This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk01: Good day, everyone, and welcome to today's Side Channel Fiscal Third Quarter 2022 Investor Update. At this time, all participants are in a listen-only mode. I will be standing by should you need any assistance. It is now my pleasure to turn today's program over to Matt Krebs, who works in Investor Relations for Side Channel Inc.
spk03: Thank you, Chloe, and welcome to the SideChannel Inc. Fiscal Third Quarter 2022 Results Conference Call for the period ended June 30, 2022. With me today are Brian Hoaglick, President and CEO of SideChannel, and Ryan Polk, CFO of SideChannel. Before we begin, I'd like to caution listeners that comments made by management during this conference call will include forward-looking statements within the meaning of federal securities laws, including SideChannel's financial outlook and SideChannel's plans and timing for professional services, product development, and sales. These forward-looking statements involve material risks and uncertainties, and SideChannel's actual results may differ materially. For discussion of our business lines and risk factors, I encourage you to review the company's most recent annual report on Form 10-K and our most recent quarterly report on Form 10-Q. The content of this conference call contains time-sensitive information that is accurate only as of the date of this live broadcast, August 15, 2022. Except as required by law, SideChannel undertakes no obligation to revise or update any statement to reflect events or circumstances after the date of this call. And now I'd like to turn the call over to Brian Hovely, President and CEO of SideChannel. Brian, please go ahead.
spk04: Thank you very much, Matt. You can hear me still okay. Hope everyone's doing well out there. Again, thanks for everybody taking the time today to jump on this call with us. So I want to go over a number of things and then I'll turn it over to Ryan for financials and then we'll open up for Q&A. So first, the June quarter has been transformative for SideChannel and our predecessor, Cypherlock. Obviously in May, we announced Cypherlock's acquisition of SideChannel Incorporated, a private business providing virtual chief information security officer services, primarily to middle market companies. SideChannel is a growing business with 2.6 million in revenue through September 30th, 2021, and on track for continued revenue growth and cash positive operations. We will report a higher revenue number for the next fiscal year. The acquisition itself included consideration of approximately 60 million shares of Cypherlock common stock, plus an opportunity for SideChannel shareholders to receive an additional almost 60 million shares of Cypherlock common stock when SideChannel itself achieves 5.5 million revenue as a milestone. It should be clear that our focus is on growth and winning growth in the right way to create long-term sustainable value. We believe the combination created a unique business with both the technology and the services needed to provide effective, affordable, and responsive security to middle market companies. The Conline Company will be known as SideChannel going forward. We changed our stock ticker to SDCH recently, reflecting the new name, and we will file on a consolidated basis starting from our next financial report. Additionally, we intend to file an AKS pro forma that will give greater insight into the business operations. This is due by September 15th. Of course, we'll accelerate this timeline as we can, and we intend to do so. So looking ahead, we intend to deliver on the rationale that brought us into this transaction in the first place. Middle market faces growing needs for encryption and cybersecurity, and the rising costs and rapid turnover of CISOs leaves them priced out of the market for the talent and access to that talent that they truly need. Likewise, CISOs are burning out and looking for a better way to practice the profession that they love and bring real value to the companies that need their services. SideChannel marries these two together, offering senior, experienced CISOs to middle market companies on a fractional, cost-effective basis. This offers SideChannel customers unparalleled expertise and support, but at the fraction of a price that is appropriate to their budgets. Moreover, they can also benefit from our expansive team, our deep vertical expertise, and opportunity to source from a wide variety and array of software and hardware solutions from across the industry. The addition of Cycrolox assets provided a means of tapping growth capital to accelerate our business, as well as technology resources to develop our own software and solutions to meet middle market customer needs, something that we're seeing extensively across our current customer base. Now, for example, micro-segmentation platform enclaves that we will be that was announced in May and will be released soon for general availability or the GA version. It allows our clients to reduce risk, enhance productivity, and make zero trust a reality. This product is built on a very successful open source platform called Nebula. This was developed by members of the cybersecurity team at Slack and currently runs on over 150,000 endpoints, causing zero disruption or downtime. The scale and stability of Nebula, along with the reliance by Slack for its own security, is why we've chosen it as a core base to our own commercially available product, Enclave. We are very supportive of the open source initiatives and look forward