UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K

(Mark One)

FORM 10-K

(Mark One)

[X]☒ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year endedDecember 31 2019, 2023

or

[  ]☐TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from _________________________________________ to __________________________________________

Commission file number000-56059001-41227

CISO GLOBAL, INC.

CERBERUS CYBER SENTINEL CORPORATION

(Exact name of registrant as specified in its charter)

73336900 E. Doubletree, Camelback Road, Suite D270, 900, Scottsdale Arizona 85258, AZ85251

(Address of Principal Executive Offices) (Zip Code)

Registrant’s telephone number, including area code:(480)389-3444

Securities registered pursuant to Section 12(b) of the Act:

Securities registered pursuant to Section 12(g) of the Act: Common Stock, par value $0.00001

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes [  ] ☐ No [X] ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes [  ] ☐ No [X] ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes [X] ☒ No [  ]☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes [X] ☒ No [  ]☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. [  ]☐

Indicate by check mark whether the Registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes [  ]☐ No [X]☒

The aggregate market value of the common stock held by non-affiliates of the registrant as of the last business day of the registrant’s most recently completed second fiscal quarter (June 30, 2019)2023) was $3,886,000, computed by reference to the price at which the common stock was last sold ($0.40 per share)$15,458,228.

The registrant had 108,032,50012,232,379 shares of common stock outstanding as of March 30, 2020.April 5, 2024.

CERBERUS CYBER SENTINEL CORPORATIONCISO GLOBAL, INC.

20192023 FORM 10-K ANNUAL REPORT

TABLE OF CONTENTS

FORWARD-LOOKING STATEMENTS

The following discussioninformation contained in this report should be read in conjunction with the financial statements and related notes contained elsewhere in this Annual Report on Form 10-K. Certain statements made in this discussionreport are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These statements are based upon beliefs of, and information currently available to, us as of the Company’s managementdate hereof, as well as estimates and assumptions made by the Company’s management.us. Readers are cautioned not to place undue reliance on these forward-looking statements, which are only predictions and speak only as of the date hereof. When used herein, the words “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “future,” “intend,” “plan,” “predict,” “project,” “target,” “potential,” “will,” “would,” “could,” “should,” “continue” or the negative of these terms and similar expressions as they relate to the Company or the Company’s management identify forward-looking statements. Such statements reflect theour current view of the Company with respect to future events and are subject to risks, uncertainties, assumptions, and other factors, including the risks relating to the Company’sour business, industry, and the Company’sour operations and results of operations. Should one or more of these risks or uncertainties materialize, or should the underlying assumptions prove incorrect, actual results may differ significantly from those anticipated, believed, estimated, expected, intended, or planned.

Although the Company believeswe believe that the expectations reflected in the forward-looking statements are reasonable, the Companywe cannot guarantee future results, levels of activity, performance, or achievements. Except as required by applicable law, including the securities laws of the United States, the Company doeswe do not intend to update any of the forward-looking statements to conform these statements to actual results.

Forward-looking statements made in this Annual Report on Form 10-K include statements about:

These statements are only predictions and involve known and unknown risks, uncertainties and other factors, including the risks in the section entitled “Risk Factors” set forth in this Annual Report on Form 10-K for the year ended December 31, 2023, any of which may cause our or our industry’s actual results, levels of activity, performance, or achievements to be materially different from any future results, levels of activity, performance, or achievements expressed or implied by these forward-looking statements. These risks may cause our or our industry’s actual results, levels of activity, or performance to be materially different from any future results, levels of activity, or performance expressed or implied by these forward-looking statements.

Our financial statements are prepared in accordance with accounting principles generally accepted in the United States (“GAAP”).States. These accounting principles require us to make certain estimates, judgments, and assumptions. We believe that the estimates, judgments, and assumptions upon which we rely are reasonable based upon information available to us at the time that these estimates, judgments, and assumptions are made. These estimates, judgments, and assumptions can affect the reported amounts of assets and liabilities as of the date of the financial statements as well as the reported amounts of revenuesrevenue and expenses during the periods presented. Our financial statements would be affected to the extent there are material differences between these estimates and actual results. The following discussion should be read in conjunction with our financial statements and notes thereto appearing elsewhere in this report.

Unless otherwise indicated or the context requires otherwise, the words “we,” “us,” “our,” the “Company” or “our Company” or “Cerberus Sentinel” refer to Cerberus Cyber Sentinel Corporation, a Delaware corporation, and its wholly-owned subsidiaries, GenResults, LLC, an Arizona limited liability company (“GenResults”), and TalaTek, LLC, a Virginia limited liability company (“TalaTek”).

Forward-looking statements made in this Annual Report on Form 10-K include statements about:

These statements are only predictions and involve known and unknown risks, uncertainties and other factors, including the risks in the section entitled “Risk Factors” set forth in this Annual Report on Form 10-K for the year ended December 31, 2019, any of which may cause our Company’s or our industry’s actual results, levels of activity, performance or achievements to be materially different from any future results, levels of activity, performance or achievements expressed or implied by these forward-looking statements. These risks may cause the Company’s or its industry’s actual results, levels of activity or performance to be materially different from any future results, levels of activity or performance expressed or implied by these forward-looking statements.

Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity or performance. Moreover, neither we nor any other person assumes responsibility for the accuracy and completeness of these forward-looking statements. The Company is under no duty to update any forward-looking statements after the date of this report to conform these statements to actual results.

PART I

ITEM 1. BUSINESS

Corporate History

Cerberus Cyber Sentinel Corporation (“Cerberus Sentinel”) was formed on March 5, 2019 asUnless otherwise indicated or the context requires otherwise, the terms “we,” “us,” “our,” and “our company” refer to CISO Global, Inc., a Delaware corporation. Our principal offices are located at 7333 E. Doubletree, Suite D270, Scottsdale, Arizona 85258.

Effective April 1, 2019, we acquired GenResults, LLC, an Arizona limited liability company (“GenResults”). GenResults was established on June 22, 2015. Prior to our acquisition of GenResults, GenResults was wholly owned by an entity affiliated with David G. Jemmett, our Chief Executive Officercorporation, and a director of the Company. As of December 31, 2019, GenResults is a wholly owned subsidiary of Cerberus Sentinel. Due to the companies being under common control, the Company accounted for the acquisition as a reorganization. See Note 4 in the accompanying financial statements beginning on page F-1.

On April 12, 2019, we consummated a transaction whereby VCAB Six Corporation, a Texas corporation, (“VCAB”) merged with and into us (the “VCAB Merger”). At the time of the VCAB Merger, VCAB was subject to a bankruptcy proceeding and had minimal assets, no equity owners and no liabilities, except for approximately 1,500 holders of Class 5 Allowed General Unsecured Claims and a holder of allowed administrative expenses (collectively the “Claim Holders”). Pursuant to the terms of the VCAB Merger, and in accordance with the bankruptcy plan, we issued an aggregate of 2,000,000 shares of our common stock (the “Plan Shares”) to the Claim Holders as full settlement and satisfaction of their respective claims. As provided in the bankruptcy plan, the Plan Shares were issued pursuant to Section 1145 of the United States Bankruptcy Code. As a result of the VCAB Merger, the separate corporate existence of VCAB was terminated. We entered into the merger in order to increase our shareholder base in order to, among other things, assist us in satisfying the listing standards of a national securities exchange.

Effective as of October 1, 2019, we entered into an Agreement and Plan of Merger (the “TalaTek Merger”) pursuant to which TalaTek, LLC, a Virginia limited liability company has become our wholly owned subsidiary. Under the TalaTek Merger,subsidiaries. Unless otherwise specified, all issued and outstanding units representing membership interestsdollar amounts are expressed in TalaTek were converted into an aggregate of 6,200,000 shares of our common stock.United States dollars.

On October 2, 2019, we filed a Registration Statement on Form 10-12G (the “Registration Statement”) with the Securities and Exchange Commission (“SEC”) to effect registration of our common stock, par value $0.00001, under the Exchange Act. The Registration Statement became effective on December 1, 2019.

Our Business

General

We are a security consultingcybersecurity and compliance company comprised of highly trained and seasoned security professionals who work with clients to enhance or create a better cyber posture in their organization. Cybersecurity, also known as computer security or information technology security, is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The cybersecurity industry has a supply and demand issue wherein there is more demand for cybersecurity services than there are expert and seasoned compliance and cybersecurity professionals available in the market. We seek to identify, attract, and retain highly skilled cyber and compliance teams and bring them together to provide holistic cyber services. We accomplish this through acquisitions, direct hiring, and incentivizing employees with stock options to help retain them. On an ongoing basis, we seek to identify cyber talent that is culturally aligned and that offers operating leverage through both existing customer revenue and relationships. We have invested in enterprise solutions and executive talent to integrate our different organizations into an ecosystem that works together to provide complete and holistic cybersecurity through cross pollination of solutions. The ecosystem is intended to provide additional revenue opportunities and drive overall recurring revenue.

We emphasize to clients the critical nature of having their work force create a continuously aware security culture. Once engaged, we strive to become the trusted advisors for customers’ cybersecurity and compliance needs by providing tailored security solutions based upon their organizational needs. We do not sellfocus on selling cybersecurity products. We position ourselves asproducts; we are product-agnostic so that we can provide solutions that fit the customer’s security needs, financial realities, and future strategy. Our approach is to evaluate the client’s organization holistically, identify compliance requirements, and secure the infrastructure while helping to create a trusted cybersecurity advisor and are committed to delivering tailored security solutions to organizationsculture of different sizes and across all geographies and industries to fit their budgetary needs and limit their cyber threat exposure.security.

We currently provide a multitudefull range of cybersecurity consulting and related services, includingencompassing all three pillars of compliance, cybersecurity, and culture. Our services include compliance services, secured managed services, security service, cybersecurity consulting, technology consulting, compliance auditing, vulnerability assessment, penetration testing, security remediation, Security Operations Centeroperations center (“SOC”) set-up and consultingservices, virtual Chief Information Security Officer (“vCISO”) services, incident response, certified forensics, technical assessments, and cybersecurity training. We differentiate ourselves from competitors by staying technology agnostic. We believe that manyculture is the foundation of every successful cybersecurity service providers inand compliance program. To deliver that outcome, we developed our unique offering of MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), which is the market todayonly holistic solution that provides all three of these pillars under one roof from a dedicated team of subject matter experts. In contrast to the majority of cybersecurity firms that are committed tofocused on a specific technology solution which limits theiror service, scopewe seek to differentiate ourselves by remaining technology agnostic, focusing on accumulating highly sought-after topic experts. We continually seek to identify and ability to quickly respond to any emergingacquire cybersecurity challenges. In addition, as we continue to serve our clients within our existing capacities, we plan to continue acquiring strategic acquisitions of small-to-medium-sized engineer-led cybersecurity service firms to continuetalent to expand our service scope and geographical coverage.coverage to provide the best possible service for our clients. We believe that owningbringing together a world-class technology team of technological experts with multi-faceted expertise in the critical aspects of cybersecurity is key to providing technology agnostic solutions to our clients in a business environment that has suffered from a chronic lack of highly skilled professionals, thereby setting us apart from competitors and maximizing theirin-house security teams. Our goal is to create a culture of security and to help quantify, define, and capture a return on investment from information technology (“IT”) and cybersecurity spending.

