Exhibit 99.3
Tailwind Acquisition Corp. and QOMPLX, Inc.
Conference Call
March 2, 2021
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
C O R P O R A T E P A R T I C I P A N T S
John Ferrari, Chief Financial Officer and Chief Administration Officer
Philip Krim, Chairman of Tailwind Acquisition Corporation
Jason Crabtree, Chief Executive Officer and Founder
P R E S E N T A T I O N
John Ferrari
Today is a landmark day for QOMPLX, as we announce our business combination with Tailwind Acquisition Corporation. Joining me on today’s conference call are Philip Krim, Chairman of Tailwind Acquisition Corporation, and Jason Crabtree, Co-Founder and CEO of QOMPLX. I am John Ferrari, the Chief Financial Officer of QOMPLX.
Before we begin, it is important to remind those listening that today’s call may include forward-looking statements, including, but not limited to, QOMPLX and Tailwind Acquisition Corporation’s expectations or predictions on financial and business performance and conditions, as well as the combined company’s strategy, future operations, estimated financial position, estimated revenues and losses, projected costs, prospects, plans and objectives of Management.
These forward-looking statements are based on Management’s current expectations and assumptions about future events and are based on currently available information as of today, March 2, 2021, as to the outcome and timing of future events, but are subject to numerous risks and uncertainties, and they are not guarantees of future performance.
I encourage you to read the press release issued today and Tailwind Acquisition Corporation’s filings with the SEC, including the registration statement that will be filed in connection with the business combination, for a discussion of the risks that can affect the business combination, QOMPLX’ business, and the business of the combined company after completion of the proposed business combination.
QOMPLX and Tailwind Acquisition Corporation are under no obligation, and expressly disclaim any obligation, to update, alter, or otherwise revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.
Today’s call also contains references to certain financial measures that are not calculated in accordance with U.S. GAAP. More information on the definition and calculation of these measures can be found in the investor presentation relating to the business combination available on Tailwind’s website.
Now, I would like to introduce Philip Krim, Chairman of Tailwind Acquisition Corporation.
Philip Krim
Thank you, John, and welcome, everyone.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
We are very pleased to announce our planned business combination with QOMPLX. When we formed Tailwind Acquisition Corp in 2020, we had a clear focus, to partner with a founder led company that is pursuing a large addressable market through technology. We have found exactly that in QOMPLX. QOMPLX is a cloud-native leader in risk analytics that helps organizations quantify, model and predict risk in challenging cybersecurity and insurance domains. As far as I know QOMPLX is the first cyber security and risk analytics company to announce a public merger with a SPAC.
Our team has known Jason Crabtree, the Founder of QOMPLX for over five years. We were blown away by Jason when we met him, he had a strong clarity of vision for what he wanted to build, and it has been exciting to watch him execute on that vision and build a world class organization that is QOMPLX today. We are excited that they chose to partner with us in order to help realize and accelerate the Company’s long-term vision and we are looking forward to supporting the QOMPLX team in the future.
Now, I am very pleased to introduce Jason Crabtree, QOMPLX’s Co-Founder and CEO to discuss the business in more detail.
Jason Crabtree
Thanks, Philip, and thanks to you and the Tailwind Team for taking the time to really get to know QOMPLX and our customers and our Mission. We are incredibly excited to take this next step in the evolution of our business by combining with Tailwind Acquisition Corporation. I’m very excited to now to spend some time walking through the broader QOMPLX story and how we’re ultimately positioning the business for growth and to better support our clients.
Turning to Page 6.
QOMPLX is tremendously focused on building a category-defining cloud for risk. We focused on risk because the QOMPLX platform is really designed to help people focus their attention on what matters. I think a lot of organizations are finding out that when data gets very cheap, attention gets very expensive. Risk is one of the most important ways for people to focus on how to leverage the data that they’re generating, accessing, ingesting, not just for business purposes but to also consider the consequences of holding on that data and how it impacts their business going forward.
Turning to Page 7, QOMPLX is really focused on being the leader in cloud-native risk analytics and what we mean by that is rapidly ingesting transforming and contextualizing large and disparate data sources. Why that’s so important is that organizations have so much information, they have so much capability, but they actually don’t have all their data sources talking about the same thing. In cyber security, in finance, in insurance, different vendors all use different data models, different definitions of terms. They’re not maps to this universal singular ontology, and we are really good at helping organizations collect, ingest, transport, move and transform this information so that you can actually use it together as a concerted whole, that it’s rationalized. That’s particularly important in the highly specific domain risk areas like cyber security, like insurance. We’re doing it for some of the world’s largest. We’re doing a lot of it in memory with a much more streaming oriented architecture and much more of a cloud native approach to how we’re actually building this technology. We think that matters for our ability to scale.
