we actually seen the change we've all been waiting for in healthcare, that they're really starting to take security seriously? My own opinion on this, and I don't really have the data to put to this yet, I think the sea change is starting to happen. You know, ask me that question again next quarter, because I think that's an important thing to watch. But at least in the short term, we've definitely seen a reduction in the time frame it takes to close the deal. Okay, gentlemen. Thank you for the time. I appreciate it. Thank you.

And this concludes the question and answer session. I will now hand it over to Caleb Barlow for any closing remarks. Caleb, please go ahead.

All right, thank you. Well, first of all, thank you to all of you that asked questions there and continue to be, you know, long-term supporters of what we're doing here. I think, you know, if we kind of look at 2020, this was a year that, well, it challenges about everything. We knew about our business, our personal lives, but for our team, it was also an opportunity. And we used this time to retool, to become more efficient in learning skills. I mentioned this earlier, but our entire executive team meets every single day in Azure Scrums focused on improving our position. Now today, we're a much smaller organization than we were a year ago, but we still operate with a similar delivery capacity. And as conditions improve, we will expand and meet that demand. Most importantly, we can now leverage our resources, our infrastructure, our intellectual property now across this much larger addressable market than we could years ago. And we're looking forward to that opportunity. In closing, I want to thank our employees, partners, and all of you as our investors for your ongoing support in this year that was 2020. And now let's get back to the real work of growing a business. Thank you.

This concludes today's call. Thank you for your participation. You may now