Offering this set of cybersecurity services allows us to capture more revenue with greater efficiency, facilitating greater profitability and stronger customer retention. The benefit to our customers is that they receive an efficient engagement from a single provider that covers a wide range of their needs. This means their challenges are addressed more thoroughly and problems are resolved more rapidly when compared to working with multiple vendors. This leads to the best possible outcome, which enables our customers to commit to us for the long term.

We believe that our business model is differentiated from other companies in the industry in that our employees are not consultants; they are dedicated partners available on a recurring monthly contract. Due to the numerous challenges in hiring experienced cybersecurity and compliance professionals, assimilating our team of industry and subject matter experts into our clients’ teams is the ideal solution.

We are technology agnostic. Whereas, most cybersecurity firms are locked into working with a single technology, we seek to differentiate ourselves by remaining technology agnostic. This approach enables us to work with any business, no matter what systems or tools they use. For our customers, the benefit is equally valuable as they are able to choose the best tools and technology for their business needs without affecting their relationship with us.

We believe that building a world-class technology team with industry-specific and subject-matter expertise is the key to providing cutting-edge solutions to our clients. We will continue to identify and acquire cybersecurity talent to expand our scope of services and geographical footprint to fortify our capability to deliver excellence to our customers. Furthermore, our goal is to stay a step ahead of threat actors and regulatory obligations to keep our customers safe and compliant.

The Cybersecurity MarketChallenge

As the world has become increasingly connected through the Internet, and the Internet of Things (“IoT”), cyberattacks have prevailed and evolved, over the years, in different forms, causing uncontainable threats to the integrity and privacy of enterprise and personal data and resulted in significant economic losses globally. McKinsey Global Institute hasA report published by Cybersecurity Ventures stated that damages from global cybercrime is predicted to hit $10.5 trillion annually by 2025. Cybersecurity Ventures estimated that approximately 127 new IoT devices connectconsumers and organizations will fall victim to a ransomware attack every two seconds at an approximate cost of $265 billion annually in 2031. This is up from $20 billion and every 11 seconds in 2021. As a result, ransomware is one of the Internet every second. By 2025, there are expected to be more than 75 billion IoT devices worldwide. Surveys from businesses in 2018 done by Cybint Solutions andfastest growing types of cybercrime. Moreover, an Accenture have shownsurvey reported that 62% of businesses experienced phishing and social engineering attacks in 2018, and 68% of business leaders feel their cybersecurity risks are increasing. Gartner predictsCybersecurity Ventures has also estimated that worldwide global cybersecurity spending will exceed $1.75 trillion cumulatively from the worldwide spendingfiscal years 2021 to 2025, with $459 billion expected to be spent on an annual basis in 2025. The New York Times reported that in 2021 there would be 3.5 million unfilled job openings in the cybersecurity field. Three years later, despite widespread university and government investments into education programs and recruitment efforts, the rates are roughly the same, based upon a report from Cybersecurity Ventures, and that disparity between supply and demand will increase from $114 billion in 2018 to $134 billion in 2022.remain through at least 2025.

In response to the increasing economic damage caused by heightened cybersecurity risks, regulatory bodies have pushed the implementation of new cybersecurity legislations, and cyber insurance companies have increased minimum cybersecurity requirements.underwriting requirements, as well as premium costs. We believe that we are well positioned in a fast-growing industry to provide businesses with a wide scope of cybersecurity services and with significant opportunities for growth. We support clients from 17 historical acquisitions with expanded service offerings. With 1,100 clients, this represents a tremendous opportunity for cross-selling and upselling. Additionally, we have built and continue to expand an extensive channel and partnership ecosystem, providing training, support, and partner marketing content to establish reliable streams of new revenue with new clients. In addition, our strategy around IP allows us to further penetrate our existing customers, new markets, and opens up additional partnership opportunities.

Cybersecurity Service OfferingOfferings

We currently offer two major typesa comprehensive range of cybersecurity services to clients includingprotect our clients’ digital assets and ensure compliance with industry standards and regulations. Our services fall into two main categories: Security Managed Services and ConsultingProfessional Services.

Managed Services

Our Managed Services focus on a holistic approach to cybersecurity based on an upfront gap analysis of our client’s existing cybersecurity practices. We offer multiple modules in the service portfolio including the following:

Consulting

Security Managed Services

Our consulting services includes a wide array of tailored solutions for organizations of all sizes. Our in-depth industry expertise allows us to act asSecurity Managed Services include the trusted advisor of our clients to help them lower their risk profile, minimize cost impact to organizations and meet regulatory compliance demands. We specialize in:following offerings:

Cybersecurity Professional Services

Our Professional Services include the following offerings:

Growth Strategy

We are following a phased growth strategy. In Phase I, we established a foundation of end-to-end cybersecurity experts through acquiring niche companies with unparalleled expertise and talent. Today, our experts span the United States and Latin America and each have their own special expertise, industry specific knowledge, familiarity with regulatory frameworks and focal areas that fall into four key pillars of cybersecurity: risk and compliance, cyber defense operations, security testing and training, and secure IT and architecture. These practice areas, led by a seasoned executive team of industry thought leaders, are enabling us to effectively tackle a rapidly expanding market.

In Phase II of our growth strategy, we are supporting clients from 17 historical acquisitions with expanded service offerings. With only a 9% penetration into 1,100 clients for multiple services consumed, this represents a tremendous opportunity for cross-selling and upselling. Additionally, we have built and continue to expand an extensive channel and partnership ecosystem, providing training, support, and partner marketing content to establish reliable streams of new revenue with new clients.

Phase II also includes the development and launch of key software-first intellectual property (“IP”) technologies that can effectively address many of the cybersecurity challenges facing enterprises today. Leveraging machine learning (“ML”), artificial intelligence (“AI”), deep learning, and neural net technologies, as well as proprietary DarkNet threat intelligence, we are developing multi-layered cybersecurity technologies to help drive the cyber effectiveness leading to resiliency.

Equipped with a comprehensive team, our focus in Phase III will be fueling organic growth with our intellectual property. With a complete portfolio of scalable solutions that are underpinned by an end-to-end team of cybersecurity and compliance experts, we can expand our technology offerings through product led growth strategies. Optimizing user experience and hands-free purchasing through digital interfaces, the company can grow its clients without adding demand to its services team. Such scalability will serve to increase revenue and margins concurrently.

Cybersecurity serviceWe are focused on the development of our own Intellectual Property suite which incorporates AI, Neural Nets and consulting firms operatethe latest generation of algorithms. Our portfolio includes the following software-first solutions:

ARGO Security Management– A security management platform which is able to aggregate, then curate security data in real time from a client’s entire environment, including network asset information, currently deployed cyber tools, SOC, vulnerability management, secure managed IT and penetration testing data. 

CISO Edge Cloud Security Platform– A cloud-first security solution designed to protect users from untrusted and malicious online threats. CISO Edge uses advanced AI deep learning as well as artificial neural networks to provide advanced threat detection and monitoring.

CHECKLIGHT^® Endpoint Security Monitoring– A powerful, proactive security monitoring software that detects potential threats to networks and provides advance alerts so attacks can’t take hold. Relying on various formsthe same cybersecurity software engine used by several federal agencies, it identifies unauthorized processes associated with fraudulent phishing attacks, hacking, imposter scams, malware, ransomware, and viruses.

DISC Next Gen VPN – A token exchange-protected remote access solution that replaces traditional VPN connections with enhanced security and access verification.

Skanda Breach Assessment Tool – A next-generation, analysis tool that applies AI-based automation and ML technologies, which looks beyond vulnerabilities identified by most other technology to deliver continuous security assessments.

Our Corporate and Acquisition History

We were formed on March 5, 2019 as a Delaware corporation. Our principal offices are located at 6900 East Camelback Road, Suite 900, Scottsdale, Arizona 85251.

On October 2, 2019, we filed a registration statement on Form 10-12G with the Securities and Exchange Commission (“SEC”) to effect registration of our common stock, par value $0.00001 per share, under the Exchange Act. The registration statement became effective on December 1, 2019.

On February 29, 2024, our board of directors approved a 1-for-15 reverse stock split of our common stock. The record date for the reverse stock split was the close of business models. Cerberus Sentinel does not sell product; we promoteon March 7, 2024, with share distribution occurring on March 8, 2024. As a cybersecurity culture. Our growth strategy will focus on external acquisitionresult of the reverse stock split, stockholders received one share of CISO Global, Inc. common stock, par value $0.00001, for each 15 shares they held as of the record date. All share and internal scalability to drive that culture within our clients’ organizations. Therefore, our revenue streams mainly come from service and consulting fees. Asper share amounts have been retroactively restated for the cybersecurity market grows over years, we continue to see an increasing number of players entering the market with different sets of qualifications. However, organizations facing cybersecurity issues also usually lack the expertise to identify the right service provider or do not have the capital resources to hire a qualified CISO. We believe that this is where our growth opportunity lies since the lack of expertise leads to information asymmetry which causes additional noise in the cybersecurity marketplace and exposes organizations in greater risks if found issues are not mitigated with the right group of experts. Furthermore, the industry is in need of highly qualified technology professionals in the cybersecurity field. A limited pool of talent results in increasing compensation and cost to retain such talent which in turn compromises companies’ bottom line profitability and then increases the need to work externally with a partner such as Cerberus Sentinel. According a Cybersecurity Jobs Report released in 2017 by Herjavec Group, total unfilled cybersecurity positions will be approximately 3.5 million by 2021. We intend to capitalize on this gap as our growth opportunity.

Our external acquisition strategy will target engineer-owned cybersecurity firms in the top thirty U.S. markets with existing revenue in the range of $2 million to $15 million and profit margin of at least 15% to 25%, although there could be opportunities beyond the larger endeffects of this range. We expect each acquisition to be strategicreverse stock split. Common stock underlying our outstanding warrants, convertible notes, and accretive,options have also been adjusted, and we expect to obtain direct access to a pool of ready-to-deploythe conversion and seasoned cybersecurity talent and enhanced access to a larger client base geographically.exercise prices have also been adjusted.

Our internal scalability strategy will focus on exploring and materializing synergies with the acquired targets. With strategic acquisitions, on the topline, we expect to provide a broadened service offering which translates into more diverse revenue streams and a larger client base. We also anticipate that we will be able to broaden our geographical sales coverage and reduce client acquisition costs. We also intend to synergize best practices across the platform which will enhance client experience and client loyalty. On the bottom line, we plan to centralize general and administrative support functions in one location which will significantly improve net margin for all the service lines. This will allow our management to focus on sales initiatives and achieve internal operations scalability in a relatively short period of time. We estimate that with a typical acquisition, we will realize annual savings on centralized operations, generate additional revenue from upselling to existing clients, and add revenue from new clients. In the long term, we expect to become a pure-play cybersecurity consolidator in the U.S.

