Sidechannel Inc

Ladies and gentlemen, please stand by. The webcast will begin momentarily. Thank you.

Ladies and gentlemen, please stand by.

The webcast will begin momentarily.

Ladies and gentlemen, please stand by.

The webcast will begin momentarily.

Ladies and gentlemen please stand by.

The webcast will begin momentarily. Ladies and gentlemen please stand by the webcast will begin momentarily. Thank you.

Thank you and welcome everyone to Side Channel Investor Day's 2023 webcast. With me this morning is Side Channel's Chief Executive Officer, Brian Haugley, and Ryan Polk, the company's Chief Financial Officer. Before we begin, I need to read the following statement. Statements or comments made on this conference call may be forward looking statements. Forward looking statements may include, but are not necessarily limited to, financial projections or other statements of the company's plans, objectives, expectations or intentions. These matters involve certain risks and uncertainties. The company's actual results may differ significantly from those projected or suggested, and any forward-looking statements due to a variety of factors which are discussed in detail in our SEC filings. At this point, I'll turn the call over to Brian.

Thank you very much. Good morning, everybody, and anybody on replay. Good afternoon or whatever time you're following us. I'm Brian Hoagley. I'm the CEO of SideChannel. Joined here today by Ryan Polk, our CFO. Very excited that you've chosen to join us on this Investor Day. We look forward to the discussion that we're going to have. We're going to go over a couple of areas. Obviously, this welcome, a slight overview of what we're going to discuss, really what our organization is set out to do. areas that are impacted in the mid market that we are looking to support and help. We've got a great employee feedback video that we're looking forward to share. And then an introduction to our board members who are here in Worcester today. And then we'll move to a Q&A that was pre-submitted questions from our investor base. So look forward to that. All right. So this is a new format for us. We are very excited to be able to start having an engagement with investors. We look at this being our first step towards establishing a cadence with you to talk about what we're doing, get your feedback, get an understanding of what you're looking for in our company, and give us the ability to discuss that with you. I started out in this space really being a problem solver. I took that experience and that desire to want to really fix issues for people who otherwise did not have the capability themselves, and that's organizations or others. I took that into the Department of Defense, where I worked for a number of years across a variety of different agencies to be able to solve solutions for national defense. Out of that I became the chief information security officer for a Fortune 500 insurance company, again, looking to establish a means to be able to fix problems that were inherent to a number of organizations, companies across the space. And that focus has been around cybersecurity. It's something that I've seen that has been really an untested area for a lot of people to address as a risk. And a lot of it stems from the lack of experience, the lack of the right guidance, the lack of looking at how a program needs to go into place and the right solutions and products. So I've seen that from being the CISO or Chief Information Security Officer of an organization. I've seen that from being a vendor of other organizations relying on their security posture. And that journey led me to create side channel, and then bring on a number of partners to help me grow this organization. Many of them joining me here in the room today at Worcester, the camera can't swivel around, but we will introduce a number of folks later who saw the same problem from their neck of the woods and from their vantage point and from their experience. And our job as a company is to address cybersecurity as a risk for mid-market and startups and going upstream into small enterprise. And we feel that we have a very good capability to deliver for that into that space. And that's what we want to talk to you today about. So who really needs protection? It's an unfortunate answer, but everyone. There aren't modern companies today that are not connected to the internet or connected to a network or reliant on technology. And this technology and anything else has an inherent risk to its mere existence if it's not configured appropriately, if it's not surrounded by compensating controls, if it's not addressed on what data it's storing or allowing access from. These are areas that unless you are a professional in this space or have real good guidance or real solid understanding, they go unchecked. And as we see the mid-market and the enterprise space growing and adopting even more and more around technology, this risk is not getting any easier or going away as far as being able to be addressed. So we see Fortune 500s having easy access to large providers. But really, the middle market space is over a million companies. And who's working with them? And that's what we set out to do with Side Channel. I joke about this. There's only 2,000 companies in the Fortune 2000. Who's working with everyone else? It's an untapped market. It's underserved. And We know our solutions and our drive and our ability to deliver what we do into this space is going to just reap incredible rewards. And I think we've proved that today with our growth and with our focus and our expanding client list. Sorry. Thank you. Yeah. We had our annual shareholder meeting right before this. talking since earlier this morning. So forgive us. Hope everybody's catching up on. Good. All right. So back. With a large middle market, right, over a million companies, total combined revenue that these companies represent of $8 trillion, it's no small part of commerce and organizations' existence and being part of the growth rate of either the US or others. It is a very real market. I think most people just think, what I'm trying to get at is most people just believe, hey, enterprises really need this. And smaller companies don't because they're smaller. And the fact is, that's just not true. The same risks exist at enterprises that exist at mid-market and vice versa. The real problem is that mid-market have a smaller financial ability to address those risks, whereas enterprises do not. They have a much larger budget. They have much larger capabilities. They're actually able to attract more talent. So again, this is an underserved market. The risk is still very real. and who can step into this space to be able to solve for the problems that exist there around cybersecurity and privacy and risk management. And that's what SideChannel is positioning itself to do and has been executing on. So the landscape and the legislation that pushes this top down, right? In the United States, we know today there is no U.S. national or federal standard or requirement around cybersecurity. It's creeping up at state levels, but we are seeing some federal-level organizations establishing it as a requirement. First and foremost, the SEC and its overview and oversight of over 9,000 publicly traded companies and is making cybersecurity a requirement for them to address, whether that is having the experience on the board or having expertise within the organization to be able to effectively address incidents when they happen, be able to respond to them, be able to report on them. But you really can't, everyone kind of focuses on, well, that's all great, that's all reporting, and that's after the fact. But you really can't do that reporting unless you actually have a program in place to be able to protect, detect, and respond to the threats and the risks that actually exist inside the environment. And you need to be able to do that with leadership, with building a program, with running an organization cybersecurity. So the SEC is stepping in and making this a requirement. The FTC and its Safeguards Act underneath the Gramm-Leach-Bliley Act of GLBA, it is positioned its cybersecurity requirements. Many states have theirs. New York State DFS instituted Part 500. At a state level, any financial institution inside of or domiciled within New York State has to follow these regulations. And they clearly outline, much like FTC and the safeguards, You need to be able to have these capabilities in your organization if you are going to fall underneath these guidelines, whether it's FTC, New York State, or