to increased involvement with the Nebula community. Enclave is just our first product, and it stands apart in the field for its ease of use, cost effectiveness, especially something important to the mid-market, and its own cloud-based policy management. In addition to direct license sales, we also can offer a managed service behind it for customers who need even more support. This additional service line will increase usage and revenue from Enclave and its own sales cycle. And the key three points to really look at that we are seeing inside of the client base, micro-segmentation, right? It's a way to walk towards zero trust security, and Enclave itself can deploy different types of encryption into instances where it was previously difficult to implement. For instance, we've heard stories of organizations that have regulatory requirements that they need to implement encryption but don't have a means to do so inside of traditionally flat or legacy-style networks. Enclave can enable that. So how do we deliver encryption through micro-segmentation? It's more than just encryption itself. We want to watch what NIST is doing and the evolving views on encryption and its application in the real world. And we're going to build on Cypherlock's previous work and the other platforms based on standards and customer preferences. We intend to incorporate the Cypherlock Polymorphic Encryption Core, or the PEC, into Enclave as part of our development roadmap. The PEC is quantum resistant and FIPS 140-2 certified, hold two FIPS 142 certificates, numbers 3645 and 3381 from this. Specifically with FIPS, this clears the road for us to sell to federal and state governments where products are required to be FIPS certified. So we see a real prevalent need for this type of, technology, coupled with side channel services of building programs and changing cultures, really the three legs to the stool to any type of zero trust initiative. So regarding this, I just want to be transparent, and I read quite a bit on the Internet, and I just read quite a bit, period. I enjoy reading. I'm well aware of the interest in where the Cypherlock technology stands. NIST has been running a six-year competition since 2016 to choose the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day, such as online banking and email software. As of July 5, 2022, NIST has chosen the four selected encryption algorithms that will become part of NIST's post-quantum cryptographic standards. expected to be finalized in about two years. When NIST chooses its finalists, the Cypherlock polymorphic encryption will be deployable either standalone or via Enclave to leverage and use those NIST-selected algorithms. So overall, it's very good news. I'm very excited about what we're doing with SideChannel and we're on the other side of this merger. What we're doing is working for the mid-market. We've added a number of outstanding logos to our client roster over the past few months. Virgin Voyages, for example, we're currently handling their ship and shore, and we're focusing their business, allowing them to focus on their business while outsourcing their security to the experts at SideChannel to be able to implement what is right, what is required, and what is effective for their own operations. We recently landed one of the larger Bitcoin mining operations in the United States and even the world looking for more cost-effective and efficient security solutions, advisory, and guidance. EasyCater is a recent win. They're a platform for corporate catering events. Their full-time CISO decided to leave and pursue new opportunities of professional growth. And the company decided to transition to a VCISO for more cost-effective service and access to broader talent than an internal hire could offer. And they chose SideChannel. So you'll probably recognize many of these names. Maybe some of them you don't. But know them to be significant businesses in their own right. They and other customers see the value of using a vCISO solution and the capabilities that we bring to bear along with it. And in fact, we're expanding and re-upping our services with them and our other clients within our portfolio. We're excited about our growth opportunities, which can be lumpy throughout the year. For example, November and December can be slow months as companies close out their year. In January, we can usually see a wave of new activity corresponding to new budget years, right? Our goal is to continue to build a strong base of customers generating predictable revenue and augment it with a broad funnel of new business prospects. And we'll do that through a variety of ways. One of them is new talent. We're excited to... We haven't publicly announced online. If you follow any of what we're doing on social media, a predominant amount of information comes out that. But we recently hired Trent. He starred with us in this last month as our new vice president of sales. We're building out a very robust sales team with him coming on board. We're also keeping... eyes on a select list of M&A targets in areas that are complementary to our services. And where we traditionally have gone to partners, we can now deliver these ourselves directly instead. And we see a very rich pipeline and continue to evaluate that pipeline of M&A targets and opportunities very closely. Overall, very excited about the direction we're going and what we've been stepping down as far as our plan. Finally, I just want to call out we've expanded our board. We've got some great additions to the board. You would have seen the