Acquisition of TalaTek

Effective October 1, 2019, we acquired TalaTek, a Virginia limited liability company formed on August 24, 2006. TalaTek provides complete integrated enterprise risk management services by leveraging their specialized combination of methodologies, processes and technology, collectively known as Enterprise Compliance Management Solution (“ECMS”). ECMS enables efficient and repeatable risk, compliance and information security management, facilitating continuous improvement and empowering clients to make better informed risk decisions. These services are currently provided primarily to the public sector.

Implications of Being an Emerging Growth Company

We are an “emerging growth company,” as that term is used in the Jumpstart Our Business Startups Act of 2012, or “JOBS Act.” An emerging growth company may take advantage of specified reduced reporting and other burdens that are otherwise applicable generally to public companies, and we have elected to comply with these reduced reporting and other burdens. These provisions include:

We could remain an emerging growth company until the earliesthave substantially expanded our business in recent years through a number of (i) the last day of the first fiscal yearacquisitions. The following table sets forth certain information regarding such acquisitions:

Customers

Our recent acquisitions have resulted in which our annual gross revenues exceed $1.07 billion, (ii) the last day of the fiscal year following the fifth anniversary of the date of the first sale of common stock under a registration statement under the Securities Act of 1933, (iii) the date that we become a “large accelerated filer” as defined in Rule 12b-2 under the Exchange Act, which would occur if the market valueexpansion of our common stock that is held by non-affiliates exceeds $700 million as of the last business daycustomer base and increased usage within existing customers. None of our most recently completed second fiscal quarter, or (iv) the date on which we have issuedcustomers individually accounted for more than $1 billion in non-convertible debt during10.0% of our consolidated revenue for the preceding three year period. The foregoing amountsyears ended December 31, 2023 and 2022, nor are subject to adjustment for inflation.we dependent upon a few major customers.

In addition, Section 107 of the JOBS Act provides that an emerging growth company can take advantage of the extended transition period provided in Section 7(a)(2)(B) of the Securities Act and Section 13(a) of the Exchange Act for complying with new or revised accounting standards that have different effective dates for public and private companies until those standards apply to private companies. We have elected to take advantage of the extended transition period for complying with the revised accounting standards. As a result, our financial statements may not be comparable to companies that comply with public company effective dates.Competition

Competition in the Cybersecurity Market

The cybersecurity market is highly fragmented. In the top quartile,We primarily compete with established and emerging security product vendors. While the market is dominated by several major global players including IBM Corporation, Cisco Systems, AVG Technologies, Broadcomfor traditional endpoint and Dell, etc. The restIT operations solutions has historically been competitive, we believe as we look to enter into adjacent markets and expand our total addressable market, we may face new competitors. We believe we compete favorably with our competitors on the basis of these factors as a result of our intelligence and expertise from the market is highly competitive without dominant players. North America is expected to continue its holdfrontlines, as well as the largest market sizefeatures and performance of our solutions, the ease of integration of our solutions in diverse IT environments, the cybersecurity market throughbreadth of our services, the year 2023, according to a report released by MarketsandMarkets.com (September 21, 2018).integration of our SaaS solution offerings in our platform, the measurement and reporting capabilities of our validation technologies, and the reputation of our consulting organization. However, many of our competitors have substantially greater financial, technical and other resources, greater name recognition, larger sales and marketing budgets, deeper customer relationships, broader distribution, and larger and more mature intellectual property portfolios.

We face direct competition from all small-to-medium-sized cybersecurity service providers nationwide given the broad service scope we currently provide. Many competitors provide cloud-based services, which means our competition is not restricted by regions. It is critical for our executive management team to identify and attract strategic acquisition targets in order to strengthen our competitive advantage as a cybersecurity consolidator, which we believe brings higher service quality, more diverse service scope, and broader geographical coverage at a lower cost.

Intellectual Property

We believe that our intellectual property rights are valuable and important to our business. We rely on trademarks, patents, copyrights, trade secrets, license agreements, intellectual property assignment agreements, confidentiality procedures, non-disclosure agreements, and employee non-disclosure and invention assignment agreements to establish and protect our proprietary rights. Though we rely in part upon these legal and contractual protections, we believe that factors such as the skills and ingenuity of our employees and the functionality and frequent enhancements to our solutions are larger contributors to our success in the marketplace. 

We continue to grow our portfolio of intellectual property rights in connection with our products, services, research and development, and other activities to protect our proprietary technology relevant to our business. We intend to take appropriate stepspursue additional intellectual property protection to protect our intellectual property. We have registered the trademark “Cyber security is a culture, not a product,” which has been approved with an official registration date of October 29, 2019.extent we believe it would be beneficial and cost-effective.

If we become more successful, we believe that competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that competitors or other third parties will claim that our products infringe their proprietary rights. In particular, large and established companies in the cybersecurity industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation. From time-to-time, third parties, including certain of these large companies and non-practicing entities, may assert patent, copyright, trademark, and other intellectual property rights against us, our channel partners, our cloud platform providers, or our end-customers, whom our standard license and other agreements obligate us to indemnify against such claims. Successful claims of infringement by a third party, if any, could prevent us from distributing certain products or performing certain services, require us to expend time and money to develop non-infringing solutions, or force us to pay substantial damages (including, in the United States, treble damages if we are found to have willfully infringed patents), royalties or other fees. We cannot assure you that we do not currently infringe, or that we will not in the future infringe, upon any third-party patents or other proprietary rights.

Government Regulation

The Company isWe are not aware of any specific regulations that govern cybersecurity firms or the areas in which the Company operates.we operate. While there are a few federal cybersecurity regulations, they govern industries that the Company serveswe serve and exist to focus on specific industries.

The threeThree of the main cybersecurity regulations are the 1996 Health Insurance Portability and Accountability Act (HIPAA),HIPAA, the 1999 Gramm-Leach-Bliley Act, and the 2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA)(“FISMA”). The three regulations mandate that healthcare organizations, financial institutions, and federal agencies, respectively, should protect their systems and information. FISMA, which applies to every government agency, requires the development and implementation of mandatory policies, principles, standards, and guidelines on information security. However, the regulations do not address numerous computer related industries, such as Internet Service Providers (ISPs) and software companies. Furthermore, the regulations do not specify what cybersecurity measures must be implemented and require only a “reasonable” level of security.

In addition, the National Cyber SecurityCybersecurity Division (NCSD) is another regulatory body that is a division of the Office of Cyber SecurityCybersecurity & Communications within the United StatesU.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Human Capital Management

We believe that our future success will depend, in part, on our continued ability to attract, hire, and retain qualified personnel. In particular, we depend on the skills, experience, and performance of our senior management and engineering and technical personnel. We compete for qualified personnel with other cyber security companies and industry experts.

We provide competitive compensation and benefits programs to help meet the needs of our employees. In addition to salaries, these programs (which vary by country/region and employment classification) include incentive compensation plan, pension, healthcare and insurance benefits, paid time off, family leave, and on-site services, among others. We also use targeted equity-based grants with vesting conditions to facilitate retention of personnel, particularly for our key employees.

The success of our business is fundamentally connected to the well-being of our people. Accordingly, we are committed to the health and safety of our employees. In response to the COVID-19 pandemic, we implemented significant changes that we determined were in the best interest of our employees, as well as the communities in which we operate, and which comply with government regulations. This includes having employees work from home, while implementing additional safety measures for employees continuing critical on-site work.

Environmental, Social, and Governance Efforts

Environmental Commitment

We are committed to protecting the environment and attempt to mitigate any negative impact of our operations. We monitor resource use, improve efficiency, and at the same time reduce our emissions and waste.

Social Responsibility

We are a trusted cybersecurity expert providing safe, efficient, and sustainable services to our existing and new communities. Our success is the direct result of the dedication and strength of our team and promotes equity, diversity, integrity, inclusion, reliability and accountability. We believe that a combination of diverse team members and an inclusive culture contributes to our success. Each member is a valued part of our team bringing a diverse perspective to help grow business and achieve our goals. Our tradition of serving employees, customers, and investors is at the core of our culture. For third-party vendor selection and oversight, we have standard operating procedures that apply to employees and subcontractors who, on our behalf, oversee and conduct technical protocols.

Employees

As of December 31, 2019,2023, we had 30 employees.402 employees, of which 397 were full-time. In addition, we utilize independent contractors for projects of short duration or where specialized knowledge or experience is needed for a complex project. We are not dependent on any independent contractor, and we believe adequate replacements would be available in the event any such independent contractor becomes unavailable to us. We believe our relations with our employees is good.

Transfer Agent

Our stock transfer agent is Securities Transfer Corporation, located at 2901 N. Dallas Parkway, Plano, Texas 75093. Their telephone number is (469) 633-0101, and their website is stctransfer.com.

Corporate and Available Information

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, our proxy and information statements and all amendments to those reports will be available free of charge through our website (http://cerberussentinel.com)at www.ciso.inc as soon as practicable after such material is electronically filed with, or furnished to, the SEC. Except as otherwise stated in these documents, the information contained on our website or available by hyperlink from our website is not incorporated by reference into this report or any other documents we file, with or furnish to, the SEC.

Implications of Being an Emerging Growth Company

We qualify as an “emerging growth company” as the term is used in The Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), and therefore, we may take advantage of certain exemptions from various public company reporting requirements, including:

We may take advantage of these provisions for up to five years or such earlier time that we are no longer an emerging growth company. We would cease to be an emerging growth company if we have more than $1.07 billion in annual revenue, issue more than $1.0 billion of non-convertible debt over a three-year period, or become a large accelerated filer. So long as we remain an emerging growth company, we may choose to take advantage of some, but not all, of the available benefits of the JOBS Act. We have taken advantage of some of the reduced reporting requirements in our filings. Accordingly, the information contained herein may be different than the information you receive from other public companies in which you hold stock. In addition, the JOBS Act provides that an emerging growth company can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.

ITEM 1A. RISK FACTORS

An investment in our common stock involves a number of very significant risks. Readers of this Annual Report on Form 10-K should carefully consider the following risks and uncertainties in addition to other information in this reportAnnual Report on Form 10-K in evaluating our company and its business before purchasing shares of our company’s common stock. Our business, operating results and financial condition could be seriously harmed due to any of the following risks. An investor in our common stock could lose all or part of their investment due to any, or a combination of these risks.

Risk Factor Summary

Risks Related to Our Business and Industry

Risks Related to Our Common Stock

Risks Related to Our Business and Industry

We will need to raise capital in order to realize our business plan and growth strategy, the failure of which could adversely impact our operations.

Our growth strategy is based upon increasing the number of our clients and our consolidated revenue by making successful acquisitions and integrating businesses that provide comparable or complementary cyber security services. As of December 31, 2019,2023, our business was not profitable, and we may incur additional costs in relation to future acquisitions which may result in shortage in capital resources.profitable. Without adequate funding, a significant increase in revenues,revenue, and continued successful integration of theour acquired targets, we may not be able to sustainachieve profitability in the existing lines of business and attract further capital. As of March 25, 2020,31, 2024, we had available cash resources of approximately $1,600,000.$1,575,856.