Turning to Page 8, QOMPLX is really positioned at the nexus, the most important trends in technology. Our ability to provide this Rosetta Stone-like translation capability for these disparate groups in the enterprise is really foundational to our success with clients and to how we’re expanding our role. Our ability to leverage and connect the fact that the data people, the ops people, the finance people and the risk people typically do not have the same data set to operate off. Go into a large bank and look at the data sources and the raw source data that is used across first, second and third line. The reality is that these organizations benefit tremendously from having a single source of ground truth, but that’s not happening today and it requires more of this unified infrastructure approach.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
Turning to Page 9, I think QOMPLX is really important to understand from our history. My background, I went to West Point and had an opportunity to compete for some graduate school scholarships and was fortunate enough to win a Rhodes Scholarship. I met my co-founder there, Andrew Sellars, because he had gone to the Air Force Academy and Air Force Academy valedictorian and also ended up winning a graduate scholarship, won a Truman Scholarship and then went to Iraq. Then he and I overlapped at Oxford while he was getting his doctorate in computer science and I was there in grad school as well working on really advanced multidisciplinary optimization and, really, being a lazy engineer, frankly; trying to actually run lots and lots and lots of scenarios to figure out which one was going to give me the best outcome and doing that in a way that I could go to the pub or go do something more fun.
Andrew, his background was sort of the opposite of my world, which is all that really well structured. His world was all about this morass of the Internet, this just tremendously unstructured messy world that was out there. What we realized was that his world about order from disorder and my world about leveraging order to go do these really interesting scenarios and try and maximize positive outcomes was really, really positive if you put them together.
In Andrew’s doctoral thesis supervised by this guy named Georg Gottlob. Georg was, I think, one of the biggest names in data science and computer science in Europe at the time and Andrew’s work won Best Paper at a Very Large Databases, a tremendously important academic conference, but it was really about how do you do this stuff at scale? How can you leverage the fact that people are never going to clean up all their information? They’re never going to label it appropriately. That has tremendous implications for places like risk and risk management.
We ended up going back. I went to Afghanistan, served in the Infantry and then got moved to Cyber Command. I had an opportunity to work for the commanding general of Army Cyber Command and my experience there was sort of focused on some of the operational support use cases, some of the advanced R&D use cases, some of the opportunities to collaborate with Wall Street, and what we found was that every body was suffering from the same problem. In risk, you can’t be limited to your own experience, you can’t just do machine learning or deep learning; these are all retrospective modeling. You have to actually do simulations of things you haven’t experienced and you hope to never experience.
Andrew was doing a bunch of cheap architecture work for the Air Force at that time. He was working on these massive active directory collapsed programs, really understanding identity. He was working on how do you build the foundational backbone for the Department of Defense, the IT networks that were there? We realized there were two really fundamental problems and they were related problems. The first problem in cyber security and sort of digital risk management, thinking about operational risk and technology risk, was that identity and active directory and authentication were fundamentally not secure. It’s really important to understand that since everything depends on authentication, that’s a really dangerous statement. No one was monitoring to look at whether or not people could forge these kind of authentications, tokens or tickets. Nobody was looking at that stuff. These were links to some of the most devasting breaches and we’ve been watching this unfold, right? This is a part of the Office of Personnel Management 2014. It was a part of Maersk, FedEx, Travelex, NASDAQ. Active Directory is fundamental to the keys to the kingdom in these enterprises and you have to make sure that it’s there. Just like SAML is fundamental to the cloud and most of the SAML providers trust Active Directory, so you have to manage and monitor that route of trust.
This is the big first use case we had for the platform, where we said ‘Hey, we’re going to take this real-time streaming capability that we’ve been developing, we’re going to take some of the time series and graph analytics capabilities that we’ve been working on and we’re going to apply it to solving this really, really important problem.’. We left the service to go out and actually do that and build this business.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
The second problem that we’d experienced when we were in government and related, again, to a lot of the commercial and public sector organizations that were struggling with this was back to that risk, that data fusion problem. How do you take all this disparate data from all the different sources of information that you have, not just Active Directory, but other log sources, endpoint sources, things like Windows metlocks (phon), APM data. Can you pull that information in, not just for the cloud or on-premise but across this hybrid cloud environment and pull in all this telematics information to inform what you’re doing, to help you have this better living, breathing view of risk in your enterprise? We said yes, that has to be a part of the future. We have to be able to look at outside in and inside out in these enterprises.