press releases recently. Debbie McConnell, she's been involved in the computer industry for more than three decades, recently retired from IBM. She was instrumental in transforming IT for IBM's human resources function, which supports upwards of about half a million employees. So no small feat there, along with enhancing the processes for mergers and acquisition management and talent acquisition. So we welcome Debbie. Very excited to have her on board. Kevin Powers is the founder and director of the Masters of Science in Cybersecurity Policy and Governance Programs at Boston College. Go Eagles. Mr. Powers is also a cybersecurity research affiliate at the MIT Sloan School of Management, and he's taught courses at the U.S. Naval Academy, where he is also deputy general counsel to the superintendent. So we welcome Kevin. Last but not least, Hugh Regan recently retired from his role as CFO of Intext, a publicly traded manufacturer of capital equipment used in the semiconductor industry. Mr. Regan will serve as the chairperson of the company's audit committee. I'm very excited to have Hugh and discussions with him. He was very thoughtful and very insightful addition to the team, obviously, amongst Kevin and Debbie. So that rounds out our new board. We're excited about our path forward, both our team and our opportunities for growth, and we look forward to reporting progress ahead. With that, I am going to turn it over to our CFO, Ryan Polk.
spk02: Thank you, Brian, and good evening to everyone that's on the line. So first, before we get into the comments about the results. Just as a CFO, I want to talk about the concept of a chief information security officer and a number of roles that I've had in both as directly as a CFO or in corporate finance offices of publicly traded companies. Enterprise risk management has always been a key topic and a responsibility for that desk. Over the years, as you could imagine, cybersecurity seems to keep climbing up that list, that risk management list. The role of CISO begins taking on a much more important level inside a company, certainly during planning cycles, certainly as you're thinking through some keyboard reports that you might do around risk management. As a CFO, I certainly have been keeping an eye on what's happening And the world of CISOs understand the importance of that role, the growing importance of that role. And it's, to me personally, very exciting to be part of a company that's solving a problem that I know small and medium-sized businesses are going to struggle to solve on their own. So one of the other things that is really appealing to me as a chief financial officer is the idea that using an outsourced service like SideChannel means that I don't have to worry about keeping my vCISO on the cutting edge of cybersecurity because I know a group like SideChannel could do that much better. They have the capacity to train and the ability to network amongst peers to a degree that's greater than I could probably do for whomever I might hire as a CISO. Personally and professionally, love being a part of this organization and have great enthusiasm for the direction and vision that Brian is leading the company. So let me now turn my attention to the results. Again, these results reflect Cypherlock only. My comments and the financial results that I'm talking about today are for the nine months into June 30, 2022. By the middle of next month, by September 15th, we will be providing pro forma results for the combined company. And we'll do that through an amended 8K filing. The 8K filing is going to have audited full year, audited financial results for the side channel business. It will also have combined results for one year and a pro forma result for the nine months through June 30, 2022. We would like to help you get to know those results, and so we are thinking about ways to do that, and we hope to help you understand those results in a deeper way beyond just through the 8-K filing. So we'll be in touch with you. I'll be announcing some things through either press release or otherwise to help you understand those results in a deeper way. For the June 30 results that Cypherlock is, for the Cypherlock entity, the side chain was reporting, we had 3.6 million of cash as of the end of June, and the company reported a net loss of 2.8 million for that nine-month period compared to a 2.3 million loss for the nine months in the year prior. We should note, or do want to note, that these current year results include about $480,000 of acquisition-related costs. And so that difference from one year to the next is largely driven by the costs associated with the acquisition of SideChannel. CAS used in operations through June of this year decreased to $2.2 million from $2.6 million for the nine-month period one year prior. We anticipate the side channel acquisition will mitigate operating losses and the cash burn going forward. And at this time, we do not believe that additional capital is required before the combined business is profitable and cash flow positive. Earlier, Brian mentioned that we are building an M&A pipeline. Please note that as we evaluate M&A targets, we prioritize companies that have adjacencies to our existing products and services that are revenue positive and that are cash flow positive. So thank you for your interest in SideChannel. This concludes our remarks on the financial results. We look forward to communicating with you through our next filing on the pro forma financial results. And with that, I will turn the call back to Matt. Thank you, Ryan.