We expect to continue to finance our operations with available net operating cash flows and will need to raise additional capital in the future by issuing equity or other forms of securities, which could significantly reducehave significant dilutive impact on the percentage ownership interest of our existing shareholders.stockholders. Furthermore, any newly issued securities could have rights, preferences, and privileges senior to those of our existing common stock and may have a dilutive impact on the ownership interest of existing shareholders.stock.

We may have difficulty obtaining additional funds as and when needed, and we may have to accept terms that would adversely affect our shareholders.stockholders. In addition, any adverse conditions in the credit and equity markets may adversely affect our ability to raise funds when needed. Any failure to achieve adequate funding will delay our acquisition efforts and could lead to abandonment of one or more of our acquisition initiatives, as well as prevent us from responding to competitive pressures or take advantage of unanticipated acquisition opportunities. Any additional equity financing will likely be dilutive to shareholders,stockholders, and certain types of equity financing, if available, may involve restrictive covenants or other provisions that would limit how we conduct our business or finance our operations.

We are not profitable as ofincurred significant operating losses during the years ended December 31, 2019,2023 and December 31, 2022, and we have limited cash flow and, unlessflow. Unless we increase revenuesrevenue and cash flow or raise additional capital, we may be unable to take advantage of any acquisition opportunities that arise or expand our business, all of which could adversely impact us.

For the year ended December 31, 2019 and as of the date of this report, we assessed our financial condition and concluded that we have sufficient resources for the next 12 months from the date of this report. Our auditor’s report for the year ended December 31, 2019 does not include a going concern opinion on the matter. However, management is still required to assess our ability to continue as a going concern. We had a net loss of $1,354,368 for the year ended December 31, 2019. During the same period, cash used in operations was $203,358 and our accumulated deficit as of December 31, 2019 was $1,453,510. Management isare unable to predict if and when we will be able to generate significant positive cash flow or achieve profitability. Our plan regarding these matters is to strengthen our revenuesrevenue and continue improving operational efficiencies across the business. There can be no assurances that we will be successful in increasing revenues,revenue, improving operational efficiencies or that financing will be available or, if available, that such financing will be available under favorable terms. In the event that we are unable to generate adequate revenuesrevenue to cover expenses and cannot obtain additional financing, into calendar year 2020, we may need to cut back or curtail our expansion plans.

We will need to grow the size and capabilities of our organization, and we may experience difficulties in managing this growth.

As of December 31, 2019, we had 30 employees. As our acquisition strategies develop, we must carefully integrate managerial, operational, sales, marketing, financial, and other personnel in the expanded organization and manage cost.costs. Future growth will impose significant added responsibilities on members of management, including:including the following:

Our future financial performance and our ability to commercialize our strategic acquisitions will depend, in part, on our ability to effectively manage any future growth. Our management may also have to divert a disproportionate amount of its attention away from day-to-day activities in order to devote a substantial amount of time to managing these growth activities. This lack of long-term experience working together may adversely impact our senior management team’s ability to effectively manage our business and growth.

We depend on key personnel who would be difficult to replace, and our business plans will likely be harmed if we lose their services or cannot hire additional qualified personnel.

Our success depends substantially on the efforts and abilities of our senior management and certain key personnel, including, but not limited to our Chief Executive Officer, David G. Jemmett, and our President, William Santos.executive officers. We currently do not hold anymaintain key man insurance for them.any of our senior management or key personnel.  The competition for qualified management and key personnel is intense. The loss of services of one or more of our key employees, or the inability to hire, train, and retain key personnel, especially executive managers with cybersecurity industry knowledge, could delay the execution of new acquisitions and launch of new service programs, disrupt our business, and interfere with our ability to execute our business plan.

We operate in an industry that is experiencing a shortage of qualified engineers.compliance and cybersecurity professionals. If we are unable to recruit and retain key management and technical and sales personnel, our business would be negatively affected.

To execute our growth strategy, we must continue to attract and retain highly skilled employees.compliance and cybersecurity experts. Competition for these employees is intense, especially for compliance experts and cybersecurity engineers,professionals, as there is a global shortage of engineersthese professionals who can provide the technical and strategic skills required for us to deliver high levels of services to our clients and potential clients. We may not be successful in attracting and retaining qualified employees. We have from time-to-time in the past experienced, and we expect to continue to experience, in the future, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. Many of the companies with which we compete for these highly skilled employees have greater resources than we have. In addition, in making employment decisions, particularly in the high- technologyhigh-technology industry, job candidates often consider the value of the stock options, restricted stock grants, or other stock-based compensation they are to receive in connection with their employment. Declines in the value of our stock could adversely affect our ability to attract or retain key employees and result in increased employee compensation expenses. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.

We depend on independent contractors to provide certain services thatfor which we do not have the expertise on internally. Any compromise in the service quality may delay our business processes and cause economic loss.loss.

We currently rely, and for the foreseeable future will continue to rely, in substantial part on certain independent organizations, advisors, and consultants to provide certain services. There can be no assurance that the services of these independent organizations, advisors, and consultants will continue to be available to us on a timely basis when needed, or that we can find qualified replacements. In addition, if we are unable to effectively manage our outsourced activities or if the quality or accuracy of the services provided by consultants is compromised for any reason, some of our business activities may be delayed or terminated, and we may not be able to mitigate negative impacts or otherwise advance our business. There can be no assurance that we will be able to manage our existing consultants or find other competent outside contractors and consultants on economically reasonable terms, if at all. If we are not able to effectively expand our organization by hiring new employees and expanding our groups of consultants and contractors, we may not be able to successfully implement the tasks necessary to further expand and, accordingly, may not achieve our business goals.

We have recently acquired TalaTek.multiple businesses. Our growth strategy is driven by successful acquisitions and integration of additional businesses that provide comparable or complementary services. Our ability to grow is limited if we fail to identify and consummate acquisitions.

We have recently acquired TalaTek,completed the acquisition of certain complementary businesses, and we intend to consider additional potential strategic transactions, which could involve acquisitions of businesses or assets, joint ventures, or investments in businesses or technologies that expand, complement, or otherwise relate to our business. We may also consider, from time to time, opportunities to engage in joint ventures or other business collaborations with third parties. Should our relationships fail to materialize into significant agreements, or should we fail to work efficiently with these companies, we may lose sales and marketing opportunities and our business, results of operations, and financial condition could be adversely affected.

Any business acquisition creates risks such as, among others: (i) the need to integrate and manage the businesses acquired with our own business; (ii) additional demands on our resources, systems, procedures, and controls; (iii) disruption of our ongoing business; and (iv) diversion of management’s attention from other business concerns. Moreover, these transactions could involve: (a) substantial investment of funds or financings by issuance of debt or equity securities; (b) substantial investment with respect to technology transfers and operational integration; and (c) the acquisition or disposition of lines of businesses. Also, such activities could result in one-time charges and expenses and have the potential to either dilute the interests of our existing stockholders or result in the issuance of, or assumption of debt. Such acquisitions, investments, joint ventures, or other business collaborations may involve significant commitments of financial and other resources. Any such activities may not be successful in generating revenue, income, or other returns, and any resources we committed to such activities will not be available to us for other purposes. Moreover, if we are unable to access the capital markets on acceptable terms or at all, we may not be able to consummate acquisitions, or may have to do so on the basis of a less than optimal capital structure. Our inability to take advantage of growth opportunities or address risks associated with acquisitions or investments in businesses may negatively affect our operating results.

Additionally, any impairment of goodwill or other intangible assets acquired in an acquisition or in an investment, or charges to earnings associated with any acquisition or investment activity, may materially reduce our earnings. Future acquisitions or joint ventures may not result in their anticipated benefits and we may not be able to properly integrate acquired technologies or businesses with our existing operations or successfully combine personnel and cultures. Failure to do so could deprive us of the intended benefits of those acquisitions.

We intend to grow our client base significantly through acquisitions of other service providers. If we fail to retain existing clients and attract new clients through acquisitions, we may never be profitable.achieve profitability.

Through acquisition of other service providers, we will inherit an increasingly larger client base, which creates cross-selling and up-selling opportunities. We need high-quality service and exemplary client management to retain and grow our client base. We also plan to launch sales and marketing efforts, including trade show appearance,appearances, sales demodemos, and advertising campaigns in various forms to promote our brand name. If our marketing efforts do not materialize, we may lose existing clients or fail to obtain new clients. Our inability to grow sales as the Company expandswe expand in operations may result in loss,continuing losses, and we may not be profitable for an extended period of time. In addition, even if we are able to make future acquisitions, we will incur additional costs to consummate them, which may result in a shortage in our capital resources. We may also incur difficulties in integrating new businesses with our current operations.

Our business strategy may impose limitations in our ability to accurately forecast future revenue and operating results.

Our operating results are dependent on a variety of factors, including purchasing patterns of our clients, competitive pricing, debt servicing, and general economic trend.trends. Our revenue and operating results may fluctuate if our sales target istargets are not met, new service offerings receive poor client response, or client acquisition costs increase due to competition. In addition to these factors, our acquisition strategy may impose additional risks to the predictability of our operating results. Revenue streams may be volatile givendue to the uncertainty in the closing timeline ofidentifying attractive acquisition candidates and our ability to consummate new acquisitions. Unexpected expenses may be incurred during due diligence and post-acquisition. Management intends to manage risk carefully with the acquisitions; however, limitationsthere can be no assurance that we will be able to identity and consummate acquisitions that improve our results of operations.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.

Our revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our solutions, particularly with respect to large organizations and government entities. For example, in light of current macroeconomic conditions, we have observed a lengthening of the sales cycle for some prospective customers that we attribute to higher cost-consciousness around IT budgets. Customers often view the subscription to our solutions as a significant strategic decision and, as a result, frequently require considerable time to evaluate, test and qualify our solutions prior to entering into or expanding a relationship with us. Large enterprises and government entities in particular, often undertake a significant evaluation process that further lengthens our sales cycle. Our direct sales team develops relationships with our customers, and works with our channel partners on account penetration, account coordination, sales and overall market development. We spend substantial time and resources on our sales efforts without any assurance that our efforts will produce a sale. Security solution purchases are frequently subject to budget constraints, multiple approvals and unanticipated administrative, processing and other delays. As a result, it is difficult to predict whether and when a sale will be completed. The failure of our efforts to secure sales after investing resources in a lengthy sales process would adversely affect our business, operating results and financial condition.

Because we recognize revenue from subscriptions to our solutions over the term of the subscription, downturns or upturns in new business will not be immediately reflected in our operating results.

We generally recognize revenue from customers ratably over the term of their subscription, which is generally one to three years. As a result, a substantial portion of the revenue we report in each period is attributable to the recognition of deferred revenue relating to agreements that we entered into during previous periods. Consequently, any increase or decrease in new sales or renewals in any one period will not be immediately reflected in our revenue for that period. Any such change, however, would affect our revenue in future periods. Accordingly, the effect of downturns or upturns in new sales and potential changes in our rate of renewals will not be fully reflected in our operating results until future periods. We may also be unable to timely reduce our cost structure in line with a significant deterioration in sales or renewals that would adversely affect our business, operating results, and financial condition.

We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide partial refunds or our customers could be entitled to terminate their contracts and our business would suffer.