But, that wasn’t enough. QOMPLX had this belief that we needed to really look at insurance and risk finance. So we needed to that because, precisely because, this data about all these things and how they’re interacting over time was so tremendously important to thinking about how you can make security make better economic sense. How do you enable people to get better risk transfer? How do you enable them to get a better insurance policy with better wordings, with better coverage? We said cyber security and insurance are both going through this almost co-mingled transformation where the enterprise needs off and it needs, what we call critical controls infrastructure and it needs the data fusion capacity, and the insurance industry is waking up to the fact that telematics is foundational to its future across so many aspects of property and cas space.
We took the same Lego kit, we reassembled it, we built a new experience and we started to to build underwriting and insurance telematics and risk modeling and tools that were specific to insurance needs in the P&C world. Now we’ve started to work to expand that further into risk data fusion and now expanding it even further into much more of an open platform as we continue to add more integrations into third party services, more support for onboarding other kinds of data sets and open data sets and dark data sets.
Our ability to keep growing this platform is really fundamentally around the fact that this is a universally accessible infrastructure that provides the ability to handle and move information from site to the cloud and from lots of different locations in the cloud into a unified environment, and to then track the data supply chain associated with that over time so that you know where is the is the providence of the information I’m using for this and you’re also able to run simulations and do different types of analysis to make better decisions. It’s fundamental to what we believe in and I think it’s an exciting part of the company.
Turning to Page 10, the cloud-native risk platform is really about this mix of leveraging risk discovery mitigation, continuous updates and risk economics so that actual financial impact is a good proxy for helping make better decisions by pulling data in from the actual databases, hosted and third party, enterprise applications, third party APIs, APM and log data, the digital exhaust to the enterprise, all this IoT information as well as some of that unstructured web data that was so core to Andrew’s doctoral work. Because we have that ingestion and orchestration layer, because we have integrated storage or we can access third party storage medium, because we also do simulation modeling and we can orchestrate some of the analytic work flows, we’re able to plug in and out the modern enterprise we believe in a way that really helps drive efficacy of analytics programs and I think this is core to any organization’s digital transformation, tracking the ingredient list and how these things relate for data and model lineage, using that to power ultimately some of these financial and research decisions. So important for people to focus their attention on what is going to drive their results.
QOMPLX decided to take that core technology platform—and we’ll talk about this more—but we decided that we needed to further our capability set so we bought a company called Hyperion Gray that added some really exciting breach data, dark web scraping, different types of web sensors to enhance some of the open data sets that we had in cyber security and risk. Tremendous experience doing exciting projects for DARPA and other kinds of organizations.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
We then said that was going to help us build sort of the quality of some of the threat intelligence in the data that was available to QOMPLX for its security clients because cyber security is so foundational to the developing world of risk and operational risk in particular.
The next part of it was to talk about Tyche. We had aspirations of continuing to develop our work in the insurance data factory of the future and we think the insurance data factory of the future is strongly related to your ability to link underwriting, risk selection, risk decision making, along with capital modeling and reserving and pricing. Tyche is a leader in insurance underwriting and pricing and capital modeling and reserving technology. And because of their tremendous role and relationship with an exceptional group of clients across both property and casualty and life insurers and brokers, Tyche was a really natural fit for us to help us further our own capabilities, not just because of the tremendous technology, though that’s an exciting part of the business, but also because of the tremendous people that are there.
Finally, Sentar. Sentar for us was an important part of QOMPLX understanding how to bring its technology into the government space. The government is not prepared to just buy technology; it needs to buy solutions in many cases, and Sentar with a tremendous history of awesome work in servicing some of the great institutions in healthcare and intelligence and defense and other federal civilian roles was a perfect partner for us from a go-to-market perspective to drive our solutions into the federal government and to attack some of those specific issues and deficiencies in the current capabilities available, specifically Active Directory and identity and data fusion, the kinds of things that were linked to why no one has been detecting some of the lateral movement and privilege escalation capabilities in some of the recent breaches like SolarWinds. It had a huge Active Directory and identity component with SAML forgeries, which, by the way, is the same thing again that you saw in OPM in 2014 where attacks against Active Directory featured very prominently in major intelligence breaches in the government. These become really foundational part of how QOMPLX furthers its distribution and its scale to operate and is responsive to its customers needs to have these more integrated solutions that provide the ability to strengthen our own distribution of our core technology.
