archTIS Limited (7ND.F) Q4 FY2025 Earnings Call Transcript & Summary

Good morning. I'm Jane Morgan. And today, I'm here with archTIS Limited, a leading global provider of data-centric software solutions for the secure collaboration of sensitive information based here in Australia, but with significant operations developing overseas, including the United States. So today, I am joined by archTIS' CEO and Managing Director, Daniel Lai; and archTIS' Global COO and U.S. President, Kurt Mueffelmann, both of whom are here to discuss the company's results for Q4 FY 2025. Good morning, gentlemen.

Good morning, Jane.

Good morning.

So this session will consist of a brief presentation followed by a Q&A session. [Operator Instructions] Kurt, I'm going to ask you first up.

Yes. Great. Well, welcome, everybody. It's good morning in Australia and good evening to those in the U.S., particularly the investors we've been speaking to in New York and New Jersey. As Jane said, as President of the U.S., I have the privilege of living in Florida today, where at 9:00, the heat index just dropped below 40 degrees, and that's Celsius for everybody in the U.S. So it was a stinking hot day here in the States. So Dan, I thought I'd open up today a little bit different than usual. We jump right into generally highlights and summaries, but I thought it would be good if we could each maybe summarize our quarter in 1 or 2 words and give a sentence of to why you put those words into your thought process because I think it kind of sets the tone for where we want to take the opportunity.

Well, thanks, Kurt, and welcome, everybody, to the seminar and the 4C investor update. Look, you're putting me on the spot there with a word. Look, I guess the first word that pops into my head is exciting, but I don't think that's the right word because that's more of an emotion. I think the real word probably is momentum. And I think that's because we're building momentum across all aspects of the business. And I think that that's what's exciting. So momentum is my word, Kurt. Yours?

Yes, that's interesting because I had global momentum because I think that if you look across the quarter, for the first time, we really had strong international expansion, accelerated revenue growth and some key strategic wins across the U.S., the U.K., Japan and Australia, and it really shifts the business towards a more licensing model. I also had cautiously improving -- and I look at that from, I think, more of a revenue standpoint. Don't get me wrong. I love the -- I love the 3x increase in share price and market cap, but I always want to see more deals, more defined opportunities. But we saw revenue increase. We saw ARR increase. We were -- operating cash was positive, and we finished with a strong balance sheet. So that's a good momentum also that leads. So I think I'll second your word of momentum, both from a market as well as from a financial standpoint. So I think it would be good maybe if you can take everyone through kind of the Q4 highlights and talk a little bit about that expanding momentum across the business.

Yes. Look, obviously, we've had good momentum in the international markets. I think that that's been well addressed. Our first key sale in Japan with TDI, which was part of that Direktiv acquisition back in February. So that was fantastic to see. I've recently been in Japan to visit NEC and understand the plans that they've got for the product and how they're looking to introduce it into the Japanese Ministry of Defense marketplace, and that's a very exciting opportunity. United Kingdom with that defense prime opportunity with the 400 licenses, but up to expansion of potentially up to 100,000 users; and of course, the United States opportunity, which was the big one about validating essentially that we've got the right products in the right market, and we can execute in that global market, which is fantastic. So that's that global market and expansion, and we will discuss that in a little bit more detail as we go through. Really focused on our financial performance. I mean the big difference between last year and this year has been that we had pivoted to really go after that high licensing gross margin. And I think that the results of our increasing gross margin is really important. And -- but it means we do sacrifice services revenue, which we no longer think is core business, and it's really about making sure that the business has got the funding underneath it and the profitability. And I think we've been very good at that. That also comes into the balance sheet. And obviously, we've done a capital raise, which we announced recently, and that puts us in a strong cash position and really cash to invest in that global expansion. I think that's very, very important. And again, all leads back to that momentum. Product innovation and delivery, TDI, obviously coming along very nicely. I've also been into the U.K. recently where we see opportunities there and exciting opportunities here in the Australian Department of Defense for that product. But a lot of work is being done in the background for Nucleus Cyber, NC Protect product. That's been going on as well. Significantly, we've expanded our customer base. Renewals have been really strong. Churn has been low. And of course, we're seeing expansion on the existing client base, which is really positive. So all of this really positions us in a strong place for FY '26.