Certain of our customer agreements contain service level commitments, which contain specifications regarding the availability of our solutions and our support services. Failure of or disruption to our infrastructure or third-party hosting service providers could impact the performance of our solutions and the availability of services to customers. If we are unable to meet our stated service level commitments or if we suffer extended periods of poor performance or unavailability of our solutions, we may be contractually obligated to provide affected customers with credit, partial refunds or termination rights. To date, there has not been a material failure to meet our service level commitments, and we do not currently have any material liabilities accrued on our consolidated balance sheets for such commitments. Our business, operating results, and financial condition would be adversely affected if we suffer performance issues or downtime that exceeds the service level commitments under our agreements with our customers.

Our business is subject to the risks of warranty claims from real or perceived defects in our solutions or their misused by our customers or third parties and provisions in certain agreements potentially expose us to substantial liability and other losses.

We may be subject to liability claims for damages related to errors or defects in our solutions. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our solutions will harm our business and operating results. Although we generally have limitation of liability provisions in our terms and conditions of sale, they may not fully or effectively protect us from claims as a result of federal, state or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our solutions also entails the risk of product liability claims. We employ measures in the form of policy and technical controls to limit unauthorized access to our solutions by our employees, customers and third-parties, however, these measures may not fully or effectively protect our solutions from unauthorized access. Additionally, we typically provide indemnification to customers, partners or other third parties we do business with for certain losses suffered or expenses incurred as a result of third-party claims arising from our infringement of a third party’s intellectual property. We also provide unlimited liability for certain breaches of confidentiality, as defined in our master subscription agreement. We also provide limited liability in the event of certain breaches of our master subscription agreement. Certain of these contractual provisions survive termination or expiration of the applicable agreement. To date, we have not incurred any material costs because of such obligations. However, as we continue to grow, indemnification claims against us for the obligations listed will increase. When our customers or other third parties we do business with make intellectual property rights or other indemnification claims against us, we will incur significant legal expenses and may have to pay damages, license fees and/or stop using technology found to be in violation of the third party’s rights. We may also have to seek a license for the technology. Such licenses may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to forecast future revenuedeliver certain solutions or features. We may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our solutions, which could harm our business. Large indemnity obligations, whether for intellectual property or in certain limited circumstances, other claims, would harm our business, operating results remain significant.and financial condition.

Additionally, our solutions may be used by our customers and other third parties who obtain access to our solutions for purposes other than for which our solutions was intended. We maintain insurance to protect against certain claims associated with the use of our solutions, but our insurance coverage may not adequately cover the claims asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our business and reputation. We have offered some of our customers a limited warranty, subject to certain conditions. Any failure or refusal of our insurance providers to provide the expected insurance benefits to us after we have remediated warranty claims would cause us to incur significant expense or cause us to cease offering warranties which could damage our reputation, cause us to lose customers, expose us to liability claims by our customers, negatively impact our sales and marketing efforts, and have an adverse effect on our business, operating results, and financial condition. Further, although the terms of the warranty do not allow those customers to use warranty claim payments to fund payments to persons on the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), list of Specially Designated Nationals and Blocked Persons or who are otherwise subject to U.S. sanctions, we cannot assure you that all of our customers will comply with our warranty terms or refrain from taking actions, in violation of our warranty and applicable law.

Our future results may be affected by various legal and regulatory proceedings and legal compliance risks, including those involving intellectual property, environmental, governmental regulations, the U.S. Foreign Corrupt Practices Act, and other anti-bribery, anti-corruption, or other matters.

We may be subject to various legal and regulatory proceedings, and are subject to certain legal compliance risks in the areas of intellectual property, governmental regulation, U.S. Foreign Corrupt Practices Act, and related anti-bribery and anti-corruption regulations. The outcome of theseany such legal proceedings may differ from our expectations because the outcomes of litigation, including regulatory matters, are often difficult to reliably predict. Various factors or developments can lead us to change current estimates of liabilities and related insurance requirements where applicable, or make such estimates for matters previously not susceptible of reasonable estimates, such as a significant judicial ruling or judgment, a significant settlement, significant regulatory developments, or changes in applicable law. A future adverse ruling, settlement, or unfavorable development could result in future charges that could have a material adverse effect on our results of operations or cash flows in any particular period.

We are subject to risks from operating internationally.

We operate internationally, and our growth strategy depends in part on our ability to expand our operations in foreign markets, including by way of acquisitions. International operations and business expansion plans are subject to numerous risks, including the following:

Any of these factors could have a material adverse effect on our reputation, financial condition, results of operations and stock price.

Our operations in certain emerging markets expose us to political, economic and regulatory risks.

Our growth strategy depends in part on our ability to expand our operations in emerging markets, including, among others, countries in South America, and Europe. However, some emerging markets have greater political, economic and currency volatility and greater vulnerability to infrastructure and labor disruptions than more established markets. In many countries, particularly those with emerging economies, engaging in business practices prohibited by laws and regulations with extraterritorial reach, such as the Foreign Corrupt Practices Act of 1977 and the U.K. Bribery Act, or local anti-bribery laws may be more common. These laws generally prohibit companies and their employees, contractors or agents from making improper payments to government officials, including in connection with obtaining permits or engaging in other actions necessary to do business. Failure to comply with these laws could subject us to civil and criminal penalties that could materially and adversely affect our reputation, financial condition, results of operations and stock price. Failure to manage political, economic and regulatory risks in emerging markets could adversely affect our sales, financial condition, results of operations, cash flows and stock price.

Adverse economic conditions in the United States and international economies may adversely impact our business operating units.

General macro-economic conditions, such as a rise in interest rates, inflation in the cost of goods and services including labor, a recession or an economic slowdown in the United States or internationally, could adversely affect demand for our services and make it difficult to accurately forecast and plan our future business activities. For example, U.S. and global markets have been experiencing volatility and disruption due to interest rate and inflation increases, such as higher inflation rates in the U.S., which rose in the second half of 2021 and have remained above the Federal Reserve’s inflation target, as well as the continued escalation of geopolitical tensions, including those as a result of the conflicts between Russia and Ukraine and in the Middle East. We have experienced and continue to experience inflationary pressures in certain areas of our business. Although our business has not yet been materially negatively impacted by such inflationary pressures, we cannot be certain that neither we nor our customers will be materially impacted by continued pressures. To the extent conditions in the domestic and global economy change, our business could be harmed as current and potential customers may reduce or postpone spending or choose not to purchase our services or products, which they may consider discretionary. If our customers face risks relateddecreased consumer demand, increased regulatory burdens or more limited access to health epidemicsinternational markets, we may face a decline in demand for our products and other outbreaks, which could significantly disruptservices, and our operations.

Our business and operating results could be adversely impacted byimpacted.

To the effects of epidemics, including butextent conditions in the domestic and global economy change, our business could be harmed as current and potential customers may reduce or postpone spending or choose not to purchase or renew our services, which they may consider discretionary. If our customers face decreased consumer demand, increased regulatory burdens, or more limited access to international markets, we may face a decline in the coronavirus that has been reported to have surfaced in Wuhan, China in December 2019demand for our services and has since spread to most other parts of the world, including the United States, our principal market. We are closely monitoring the impact of the COVID-19 global outbreak, although there remains significant uncertainty related to the public health situation globally.

Ouroperating results of operations could be adversely affectedimpacted.

Uncertain and adverse economic conditions may also lead to a decline in the extent that such coronavirus or any other epidemic generally harms the global economy. In addition, our customers and/or personnel may be adversely impacted as a result of a health epidemic or other outbreak. Our operation may experience disruptions, such as temporary closure of our offices and/or thoseability of our customers suspension of services and the shut-down of our channel sales efforts, some ofto use or access credit, which we are already experiencing and most likely will affect our sales pipeline in the coming quarters. These disruptions may require us to curtail our sales efforts or even force us to reduce our workforce in effort to conserve capital. Further impacts from the COVID-19 global outbreak could continue to materially and adversely affect our business, financial conditionbusiness. In addition, changing economic conditions may also adversely affect third parties with which we have entered into relationships and resultsupon which we depend in order to grow our business. As a result, we may be unable to continue to grow in the event of operations.future economic slowdowns.

Breaches of network or information technology security could have an adverse effect on our business.

Cyber-attacks or other breaches of network or IT security may cause equipment failures or disrupt the systems and operations of us and our clients. The potential liabilities associated with these events could exceed the insurance coverage we or our clients maintain, if any. An inability to operate as a result of such events, even for a limited period of time, may result in significant expenses or loss of market share to other competitors in the market we serve. In addition, a failure to protect our, or our client’s, enterprises, networks, privacy of customer, and employee confidential data against breaches of network or IT security could result in damage to our reputation. To date, we have not been subject to cyber-attacks or other cyber incidents which, individually or in the aggregate, resulted in a material adverse effect on our business, operating results, andor financial condition.

Security threats to our own IT infrastructure may affect our clients indirectly. A party who is able to compromise the security measures on our networks or the security of our infrastructure could misappropriate our proprietary information or the personal information of our clients, cause interruptions or malfunctions in our operations or our clients’ operations, or damage our computers or systems and those of our clients. As security is a primary competitive factor in our industry, such a compromise could be particularly harmful to our brand and reputation. We may be required to expend significant resources to protect against such threats or to alleviate problems caused by breaches in security. As techniques used to breach security change frequently, and are generally not recognized until launched against a target, we may not be able to implement security measures in a timely manner or, if and when implemented, we may not be able to determine the extent to which these measures could be circumvented. If we are unable to protect sensitive information, our clients or governmental authorities could question the adequacy of our threat mitigation and detection processes and procedures. Any breaches that may occur could expose us to increased risk of lawsuits, regulatory penalties, loss of existing or potential customers, harm to our reputation, and increases in our security costs, which may not be fully insured or indemnified by other means. Additionally, breaches of our, or our clients’, systems could similarly result in a loss of confidence in our services or damage to our brand and reputation. Occurrence of any of these events could have a material adverse effect on our business, financial condition, operating results, or prospects.

Because our services are aimed at protecting clients from, and limiting the impact of, critical business interruptions and losses related to cyber-attacks, if our client’s experience losses related to cyber-attacks that result in lost profits or other indirect or consequential damages to our clients, our clients may expose us to lawsuits. Our service agreements with our clients typically contain provisions limiting our liability. However, we cannot provide assurances that a court would enforce any contractual limitations on our liability. The outcome of any such lawsuit would depend on the specific facts of the case and any legal and policy considerations that we may not be able to mitigate. In such cases, we could be liable for substantial damage awards that may exceed our liability insurance coverage by unknown but significant amounts, which could materially impair our financial condition.

If we fail to meet our service level obligations under our service level agreements, we may be subject to certain penalties and could lose clients.

We have service level agreements with many of our managed services clients under which we guarantee specified levels of service availability. These arrangements require us to estimate the level of service we will provide. If we fail to meet our service level obligations under these agreements, we may be subject to penalties, which could result in higher than expected costs, and we may lose clients, which could lead to decreased revenue and decreased gross and operating margins. If we fail to meet our service level obligations under these agreements, our reputation may suffer as a result.

The nature of our business involves significant risks and uncertainties that may not be covered by insurance or indemnification.