Turning to Page 12, I think it’s easy for us to see why the significant scale and the still aggressive growth that we’re able to deliver on a pro forma basis for these numbers with this tremendous customer base –98 customers, tremendous revenue visibility, massive TAM, a really exciting net revenue retention rate, $141 million pro forma forecast revenue for this calendar year. This is a business that can scale and operate the way that it needs to for its clients.
Turning to Slide 13, I think QOMPLX’s approach to this is that organizations have this tremendous need to deal with the face that they have an onslaught of data in a way that they haven’t had to deal with before. It’s too big, it’s too fast. It requires time series data, graph data. It requires a lot of string processing. It requires an architecture that’s more flexible because the bigger (inaudible) gets, the more specialized you have to be about how you handle it. Organizations want to use it but they also have to understand that there are consequences for holding onto this virtual treasure trove.
Moving to Slide 14, I think this is where you start to see why this focus on risk really delivers results. The first piece is that there is this tremendous obligation, this tremendous responsibility and tremendous liability with data. This is the cost of data breaches. It’s not just data breaches. It’s confidentiality. It’s integrity. It’s availability. It’s the privacy implications around the trust of customers. You have to have a plan to use the stuff and manage it because it’s too important.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
Also, when you think about the tremendous need to integrate all these different vendors, especially for global enterprises, where you have different cyber security vendors, you have multiple endpoint companies in many cases, you have multiple firewalls, you may buy a company that has a different kind of infrastructure than you. You’ve got to integrate that together. You’ve got to find visibility. Too many vendors, too many solutions, not enough integration, not enough of ability to integrate that into a unified view of what’s happening, those are the seams that adversaries attack. Those are directly linked to the breaches. And they also slow down innovation. How much time spent on the plumbing, on the pipes, as opposed to actually dealing with the business cases that people want to focus their energy on?
I think this third piece around the model and data explosion of variety, the volume veracity of data, just the tremendous variety of this information just drowns people. When we start to look at why QOMPLX helps folks navigate that, it’s because we’re able to help them ingest and integrate these things and then track those models and track those data sets and do ad hoc work as well as build these production data pipelines. That starts to drive an ability to really help people make better decisions with a more holistic view of the enterprise data sets that they have at their disposal and to do it at scale with more focus on what’s unique for them, what’s differentiating? Not just plumbing.
Moving to Slide 15, we really define our total addressable market as a result of our tremendous focus and our wedge use cases in the enterprise around cyber security, and I think it’s important to note that we have a couple of key categories that we talk about here.
We are not an endpoint company. We are not a perimeter security company. We don’t build firewalls. We are not a SIM provider. We think there are a lot of solutions in all those spaces. But what we are and what we’re very good at with our customers is we’re able to provide them with insight into this critical control infrastructure, this Active Directory and authentication layer. That capability set is so foundational for us. It’s so foundational to making sure that you don’t have these big silent failure breaches or mass ransomware events that people have been experiencing. Our ability to do that is what gets us in the door with clients and it allows us to win some of the world’s best accounts. It also means that we fit alongside the existing vendor pool and we have tremendous ability to go into accounts that already have a lot of the big name brands and still add value and gain trust and then become a strategic partner over time.
As clients start to send us more data, Windows (inaudible) data, other data from other security tools, we start becoming more of a fusion provider that sits on top of all four of those prior quadrants, and that allows us to start to generate much more of a strategic holistic view of that risk, and the reason that we win both the identity use cases which are very data-intensive string processing around real-time validation of things like (inaudible) brush protocol and authentication is because of the big data infrastructure that we have and because we have this cloud-native architecture for flexible streaming, ingest, analysis, transformation, contextualization data, that’s why we’re winning and that’s why we talk about that platform, that ability to instantiate these declarative distributed systems and flows as being fundamental to our growth.
We believe that cyber security is going to drive and further the already building momentum for insurance telematics and analytics and risk selection. We think that organizations are not just going to talk to you at time of underwriting and at time of claim. We think that there’s going to be much more of an ongoing relationship that’s actually beneficial to insureds and to insurers and to the other people in the risk management domain.