otherwise. So we're seeing top-down pressure from a compliance and a regulatory standpoint, which is mandating security. But we are also seeing a growing need by board members and leadership of organizations who are expecting better security within their organization. And who are they turning to? We're seeing a growing amount of, let's go to the next slide. We're seeing a growing amount of customers demanding that organizations have a cybersecurity in place. They're not going to do work with another vendor, whatever, unless they can prove that cybersecurity. The reason this is all coming about is because attacks are not slowing down, unfortunately, for us. Cybersecurity exists inside of the logical plane versus the physical plane. It's very easy to see somebody breaking a window and stealing something from a store on a street corner. We can see that crime being addressed, but the internet is not like that. We can't see everything that is happening as far as those types of crimes goes, which allows attackers to operate anonymously and at much higher scale. So we're seeing attacks increase. We're seeing the costs of these attacks increase over time, and we're seeing them change. Just last year, ransomware was the number one threat. Everyone really thought that was going to grow. This year, believe it or not, business email compromised. People committing wire fraud because they had access to a company's email solution has exceeded ransomware. Why? Because the bad guys have pivoted. It is a business for them. There is an ROI. They have figured out what is gonna make them more money for the least amount of effort. It's a business. The days of thinking it is some kid in a black hoodie in his basement are over. These are well-orchestrated, well-funded, well-organized organizations out there creating a business for them. They go on holiday or vacation. They have payroll. They have healthcare benefits. They operate like a business, much like you or I understand how legitimate businesses operate. And again, there is an ROI for them. That is not going to slow down their operations and their move because they know there's a return. So where we step in is obviously identifying and knowing what can slow them down, what can stop them, what can be built at an organization that allows you to feel much better about your cybersecurity posture in addressing those risks, in addressing regulatory concerns, in addressing the questions from your board or your C-suite, being able to put your customers' concerns at ease that you have a cybersecurity program. So what have we learned from the mid-market. Well, why isn't everybody just flocking to building this, right? I mean, that's a concern. Why can't I just build this myself? The average cost for someone who is a chief information security officer who has the experience, and we happen to have quite a few of them on staff, is about $650,000 per year. That is a tremendous amount to carry as an expense for middle market. And it's completely unattainable really for a startup to be able to hire somebody and carry that as an expense for that company. We see organizations shying away from doing the right thing because they can't afford it. And that has been an historic problem within the mid markets ability to address cybersecurity until now. So when we look at breaches and the costs are, going up. When we look at the solution that's available to us is too high, people just kind of sit back and wonder, well, what am I going to go do? And the three things that they need to focus on is obviously protecting their reputation, complying with relevant laws, and understanding what to protect around their customer data because they want to protect the revenue. How do we fill that gap? Where does side channel come in? What have we been able to do? I actually want to kind of highlight a story and a couple of great quotes from customers about this. But kind of share, how do we do this? What have we actually done? We recently helped a fintech company, financial technology startup, as they were looking to build a platform for high-speed trading. They knew that the data that they were going to be holding was going to be incredibly valuable. They needed to protect it. They knew that the customers that they were looking to sell into were going to be very high profile, and the demands of those customers were going to be incredibly high, and the scrutiny of their cybersecurity posture was going to be very much on the table. This company also not just had a great product, but were looking to raise money to increase their R&D, their development, their go-to-market. you know, as they're going through raising a Series A and Series B, we were able to build and articulate that program for that customer. So they were able to attract and secure their initial, I think it was $40 million Series A for their initial growth, and they're selling into banks and larger institutions. But it didn't stop there. They caught the eye of their target market, and they wanted to grow with the scrutiny still stayed on them as far as, well, what does your program look like? How are you protecting this data? How do we know that you're going to be stable, you're going to be online, that you can actually be used? Well, they then secured $100 million Series B. We were instrumental in being able to, again, continue to mature that organization's security posture, continue to be able to talk to the customers and put them at ease that their investment was going to be relevant, it was going to be good, it was going to be sound. And that they could trust that the security of the platform that this client was building was also going to be sound. So here's two real kind of components to a single organization's growth. Its ability to attract investment and grow, as well as the ability to put customers' minds at ease and really take security off the table as a concern so that they could have an easier and a much less friction in their sales cycles. And this is not the only client that we've run across where this has happened. This is a very predominant theme. Now, not everyone's out there raising Series A and Series B, but removing cybersecurity as a risk from the sales cycle and removing that friction from that cycle is now becoming much, much more of a conversation and a concern for business owners. Why? Because the scrutiny on cybersecurity is becoming more and more. So I want to read two quotes. You can see them on screen here. But an integrated marketing and creative agency client, a longtime client of ours, and I'll quote the CTO, there's something to be said for specialists when it comes to cybersecurity. We had a security plan and we were getting it through our managed service provider, but security is not their specialty. It led us to having a false sense of security. And we see this quite a bit. And there's nothing wrong with managed service providers, traditional IT service providers. We love them. We rely on them. We partner with them. But that's not their focus. It is ours. And there's a real difference between doing it because it's a nice bolt on. It's a nice thing to be able to sell in addition to what else you're selling from. This is our specialty. This is our focus. In fact, for most of us, this is our lives. This is our professional livelihood has been centered around this specialty, this area. And this is what we want to continue to bring into our customer base. I'll read you another one. Executive at EHR, health record, software client. Side channel relationship has been instrumental in providing guidance on the improvement and maturation of our existing cybersecurity program. In doing so, it helped our company win a pilot for what could be our single largest customer by meeting all of their cybersecurity requirements, something our direct competition has been unable to achieve previously. SciChannel has also been critical in providing experience to help guide the security and due diligence efforts required during the post-merger integration of five individual companies into a single enterprise. The cybersecurity profession is now akin to legal, accounting, and insurance. When we look inside of organizations at the enterprise level, we see the CISO right there with HR and GC and internal audit. and other C-suite members for a reason, because that's how important it is for that organization's success to address cybersecurity as an operational risk at an enterprise level. And our clients are seeing it, and they're realizing the value that they're getting out of it by working with us. So who's the team? Who's bringing