Yes. So I think just kind of taking everyone through our financial overview for the quarter. So we continued this high-margin recurring revenue base. So our annual recurring revenue reached $4.8 million, was up 17% year-over-year. So that really shows, again, there's that word momentum in new customer acquisition, account expansion, strong retention and really that low churn, which we'll talk a little bit about later. Our total revenue was $1.9 million, and it was broken out by $1.3 million from licensing and a little over $0.5 million from services and equipment. This is up 24% from the corresponding period. And it really supports what Dan was saying about the mix of revenue, the way that we are focusing on the licensing from a recurring. Really, that predictability comes into play. It also drives that strong gross margin, which was 81%, and that really pushes that strategic shift away towards services, equipment, third party and really pushes that high proprietary licensing solutions that we provide. Operating expenses, we knew we were going to have a little bit of a bump in operating. We're up 11% to $1.9 million, primarily due to the expansion of the headcount and travel to support a lot of what we're doing from our company's international growth. Dan talked about Japan and the U.K. It's expensive these days to fly. And so that's where the operating expense increase went. We expect that cost to stay flat and continue to align with our kind of revenue-generating opportunities. So we really want to keep that under control. We delivered $1.4 million in operating cash flow and ended the quarter with a strong financial position of just under $5 million in available funds. And finally, as Dan mentioned, we raised $7.5 million through the issuance of 50 million shares at a $0.15 share price, and it was well supported by new and existing institutional investors, key company executives. And that also brought our pro forma coming into FY '26 cash and cash equivalents to over $10 million. So we feel that we're really strong from a balance sheet perspective going forward. So Dan, let's talk about that story around the organic growth and kind of the momentum that we're bringing through the revenue threads and the areas that we focus on.

Well, we have obviously been very highly focused in Australia with where we started. We're a Southern Australian defense organization. And we've had good success here in Australia, and we expect that to continue and the growth to continue here. What it's always been about, though, is Australia is a global -- defense expenditure percentage is quite small. It's 1.4% of a very large, large market. And so really for success, we need to be able to execute overseas in high global growth geographic regions. And that's what's really exciting about the U.S. and the U.K. deal. So we've demonstrated we can do it, and we can see a network growth effect there. But we also hone our skills here in Australia, which we then try and replicate by investment in those overseas markets. So this is really about now executing those proof of concepts overseas and executing and closing those opportunities that we see to get that network growth effect. And obviously, the largest one there is that U.S. DoD market. Now where we are with the global defense industrial base, and the U.K. deal was a very good example of that, is there's -- our secondary market here is the industry which actually supports that defense and national security sector. And of course, they are the beneficiaries of all of that global expenditure, and they have the same standards and requirements that they need to meet from a security perspective. And this is all being driven by compliance for data-centric security. I've never seen the market so active in this area. So I think the opportunities are there. We're investing in that growth. We're investing in that network growth effect and the company is in a good position to take what it's learned in Australia and export that into those markets. And these 2 deals that we've recently announced demonstrate that we can do it successfully.

So why don't you take us through some of those deals because that really is, I think, the pillar and the momentum for the quarter.

Well, it's really coming out of this need to secure the data layer. So in -- as we know, we've even seen more recently with the SharePoint exploits and obviously, there's the Qantas exploit and everything. If you don't secure your data, which is what the actors are trying to get to, you're going to be vulnerable. If Qantas had encrypted its data and put special conditions and terms around that for its access, they wouldn't be in the mess they are today. And it's the same -- We've seen recently those exploits on the U.S. nuclear propulsion unit in the U.S. so -- as part of that SharePoint. This is the sort of stuff that we go in and secure. I'm not saying that we could have prevented those attacks. I'm saying that there would have been less damage in those attacks should they have occurred because we could have secured that data. Now the U.S., obviously, as the U.S. Department of Defense is one of the most difficult organizations to get into. They've had extremely high expectations of the products that they've being utilized. And we were able to, over the last 2 years, do proof of concepts, do trials and work through their submit accreditation documentation and all of that. And we have come to the point where we sold 1,000 licenses for the Authority to Operate to their systems integrator. Now what that means is that they're preparing for a deployment. Now that 1,000 licenses cost $38,500. We are engaged in commercial conversations with the U.S. DoD, and we have already provided pricing for the first 150,000 user licenses, which would be part of a multiphase rollout. Now the agency that we're dealing with has up to about 450,000 users at its disposal. But what's really good about it is they are a service agency to the rest of the U.S. DoD, which means the network growth effect here is very high. The other important factor is that this is in their M365 U.S. DoD environment, which is 1 of 7 U.S. DoD M365 environments. So not only is there user growth horizontally, there's that vertical growth up and down the stacks. So there's multiple growth licenses there, which is super, super exciting. The U.S. is the largest organization in the world, which takes up about 40% of global defense expenditure. So this is very exciting times. The U.K. division was, again, a multinational defense prime that is moving it from on-prem to the cloud and is also looking at how do they secure the data in the cloud for sovereignty and others. Now the 400 licenses there that got -- is the first tranche of a multiphase rollout, which could go geographically, globally and up to 100,000 users. So again, you can start to see the model that we've been working so hard to put into place and why we've targeted these unique areas in terms of the defense sector and the defense industrial base, which services it because we're in there, we're trusted, we're getting references. And of course, then there's the alliances that cross over with that with AUKUS, QUAD, Five Eyes, et cetera. And that's really important. That's where Japan comes in as well.