In cyber security, it’s so important but it’s important in other kinds of property and casualty insurance and we’re excited that this technology platform is well positioned for that fast growing part of the market and we think that’s going to be something that sees substantial opportunity for us.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
Finally, IT operations management, some of the other log and APM data, that digital exhaust, if we’re providing a lot of the other data fusion use cases and we’re starting to handle more of that, we see clients with a lot of interest in handling those kinds of workflow styles and we think that’s going to continue to help us build and grow our business.
Moving to Slide 16, I think it’s fundamental to understand that QOMPLX is really built as a actual cloud-native architecture. We’re not in the cloud, we were designed from the cloud. We were fortunate that our business started just late enough that the kind of design patterns that are available today were beginning to come into fruition and we’ve been a very, very early adopter in how we built this technology platform. That’s part of why we’re able to deal with this tremendous velocity and volume of data, but it’s also part of why we can perform really economically, not just in terms of our actual performance in terms of things like timeliness or latency in some of these very latency-sensitive workloads that we have, but that we can do it in a way that’s efficient from a financial perspective. We use a blended SaaS utility model. We have use cases that are extraordinarily specific and that allows us to be very precise for our customers. They have great expectation management around what their costs are going to be and visibility into that on a go-forward basis, especially for things like our identity use cases and privileged analytics and insurance, those things really help us. But we also can support custom data analytic workflows, custom analytics, those kinds of things are more towards a utility model.
Our ability to scale that and to do it on top of a secure platform is fundamental to our success and to why clients benefit from having this unified infrastructure provided to them as a control plane for their data and data supply chain.
Moving to Slide 17, I think this is where we start to talk a little bit more about how that core technology platform that’s driving the value in our cyber security products also links to things like what we’re doing in cyber insurance or what we’re doing in insurance telematics or what we’re doing in analytics more broadly. Some to the unique things that we’ve developed for our cyber security applications like our time series and graph databases, some of the really unique breach data stores and security telemetry that we host in wide column, some of the intensive batch processing work that we do that leverages things like Spark, or the stream processing work that we do that’s very oriented around true streaming like Flink, scalable message, things like Kafka, really unique data orchestration for declarative formalisms, so we use some capabilities like the distributed computational graph that we’ve invented. These things provide a mechanism for instantiating and creating and managing these data flows much faster, cheaper, much more predictably and with this auditability, this metadata that matters.
When you move to Slide 18, we really start to talk about the fact that if you’re on the QOMPLX platform and you register an algorithm, you register a data set, you can then track its lineage over time. You can track and try and deal with how do you deal with enrichment. We’ve got integrated notebooks that we call scratchpads for looking at ad hoc data science. We’ve got ingest and workflow capabilities that help us onboard data sets, and we’re working all the time to make this increasingly self-service and consumerized, and for cyber security and some of our turnkey applications we’re already there.
We’ve got some really innovative technology we’ve developed around our time-series and graph data stores, and some of the other capabilities that we have. We really encourage our clients to try and use the right tool for the right job. We don’t force you into a monolithic architecture. We don’t think that’s what the future is. The bigger your data, the more specialized you have to be. You have to have the right toolkit for the job.
Then, Tyche, again provides a really nice way of linking in this high-speed actuarial data science compute tool, which is sort of like a Spark for actuaries in some ways, alongside our Flink and our Spark capabilities. This provides an opportunity for us to do that and we have some really neat interbase (phon) modeling and simulation and some other tools that we’ve built for actually helping deal with risk modeling and analysis that you can really use to reduce the amount of time again spent on building infrastructure and plumbing, and more time on actual workflows and use cases.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
Moving to Slide 19, I think we have this mantra here which is security is a subset of reliability. People want to know that their data is being taken care of and that they can count on you. I think our customers count on us because we help them restore trust in their critical services and we help them restore trust in how authentication of these critical things work in their network, and we handle mission-critical workloads.
When you look at things like OPM where at the center of that debacle was Active Directory and lateral movement privilege escalation, and you look at things like SolarWinds where at the center of that debacle was Active Directory and privilege escalation including things like attacks on Kerberos and including things like attacks on cloud-based identity providers through SAML, that was going from on-premise to the cloud. That’s because cloud identity providers largely get peered and trust on--premise identity and on-premise identity is Active Directory. That’s how most organizations implement SAML.