this to fruition? It's not just Brian and Ryan. We've got a a really phenomenal organization and we continue to attract great talent. And we're very, very excited by who we're always able to attract. And if you follow us on LinkedIn and on social media, we regularly post about who's joining and we're not shy about that whatsoever. You can visit our teams page and see who is on the team. But really, I mean, we have a tremendous amount of experience when you really kind of total it up. We kind of go back and forth on like, you know, total years of experience, but roughly over 400 years of actual experience across very C level executives who are now delivering into our clients. And that team is allowing us to, build better products, build better capabilities. It's not just about that person on delivery. It's about how they think about these problems, just like I thought about these problems when we started. And the leadership that we have comes from a variety of places. Dick's Sporting Goods, Booz Allen Hamilton, Best Buy, NTT Data, Coal Fire, Blue Cross Blue Shield, Anthem, and many more. We continue to want to attract that talent from known entities because we know what they can do there, which means we know what they can do for our clients today. We're remote first, and we're very capital late on how we approach our talent acquisition. This is a lifestyle balance for a lot of our people. They're no longer looking for these high-end CISO jobs, right? I cited the $650,000 average cost earlier. What comes with that job when you're working for a single organization is 60-plus hour work weeks, high stress, a terrible work-life balance. I know because I lived it. While I enjoyed that time and I learned a lot, you can only take so much, and you can only do that for so long before you start looking around. Side Channel affords our team, and we're going to show a video in a minute. You're going to hear directly from some people about that, why they value Side Channel. And we're very proud, as being a veteran myself, 16% of our staff are veterans, and we will continue to look to the military and other law enforcement and other services to be able to attract the right talent into our delivery. So we're really not, you know, we're not just consultants. Consultants have a kind of a plus or minus on a thinking around them, but we become a fabric of the company itself. We are really embedded in the organizations. Most organizations, more than 12 months. We have many clients that are re-signing with us for their fourth year. We've been around for four years. So it's a very interesting role being a known third party, but being so trusted in what we're doing that we are treated just like the C-suite. I mean, many of our clients, we're briefing their boards. We're talking to their customers who represent the highest amount of revenue for them. That's the level of trust that people have, organizations have inside Channel. We're very connected, right? We're very connected to the space. We know this space because, again, this has been our profession. We are in tune with what's happening in industry across the vendor space, across the threat landscape, and we're bringing all that knowledge really in. And the tools that we're able to build, again, is we're pulling out of what we see in our clients, what we're seeing at our past experiences, what we're able to go do. And we're using that to influence our roadmap and our development for new services and new products. We can go to the next one, sorry. Really, so, you know, when I think about what we consider and what we've dubbed complete delivery, it is not ever just a tool and it's never just a person or a process. What we are delivering is a cybersecurity program, really as a service to our clients. And we start with, obviously, top-level talent, but we don't stop there. We branch out and we bring in everything that a CISO wants to be able to have at their fingertips and then eventually brings into an organization as if they were walking into a Fortune 500. We can deliver an entire program and manage that for the mid-market because that's how the mid-market, buys. That's what they're looking for. That's what they are in need of. Bless you. This is a real difference between enterprise and large enterprise. And then between them and small enterprise, mid-market and down is they really want not just the tools. They don't want just the capability and then walk away. They want a partner who can come in and manage and run that for them. just like our clients are seeing today, whether we are so trusted that we are reporting out and leading these programs for them as if we were the staff, but we are a provider to them. We're doing this through a variety of things, monthly and annual subscriptions, our services, as well as our products such as Enclave. We're very excited about what we're able to do with Enclave because we saw a need inside of this client base that had a very apparent gap. both from just organizations not wanting to address micro-segmentation and the risk that was presented that micro-segmentation can allow you to solve for, but also the other products in the space that are trying to solve for this, not financially feasible for mid-markets and small enterprises and the like. So now again, much like CISOs and their costs are unattainable to mid-market, The products that the mid-market wants to be able to purchase are predominantly geared towards enterprise and now seem unattainable. And we're solving for that with our first product, Enclave, and its pathway to zero trust. And being the technical underpinning of a zero trust strategy as a solution to implement inside of really any organization. And it scales from mid-market on up. So we're very excited about what we're doing with that product. And we'll get to some questions on that. Actually, some great investor questions centered around Enclave. So we'll bring that up in a minute. The other subscriptions and services that we have really around managed detection and response. Can I see what's going on inside of environment? Can I be able to respond effectively when I see the bad thing happen? And this centers around both endpoints, like your laptops or desktops or servers or virtual systems in a cloud, along with your identity. People don't remember this, but, you know, your username that you use to log on to your email, that you use to log into your system, to log into applications, that can be misused. Now, we have the ability to be able to identify and detect and respond what's going on, not just with, again, the laptop itself, the desktop, or the system, but also the identity. And that is a major change, especially for the mid-market. It's an underserved area. And if you can't tell, I like going after underserved areas. Um, email security as well. It's a number one attack vector, our ability to bring in those types of capabilities to surround an email solution and make sure that it is secure. Um, and then really the last point I'll make, I'll turn it over to Ryan is, you know, we continue to partner with very risk focused professionals. And I mentioned a couple of them earlier, but legal professionals, lawyers, general counsel, outside counsel, uh, CPA and financial advisors and insurance brokers. And the reason is they are viewed, and think about this, when you think about who do you trust and who you want to go to for advice, you will call one of these three professionals in your life. Now, they might not be able to provide cybersecurity as a service for you. In fact, most of them cannot. But they will point you to someone that they trust who can. And what we're doing is establishing these partnerships and these referral programs with these professionals, because we know that they have a captive audience of clients and a book of business that is looking at them to be a trusted agent, an honest broker, and an advisor. And when they say, hey, I don't do that, but SideChannel does, it's going to be the right answer. And we're already seeing that really kind of take off with the partnerships that we've had. And then again, We're never going to be a lawyer. We're never going to be a CPA firm. We're going to stay in our lane. And we'll be able to have a good partnership with these groups because, again, we're seeing this is where the focus is going. These are where the questions are being asked. I now need to address cybersecurity. How should I do so? And these professions are in a great position to be able to start referring and talking about us. So with that, I'll turn over to Ryan to pick up on our next steps.

Thanks, Brian. So you heard in Brian's comments, words like fabric of our customers. You heard him use the word subscription. You've heard us talk a bit about consultants. And what I want to first make known to you is that our revenue is really built on relationships. I think one of the misconceptions about SideChannel is that it is a project only company. Yes, we do have projects and we don't, We love to help customers who have project work that needs to be done. But the vast majority of the work that we do for our clients has an ongoing nature to it. It lives beyond one year. And so we have a company built on relationships. And let's look at some data that we've been reporting in our SEC filings that demonstrate that's true. The first thing that we want to point out to everyone is that we are retaining about 73% on a trailing 12 month basis, the revenue that we generated one year ago. That's a number that is, I think, impressive and is indicative of the fact that our revenue is based on relationships and not on projects. If we were a project oriented company, that number would be much, much lower. Revenue retention of 70 plus percent, we think, is a clear indication that our customers like what we have done for them in the past and would like for us to continue doing that for them in the future. The second thing that we want to point out to you is that we have an aggressive effort underway to secure new clients. And in the last 12 months, we have revenue of 2.7 million from clients who are doing business with us for the first time. during that 12-month period. When you combine those two facts together, it tells the story that side channel is creating a new market. Ryan talked about how the larger enterprises in our economy have access to this kind of cybersecurity leadership and how these smaller entities don't. The fact that they don't have access and that side channel exists is allowing us to create a new market, a market that the big four consulting firms wouldn't address. They're busy focused on that Fortune 500, Fortune 1000 group. However, the rest of the market, those 1 million plus customers that Brian talked about generating $8 trillion of our GDP in the US, that's a new market for cybersecurity leadership that SideChannel is addressing. We think our growth results indicate that we're having success creating that new market. In the last 12 months, we've generated revenue of 5.3 million. We reported quarter-over-quarter growth for our fourth quarter, 2022, compared to our first quarter, 2023, growth of 26%. Year-over-year, our growth was 48%, quarter one this year compared to quarter one last year. SideChannel has revenue, building relationships, and SideChannel is creating a new market. And the last thing we want to talk about before we go back into some more of our business is we want to talk about how we're going to sustain that growth. There's really three things that you're hearing us talk about when we communicate on strategy. The first one is that we stay focused on delivering high-quality cybersecurity leadership through our vCISO services. That's the entry point for us with our clients. Once we're in that position and embedded as the fabric, embedded in the way that Brian described as the fabric of an organization, it allows us to then assess how that company can build out a stronger platform to secure its cybersecurity risks. Perhaps those are our services. Perhaps it's a side channel product or a side channel service that we deliver. In some cases, it's going to be a third-party service that we bring in where we have a commercial relationship with that third-party service provider. In other instances, we may bring in somebody in which we have no commercial relationship. We think long-term. We act long-term. We want to do what's the right thing for our customer. And as we bring in additional CISOs into our organization, it allows us to expand our leadership position in more clients. The second thing that we want to do is insource more of those ancillary services that we're providing to our customers. That allows us to do two things. Number one, increase our revenue. Number two, increase our stickiness with the customer. And number three, it allows us to capture some margin that we're currently sharing with third-party software and service providers. Enclave is a great example of our first software product intended to capture some of that margin and provide a software product to our customers that is owned by Sight Channel. Our recent privacy practice is an example of us expanding into a new service that our clients are asking for. at the mid-market level. And so we will seek to add new vCISO clients while simultaneously expanding our own internal delivery capabilities on software and services. And the third thing that we'll do to sustain this growth is we will look for acquisitions that are complementary to what we do. Companies that are revenue positive, have positive cash flow, and provide a service or a product that fits into our side channel complete delivery model. So combined, those three initiatives, we believe, will sustain the kind of growth numbers that you're seeing out of our company. Ryan?