spk03: All right, so we had submitted in the press release for our investors and people who are watching the company to send questions in advance and received a number of questions that was aggregated and consolidated. And we received a couple here recently based on the filing. So the first question, and Brian, this might be directed towards you, says your results PR today referenced eight new cybersecurity services contracts. Can you give us a little more background on those? such as who are the customers or what industries or type of customers these are?
spk04: Yeah, no problem. So it's a variety of contract sizes and types. So in our business, we see a lot of different needs from our customers. So net new customers where they're coming to us and it's, hey, I need a VC, so I need a cybersecurity program built, start guiding me, start leading my program. So we actually signed one of those. I believe that was the Easy Cater that I referenced. And then we have other service contracts that we're traditionally fulfilling, things where clients need new capabilities, new software, new other services that we can provide. So it's a mixture of those types where – They might need licensing for an email security solution, and we're in the opportunity to be able to resell that into our client. Or we need to implement a solution or make changes and configuration modifications to their environment. So we can provide our team, other team members, traditionally lower cost resources into those clients to provide those types of projects, or even just ongoing support. So it's a mixture of those. I don't have the exact date in front of me right now, but I do know that the ones that were referenced since the merger were kind of the variety. This is all standard stuff that we're seeing. So this is, I don't want to say basic, but this is what we do.
spk03: Excellent. And then a follow-up question that came in from the press release today that relates to that. was asking about the contracts. It looks like we have about a $100,000 average cost for each of the contracts we're referencing in the press release today. Is that typical for a new business deal for SideChannel and Cephalox, or should we expect those contract values to grow?
spk04: So we see new vCISO contracts, net new clients, averaging between – $150,000 and $250,000 on a net new client that needs to do CISO work for a one year. And we have a pretty high retention rate, so we see renewals on that. On project work, engineering work, those are traditionally between $100,000 and $200,000 on average we're seeing for spend by our clients with us. And then any type of resale or any other product sales, those can vary tremendously. They're traditionally based around license count, and license count is usually dictated by either employees in the company or a number of endpoint devices, such as the number of servers or laptops or a combination thereof in an environment. So those can vary quite a bit. Again, it's based on license count. Software is traditionally a lot longer term, kind of out of the gate, so you know that these are longer term. Some services are project-based, but our vCISO work and a predominant amount of our other service work is longer term, but we tend to contract or sell or write one year with renewal-style statements of work.
spk03: And Brian, I know that you spoke some about this in your prepared remarks, but we did have several questions asking how SideChannel plans to use the Cypherlock technology for the products that will be sold in the future. Perhaps you could elaborate a little more on that.
spk04: Sure. And my intent in the future is to expand, you know, this talk and these types of talks to include our CTO, Nick, Joe and Miguel from account management, David from sales and marketing to round out kind of the views of what we're looking to do with these products and future products. Our current intent with CypherLux technology is to really look at its usage and its applicability with the FIPS. I mentioned the FIPS 140, which is a requirement for federal sales. So I believe in looking at what the technology can do and having that as part of Enclave and using Enclave to deliver the Cypherlock SDK and software development kit and what can be built out of that. That is what I believe is a viable future for that technology. I think A lot of people have a hard time just wrapping their heads around, why do I just need to buy encryption? What people really want is, I need to implement encryption. I need to implement micro-segmentation. What customers are looking for is not the encryption itself. It's not any encryption itself. That's kind of table stakes. What they're looking for is a vehicle or a method to easily implement those things into their environments. And that's where we will focus our products. That's where we'll focus our sales energies on those types of clients that are recognizing that that's what their pain point is. And where applicable, we will use the previous Cypherlock technology and stack to be able to help deliver that. Okay.