We provide services in circumstances where insurance or indemnification may not be not available.available to us. Our existing insurance coverages may not be sufficient or additional insurance may not be available to protect us against operational risks and other uncertainties that we face. Liabilities or claims arising from our services in excess of any indemnity or insurance coverage (or for which indemnity or insurance coverage is not available or is not obtained) could harm our financial condition, cash flows, and operating results. Any claim, even if fully covered or insured, could negatively affect our reputation in the marketplace and make it more difficult for us to compete effectively. The defense of such claims may be costly and time-consuming and could divert the attention of management.

We indemnify our officers and directors against liability to us and our security holders, and such indemnification could increase our operating costs.

Our certificate of incorporation and bylaws allow us to indemnify our officers and directors against claims associated with carrying out the duties of their offices. Our bylaws also allow us to reimburse them for the costs of certain legal defenses. Insofar as indemnification for liabilities arising under the Securities Act may be permitted to our officers, directors, or control persons, the SEC has advised that such indemnification is against public policy and is therefore unenforceable.

Our industry is highly competitive, and there is no assurance that we will compete successfully.

Our current and potential competitors vary by size, service offerings, and geographic location. Competitors include technology companies, consulting companies, telecommunication companies, technology resellers, hardware and software companies, and others. Many of our competitors have entrenched relationships in particular industries or have gained a reputation for expertise in a specific segmentsector of the cybersecurity market, including services, software, and hardware. The primaryPrimary competitive factors in our market are:include security, reliability and functionality,functionality; customer service and technical expertise,expertise; reputation and brand recognition,recognition; financial strength,strength; breadth of products and services offered, price,offered; price; and scalability. Many of our current and potential competitors have substantially greater financial, technical, and marketing resources; more diversified product and service offerings; larger customer bases; longer operating histories; greater brand recognition; and more established relationships in the industry than we do. As a result, some of these competitors may be able to:

Many of these companies have significantly greater financial, technical, marketing, and other resources than we do and may be better positioned to acquire, offer, and service complementary products and technologies. These companies and alliances resulting from possible combinations may create more compelling product and service offerings,offerings; be able to offer greater pricing flexibility than we cancan; or engage in business practices that make it more difficult for us to compete effectively, including on the basis of sales and marketing programs (such as providing greater incentives to our channel partners to sell a competitor’s product), technology, or product functionality. Competition could result in, among other things, a substantial loss of customers, reduction in revenuesrevenue, or increase in expenses, which could materially adversely affect our business, financial condition, results of operations, or prospects.

Our success depends on our ability to protect our intellectual property and our proprietary technologies.

We rely on trade secrets to protect intellectual property, proprietary technology, and processes, which we have or may develop in the future. There can be no assurances that secrecy obligations will be honored or that others will not independently develop similar or superior technology. The protection of intellectual property and/or proprietary technology through claims of trade secret status has been the subject of increasing claims and litigation by various companies both in order to protect proprietary rights as well as for competitive reasons even where proprietary claims are unsubstantiated. The prosecution of proprietary claims or the defense of such claims is costly and uncertain given the uncertainty and rapid development of the principles of law pertaining to this area. We may also be subject to claims by other parties regarding the use of intellectual property, technology information, and data, which may be deemed proprietary to others.

Increasingly complex cybersecurity regulations and standards may have significant impact on our business, and it may require us to substantially invest in our development capabilities to meet compliance requirements and may negatively impact our ability to offer certain services and remain profitable.

Federal and Statestate legislatures continue to advance policy proposals in recent years to address cyber threats directed at governments and private businesses. As threats continue to evolve and expand and as the pace of new technologies accelerates, legislatures are making cybersecurity measures a high priority. At the federal and state level, close to 300hundreds of bills or resolutions have been introduced and considered that deal significantly with cybersecurity. These proposals are at multiple stages of development and may shape out new standards concerning different areas. Our business expansion strategy focuses on accretive acquisitions of other cybersecurity service providers in the top thirty U.S. markets to achieve greater service coverage.  The complex regulatory environment in each Statestate may require us to dedicate additional resource to ensure our service scope and service quality are in compliance with the standards enacted in each Statestate we operate business in. We may incur additional legal and compliance costs, and our service scope may be restrained due to compliance requirements. This will cause a delay in our service launch and negatively impact our operating results. We may also face litigations if we fail to respond accordingly to these regulatory measures in certain States.states.

We may become subject to disputes, including litigation, that could negatively impact our business, and our profitability, and financial condition.

We may become subject to disputes with third parties from time to time. Any such dispute could result in litigation between us and the other parties. Whether or not any dispute actually proceeds to litigation, we may be required to devote significant management time and attention and financial resources to its resolution (through litigation, settlement, or otherwise), which would detract from our management’s ability to focus on our business. Any such resolution could involve the payment of damages or expenses by us, which may be significant. In addition, any such resolution could involve our agreement with terms that restrict the operation of our business.

If we incur additional debt, we will be subject to restrictive covenants and debt service obligations that could negatively impact our operations.

If we incur additional debt for operations or acquisitions, a portion of our cash flow will have to be dedicated to the payment of principal and interest on such indebtedness. Typical loan agreements also might contain restrictive covenants, which may impair our operating flexibility. Such loan agreements would also provide for default under certain circumstances, such as failure to meet certain financial covenants. A default under a loan agreement could result in the loan becoming immediately due and payable and, if unpaid, a judgment in favor of such lender which would be senior to the rights of our stockholders. A judgment creditor would have the right to foreclose on any of our assets resulting in a material adverse effect on our business, operating results, or financial condition.

The requirements of being a public company, including compliance with the reporting requirements of the Exchange Act and the requirements of the Sarbanes-Oxley Act and Nasdaq, may strain our resources, increase our costs, and divert management’s attention, and we may be unable to comply with these requirements in a timely or cost-effective manner.

As a public company, we are subject to the reporting requirements of the Exchange Act, and the corporate governance standards of the Sarbanes-Oxley Act and Nasdaq. We have a limited operating history as a public company, and these requirements may place a strain on our management, systems, and resources. In addition, we have incurred, and expect to continue to incur, significant legal, accounting, insurance, and other expenses. The Exchange Act requires us to file annual, quarterly, and current reports with respect to our business and financial condition within specified time periods and to prepare a proxy statement with respect to our annual meeting of stockholders. The Sarbanes-Oxley Act requires that we maintain effective disclosure controls and procedures and internal control over financial reporting. Nasdaq requires that we comply with various corporate governance requirements. To maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting and comply with the Exchange Act and Nasdaq requirements, significant resources and management oversight are required. This may divert management’s attention from other business concerns and lead to significant costs associated with compliance, which could have a material adverse effect on us and the market price of our common stock.

The expenses incurred by public companies generally for reporting and corporate governance purposes have been increasing. We expect these rules and regulations to continue to increase our legal and financial compliance costs and to make some activities more time-consuming and costly. These laws and regulations could also make it more difficult or costly for us to obtain certain types of insurance, including director and officer liability insurance, and we may be forced to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. These laws and regulations could also make it more difficult for us to attract and retain qualified persons to serve on our Board of Directors or its committees or as our executive officers. Advocacy efforts by stockholders and third parties may also prompt even more changes in governance and reporting requirements. We cannot predict or estimate the amount of additional costs we may incur or the timing of these costs. Furthermore, if we are unable to satisfy our obligations as a public company, we could be subject to delisting of our common stock, fines, sanctions, and other regulatory action and potentially civil litigation.

The preparation of our financial statements involves use of estimates, judgments, and assumptions, and our financial statements may be materially affected if our estimates prove to be inaccurate.

Financial statements prepared in accordance with accounting principles generally accepted in the United States require the use of estimates, judgments, and assumptions that affect the reported amounts. Different estimates, judgments, and assumptions reasonably could be used that would have a material effect on the financial statements, and changes in these estimates, judgments, and assumptions are likely to occur from period to period in the future. These estimates, judgments, and assumptions are inherently uncertain, and, if they prove to be wrong, then we face the risk that charges to income will be required.

The auditor’s opinion on our audited consolidated financial statements for the year ended December 31, 2023, included in this annual report on Form 10-K, contain an explanatory paragraph relating to our ability to continue as a going concern.

The auditor’s opinion on our audited consolidated financial statements for the year ended December 31, 2023 includes an explanatory paragraph stating that our losses and negative cash flows from operations and uncertainty in generating sufficient cash to meet our operating obligations raise substantial doubt about our ability to continue as a going concern. While we are pursuing a variety of funding sources and transactions that could raise capital, there can be no assurances that we will be successful in these efforts or will be able to resolve our liquidity issues or eliminate our operating losses. If we are unable to obtain sufficient funding, we would need to significantly reduce our operating plans and curtail some or all of our strategic plans. Accordingly, our business, prospects, financial condition, and results of operations will be materially and adversely affected, and we may be unable to continue as a going concern. If we are unable to continue as a going concern, we may have to liquidate our assets and may receive less than the value at which those assets are carried on our audited consolidated financial statements, and it is likely that investors will lose all or a part of their investment. If we seek additional financing to fund our business activities in the future and there remains substantial doubt about our ability to continue as a going concern, investors or other financing sources may be unwilling to provide additional funding on commercially reasonable terms or at all.

Risks Related to our Common Stock

The market price of our common stock may beis volatile and may fluctuate in a way that is disproportionate to our operating performance.

Our stock price may experience substantial volatility as a result of a number of factors, including, among others:

Many of these factors are beyond our control. In addition to recent events, the stock markets have historically experienced substantial price and volume fluctuations. These fluctuations often have been unrelated or disproportionate to the operating performance of these companies. These broad market and industry factors could reduce the market price of our common stock, regardless of our actual operating performance.

Future sales of shares of our common stock by existing stockholders could depress the market price of our common stock.

We havehad an aggregate of 108,032,50011,949,959 issued and outstanding shares of common stock as of March 25, 2020. The Plan Shares issuedDecember 31, 2023. Approximately 4,303,871 shares were in connection with the merger with VCAB are freely tradeable.street name. The remainder of the outstanding shares may be sold, subject to certain volume limitations, pursuant to Rule 144 or other available exemptions. Also, in the future, we may issue additional securities in connection with investmentsfinancings and acquisitions. The amount of our common stock issued in connection with an investment or acquisition could constitute a material portion of our then outstanding stock. Due to these factors, sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.

Provisions in our Certificatecertificate of Incorporation,incorporation, our By-lawsby-laws, and Delaware law might discourage, delay, or prevent a change in control of our company or changes in our management and, therefore, depress the trading price of our common stock.

Provisions of our amended and restated certificate of incorporation, our amended and restated bylawsby-laws, and Delaware law may have the effect of deterring unsolicited takeovers or delaying or preventing a change in control of our company or changes in our management, including transactions in which our stockholders might otherwise receive a premium for their shares over then current market prices. In addition, these provisions may limit the ability of stockholders to approve transactions that they may deem to be in their best interests. These provisions include the ability of our boardBoard of directorsDirectors to designate the terms of and issue new series of preferred stock without stockholder approval, which could include the right to approve an acquisition or other change in our control or could be used to institute a rights plan, also known as a poison pill, that would work to dilute the stock ownership of a potential hostile acquirer, likely preventing acquisitions that have not been approved by our boardBoard of directors.Directors.