Thank you, Ryan. When we think about people and profit, it's, for us, important to really highlight it's and, not or. Our work positively impacts more than the bottom line of the companies that we're working with. CISOs average tenure is 18 months at large organizations. They burn out, they burn through talent. CISOs themselves burn out as well. And this leaves a leadership gap in organizations. Conversely, mid-market companies and their smaller nature, have a hard time attracting CISOs if they are willing to take the salaries that they can afford to actually stay long-term due to the nature of the work. We want to be challenged, honestly. As a CISO, I want to be challenged in my job. If I solve all the problems or I do quite a bit in a full-time capacity in a short amount of time, I'm going to start looking around. And, you know, we're a bit of a finicky bunch when it comes to full-time employment, honestly. So mid-market has a hard time retaining a full-time person in that role, in that leadership. Heck, they even have a hard time retaining lower level resources, mid-tier, senior director levels, manager levels, engineers, analysts. Our ability and our delivery model with virtual capabilities and talent allows us to meet these companies where they're having those problems. But when we look at the people who are looking at their own professional and personal work-life balance. They want something new and that's why they're joining us. And that's why we're really excited about who is working for and with Side Channel. And the reasons are we're remote first. We have been since 2019. I think actually the beginning days of pandemic, we probably spent more time on the phone in the first 30 days explaining to our clients how to operate in a more remote nature than talking about cybersecurity as a risk. And it was because they were, again, trusting us, seeking answers, and they knew that our advice, our guidance, and our leadership would be really well respected and taken in. So it was a kind of a funny non sequitur there. But I mean, just it was interesting to see how trusted we were, that we were being asked about something that was obviously kind of outside of our our lane, yet because we were remote first in our nature, our advice was appreciated and sought after. We're able to improve the quality of life of our employees because of the remote first nature. We're able to create a space for people who are between full-time and retirement, and they're not at a point where they're ready to go play golf forever. Or whatever else you're thinking that you're going to enjoy in your retirement. And most of us, being problem solvers, want to continue to be challenged and solve problems for companies and organizations in our professional lane. we're able to develop talent outside of the typical places that you would find tech. We attract a variety of different backgrounds who are focusing on cyber, who have been CISOs, who want to solve for this with our client base. So it's very, very exciting. And I mean, honestly, just our remote nature first is, you know, better for the planet. It's better for the environment. We don't have to move everybody here to Worcester to attract talent. People can live and continue to be part of their communities, not change their children's lives with changing schools or really anything. They can continue to live and enjoy the life that they want while working with us as an organization, delivering to any of our clients. And it's why we're able to attract great talent. It's why we're able to retain great talent. So with that, I want to share a video of how a number of our employees feel about working at SideChannel.

I think we've been talking about virtual CISO, fractional CISO for a long time in this industry. And that means a lot of things to a lot of different people. And I think the sweet spot that SideChannel is hitting is putting very professional people into the right organizations that really need help quickly.

So my name is Stephen Dye, and I'm a virtual CISO here at SideChannel. Before I joined SideChannel, I was the CISO over at NTT Data Federals, and we were a federal contractor up in North Virginia. The environment, it was office until COVID came, but I was working in an office with the corporate headquarters just next door to the CIO, my boss. I did commute, and it was probably something like six or seven miles, but would take about 45 minutes. So down Route 28, the infamous defense contractor's corridor, It runs right by Dallas Airport. It just took a while to get there from Potomac Falls. I hated the commute. There was no good way. I tried every single possible route to NTT and there were no good ones. Customers that I work with, are ones that really do need a security program and they've recognized that they need it. And their budgets don't allow for that full-time CISO, which of course is our business model. But it's a pleasure to work with these people because they have actually stood up and identified the need and carved out the budget for our services. So there's high expectations on their behalf. And of course, we're of that caliber where we can deliver. to those expectations. So it is a pleasure to work with these people. Very, very accepting, if you like, of the many, many things that we want to put forth with the security programs that we devise. They appreciate the advice and input that we give regarding choice of tools and other third party services to actually make the security program work.

My name is Patrick Dubois. I'm a security engineer at SideChannel. My work-life balance now has been great. I do all my work as soon as I can, and if I'm done, I can go away from the computer, handle some things around the house. My wife can take lunch together, which hasn't happened ever. It's been really good just in general for my work life. I can help my parents if they need to. They're only like 10 minutes away. I don't have to like, you know, clock out and run out and come back to the office. As long as my work is done, I can worry about other things around the house, which makes my life a lot easier, less of a headache, honestly. Me, I like to get things done. I like to, you know, fix things that are broken and I can do that with four or five different customers. It's like a thrill, honestly. If I can have five threat hunting situations going on at once, and I can get them all out, it's like a world record. You know, I try to time myself and see which one's a malicious file or anything else like that. So it's just like a thrill and a hunt. I'm a big sports guy, so if I can face five opponents at the same time and knock them all down, you know, that's fun for me. Working with so many CISOs and so many people with, like, 20 years of experience, and I'm just in the security game about five years, honestly. And to get so much insight from different people from different backgrounds, you know, how they came up in security engineering or even becoming a CISO has given me great, you know, information and just great insight on what it means to be a security professional, you know, for not even just being intelligent, but also how to deal with people, all types of people, all types of environments, all types of companies, you know, like I said, being, you know, entry-level, mid-level, it's been great, honestly. And I can only just, you know, thank SideChannel for giving me that experience.

Hi, I'm Matt Klein. I'm a principal consultant at SideChannel. I've been in many different roles in my cyber career. Most recently in private organizations, I've been a senior director leading many different kinds of security programs like vulnerability management, application security, and some other things. I did take a CISO role at the medical university, which is here in Charleston, South Carolina. I was there for almost two years, almost made it to the two year mark as a CISO. And actually the last coming up on five years, I've been in advisory work and a couple of different roles there. One, both with very large consulting organizations, one with heavy travel and the other with not so heavy travel, but still also in the advisory role. But really, the appeal to me is flexibility in having some smaller chunks of time with a handful of clients instead of one client full time, you know, for that 40 to 60 hours a week or whatever it takes to be a full time CISO. And it's really worked out well so far. There's a couple of things that, you know, from the kid standpoint, I can get to. Darn near anything that they've got going on, whether it be sports or something at school, awards ceremony, something like that. So it's really good from the personal perspective. I go on a walk with my wife every morning. It's usually about a 40 or 45 minute walk. We've got a couple of dogs and it just affords us the time to catch up. get organized for the day or crazy week that we've got with kids' schedules. And we've got to be in two different places. And, you know, she's with my daughter and I'm with my son for different things. So it really helps from that perspective. It also just affords me working when I have an opportunity to work. So I could work with a client's initiatives that I have going on in the evening, at night, early in the morning, before I go on that walk with my wife. It just affords so much flexibility from a time perspective that I can do my best work at the times when I work best. So I really enjoy building programs. And SideChannel, just given the space that we're in, mid-market startups, most of the programs we encounter aren't in a very mature state and don't have all the components that they would necessarily need. So it really fulfills me to bring my years of experience, my expertise, and certainly the bench behind me from the SideChannel perspective to put together the right solutions for our clients and really be a builder of programs. It's really something that I've done for a long, long time. I really enjoy creating roadmaps and strategic vision for organizations and seeing them come to fruition.

Thank you for watching that. We very much enjoyed talking with our employees and getting their feedback. We'll make that available online as well. I wanted to introduce two of our board members, Hugh Regan and Debbie McConnell, to all of you. A number of other folks are out and about, but they made the trek down here into, well, it's actually Debbie's local. Hugh's up from Philadelphia. And I just wanted to introduce them and have everybody meet Hugh.

It's a pleasure to be on the board of SideChannel, and I look forward to working with Brian and Ryan on helping grow the company.

And I'm thrilled to be on the board as well and truly believe in the mission of SideChannel.

Thank you both. Thank you. Great. So just give us a second. We're going to get into the investor Q&A. I wanted to make sure that we introduced our folks who are here on site. Just ask my camera person, are we on screen now still? Is this good or? All right. So, yeah, so very excited. We've got a lot of great people involved in the company, choosing to be involved in the company, joining off-camera here today, actually, a number of our executive leadership team. Joe Klein, who leads our delivery out of U.S. East. David Chasteen, who's our head of marketing and sales and communications. Lauren is our head of marketing, as well as Leah, our executive admin. So anybody trying to reach me, you know, Leah. And then, you know, obviously, Ryan, thank you so much for flying out here and being part of this and being part of what we're doing here.

Thanks for having mild weather and no snow.

Yes, I know. You never know. They say in Boston, it's going to be 60 tomorrow. So apparently we're not having a winter this year. So with that, I wanted to get into investor Q&A. We asked everyone to submit questions to us. And we got a number of them. And I hope nobody minds. I'm going to actually name who sent these in. So you know that we did ask or answer your question. A number of questions. Some folks gave us quite a few. Given the time, we're just going to go through the questions. I'll read the questions and then our response. So again, this is from Tony Reed. First, very impressive what you're doing so far to build the company. Thanks, Tony. His question is, what is the plan for creating greater awareness about the company within the investment community so the progress you're making will be reflected in a growing stock price? So we're meeting with investors both directly and at conferences. We also have an email outreach to current and potential investors. that allowed us to create more awareness about side channel. We're really getting out into the community. We're talking to a variety of people about what we're doing to gain their interest in us and also gain their insight in what they would like to see out of our progress and our growth. So great question, Tony. Thank you. This question actually comes from Dr. Nigel Timothy. He happens to be joining us here at the, well, we're not at headquarters. We're at another location for our for this meeting. But his question, he asked, is there a ballpark timeframe for the possible reverse split and uplist? Are we waiting for more organic growth to raise the stock price on the OTC this year with an uplist possibly in 2024? So immediately prior to the investor day, we held our annual shareholder meeting where we approved the stock, the reverse split that was part of the proxy statement that had recently gone out. We also approved RBSM as our auditor. along with the nominations and the directorship for both Anthony Ambrose and Kevin Powers. But to answer Dr. Timothy's question, it's a priority. We have a plan, but there are several things that are really outside of our control, such as market conditions. With just this morning, the approval of the reverse split that was outlined in the proxy, obviously something that is in our control. So we now have that set as a foundational element for what we're looking to do. It's our intention that the reverse split happens simultaneously to the uplisting. Our primary job is to continue executing our business model and communicating those results. We believe the volume and the price must go up in order to support a successful uplisting. We're talking with investment banks, the major exchanges, high net worth individuals, and existing investors about who SideChannel is and our plans for the future. And we feel that we have the right team to be able to make this happen. Hugh, as you just met, head of our audit committee, was previously the CFO at Intest, who worked closely with New York Stock Exchange American. Anthony, who is the CEO at Data.io, also one of our directors, a NASDAQ listed company. So we have the right capabilities, we have the components in place, and we plan on executing on our plan and communicating those results. to be able to make that a reality. Thanks for the question. This one comes from Brett Anderson. Ryan, I'll ask this. You can answer it. What is the debt level or debt ratio of the company right now?

Yes, Sight Channel does not have My social has a $50,000 note payable that will be as due in December. That's the extent of our debt. There's no debt related to a line of credit or any kind of term debt on our balance sheet.

Brent also asks, what are some of the current threats and challenges to the side channel? I read that wrong. And how are you going to protect the business? So what are our challenges at SideChannel? Really, the competition. When you look at the competition, big four, mid-tier organizations like Optiv, CoalFire, NCC, and such, and traditional bars or value-added resellers. We really haven't had much of an issue making our mark in the mid-market in small enterprise against these because our competition is either ignoring them or lacks the depth to be able to deliver into this space like we do. Brent also asks, are there any new products or services on board for release? Really, our focus right now is continue Enclave development and the roadmap that we've built out for that. We are looking at new features around protecting endpoint devices with a more cloud-based and scalable capability. So we're going to continue to develop around Enclave, adding new features and capabilities that make sense for how Enclave is structured. based again on what we're seeing in our clients, what we're hearing from our CISOs, and what types of attacks or attack surface is out there that we can figure out how to defend against with that product. Last question asks, how do you track the trends in your industry? Well, we're part of major social groups in cyber, and our team has extensive insights into products and solutions and companies. Coupled with the data from industry reports, it allows us to stay on top of any trends, whether they're from malicious attackers or defensive needs that customers are interested in. We are all professionals in this space. We talk to other professionals outside of SideChannel about what's going on, what's changing, what's new, what's working, what's not. And we're very much in tune with what's happening within this space because, again, this is our profession. This is what we know. It's what we're good at. I'll go to a question here from Chris. I think he has a couple questions here, so we'll ask that. Is Enclave protected from competition? Would anybody else be able to use it or copy it? Well, we already know there's competitive products in the space. We're not the only one trying to do micro-segmentation, but we believe ours is superior with a lower price point and ease of use, both initial deployment and ongoing management. coupled with a managed service offering, something that our competition doesn't offer themselves, we see an uptake in those looking to address what technology to use in their zero trust strategy. So I welcome competition, and I just know we're going to be able to do it better. Chris also asked, how well is Enclave being received by our customers and the overall market? Well, look, the pipeline that we have is building after we introduced Enclave in just September of 2022. That was only five months ago. We anticipate generating revenue from Enclave sales this fiscal year. Enclave is sold as a subscription, software as a service, and also has an available managed service subscription as well. I think the second to last. Oh, he's got two questions here. Are there any other products being developed? Any of them, I like this, any of them home run potential? Great way to phrase that, Chris. Thank you. We're constantly looking at both our client base And the industry needs at large to determine if we can build a product or solution that's in demand. Remember, our services are delivered to current clients and our own CISOs are providing our CTO and our development team with significant amounts of data to be able to feed that determination. So, again, we have a captive audience that is telling us their problems. We have the capabilities in there to be able to identify the right solutions for them. That is what is feeding our R&D. That is what is feeding our feature enablement. That is what is going to set how we build products and capabilities for our clients apart from other providers. The focus for side channel is last question here. Focus side channel is small, mid-sized companies. Is there any chance of landing large cap companies now or down the road? Of course. While we're very effective in the mid-market, there's nothing to stop us from going upstream. Cybersecurity, of course, is a risk there. We believe the combination of our products and services meets the needs of enterprises, not just small enterprise, but large enterprise. And we currently have, I think there's a misconception about who and what the mid-market is, because there really is no definition of what mid-market is. But we have clients today that are in the $1 to $4 billion annual revenue range. This is kind of tickling the bottom end of the Fortune 1000, the Fortune 500. So we know we're capable in those types of companies. We know that those types of companies are seeking what we can do. So our ability to go deliver into more organizations like that is really not a concern. I'm looking forward to it. So with that, that's really all the questions that were submitted. I appreciate everyone's time that they took to submit those. In the future, as we have more of these investor days and outreach, please send more questions in. You can reach us at ir.sidechannel.com and you can scan your screen right now for any of the investor updates or just go to sidechannel.com, click on investors, and you'll be able to access the investor page. With that, I want to thank you for taking the time out of your day to talk, listen to us about what we're doing with the company. We're very excited about what we're doing today and what we're about to go do in the future. Ryan, I want to thank you for being here. It was a great overview. And with that, we'll conclude.

Thanks, Brett.

Thank you.