spk03: And, Brian, in a similar vein, we had some questions about Enclave. primarily asking exactly what Enclave does and how you use that with your vCISO customers.
spk04: Sure. Yeah, so look, it's built on the open source solution nebula. And the really smart people over at Slack, you know, and they're running, you know, decided they needed to, you know, software-defined networking approach to segmenting their environments. They weren't going to purchase stacks and stacks of Cisco equipment and start building VLANs and running ICE and have the cost that goes along with it. No, why? Because they don't have any on-prem infrastructure. So you need a software-defined network in order to be able to go do that if you're solely in AWS or Azure or cloud. And I think what's really great is that same approach applies if you do have an on-prem infrastructure. So our clients are a mixture of both. solely cloud-based, solely on-prem. A lot of them have both, you know, are in both locations. So now, you know, to me, the customer base is ripe, right? The middle market is ripe for needing this. Micro-segmentation, which Enclave can allow you to realize in your environment. Micro-segmentation is one of the technology components to making zero trust happen inside an environment. And I think we have, you know, a very good and capability that we can deliver. We have a technology that enables zero trust and aspects of zero trust through micro-segmentation. We have senior leaders in the industry who are now delivering to our customer base as a VC, so who can build a program with policies and oversight and governance, which is another good component to have within a zero trust. And then also shaping the culture of an organization to be able to accept and adopt that approach. So I feel like we have the three legs of the stool to be able to make zero trust happen. And so for me, this seemed like a really great combination of we're focusing on middle market companies who have this issue and don't have a very cost-effective way, if any way, to easily deploy micro-segmentation in their environment. Along comes what we have with Enclave, and now we have an oversight Uh, by senior leaders, we have a willing customer base that needs a solution like this, and here comes Enclave as a product that can deliver to that very need.
spk03: Excellent. Thank you. Uh, and then Ryan shifting gears a little bit to a couple of financial questions we received. Uh, one of those asking about uplifting and what requirements side channel would need to meet in order to be eligible to move on to one of the mainstream exchanges.
spk02: Yeah. The board at Cypherlock has been, they've had their eye on this for a while. And they've been executing to that for as long as I have been around them. It started with, I think, just getting the board to have independent directors sufficient to meet the independent director requirement, which we do. It included getting the right kind of audit partners engaged with the company, which we did and still have. Those fundamental requirements of independent board governance is in place. I think the quality of the board members is extremely good. I like working with Hugh Regan as the chair of the audit committee. Hugh has had a couple of experiences getting companies onto mainstream exchanges. His most recent one took, took a company to the NYC American exchange. And so Hugh's got experience with that and certainly has some opinions and a network of people that could help side channel execute that, that move. Uh, well, I think as we look ahead though, we've always said, we've always tried to say at least, um, in, in recent calls with, uh, with, uh, investors that execution is the key. And so I'd say probably, Matt, the number one thing that we need to focus on is just continuing to drive a great customer experience and having that show up in our financial results through growing revenue and profitability. So we would like to continue. We'd like to see just some continued growth and improvement in what we report. We think that's going to be helpful to our activity. And as we mentioned earlier, we believe that that's trending well for us. The other things we need to be focused on are things like share price. We'll need to meet some pricing, minimum pricing requirements. There'll be some windows of time over which we'll need to trade at that price. There's some volume expectations around those trades or that trading window. There's some other things. It can get a bit technical. I don't want to bog down on this call with all those details, but it really hinges upon a couple things. One is us continuing to execute and growing, and two, some appreciation in the share price above the minimum thresholds that either NYC American or NASDAQ would expect for us. But the fundamental things that we can take care of today, like having the right kind of board, putting the management team in place to be successful in such a move, making sure we've got the right external partners in the way of auditors and lawyers and so forth. All those things are there, and we're just going to keep doing what we need to do. And when the market is indicating that they support what we're doing, that should give us the next green light that we're going to need to be aggressive about moving to a mainstream exchange. Thank you.
spk03: And then, Ryan, another one for you. We referenced the balance sheet cash position in your prepared remarks and in the filing. We had a question about how to think about cash now and going forward. Whether the company has enough cash to reach break-even and become a self-funding within the current balance sheet.
spk02: Yeah. Matt, we talked about that a little bit in the queue, in the liquidity section of the queue. We give a... We make... We make three statements. One is we give a range of what we think the cash usage is likely to be over the next 12 months. And I believe the range we used was 2 to 2.7 million. We also state that we believe the side channel acquisition will mitigate the use of cash. It'll be a positive to our cash burn. And so we expect to report cash flow from operations to be growing or less negative in the short term. It's probably the best way for everyone on this call to think about it. And I believe the third thing that we said is that at this time, as we look at where we are and where we're headed, we do not anticipate needing additional cash to reach cash flow, a cash flow positive quarter over quarter operations. All right, perfect. Thank you.
spk03: And then the last question that we received was around acquisitions. It was, do you intend to pursue more acquisitions? And if so, what types of companies would you be interested in acquiring? And that could be, I guess, either of you.
spk04: Yeah, I can start. I mean, from my vantage point, I'm interested in companies and firms that show promise in the industry for the problems that we're trying to solve that we don't solve today. So I'm thinking about capabilities that are ancillary to us, but not too far away from what we're trying to do. You know, I think I look at, you know, smaller organizations that have services but are tech-enabled that can scale, show promise of scaling, but maybe haven't figured out how to, and we could be a better home that can allow them to focus on that while removing their expense costs for running their own business. You know, we obviously want things that we know are tied to needs, right? Regulatory needs are a great driver from a business perspective on cybersecurity. For instance, many regulations require risk assessments. They require pen tests. They require these CISOs, New York State Right, the Part 500 DFS states that you can have an outsourced CISO if you're held to that standard. There are a number of things that these regulations call out and we would do well to look at those because obviously they're a requirement and you can't fight those requirements. So if we can be the provider of that along with the other services, I think we'll do quite well. Ryan, if you had any other thoughts on or that you could share on our acquisition strategy?
spk02: Sure. Yeah, Brian, I think I just, I think I just repeat some of the things we said earlier, which is, cause I think they're important. I think they're important for everyone to understand that we, we, we are, our filters look at revenue and we, we value revenue generation and our filters look at cashflow. We value positive cashflow. We feel like this sort of goes back to that original question or not original, the question I answered first around the, the move to a mainstream exchange. And we believe we understand what the investment community is looking for. We believe if we report and communicate the success we're having at growing revenue, that we show a favorable trend in the EBITDA line, a favorable trend in the cash flow line, that that will generate support in the market, and it's that support that we ultimately need to uplift. So everything that we're doing across the company, whether it's in the M&A front, which is what this question is about, or it's another area, another functional area of the company has sort of these fundamental expectations in mind that they are generating revenue, that it's a cash flow positive activity. And so I think that's the only thing I would add, Brian, is that, yeah, we certainly love that adjacency from a service point of view. So that's an exponential kind of event for us because that service then lays over the existing client base that we have, which is good for that new inbound technology that we've acquired. We believe we provide some ability to expand the capability of that technology team. And so there's just this, we expect anything we do from an acquisition point of view to be not just a sort of, let's use a cliche. We are really looking for one plus one equals three kind of opportunities. Certainly the side channel plus Cypherlock, combination reflects that as we've talked about with Enclave and all the capabilities that are present inside of the Enclave and the PEC. And doing more of that is going to be our focus.
spk03: Excellent. And I believe that wraps up the questions we'd received in advance and after the press release today. So, Brian, I'll turn it back to you for any closing comments.
spk04: Thank you, Matt. So before we close the call, I just want to thank everyone for joining us today and for their support over the past year. Really looking forward to how we're going to close out 2022 and onward into 2023. And we'll be participating in the LV Micro Investor Conference in October. So stay tuned or look us up for that. With that, I'd like to conclude today's call. Thank you very much and be safe, everybody. Thank you.
spk01: This does conclude today's program. Thank you for your participation. You may disconnect at any time and have a wonderful evening.
Disclaimer