Yes. I think what was interesting also, you talked about the network effect. We were meeting with Copper River down just outside of Washington with the U.S. team a couple of weeks ago. And it's not only the U.S. DoD. The U.S. government is broken out into 2 distinct regions or areas: One is defense and the other one is civilian. And the network effect not only carries across, but also having valued partners such as Copper River, Microsoft, Thales, General Dynamics and a couple of others, with this, we're able to go in and talk to other agencies right off the bat. And so this is validation for us. So we talked about validation in the beginning in the summary of what the quarter was. I think that was our first bullet point that you talked about it. That validation carries across into prospects. And hopefully, that starts to drive bigger pipeline, faster deals. We know how long defense deals take. But hopefully, we can start to bring in deals -- deal length with the validation that we're getting from the third parties that are out there today. And just lastly, I think one last thing on that is Copper River worked directly with Austrade of all people. So there's an Australian relationship backed into that as well. So definitely kudos for Austrade and working with us, an early-stage company, helping us come across into the U.S. and introducing us to the likes of Copper River and others.

Yes. And I think that the point that you make about, yes, it's difficult to get into, now that's fine. But once you're in, the commercials are done, and then it's just about the uplift of the licenses as they roll it out. So that's very important, too. And the other area there is you can protect yourself there. Once you're in, that process is such a heavy process that it keeps competition out.

Yes. I think what was also nice around the quarter, and we've been touting this for a while that our customer retention and growth is really strong that overall customer retention remains really low on an annual basis and our net revenue retention or our NRR is exceeding over 115%. So it really underscores that future revenue growth driven by cross-sell, upsell with the existing customer base. But more importantly, it's really making the product be really sticky. So it's validating the use case, but it's making sure that people have a long, lifetime value or a strong enterprise value of a customer over the period of their life. And so it becomes more predictable in where we go and how we do it. So those kind of not familiar with NRR, it means really the company is actively growing revenue from its existing customers while minimizing any downside loss. So it's really, I think, a strong metric for the company to continue to follow. I know, Dan, we had some other really good strong renewals. I think one of the early defense ones snuck in early in the quarter that a lot of people didn't quite get because we were looking -- people are looking for it at the end of the quarter. It actually came in at the beginning of the quarter. So you want to talk about defense? You talked a little bit about the TDI in Japan, but also other activities of renewals in Australia.

Well, the deal with the -- in Japan, again, first TDI sale, which it stands for Trusted Data Integration. And that's really about our platform, which deals with structured and unstructured data, so databases as well as documents. I think that's going to be very important to the company's growth going forward. There's -- and NEC have stood up a whole unit behind this to understand the product, work out how it can do data-centric security for the Japanese Ministry of Defense, and we'll be presenting the outcomes of that early next calendar year to the Japanese Ministry of Defense. They are investing very heavily in this and rapidly. So they're bringing forward these plans to make sure they've got interoperability. And a good example of that is they're participating in Talisman Sabre right now, and they need to communicate across all of these different partnerships in that exercise. In the Australian Department of Defence, we've spoken a lot about a genesis product, which was Kojensi. Kojensi has been applied in very high classified areas and dealing with lots of communities of interest and that sort of thing. This is that product. So Kojensi, which is also servicing the defense industrial base and is now the #1 product platform for sharing information in the Australian defense industrial base. That platform in and of itself is also being used on-premise inside of defense, and this is that product. It has increased its user count by 75%. It's up to 300 users. That's $1.3 million for that 300 users. It is expected to grow, and we expect it to grow up to 2,000 users over the next 2 years. That's been very successfully deployed, and they're very happy with it. So that's a very good story as well. And I think that you're right, it doesn't hit the highlights because you can talk about U.S. DoD and Japan, but we are being greatly successful here in Australia, and we've got growth plans here as well. And of course, last but not least, is we got that renewal with our partner, Penten. For those of you who don't know Penten, they're now PentenAmio. They've just done an acquisition in the U.K. They're an Australian cybersecurity company who we've partnered with to deliver a solution using Kojensi. But that also builds that strategic partnership and alliance and channel for us to go out there to the market. 80% of their revenue comes from the U.K., just as an aside to give you an example of where they're earning their money. So there we go. Do you want to talk about the others?

Yes. So we talk about those deals and you look at the U.S. DoD, you look at what we're doing in Aus and Japan, right? We look at that from a sales and pipeline standpoint as kind of the boulders of the industry, right, those really big deals, high 6-figure, low 7-figure, mid-7-figure deals that we're looking to drive towards. But we're also really strong on the consistency of what we call kind of the rocks, those mid-6-figure deals that may not be these large, long and gated defense sales cycles. So if you look at some of the other renewals, I think this is the fifth year of this European encryption for a central bank. And really, the use case around here, it fits one of the use cases Dan talked about earlier in the session, was around non-Microsoft key management. How do we hold and maintain keys for encryption technology that's non-Microsoft? And that really comes into the play around data sovereignty, which is really big in the front pages of the key journals and Financial Times these days. Also, we continue to push through financial -- I'm sorry, Australian research institutes that give them a secure and protected way to communicate with defense on a regular basis. That's a real strong play for Kojensi around the secure collaboration as part of our SaaS high-growth, high-margin offerings out there. And then lastly, a small U.K., U.S. I think this one was probably about $35,000, $40,000 a year, but it's a repeatable business, repeatable business model that really allows us to show that continued governance for ITARs, controlled unclassified information and even personally identifiable information, identifying and really maintaining that information within the secure collaboration environment. So again, looking at it from a sales standpoint, how do we look at supporting those boulders to make sure they're well supported by a number of rocks that are out there and pushing the business forward. So Dan, as we go into kind of FY '26, let's talk a little bit about the growth strategy itself.