The existence of the forgoing provisions and anti-takeover measures could limit the price that investors might be willing to pay in the future for shares of our common stock. They could also deter potential acquirers of our company, thereby reducing the likelihood that an investor in our company could receive a premium for their common stock in an acquisition.

Our boardBoard of directorsDirectors is expressly authorized to make, alter, or repeal our by-laws by majority vote, while such action by stockholders would require a super majority vote; and establish advance notice requirements for nominations for elections to our board of directors or proposing matters that can be acted upon by stockholders at stockholder meetings.vote.

These anti-takeover provisions and other provisions under Delaware law could discourage, delay, or prevent a transaction involving a change in control of our company, including actions that our stockholders may deem advantageous, or negatively affect the trading price of our stock. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and cause us to take other corporate actions they desire.

FINRA sales practice requirements may limit a stockholder’s ability to buy and sell our stock.

The Financial Industry Regulatory Authority, Inc. (“FINRA”) has adopted rules that require that, in recommending an investment to a client, a broker-dealer must have reasonable grounds for believing that the investment is suitable for that customer. Prior to recommending speculative low-priced securities to their non-institutional customers, broker-dealers must make reasonable efforts to obtain information about the customer’s financial status, tax status, investment objectives, and other information. Under interpretations of these rules, FINRA believes that there is a high probability that speculative low pricedlow-priced securities will not be suitable for certain customers. FINRA requirements will likely make it more difficult for broker-dealers to recommend that their customers buy our common stock, which may have the effect of reducing the level of trading activity in the shares, resulting in fewer broker-dealers may be willing to make a market in our shares, potentially reducing a stockholder’s ability to resell shares of our common stock.

If we issue additional shares in the future, it will result in the dilution of our existing shareholders.stockholders.

Our Articlesamended and restated certificate of Incorporationincorporation authorizes the issuance of up to 250,000,000300,000,000 shares of our common stock with a par valueand up to 50,000,000 shares of $0.00001 per share.preferred stock. Our Board of Directors may choose to issue some or all of such shares to acquire one or more companies and to fund our overhead and general operating requirements. The issuance of any such shares will reduce the book value per share and may contribute to a reduction in the market price of the outstanding shares of our common stock. If we issue any such additional shares, such issuance will reduce the proportionate ownership and voting power of all current shareholders.stockholders. Further, such issuance may result in a change of control of our company.

Our directors and executive officers beneficially own a substantial majority of our outstanding capital stock and will have the ability to control our affairs.

Our directors and executive officers beneficially own approximately 80% of our outstanding capital stock. By virtue of these holdings, they effectively control the election of the members of our board of directors, our management and our affairs and may prevent us from consummating corporate transactions such as mergers, consolidations or the sale of all or substantially all of our assets that may be favorable from our standpoint or that of our other stockholders.

We do not know whether an active, liquid and orderly trading market will develop for our common stock.

There has been no public market for our common stock. An active trading market for our shares may never develop or be sustained. No assurance can be provided that a purchaser of our common stock will be able to resell their shares of common stock at or above the price that they acquired those shares. We can provide no assurances that the fair market value of common stock will increase or that the market price of common stock will not fluctuate or decline significantly.

We are eligible to be treated as an “emerging growth company,” as defined in the JOBS Act, and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we may take advantage of exemptions from various reporting and other requirements that are applicable to other public companies that are not emerging growth companies, including (i) not being required to comply with the auditor attestation requirements of Section 404(b) of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation in this registration statement and our periodic reports and proxy statements, and (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We could be an emerging growth company for up to five years, although circumstances could cause us to lose that status earlier.

In addition, Section 107 of the JOBS Act provides that an emerging growth company can take advantage of the extended transition period provided in Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards that have different effective dates for public and private companies until those standards apply to private companies. We have elected to take advantage of the extended transition period for complying with the revised accounting standards. As a result, our financial statements may not be comparable to companies that comply with effective dates generally applicable to public companies.

Investors may find our common stock less attractive because we may rely on these exemptions, reduced reporting requirements, and extended transition periods. If investors find our common stock less attractive as a result of any of the foregoing, there may be a less active trading market for our common stock and our stock price may be more volatile or may decrease.

Our directors, a former director and executive officers beneficially own a substantial majority of our outstanding capital stock and will have the ability to control our affairs.

Our current directors and executive officers, and a former director beneficially own approximately 51.90% of our outstanding capital stock. By virtue of these holdings, they effectively control the election of the members of our Board of Directors, our management, and our affairs and may prevent us from consummating corporate transactions such as mergers, consolidations, or the sale of all or substantially all of our assets that may be favorable from our standpoint or that of our other stockholders.

Our failure to meet the continued listing requirements of Nasdaq could result in a delisting of our common stock.

If we fail to satisfy the continued listing requirements of Nasdaq, such as the corporate governance requirements or the minimum closing bid price requirement, Nasdaq may take steps to delist our common stock. On March 29, 2023, we received a letter from the listing qualifications staff of Nasdaq providing notification that the bid price for our common stock had closed below $1.00 per share for the previous 30 consecutive business days and our common stock no longer met the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). In accordance with Nasdaq Listing Rule 5810(c)(3)(A), we had an initial period of 180 calendar days to regain compliance. To regain compliance, the closing bid price of our common stock had to be $1.00 per share or more for a minimum of 10 consecutive business days at any time before the expiration of the initial compliance period. We were unable to regain compliance with Rule 5550(a)(2) during the initial compliance period, but pursuant to Nasdaq rules we were eligible for an additional 180 calendar day compliance period. To qualify, we needed to meet the continued listing requirement for market value of publicly held shares and all other initial listing standards for the Nasdaq Capital Market, with the exception of the minimum bid price requirement, and we were required to provide written notice of our intention to cure the deficiency during the second compliance period, by effecting a reverse stock split, if necessary. Subsequently, on December 28, 2023, we received a letter from the listing qualifications staff of Nasdaq providing notification that the bid price for our common stock had closed below $0.10 per share for the previous 10 consecutive trading days and our common stock no longer met the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). Accordingly we were subject to the provisions contemplated under Nasdaq Listing Rule 5810(c)(3)(A)(iii), and as a result, Nasdaq determined to delist our securities. We were granted an appeal with Nasdaq’s Hearings Panel on March 28, 2024. On March 8, 2024, our 1-for-15 reverse split became effective, increasing the bid price for our common stock above $1.00 per share. On March 22, 2024, we received notification from Nasdaq that we had regained compliance with the bid price requirements as set forth under Nasdaq Listing Rule 550(a)(2). As a result of regaining compliance, our appeal with Nasdaq’s Hearing Panel was cancelled.

We must continue to maintain a minimum closing bid price over $1.00 per share pursuant to Nasdaq Listing Rule 5810(c)(3)(A). If our closing bid price falls below $1.00 per share for more than 30 consecutive trading days, we may again be deemed noncompliant with Nasdaq’s continued listing requirements.

The liquidity of the shares of our common stock may be affected adversely by the reverse stock split undertaken to address such compliance failure, given the reduced number of shares that are outstanding following a reverse stock split. In addition, reverse stock splits may increase the number of stockholders who own odd lots (less than 100 shares) of our common stock, creating the potential for such stockholders to experience an increase in the cost of selling their shares and greater difficulty effecting such sales.

In the event that we again become non-compliant with Rule 5550(a)(2) and cannot re-establish compliance within the required timeframe, our common stock could be delisted from Nasdaq, which could have a material adverse effect on our financial condition and which would cause the value of our common stock to decline. If our common stock is not eligible for listing or quotation on another market or exchange, trading of our common stock could be conducted in the over-the-counter market or on an electronic bulletin board established for unlisted securities such as the Pink Sheets or the OTC Bulletin Board. In such event, it would become more difficult to dispose of, or obtain accurate price quotations for, our common stock, and there would likely be a reduction in our coverage by security analysts and the news media, which could cause the price of our common stock to decline further. In addition, it may be difficult for us to raise additional capital if we are not listed on a national securities exchange.

Following a reverse stock split, the resulting market price of our common stock may not attract new investors, including institutional investors, and may not satisfy the investing requirements of those investors. Consequently, the trading liquidity of our common stock may not improve.

Although we believe that a higher market price of our common stock may help generate greater or broader investor interest, there can be no assurance that a reverse stock split will result in a share price that will attract new investors, including institutional investors. In addition, there can be no assurance that the market price of our common stock will satisfy the investing requirements of those investors. As a result, the trading liquidity of our common stock may not necessarily improve.

We do not intend to pay dividends on any investment in the shares of stock of our company.common stock.

We have never paid any cash dividends, and currently do not intend to pay any dividends for the foreseeable future. The Board of Directors has not directed the payment of any dividends and does not anticipate paying dividends on the shares for the foreseeable future and intendsWe intend to retain any future earnings to the extent necessary to develop and expand our business. Payment of cash dividends, if any, will depend, among other factors, on our earnings, capital requirements, and the general operating and financial condition, and will be subject to legal limitations on the payment of dividends out of paid-in capital. Because we do not intend to declare dividends, any gain on an investment in our company will need to come through an increase in the stock’sstock price. This may never happen, and investors may lose all of their investment.

Our business could be negatively impacted by shareholder activism.

In recent years, shareholder activists have become involved in numerous public companies. Shareholder activists frequently propose to involve themselves in the governance, strategic direction, and operations of companies. Shareholder activists have also become increasingly concerned with companies’ efforts with respect to environmental, sustainability and governance standards. Responding to actions by activist shareholders, such as requests for special meetings, potential nominations of candidates for election to our Board of Directors, requests to pursue a strategic combination or other transaction, or other special requests may disrupt our business and divert the attention of management and employees. In addition, any perceived uncertainties as to our future direction resulting from such a situation could result in the loss of potential business opportunities, be exploited by our competitors, cause concern to our current or potential customers, and make it more difficult to attract and retain qualified personnel and business partners, all of which could negatively impact our business. Shareholder activism could result in substantial costs. In addition, actions of activist shareholders may cause significant fluctuations in our stock price based on temporary or speculative market perceptions or other factors that do not necessarily reflect the underlying fundamentals of our business.

Our share price may be volatile, and you may be unable to sell your shares.

The trading price of our common stock is likely to be highly volatile and these fluctuations could cause you to lose all or part of your investment in our common stock. Since shares of our common stock were sold in our initial public offering (IPO) in January 2021 at a price of $75.00⁽¹⁾ per share, the reported high and low sales prices of our common stock have ranged from $1.12⁽¹⁾ to $138.15⁽¹⁾ per share through March 31, 2024. Factors that may cause the market price of our common stock to fluctuate include:

In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, operating results or financial condition. The trading price of our common stock might also decline in reaction to events affecting other companies in our industry even if these events do not directly affect us.

In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation, which could result in substantial costs and a diversion of management’s attention and resources.

⁽¹⁾Share price adjusted to reflect a 1-for-15 reverse stock split that occurred on March 8, 2024.