As a result of that, we think it’s fundamentally irresponsible for organizations to not have tremendous visibility over authentication. Every other part of your security and IT enterprise depends on authentication; you have to watch the watchers. You have to check that authentication events aren’t being forged, that they are valid.
That use case, as you move to Slide 20, is what drives our Privilege Assurance and our Identity Assurance onboarding for clients. Privilege assurance is about building this big security graph. It allows us to look at that. We sit alongside some of the privileged access management providers that provide the workflow; we don’t do that. What we do is we provide this tremendously focused attacker-focused view of the network. How do the privileges and the relationships between the things in the network actually link together? How would you move from one point to another?
Credentials and privileges have always been much more important than malware. You’ll always log in as opposed to use malware if you have the capacity to do so. This is how you establish persistence. Identity assurance complements Privilege Assurance by saying, ‘Hey, now that you have the roadmap, you have the treasure map in some ways.’ How do we take a look at all the authentication transactions? How do we catch you when you want to move from where you’ve started? Whether you’ve phished somebody in the Finance department or HR whose job it is to open up resumes all day long and they might download some malicious software, whether it’s something like SolarWinds where there was a trusted piece of software that was installed by the IT teams on the network and an adversary used that as the entry point. Does it really matter? Lateral movement in privilege escalation is fundamental; it’s not being caught by existing solutions and we have tremendous capacity and demonstrated capacity to go out and detect some really damaging attacks, and think that the way that we do that is really well suited for our needs.
Then we expand with data fusion analytics and we’ve got some exciting new things coming that we’ve recently added around our external security scanning and scoring and posturing, and then our ability to bring all of that together with additional data models and connectors with prebuilt integrations in things like Splunk or ServiceNow, Atlassian, so that we can actually fit inside other types of organizations’ existing workflows.
This kind of risk focused approach is making sure that you cover the seat belts and the air bags. That’s what monitoring identity is. There’s folks that want to talk all day about preventing car door dents, but the severe events are the ones that hurt companies, they’re the ones that hurt people, and they’re the ones that are currently hurting the United States and we want to make sure that those events are getting their due because those ones are the ones that drive losses.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
As we move into Slide 21, I think it’s really important to understand that QOMPLX’s infrastructure is what defines its performance, even in cyber security. This Lego kit we have built, this platform which we get tremendous reuse of core components out of for cyber security or insurance or economic applications is fundamentally about how do we use declarative frameworks to try and specify more about what to do, not necessarily how to do it. What do you want to accomplish, right? How do you link together data queries and transformations, processing stages, and then send it to the right location? That’s what we use under the hood to ultimately do things like our Kerberos validations that we use in our Identity Assurance product, these really high volume difficult data problems.
Because we build turnkey applications on top of that common Lego set, we get a lot of synergy out of our work and it actually really helps us drive the performance of the company, and I think this is core to our long-term success.
Our cyber security applications are designed to be turnkey software as a service applications that allow us to go in quickly with a client, establish value and then add additional data sets and workflows over time.
When we start to look at cyber insurance, part of the reason we believe in that telematics story is that we know that there is tremendous losses and adverse development going on in the insurance industry because they’re losing a lot of money over the fact that they’ve not been able to look outside in and inside out at the same time. QOMPLX provides that unique view and we think that we have a much better way of measuring real risk and not depending on really poor proxies, which is what is driving some of the poor development.
And finally, because we have this really deep view of risk and risk finance, we think that this probabilistic lens on how to look at your data—both the opportunities and the consequences of it—are really, really fundamental to the value proposition in the market.
When you move to Slide 22, QOMPLX has been focused on establishing lighthouse accounts across industries, and what we mean is we focused on the kinds of customers that we thought could help us refine and demonstrate the value and the expansion opportunities of our core technology platforms and the companies we’re buying largely did the same.
Our ability on a pro forma basis to show this capability of this core technology platform and tremendously talented staff to deliver technology solutions for these difficult problems in cyber security and a broader set of risks is fundamental to our growth.
Moving to Slide 23, we organize our go-to-market around categories, around the industry verticals that we service, because that’s how our customers organize and think about their use cases and it’s how they network and build relationships and trust. And so, we organize our sales force that way, and then, we work geographic separate from that.
We’ve started to develop a rich set of go-to-market partnerships and we’re continuing to develop a whole range of technology marketplace integrations so that we can send data in and out of other people’s solutions and services and streamline our ability to fit inside any organization’s workflow as we start to add value and earn the right and earn the trust to add more data sets and more solutions for responsibility over time.
When you look at Slide 24, this really talks about how we expand our customers. We grow our logos and we expand within our existing customers because they can continue to send us different types of data sets and our flexible infrastructure allows us to continue to integrate and expand those, and so you can contextualize them. Because we also have this rich marketplace which is really a registry that allows us to register different data sets and models and track them, we think that’s also fundamental to helping with this data supply chain.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
As you move to Slide 25, thinking about how we initially landed the client, we believe that these wedge cases that have specific users, specific outcomes are really fundamental. We have self-guided trials, so we’re able to do things like have an actual basically test range up where it’s instrumented with our software for detecting things like Active Directory attacks, and we’re able to actually give our customers the ability to put their offensive security team right inside that real range. They’re able to run real attacks on real networks, things that weren’t able to detect with their endpoint solutions provider, with their existing SAML or firewalls, things like those Active Directory lateral movement attacks, (inaudible) phishing, DCShadow, Golden Tickets, Silver Ticket, some really hard stuff, and they’re able to validate that we do what we say on the TAN (phon) or able to talk to them about what it is and they’re able to see that for themselves. That helps us shorten the sales cycle time as we deploy on their own network because they’re able to validate those fundamental pieces early on, and we’re continuing to invest in this. We’re enabling more expansion and more self-service options in the platform all the time and it’s a significant area of investment for us.
When you start to look at some of the new products that we’re offering and blending in, we’re moving from those core cyber security opportunities use cases and expanding access to some of the core platforms and building blocks to the platform to allow our customers to grow their footprint and to use us to take on additional workloads so they can continue to benefit from this unified platform as they do so.
If you move to Slide 26 and 27, I think it’s exciting for us to see that clients who start with us in these Active Directory and identity-centric use cases, typically expand with us to do additional external security posture monitoring, to do additional M&A type of assessments, to help them think about how are their new acquisitions targets or prospects going to fit within their security program. Also to do things like help them design and develop risk programs that are quantitative enough, that help them map the scenarios that they’re concerned about—massive data breach, ransomware, etc.—to the actual risks and controls that they have.
When we move to Slide 28, I think one of the things that we’re really excited about at QOMPLX is the quality of the management team that we’ve assembled. When Andrew and I started the company, we really wanted to bring together really deep operational expertise, financial expertise, cyber security expertise, insurance expertise, government services expertise to actually have this in (inaudible) of our core, and with the acquisitions of Sentar and Tyche, we’re really able to do that and continue to bolster our team.
Our key Executive Management Team has worked in senior leadership roles in Finance and Risk across great organizations like JPMorgan, Goldman Sachs, Validus Group, AON, Jacobs. John Ferrari, our CFO, was a senior leader in the Army with Operations, Research and Finance background. We’re really proud of the people that we’re bringing together and we’re proud of the fact that we have a deep belief that this is a management team that wants to provide this tremendously important co-pilot for risk capability with the technology and the expertise to help clients make great judgment calls.
With that, on Slide 30, I want to turn it over to John Ferrari, our CFO and CAO, who is going to walk through a few of the financial highlights about the company.
John Ferrari
Thank you, Jason. Today I’ll discuss with you our financial metrics, metrics that are driven by our platform and our customer.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
Moving to Slide 31, first I want to discuss the platform. These are the key metrics demonstrating the success for our platform and providing the path for high margins and growth.
First, on margins, our risk cloud platform is gross margins of 78%, even at this early stage when we haven’t achieved the full effect of scale. This is the machine that will drive our profitability going forward. QOMPLX’s customers also love the platform. We have 0% churn and 139% net retention revenue.
Not shown here is Tyche. Tyche Solutions also have high margins—greater than 65%—and a high retention rate of also net revenue retention of 136%. Taken together, the solutions of Tyche and the platform of QOMPLX provide the margins and customer retention that will drive future growth.
Slide 32 is the pro forma customers of the organization. This slide shows you the key metrics for the entire customer base. We have almost 100 customers. With a growth retention rate of 93% and a net revenue retention greater than 114%, this is our opportunity to cross-sell, upsell and expand across Tyche, Sentar and QOMPLX.
The average revenue for the Top 20 customers is over $4 million and when you look at beyond the near years and take the total addressable market into consideration, this is a powerful and market-leading growth opportunity.
Slide 33 shows the pro forma revenue, margins and profit going forward of the combined entity. With revenue growth of 40%, and more importantly, as Jason has said, 77% of that revenue is recurring, this is our springboard to growth. We plan to build on the high margins of QOMPLX and Tyche, which together are well over 70%.
The opportunity is with Sentar. Sentar’s business model to date has been that of providing cyber security through labor to the U.S. Government. When we bring our platform in, that’s when we’ll be able to transform their business, expand their ability to win new contracts and further improve our scale. It’s that combination of expanding our business commercially and then changing the revenue mix of contracts within Sentar that drive the margin growth over time.
Again, this is a summary of our revenue growth, our margins and our EBITDA. This slide compares our key metrics with other established companies. Taking into account that we’re a younger but cloud-native, high growth company, you can see that we have the same number of customers as C3 and our average revenue per customer is right up there with other market leaders.
Jason, back to you.
Jason Crabtree
Thanks, John. I think the reality for us when we just look at how we solve problems for clients is that the QOMPLX Management Team and the entire QOMPLX organization, including the acquisitions that we’re incorporating into our business, are really focused on the success of their customers and their customers’ customers and the mission that they support.
I think for us, as we looked at how to scale our business in the most cost-effective way to access the government markets so we could sell through the formidable suite of cyber security analytics solutions that we have, including to the classified environments, we felt like our ability to do so, leveraging the tremendous core technology assets that were here was really heightened by the business case for this combined entity.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
Tailwind Acquisition Corp. and QOMPLX, Inc. Conference Call, March 2, 2021
The fact the QOMPLX itself was running at 138% NRR, the fact that we were able to put up over 70% margins in our organic business, even though the Government Services addition of Sentar pulls that down on an aggregate basis, we’re going to be seeing our commercial business accelerate the overall formation of our revenue and profitability, and we’re going to use that to help drive that expansion, as John noted. But we’re also accessing such a tremendously important government market and I think that’s also core to just some of the communities that we were a part of prior to starting our business, that we want to continue to support. We think there’s a tremendous commercial opportunity in supporting the mix of public and private sector clients, and we think that we have a tremendous platform on which to provide and distribute this technology, and there are tremendous advantages in us running the business at this scale.
Our ability to produce $141 million of pro forma estimated revenue for this calendar and $210 million next year is really exciting to us, and I think the tremendous transaction for us with Tailwind puts us in a position where we have the balance sheet strength to be responsive to the opportunities that have kind of come our way in the market to where we can be well capitalized for our existing clients and partners, and to where we can continue to attract and retain the tremendous talent that are making QOMPLX and the acquisition entities actually capable of delivering on the tremendous growth capabilities that are here. That’s what we’re focused on, and our focus on driving that for our customers is why we’re excited about the business, and frankly, excited to share about it with all of you.
Philip Krim
Thank you, Jason. The pro forma enterprise value of the transaction is estimated to be $1.2 billion at closing. The pro forma equity value is estimated to be $1.4 billion based on the $10 per share of Tailwind Acquisition Corp. Approximately $200 million of the cash proceeds from the PIPE financing and Tailwind trust account will be used to fund the Sentar and Tyche acquisitions. This transaction positions QOMPLX with a strong balance sheet and approximately $280 million for continued growth capital, assuming minimal redemptions.
The Board of Directors of both Tailwind Acquisition Corp. and QOMPLX unanimously approved the transaction. Existing QOMPLX equity holders will roll 100% of their equity and will own approximately 59% of the pro forma company.
In addition, Cannae, an existing QOMPLX shareholder led by Bill Foley, has committed to an anchor investment of $50 million of the $180m PIPE financing, with additional investor support from Fidelity, Hedosophia, Renaissance RE and other leading institutional investors.
Our transaction’s pro forma enterprise value of $1.4 billion represents what we believe to be an attractive entry point relative to recently announced public SPAC transactions, as well as relative to the broader peer set in cyber security and data analytics platforms.
We believe QOMPLX is well positioned with a highly durable, recurring and predictable revenue model, multiple drivers of sustainable organic growth, a scalable cost structure with structural operating leverage, a visible path to near term profitability and a platform for M&A to drive scale and distribution advantages. Completion of the proposed transaction is subject to customary closing conditions and is expected to be completed in mid-2021.
ViaVid has made considerable efforts to provide an accurate transcription. There may be material errors, omissions, or inaccuracies in the reporting of the substance of the conference call. This transcript is being made available for information purposes only.
1-888-562-0262 1-604-929-1352 www.viavid.com