Well, it's all about looking forward, isn't it? So we've already discussed that network growth effect of sales should we be successful with that U.S. DoD, which will really set us up nicely for the FY '26 period. We're obviously highly focused on that. We will give updates when we can. But right now, we're still in those early stages of negotiations and getting through that authority to operate. We're obviously targeting global markets. That's one of the reasons we did the raise for strategic investment into these new markets because that's where we see the high growth and really hitting those inflection points. And of course, that's where the demand is starting to come from, which is fantastic. The other area there, of course, is inorganic growth, and we are obviously still looking at those organizations that are going to add strategic value or accretive value to us. And we look at those, particularly inorganic growth opportunities, for entry into new geographies, whether or not they've got technologies, which can accelerate our opportunities in the marketplace or whether, again, they can deploy different types of resources for us to be successful in our core business, but they have to be strategic. And of course, product innovation, where we continue to be really the thought leaders in the data-centric security space and be engaged across the world by large organizations that are now attempting to shift. Because network security is no longer secure, and that's really the theme of this, and that's where we're seeing that dramatic shift. And that's where, I guess, we're seeing from a momentum perspective, the market really coming towards us and asking the questions about how do they resolve these problems. And really, I think before, they've been really interested. I think now they're starting to sign checks for it, and that's very exciting for us.

Great. So before I turn it over back to Jane for questions, I asked you to start the session with 2 words to summarize the quarter. What are your 2 words going into FY '26?

Can't and wait.

Awesome. Great. Sounds great. Sounds good. All right. Jane, with that, I will turn it back over to you for questions.

Gentlemen, thank you so much for that. And Kurt, if I might just get you to stop showing your screen there, and we can jump into it.

Certainly.

And look, I think while we're waiting for everyone to send through their questions, [Operator Instructions] I'm just going to kick things off now. So first of all, relating to the quarter and the milestones, as you've mentioned through the presentation, we've had some significant contract wins throughout this period so -- and I think in particular, the caliber of the customers. So the U.S. Department of Defense, which is, of course, a multinational defense and aerospace business. And then also another contract and a contract renewal with our own defense force here in Australia. So Dan, I might actually just get you to reiterate those contract wins.

Well, of course, there's the renewal and expansions of licensing with the Australian Department of Defence. That's very important to us because it's in such a unique place within the Australian Department of Defence with highly classified information. It really validates that the products are tried, true and tested. They're accredited and they also provide us really strong referenceability. Now then, of course, there's the U.K. prime, defense prime, which looks at the defense industrial base, which validates our ability to win and execute that in a global market with global clients. And of course, then there's the U.S. DoD, which have -- they have access to everybody's technology. They get to trial -- they're the first real organization that gets the products at the cutting edge for what they need. And yet they've come to an Australian company to do this and a company which is going to be looking after information, which is critically important. So that's very exciting as well. So that validates us in that market. And being able to deal with that sort of an organization that size brings us referenceability and credibility as well. And I've talked about the network growth effect of that. The last one there is ability to expand into new markets such as the Japanese market. Now we know it's very difficult to get into the Japanese market. I think in the time frame, I think it's taken us 18 months to execute that deal, get it into place. And I think that's something really done very, very well and exceptional speed for that Japanese market to trust us so well to get the product into there. And a new product, Trusted Data Integration is a new product. So to summarize that, I think we're really executing strongly on our strategy across all of those areas.

Well, gentlemen, actually, the first one that has come through now is just about the U.S. Department of Defense. So it refers to the potential of the contract to move to a greater rollout and how confident we are in achieving that.

Well, at the moment, as I said, we're very confident. I mean you don't get to -- the thing about the Authority to Operate process is it's at the end of the cycle, not at the beginning of the cycle. So it's not like we've got another 2 years to run and prove ourselves. We're at that end where the system integrator is actually working out how to deploy it. So that's the stage that we're in. So we're very confident. We're getting good messages from that. And of course, we started those commercial conversations to the point where we have provided pricing. So I think we're in a strong position there. Timing-wise, which I think will probably be one of your questions, we just don't know yet. These things -- we're dealing with a very large organization. You've had some weird stuff go on over in the U.S. with the DOGE and all of these sorts of things. So some of these areas, you've just got to work your way through, and some of them have had a little bit of upheaval. But we are certainly -- we know we are a priority.

Sorry, there's also just one here just asking about the $7 million Department of Defense deal versus the $1.3 million deal. I'm not sure if I'm understanding this correctly, but maybe perhaps you can spread some light on what that's about and if it's the same deal or a different deal.

Well, the $7 million deal was a few years ago. And what that deal was for was for taking Kojensi and deploying it into that highly classified area of defense. So that was the services work to get them to understand the product, to integrate that product into other systems within that area and then deploy it for rollout and train the users up. Now the result of that $7 million implementation of Kojensi is that we've now got that recurring revenue, that $1.3 million, and we're seeing those increased users. So those things are joint. One was the development and implementation and adaptions of Kojensi to meet their specific environmental requirements and their very high accreditation requirements. It's accredited by both the U.S. and Australia through the National Security Agency in the U.S. and ASD here, Australian Signals Directorate here in Australia. So it is highly, highly trusted. And the $1.3 million we saw this quarter is the renewal of that licensing, which is not bad, $1.3 million for 300 users. It's a pretty good return.

Yes. And if I recall, the -- on that initial $7 million deal, they actually purchased 2 years of the licensing upfront. So it was close to $2.7 million, $2.8 million of licensing over a 2-year period that breaks down to the $1.3 million. The balance of it was services to get everything up and running. So it was a 2-year deal.

Sorry, you're on mute, Jane.

Sorry. Bear with me, gentlemen, there's quite a few coming through here. So there's one just about the Australian Department of Defence contracts and the status. The question is, I believe there have been rollover and expansions anticipated for June, July, as previously mentioned in webinars. Perhaps you want to comment?

We're still working through that. As everyone will know that the budgetary life cycle of the Australian Department of Defence, they hit sort of February, spend a lot of money depending upon if they have an underspend or not. But what's going on here is that they're just deploying their budgets at this point in time. We won't know until August where they're going to be sitting and what's there and going on. We don't -- we did do at the first quarter, a $2.4 million deal for defense ICT, with a deployed ICT environment for NC Protect. That is a multiyear deal paid upfront. So it's about revenue recognition of those deals moving forward rather than new deals coming in. But we have also been part of a number of other programs of work, which are, in the usual defense parlance, going through their processes. So we -- I don't think at this point in time, we're going to see anything until those budgets are deployed into the new defense environment.

Okay. There's another really interesting one here actually, just about the U.S. -- well, the cyber breach actually for the U.S. National Nuclear Security Administration. So the question is, do we see this as a potential inflection point for archTIS' secure document management? And specifically, how are we positioned to capitalize on the growing demand from critical infrastructure, defense and government sectors for more resilient alternatives to legacy systems like SharePoint.

Yes. So I'll take that one. So that really was a result of the SharePoint breach. So Microsoft had a breach by some Chinese nationalists coming in and actually hacking into SharePoint. And it was the actual infrastructure within SharePoint that they were able to get in and grab information. Now could we have stopped that breach? No, because that's more on the network layer and the application layer stopping people getting in. Where we could play a really strong role is in actually securing that data. So that data, if it was encrypted using archTIS and using a remote key or other key aspects besides Microsoft, we could have protected that information from being actually taken, or in the case of data sovereignty and the U.S. CLOUD protection act, being actually subpoenaed by U.S. government agencies. So there's a multilevel play of us actually securing and encrypting the data within Microsoft using our encryption keys and our core underlying technology.

So they could have taken the data, but they couldn't have accessed the data is what you're really saying there, Kurt, isn't it?

Exactly.

So I guess the other area there is -- look, I'll just add to that response. You're right, there is definitely opportunities there, and this just reiterates the demand for these type of solutions. What I really think is important about this particular attack is it's waking our market up to the fact that they need to do more. They need to spend more, they need to do more, and it won't be tolerated. I mean the U.S. -- heightened level of security in the U.S. is quite dramatic. So I think that that's -- you're right, it opens up more opportunities for us. What are we doing about it? Well, I think we recently announced that we had 2 Microsoft top-tier architects and presales resources that we put on to the payroll straight after we did the raise. The raise was there to look at the pivot, the opportunities in the U.S. market that we are starting to see and to resource us in a way that we can take advantage of those opportunities. And so we are actively responding to that and putting the resources in place to take control of the opportunities that we're seeing in the market and to sort of reach our potential there in terms of pipeline growth.

Okay. Another interesting one to hear about recent events. So can you speak to how NC Protect assists with the zero trust mandate and the likely implementation of this?

Look, I could talk about that all day, really. So I mean, that's our core business. What does zero trust mean? Well, zero trust means trust nothing, validate everything. Is that Kurt -- can I trust that, that's Kurt asking for that information? What device is he coming in on? What network is he crossing? When he hits the firewall, how do I validate all of that? How do I know that the firewall rules are right for that accessing this particular application? Is this application right to service this data up? And does Kurt have a need to know to access that data? So all of these strings of events become really critical. TDI builds those relationships up between all of those data points. What NC Protect does is consume those attributes and make a decision and an enforcement point about whether or not you can actually access the data in the database or the SharePoint site or Teams for files. Can I actually do that? And it's making the decision about whether those zero trust points have been met, and that's really where we play. So it's different to a CASB or a cloud access service broker, and it's different because they stop at the application. We actually do it on the data itself in the repository. Kurt, do you want to add to that at all?

Yes. No, and that's how it's differentiated in the market, right? It's zero trust, sure. Zero trust is the buzzword around everything. It could be network, it could be application. We really take a data-centric approach around that, that if you really look at how organizations work, they're protecting the crown jewels, and it's the data that we protect. So we're protecting the things that matter most. Most organizations, whether it was the U.S. nuclear commission or the U.S. DoD or anybody in Australia, whether it's Qantas or anybody else, most likely, they're already breached. They're either breached or they just don't know it. So it's what do people do with that and how can they actually have access to real time into that data. So we provide -- do you have access to that data, yes and no. And if you have access to it, what can you do with it and put very tight parameters around that in real time. That's what zero trust ultimately comes down to, how we differentiate ourselves from the market, and I think how we're going to succeed over the longer term.

Again, I'm jumping around a little bit here. There's quite a few coming through. So there's one here just asking about Australia and the U.S. So would Australia and the U.S. defense industrial base create a system where your solutions are integrated for all DIB contractors?

Look, I don't know it will ever get to that point, but certainly, they're talking about it. So I think there's a couple of good examples here. The first one is let's just talk about AUKUS from the submarine perspective. Not only are they talking about investing in the U.S. industrial base to increase productivity of Virginia class. They're talking about in the U.K., investing in the U.K. nuclear submarine capability program. The reason that this is exciting for both the U.K. and the U.S. is Australia is a central point in the Pacific. Means that submarines don't have to go -- U.K. submarines don't have to go all the way back to the U.K. to be serviced and U.S. submarines don't have to go all the way back to the U.S. to be serviced. And if we can participate that in a joint way, then it becomes very strategic in terms of not knowing how many submarines are at sea at any one point, not knowing where they are, and that becomes the deterrence that they talk about in terms of building a deterrence. Now for that to happen, you require an integrated industrial supply chain and maintenance regime. And they're not just talking about it for submarines. They're talking about it for long-range missiles, bombers, fighters, support services for troops, all of these areas. And there are many, many companies that want to get on board with this. And of course, for them to do that, they all have to meet common compliance standards. And the issue is none of these large defense primes trust one another. So there is definitely a way forward here to do that integration. That's what we've been positioning here in Australia, and we've been reasonably successful. I wouldn't say we're there yet. We're building momentum up to becoming that one platform. Defence has certainly announced that they are looking for one industry platform that all parties can collaborate on. And we have heard similar stories in the U.K. and in Japan from the point of view where they're developing what's called the GCAP, the sixth-generation warfighter where, again, they're talking about an integrated industrial supply chain. So the opportunity is there. That's why one of our goals is to be the preferred platform for the defense industrial base, and we are actively working on it. I think that's going to take time, but I think that by winning the number of clients and having that stickiness in there, I think that, that gets us a really good shot at it.

Again, we've got quite a few coming through. There's one just here about the product. So what is the cost of the company to add more users to NC Protect or Kojensi contract expansions?

Look, I'll leave that to Kurt. Kurt, do you want to talk to that?

Yes. I mean when you look at the gross margins, right, software is very binary. It's either a 0 or 1. You either sell it or you don't. Once you sell it, adding additional users has a very, very high level of gross margin, particularly with NC Protect. NC Protect is not your typical SaaS offering. It gets deployed at the customer layer, either on a SharePoint farm or up into their Azure service. We don't pay for that. And so when we add additional licenses, it's a very, very high 95% plus margin on the license itself that we're driving. There's no third-party costs involved in it. It's really the support and maintenance of that, that really comes down to the cost of goods sold. So every incremental license is almost pure profit in NC Protect itself. It's a little different from Kojensi, particularly in the SaaS product because there is some hosting components around it, and we do have some third-party Oracle technology that underpins the core foundation of that, that we actually must pay for. But that gets diminished as you go up with each user as well. So increasing quantity really helps the margins. And you can see it as we start to move towards adding additional users by our net revenue per customer. It's up to 115%. Those additional users year-over-year are adding almost pure profit to the gross margins itself.

Kurt, I'm going to stick with you for this one. It's another technical one just about external testing strategy. So -- how does archTIS independently ensure itself -- assure that it's self secure?

Yes. So we do that a couple of different ways. We obviously have a very strong Chief Information Security Officer. We go through a lot of PEN testing and a lot of outside validation. We look at the different governance requirements, whether it's FIPS or some of the other international bodies that are out there. But not only do we do it from a development standpoint, but we look at what the certification requirements are, whether it's in Australia and getting the product certified or what we're doing with the U.S. through the Authority to Operate to make sure that a third party, sometimes the government itself or the government contractors come in and validate our code to make sure there's no back doors and make sure everything that we're saying and what we provide in the reports is the same thing. The one we filled out for the U.S. DoD, I believe there was 217 individual questions that ran close to 1,000 pages of responses that between the team and the CISO had to go through, make sure that we had everything in place from our own internal policies and processes and then have that validated by the Department of Defense itself. So a very rigorous process that we go through.

There's one just here on product innovation. So as archTIS grows the customer base, is there an opportunity to move upstream to work on other security requirements that can increase the LTV of the clients?

Yes, I'll take that. Absolutely. Look, the data-centric security life cycle goes through about 4 phases, 4 key phases to keep it simple for the audience. The first one is discovery of what information I have and determining what information I need to protect, whether that's because of compliance requirements or that's because it's a high-value intellectual property to the organization. And there are GDPR rules on that, whether -- if I work in the finance sector, I should be able to see the financial information, but I might not be able to see whose information that is. If I work in HR, I can see the names of the people, but I don't need to see their financial data. That is a simple example. Discovery, what needs to be done with what information. Then there's the labeling of that information, which creates metadata, which we use as attributes to do enforcement. And that's, of course, is the third phase. How do I enforce the rules across my data, whether I need to redact data, whether I provide access, whether they can download it, whether they can edit it, all of those sorts of things. And the last phase there is governing all of that information to determine the risk and make sure that I am compliant with all the external compliance requirements. Now those 4 phases gives us a very good program of work. What we've been really good at traditionally is enforcement and governance starting really -- starting to move into that governance phase. Because we've come from a defense and national security background, they do the discovery. They do the labeling and classification of that. Now as we expand into the commercial sector, they're on the opposite end. They really are focused on the discovery and the labeling. So as this market matures, we will make sure that we have the right products for that entire life cycle of development and compete very strongly in that. And that's really where the focus of the company is. And certainly, that's what we look for from the perspective of inorganic growth opportunities as well.

And I think our customers are taking us in that direction as well, right? When you go out and do user customer calls and prospects, when you see it come in, they're looking for those 4 stages. The analysts like Gartner call it data posture security management. So they're actually putting names and actual industries around this that start to segment your market availability, your total market size within the industry itself, key competitors and what have you. So you become part of a target that you can really build your product innovation around. You don't have to follow everybody else and you can grab different pieces and be the experts in one, but still provide functionality and core components on the other that really provide that end-to-end almost platform-like solution.

There's just a couple here about the product and protections. Kurt, perhaps I'll go to you for this one. So basically, protections of your products. So how unique the products are and how we are combating competitors?

Well, it's -- if I understand the question properly about what our protections are, really, what do you need to do with the product? And that's part of what we do. And so do you need to print that document? Do you need to share it? Do you need to put it into a PDF? Do you need to e-mail it and how do you do that? Everybody has different aspects of how their document needs to be protected. If you're in your office, maybe you can...

I think how we're protecting the intellectual property, I think that's where the question is going.

Yes.

Yes. I'm sorry, go ahead. You faded out there for a second. So go ahead, Dan.

Yes. I think the question is more about how we are protecting our intellectual property against competitors and how we're combating competitors. Did you hear that, Kurt?

Barely. Sorry, you guys faded out. Why don't you answer that while I try to do something here.

I'll answer that. That's all right. That's okay. So yes, we do have patents and copyright protection on our products. And of course, we keep all of our own information rigorously secure in terms of what we do in terms of our differentiator. I'm going to add one real key aspect here, which I think the marketplace should understand as well. We have been doing this now with -- in classified spaces for many, many years. And one of the great sources of intellectual capital that we have, which other organizations don't have is years and years of experience with the customer. And we design our technologies with that customer in mind to solve the problem. I think a lot of our competitors are coming along looking for ABAC technology to solve a problem. We understand the problem intimately and have years of experience of dealing with that with the most complex customers, with the most sensitive information and how they need to use it. And that brings -- that we can bring features forward in our products faster and better and more aligned to the customer value against also those accreditation frameworks, which give us that differentiator. And that's why we're being referred by defense organizations to defense organizations and the defense industrial base. And that's a really powerful tool, which our competitors cannot replicate.

Again, we've got quite a few coming through. There is one here just about -- actually about the buzz around AI at the moment. So question asks, would you combine AI in your products and how.

Well, we already are. So look, that's -- it's a fantastic question. And there is a lot of buzz about AI and what to do with it. I'll give you a good example. One of the areas that really excited me about the Direktiv acquisition was a use case where they were protecting AI for an organization. So that organization, one of their software developers went out, exposed to code to ChatGPT. It got published globally. One of the problems was it had encryption keys in it for a highly sensitive customer. And of course, there was a big massive issue with the data spill. So they still wanted to get the benefits of AI, but they wanted to control AI. And so TDI was brought in to that customer and containerized or put boundaries about -- around that AI module for what it could do and where it could source information from and where it could publish it to. And that's a really exciting opportunity for those people like in the Microsoft world with Cortana or whether it's a ChatGPT module or any other intellectual AI module. Now we are also using AI to make sure that the usability of our products is really up there. When you get a soldier who's deployed out into the field and wants to make up new rules about who can share what information, it brings it back in plain English so that they don't have to be a programmer to be able to do that. Now that's one of our competitive advantages, and I just talked about our experience about our users. That's one of the reasons we're using AI to do that. So we are looking at that in terms of the deployment. I mean I mentioned that we had done a really small deal with Computershare, which I think will grow into something quite significant. And for that, we're just using AI to ask the question, where are my servers and what status they are? And it goes out, pulls all the information back and tells them the current status of all of their servers using AI and TDI. So I think there's some really exciting opportunities there. Kurt, did you want to add to that?

Yes. I mean, yes, everybody talks about how it's going to increase productivity, but it also opens up a lot of holes in organizations from a data standpoint. And so it's not about opening it up. It's shutting it down more than anything else. It's around putting proper governance in place and putting the proper technology that makes sure that, again, the developer doesn't push out encryption keys out into the ether or people don't talk about intellectual property or sensitive information that they're looking to get more reports or more information as they go out to market on. So it's really about protecting the worker from a data-centric standpoint, making sure that we're doing the right thing from a prevention and enforcement standpoint to help the business maintain their governance and compliance going forward.

I'm mindful of the time here. There's quite a few coming through, but let me just go through. We probably got time for 2 more. So one here just about the expansion. So Kurt, I'm going to go to you for this one. So post the win in the U.S. Department of Defense, can you go through your current hiring plans? I mean how many people do you plan to deploy capital mostly, obviously, in the U.S.

Sure. So it's really a couple of different areas that we're looking at. As we've moved out from Australia, we're an outpost here. And so we're going to need to hire enough support consultants and contractors to come in and help support the DoD. Supporting 450,000 people within an organization from a deployment standpoint will take muscle coming in. So you definitely need to bring that in. And that will be added based upon the revenue that we bring. We need to maintain our margins. We need to maintain the processes and systems and use them effectively as we can. It's not just about headcount, it's making sure that we're efficiently adding to it, and we're doing it in a capital-efficient manner. Then you start to look at the distribution side. U.S. is a big, big region, but we need to stay focused. Again, we're being really cognizant of how do we use our capital. We want to make sure that we're driving the profit EBITDA back into the business, making sure our headcount has the right metrics around it, making sure that we're leveraging technologies such as AI to be effective around it. And so that also pulls into where we said some of the capital is going is towards leveraging strategic partners. So how can we leverage the partners that we have in place with the Microsofts, the Thaleses, the General Dynamics, the Raytheons and what have you. And lastly, you're going to need some operational support to drive it. Our CFO, Andrew, is really looking strongly at what systems and implementations do we need to do to make sure that we're efficient in the way that we're looking at the margins, looking at the operating expenses. But you need people to do that as well. So I don't think we're going to be just blowing the top off of everything and just saying throw caution to the wind and start bringing people on. We're going to do it in a very systematic, capital-efficient manner to make sure that we deliver returns back to the shareholder in a very efficient way.

Okay. There's one just here about growth. So what would you say are likely -- the business's likely biggest challenges for growth, especially with the strong growth potential we've got coming up over the next few years?

Look, I think there's still a lot of hard work to go. I think Kurt just outlined a whole program of work there that needs to be put into place to make sure that the organization can sustain the growth and the growth potential that it needs to execute against, whether that's demand from the customer or whether that's also going out into new sectors and vectors of the marketplace and particularly commercial. So I think that it's really about making sure the underlying infrastructure can sustain the growth that we are expecting. And that's really what we're going to be focused on over the next 12 months because the deal in itself will have its own network growth effect, and we need to be highly focused on making sure that customer is successful. Because if we do that correctly, we're definitely on the right path for the success of the entire company over the next couple of years and beyond. So that's really what we have to focus on, that hard work of making sure that we are absolutely ready.

And look, last one to wrap up, gentlemen. What can shareholders look forward to from a news flow perspective over the next sort of 3 to 6 months?

Well, that would be telling stories out of session. But right now, look, again, we -- I think that, obviously, the big one there that everybody is looking forward to is the timing of do we -- are we successful with the U.S. DoD. And that's the biggest prize in town. I think that's what people will be looking forward to understanding. And obviously, that's something that we want to be able to achieve as well. So that's the big one. The second one there would obviously be expanding in global markets and extended growth in existing accounts to demonstrate that, that growth and demand is growing. So look, I can't tell you any dates or times or amounts or volumes. I know that you'd all love that, but I just can't do that. So really, it's about landing that deal and making sure that we're focused on that deal to get it closed. Kurt, anything from you?

Yes. I think it's going back to the 4 pillars that you talked about, right? It's a network effect, how do we take referenceability from Australia into the U.S. and leverage the U.S. DoD? We were able to lower our cost of sale, lower the speed or increase the speed to market, sell more, sell faster type mentality. It's also looking at the inorganic growth and how we can take other things from a building out our distribution, building out our product offerings and our product innovation or even add additional verticals through inorganic growth and bring that to market and then making sure that we stay at the forefront of product innovation. There are better capitalized companies out there that are moving fast. We just need to move faster from a product standpoint to make sure that we stay ahead of them and continue to drive that high level of customer satisfaction that repeats that high revenue, high margin, high net return and low churn from the customer itself. You do that over the next 12 months, and you have a really strong company continuing to go forward.

Wonderful. Well, gentlemen, we have run out of time here. Thank you, everyone, for joining us today. And if we've missed any of your questions, please feel free to reach out via the contact details, which can be found at the bottom of the ASX releases. We also have our Investor Hub page for all updates, so please feel free to reach out then as well. But thanks again for your time.

Thank you, everyone.

Great. Thank you. Have a good day.