ITEM 1B. UNRESOLVED STAFF COMMENTS

Not Applicable.None.

ITEM 1C. CYBERSECURITY

We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. We obtain input, as appropriate, for our cybersecurity risk management program on the security industry and threat trends from multiple sources. Teams of dedicated security professionals oversee cybersecurity risk management and mitigation, incident prevention, detection, and remediation. Leadership for these teams are professionals with deep cybersecurity expertise across multiple industries, including our Chief Information Security Officer. Our executive leadership team, along with input from the above teams, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the company.

As part of our cybersecurity risk management system, our incident management teams track and log security incidents across our company and our customers to remediate and resolve any such incidents. Significant incidents are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment and then reported to designated members of our senior management. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters, and our senior management makes the final materiality determinations and disclosure and other compliance decisions. Our management apprises our independent registered public accounting firm of matters and any relevant developments.

The Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and reports any findings and recommendations, as appropriate, to the full Board for consideration. Senior management regularly discusses cyber risks and trends and, should they arise, any material incidents with the Chief Information Security Officer.

Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K.

ITEM 2. PROPERTIES

Our corporate headquarters is located in Scottsdale, Arizona where we currently lease approximately 3,300 square feet of office space. We do not own any real property. A descriptionoffice space in Santiago, Chile, which is primarily used for our secured managed services and administration in Latin America. We lease additional offices, none of which we believe to be material to our operations, located throughout the leased premises we utilizeUnited States and Chile for offices facilities is as follows:our service delivery and administrative personnel.

We believe that our officesexisting facilities are suitablesufficient for our current needs. Although we have recently closed or consolidated certain of our facilities, in the future, we may need to carry onadd new facilities or expand our business. We also believe that, if required, suitable alternative or additional space will be availableexisting facilities to us on commercially reasonable terms.meet our evolving business needs.

ITEM 3. LEGAL PROCEEDINGS

We are currently not involved ina party to any pendingmaterial legal proceedings that we anticipate would result in a material adverse effect on our business or operations.proceedings.

ITEM 4. MINE SAFETY DISCLOSURES

Not applicable.

Not applicable.

PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

Market Information

There is no established public trading market inUntil January 13, 2022, our common stock. Our securities are notstock was traded under OTC Market Group’s OTCQB. Since January 13, 2022, our common stock has been listed for trading on any securities exchange nor are bid or asked quotations reported in any over-the-counter quotation service. We have filed application to make our shares of common stock eligible for quotation onThe Nasdaq Stock Market LLC under the OTCQB Market.symbol “CISO”

As of March 25, 2020,December 31, 2023, there were approximately 715765 holders of record of our common stock. As ofstock, and the date of this filing, there were nolast reported sales pricessale price of our common stock as it has not begun trading on the OTCQB. SharesThe Nasdaq Stock Market LLC on April 2, 2024 was $1.28. A significant number of shares of our common stock are also held in either nominee name or street name brokerage accounts, and consequently, we are unable to determine the total number of beneficial owners of our common stock.

Dividend Policy

To date, we have paid no dividends on our common stock and do not expect to pay cash dividends in the foreseeable future. We plan to retain all earnings to provide funds for the operations of our company. In the future, our Board of Directors (the “Board”) will decide whether to declare and pay dividends based upon our earnings, financial condition, capital requirements, and other factors that our Board of Directors may consider relevant. We are not under any contractual restriction as to present or future ability to pay dividends.

Unregistered Sales of Equity Securities

During the year ended December 31, 2019, the CompanyIn May 2023, we issued 200,000 shares (3,000,000 on a pre-reverse split basis) of our common stock to Trending Equities Corp. in exchange for providing marketing and investor relations services.

In May 2023, we issued a net totalwarrant to Titan Partners Group, LLC, the Placement Agent for our registered direct offering, to purchase 40,000 shares (600,000 on a pre-reverse split basis) of 37,912,500 shares ofour common stock. Of this amount, 5,112,500 common shares were issued for cashstock at a price of $0.40$3.75 per share 30,000,000($0.25 on a pre-reverse split basis). The warrant is exercisable at any time on or after November 12, 2023, and expires on May 16, 2028.

In November 2023, we issued 133,334 (2,000,000 on a pre-reverse split basis) shares of our common shares were issuedstock to employees atLendSpark Corporation as additional consideration to enter into a fair value $0.006 per share, 600,000 common shares were issued to an employee at a fair valueloan agreement in which we received gross proceeds of $0.40 per share, 6,200,000 common shares were issued as part of the acquisition of TalaTek at a fair value of $0.40 per share, and 2,000,000 common shares were issued with a fair value of $0.006 per share as part of the VCAB acquisition. The Company relied on the exemption afforded by Section 4(a)(2) of the Securities Act. We believe that Section 4(a)(2) was available because none of such issuances involved underwriters, underwriting discounts or commissions; restrictive legends were placed on the certificates representing the shares purchased; and none of such sales were made by general solicitation. The Company issued 30,600,000 shares for services to employees and consultants in reliance upon the exemption afforded by Rule 701 of the Securities Act.$2,200,000.

ITEM 6. SELECTED FINANCIAL DATA[RESERVED]

Not applicable.

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

The following Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with our consolidated financial statements and the related notes contained elsewhere in this Annual Report and is intended to provide information necessary to understand our audited consolidated financial statements for the two-year periodyear ended December 31, 20192023 compared to the year ended December 31, 2022 and highlight certain other information which in the opinion of management, will enhance a reader’s understanding of our financial condition, changes in financial condition, and results of operations. In particular, the discussion is intended to provide an analysis of significant trends and material changes in our financial position and the operating results of our business during the year ended December 31, 2019, as2023 compared to the year ended December 31, 2018. This discussion should be read in conjunction with our consolidated financial statements for the two-year period ended December 31, 2019 and related notes included elsewhere in this Annual Report on Form 10-K.2022. These historical consolidated financial statements may not be indicative of our future performance. This Management’s Discussion and Analysis of Financial Condition and Results of Operations contains numerous forward-looking statements, all of which are based on our current expectations and could be affected by the uncertainties and risks described throughout this filing, particularly in “Item 1A. Risk Factors.”

Our Business

We provide a comprehensive suite of cybersecurity consulting and related services that encompass all three critical pillars: compliance, cybersecurity, and organizational culture.

Corporate OverviewOur services include managed security, compliance assessments, SOC support, vCISO services, incident response, digital forensics, technical assessments, and cybersecurity training. We’ve developed a unique offering called MCCP+ that delivers all three of these pillars through a dedicated team of subject matter experts.

Cerberus Cyber Sentinel Corporation (“Cerberus Sentinel”) was formedUnlike many cybersecurity firms focused on March 5, 2019 asspecific technologies or services, we remain technology-agnostic. Instead, we concentrate on building a Delaware corporation.world-class team of cybersecurity and compliance experts with diverse skillsets. Our principal offices are located at 7333 E. Doubletree, Suite D270, Scottsdale, Arizona 85258.goal is to provide our clients with truly holistic solutions that address the chronic shortage of highly skilled cybersecurity professionals.

Effective April 1, 2019,Underpinning our services is a steadfast belief that establishing a strong culture of security is essential for organizational resilience. We work closely with our clients to cultivate this security-first mindset, helping them quantify the return on their cybersecurity investments.

We have developed innovative software-based IP powered by machine learning, AI, and effective on April 1, 2019,dark web threat intelligence. These multilayered technologies aim to enhance cyber effectiveness and drive greater resiliency for enterprises.

With a comprehensive portfolio of scalable IP solutions and an end-to-end team of experts, we acquired GenResults, LLC, an Arizona limited liability company (“GenResults”). GenResults was established on June 22, 2015. Priorare poised for organic growth. By optimizing the user experience and leveraging digital interfaces, we can expand our client base without adding strain to our acquisition of GenResults, GenResults was wholly-owned by an entity affiliated with David G. Jemmett, our Chief Executive Officerservices team. This scalability will enable us to drive increased revenue and a director of the Company. As of December 31, 2019, GenResults is a wholly-owned subsidiary of Cerberus Sentinel.

On April 12, 2019, we consummated a transaction whereby VCAB Six Corporation, a Texas corporation, (“VCAB”) merged with and into us (the “VCAB Merger”). At the time of the VCAB Merger, VCAB was subject to a bankruptcy proceeding and had minimal assets, no equity owners and no liabilities, except for approximately 1,500 holders of Class 5 Allowed General Unsecured Claims and a holder of allowed administrative expenses (collectively the “Claim Holders”). Pursuant to the terms of the VCAB Merger, and in accordance with the bankruptcy plan, we issued an aggregate of 2,000,000 shares of our common stock (the “Plan Shares”) to the Claim Holders as full settlement and satisfaction of their respective claims. As provided in the bankruptcy plan, the Plan Shares were issued pursuant to Section 1145 of the United States Bankruptcy Code. As a result of the VCAB Merger, the separate corporate existence of VCAB was terminated. We entered into the merger in order to increase our shareholder base in order to, among other things, assist us in satisfying the listing standards of a national securities exchange.margins concurrently.

Effective as of October 1, 2019, we entered into an Agreement and Plan of Merger (the “TalaTek Merger”) pursuant to which TalaTek, LLC, a Virginia limited liability has become our wholly-owned subsidiary. UnderFinancial Highlights

Our operating results for the TalaTek Merger, all issued and outstanding units representing membership interests in TalaTek were converted into an aggregate of 6,200,000 shares of our common stock. TalaTek provides complete integrated enterprise risk management services by leveraging their specialized combination of methodologies, processes and technology, collectively known as Enterprise Compliance Management Solution (“ECMS”). ECMS enables efficient and repeatable risk, compliance and information security management, facilitating continuous improvement and empowering clients to make better informed risk decisions. These services are currently provided primarily toyear ended December 31, 2023 included the public sector.following:

Our Business

We are a cybersecurity consulting company comprised of highly trained security professionals who work with clients to create a continuously aware security culture. We do not sell cybersecurity products. We position ourselves as a trusted cybersecurity advisor and are committed to delivering tailored security solutions to organizations of different sizes and across all geographies and industries to fit their budgetary needs and limit their cyber threat exposure.

We currently provide a multitude of cybersecurity services including managed security service, cybersecurity consulting, technology consulting, compliance auditing, vulnerability assessment, penetration testing, security remediation, SOC set-up and consulting and cybersecurity training. We differentiate ourselves from competitors by staying technology agnostic. We believe that many cybersecurity service providers in the market today are committed to a specific technology solution which limits their service scope and ability to quickly respond to any emerging cybersecurity challenges. In addition, as we continue to serve our clients within our existing capacities, we plan to continue acquiring strategic acquisitions of small-to-medium-sized engineer-led cybersecurity service firms to continue to expand our service scope and geographical coverage. We believe that owning a world-class technology team with multi-faceted expertise is key to providing technology agnostic solutions to our clients and maximizing their return on investment from information technology (“IT”) and cybersecurity spending.

Results of Operations

Comparison of the Year Ended December 31, 20192023, to the Year Ended December 31, 20182022

Our financial results for the year ended December 31, 20192023 are summarized as follows in comparison to the year ended December 31, 2018:2022: