FirstWave Cloud Technology Limited (FCT.AX) Earnings Call Transcript & Summary
November 26, 2025
Earnings Call Speaker Segments
Ruth Sloley
executiveHi, everyone. Welcome to the FirstWave webinar. We're just waiting for people to join the call. We'll leave it for about 10 seconds before we commence the call. Okay. Good afternoon, everyone, and thank you so much for joining today's strategy and product webinar. On today's webinar, we'll have an introduction by our Chair, Roger Buckeridge, and that will be followed with an update by Danny Maher, our Managing Director, who will provide an overview on the opportunities for our strategic direction before handing over to Sharon Hunneybell, our VP of Products. Sharon is going to take you through the exciting product developments for Open-AudIT. At the end of the presentation, there will be a Q&A session with our panel of presenters, who will be joined by Mark Unwin, the Founder of Open-AudIT. So if you've got any questions, please submit the questions through the questions function throughout the call. We'll address these during the Q&A segment. Now I'd like to hand over to Roger.
Roger Buckeridge
executiveThanks, Ruth, and good afternoon to all our members, our shareholders, and I'm sure that I would hope, some clients. And this will be an exciting first announcement of what I expect to be a continuous series of product announcements and new solutions that we're showing to the marketplace during the coming few months. And I welcome your interest and support for what we're doing here at FirstWave. Over to Danny.
Danny Maher
executiveAll right. Thank you, Roger. Okay. I'll just jump straight into it. So this presentation is very focused on what we're doing with Open-AudIT. It is very extremely exciting for us. And it's only the new advances in AI, which are enabling us to do what we're doing. So I'm just going to talk you through a little bit about why it's exciting and what the opportunity is for us before I hand over to Sharon, who's going to take it all through for you. So the new AI-driven vulnerability detection for Open-AudIT, which we've developed, it moves Open-AudIT away from being a once off IT audit tool into a compliance platform that the organizations need to use every day, okay? So it offers enterprise-grade vulnerability management. It is at a fraction of cost of the other providers. But really, the key behind it is that inside Open-AudIT -- so every organization that downloads our Open-AudIT product, which is free, they use it to audit their IT environment. So inside that product, which is on-premise, it has all the data on all their IT assets, okay? And so Sharon will walk you through how we're looking to monetize this free user base. But basically, with what we're doing, we're the only ones that can do it because we're the only ones that have that data inside our software. Unless you took that data out of our software and put it in somewhere else, you can't do what we've done. So we're very uniquely positioned to attempt to commercialize this user base. Now we've already got an exceptional market share. We estimate 150,000 organizations using this free product, and I'll touch on that in a second. And these features have been released a little bit of outdated slide there. And you'll see these -- the first releases of Open-AudIT 6 to the market on Friday, U.S. time. So every 7.8 minutes, there is a download of our software. It is crazy popular. 1 out of 5 of these downloads is from a company that has not downloaded the software in the previous 3 years. So we consider that means 1 out of 5, i.e., once every 40 minutes, there's a new organization downloading and presumably implementing this software. And that means 4 out of the 5 are actively upgrading it. So if you look at that per annum, 67,000 downloads per annum, 13,000 new organizations coming to us. So we have -- and this is just the ones we know about. There can actually be more than this. This is the minimum there are. This is the minimum. There can be more than this. So what this tells us is we have both an active user base and a growing user base. So it's very exciting to be able to release to these users what we're about to release. So what does this mean in terms of what happens if we monetize this user base? And don't forget, we've got new relationships with AWS, Ingram Micro. We got -- we're going to have other customers that come to us for this functionality, which aren't in the user base at the moment. So even without considering that, the amount that an organization will pay for these new commercial features depends on their size, right? So the more devices you have, the more you pay, okay? And we look to target between $15,000 and $25,000 ARR for an average size organization. But depending on who converts, this could change because it's all based on the number of devices you have. So a 1% or 2% conversion of our activity at $15,000 per annum increases our ARR by $45 million per annum. So this is a huge opportunity for us. And remember, this doesn't happen overnight. It's every 8 minutes that somebody is upgrading. That's when they're going to get the new features. We will e-mail them and market to them as well. So we'll have a bit of an uptick when we do that. But generally speaking, it's going to come through over time as they upgrade and every 40 minutes, a new organization being exposed to these features as well, notwithstanding we'll do additional marketing on top of that. But whatever way you slice and dice this and whatever price you think we can sell it at and whatever percentage you think we can sell it at, whatever way you do this math, it's potentially a huge game changer for us, huge. So that's kind of the description of why we're doing this. And the opportunity that it presents to us. And this is not the only opportunity this company has. This is one opportunity. But it is our most exciting opportunity right now, and it's at our feet now with the product to be released on Friday, U.S. time. So with that, I'll hand over to the person you all really want to hear from, which is our Head of Products, Sharon Hunneybell, and we'll hear about what we've done and what we're doing. Over to you, Sharon.
Sharon Hunneybell
executiveThank you so much, Danny, and good afternoon, everyone. So I am really excited to be able to present Open-AudIT 6 to you, which is being released this week. It's a very significant milestone for us because it introduces AI-powered compliance and vulnerability management, and it positions us to convert that enormous free user base into paying subscribers. So today, I'm going to take you through the opportunity. So why now and why us? What's different in Open-AudIT 6, the difference between the free and paid versions, where this new release sits in the competitive landscape. And then I'm going to finish with a short product demonstration showing both [ of these ] versions, including the new AI-powered vulnerability detection. So Open-AudIT is already installed in thousands of organizations globally. But at the moment, they're not subscribing. And that's the challenge that this release is designed to address. So rather than showing numbers on a slide, I have up here the -- our internal metrics platform, which is where we track our downloads, free trial activations and usage by region as well as the conversion patterns. So here, you can see that over the last 30 days alone, there's been thousands of downloads and lots of other activity. And you can clearly see that Open-AudIT remains the product with the highest activity and adoption. If we break it down by region, you can see how truly global this user base actually is. You'll notice that there's particularly strong growth in Europe. And interestingly, that's where Lansweeper, one of our key competitors is based. There's been some recent negative sentiment in the user community about their support for smaller installations. And you can see from this view that we're already picking up growth from that dissatisfied user base. And this is just one of the market segments we'll be targeting with this new release, and I'll talk a little bit more to that later. So why us? Well, yes, we have that huge installed user base, but the real advantage lies in the quality of the data that we collect. Our software runs inside real business networks. So we see the full picture. We see every device, what it does, how it's configured, what version of software it's running and importantly, what's changed. So most of our competitors only see bits and pieces. And often, they have to use agents or connectors to be able to gather that information. But we see the entire environment, including forgotten, hidden or unmanaged devices that others miss. So this means that we can spot risks early. We can show the business is whether the business is secure and compliant. And now with version 6, we can match those devices to real known threats. So for those that don't know, there is a global list of known software weaknesses that are called CVEs. And because we know exactly what devices, versions and configurations exist inside a business, our AI can automatically flag which ones are truly at risk and which ones are not. And so this is a really big value shift for our users. It's going to move them from knowing that they have 10,000 devices to understanding that there are 86 of those devices that are vulnerable right now, and here's what to do about it. So there's also been a significant shift in expectations around IT asset management. It used to be acceptable to have a spreadsheet listing your devices, and this might be checked once or twice a year, but that's no longer enough. Today, regulators, insurers and auditors expect that you have continuous visibility that you have proof of configurations that you are alert to early risk detection, that you have alerts when things change and that you have evidence that you're actively managing vulnerabilities. There is now a growing list of IT security frameworks like CIS, NIS2, DORA, Essential Eight, the SOC2 and ISO 27001 which all require ongoing device intelligence and risk awareness. So Open-AudIT 6 can help you comply with all of these. And importantly, penalties are increasing and enforcement powers are growing. So doing this isn't really optional anymore. Businesses are looking for tools that can automatically track this, not just at their audit time, but continuously. And this is another reason why this is great timing for Open-AudIT 6. So introducing Open-AudIT 6. It brings together that device discovery and new AI-powered vulnerability checking. It provides accurate monitored hardware and software inventory, continuous configuration change detection, a range of audit-ready dashboards and reports. And we're also now able to offer Software-as-a-Service monthly billing, direct website purchases and AWS marketplace availability, which opens the door to public sector buyers, reseller channels, which we are actively building with AWS and Ingram Micro and lower touch subscription sales. So what's the difference between free and paid? Well, the free version remains a really powerful starting point for businesses. It helps them quickly and easily get a list of every device and where it sits in the network. And that's why Open-AudIT remains one of the most downloaded network inventory products in the world. But the feature set is intentionally limited. So in version 6, we've made professional and enterprise features visible but unavailable. So dashboards, baselines, compliance reports, security views, they're there, but when they click, they prompt you to upgrade. And in the paid versions, that's where the real value now sits. So you can see which devices are at risk or noncompliant. It matches real equipment to cybersecurity threats using AI, and it gives executives and auditors the proof that they need for compliance, insurance and for increasing operational resilience. So to paint a picture on what this actually looks like for a business, I'd like you to picture a national services company that's just undergone a merger, acquiring several new branches. They have reasonable documentation for core infrastructure, but limited visibility into endpoints like laptops, tablets or contracted devices that have been granted access to the network, and they certainly have no clear view of the versioning licensing or vulnerabilities. By deploying Open-AudIT, they're able to scan all networks on-premise and in cloud, discovered around 10,000 devices, including 350 previously unrecorded, identified redundant licenses resulting in a cost saving and critically detected dozens of high-risk vulnerabilities that could not have been found manually. This demonstrated immediately why automated ongoing visibility was essential, not just optional. So let's take a look at the competitive landscape and where Open-AudIT 6 now sits with these new features. So in the asset management, compliance and vulnerability space, there are a few key names. Lansweeper has traditionally been strongest in IT asset management. Tenable are really strong in vulnerability management. Qualys, very strong in cloud and compliance. And then I've added in ServiceNow here as well. They're a massive enterprise platform with a discovery add-on. And it's really just this add-on that we're comparing to because this is what sometimes comes up when we're talking to customers. So when we look at this through 2 lenses, which is the depth of insight, so the amount of information that you're able to actually draw out of your products, your devices and your networks and affordability and ease of adoption, Open-AudIT really sits in a unique position. And we're up against some really, really large companies. So Tenable and Qualys are both multibillion-dollar companies. Lansweeper is still private, but it has raised significant revenue in the last few years and raised significant capital in the last few years and also has around $60 million in revenue estimated. So we are competing in this same problem space, but we are coming at it from a data first inside the network perspective with that globally adopted free product. So in this slide, I've drilled down into features, noting the areas of strength in Open-AudIT. As a reference, the dark blue ticks are areas of strength and the light blue ticks indicate that they may touch on the feature, but it's not a key strength of their product. So Lansweeper is really strong in traditional inventory. Tenable and Qualys are really strong in security and vulnerability. And ServiceNow sits at that enterprise workflow level. So it's very powerful, but expensive and complex and typically used in much larger IT departments. But because Open-AudIT already has industry-leading asset discovery, which is what made us popular in the first place, with the addition of the configuration context, the AI-driven vulnerability matching and the compliance dashboards, we can actually compete in an all-in-one platform. So I mean -- what this means is that instead of buying separate tools for asset management, compliance reporting and vulnerability scanning, organizations can get all of that insight directly from their Open-AudIT installation at a price point that really suits mid-market, government, education, MSPs and partners. So we are sitting now in a category that didn't exist for us before. We're able to provide flexible licensing, in-depth device intelligence matched with compliance and security insight and backed by AI. And of course, our biggest competitive strength is we have that market access. So Open-AudIT is already installed in thousands of organizations. And hopefully, now we have the right feature set to be able to monetize it. So that was -- that's about Open-AudIT. It's a great tool in its own. It stands very strongly. But when you connect it with the rest of the FirstWave suite, that's when you really start getting full operational resilience. So monitoring, automation, event correlation, traffic intelligence, cybersecurity, the whole picture. But that's the story for another webinar. Today, I just want to get to the fun part, which is showing you what Open-AudIT actually looks like in action. So to begin with, I thought I'd start by showing you Open-AudIT free, so our free version. So this is a summary dashboard that appears once you've installed the software, activated it and gone through the setup wizard, adding your network credentials. And that's what allows Open-AudIT to automatically discover what's on your network. You can see at the top here that there is a banner that shows that there have been vulnerabilities detected. And below that, you can see all of the discovered devices, software and components as little numbers up against each of these icons. There's also a little summary section at the bottom. And so we can click through on one of these icons. And this is a test network. So there is only one device that's installed, but you can see how much information actually comes off of that one device. And we can see here a device summary and we're able to click through and see all of the information relating to that particular device. And on the left-hand side here, you can do a deeper dive into all of the different items that you can see there. If I jump back to the dashboard and then click on the vulnerabilities. I'm taken to this screen here. So this gives a sneak peek to the user of the vulnerabilities that exist in their environment. So I can see here that 35 vulnerabilities have been detected and 19 of them are severe, and they're all sitting on one device. But you can imagine in a real network situation, this would be a lot more. It then prompts them to upgrade. And as we scroll down, we give them a little bit of an insight into what the most critical CVEs are, and we also group this by the number of devices. So if they had a significant number of devices, this would be adjusted to be able to show the most critical on the most devices. So the things that are going to have the biggest impact on their particular organization, and we prompt them to upgrade to view. We also give them a little bit more information about the feature as well. Now I'll jump through to open order enterprise now. So this is the brand-new dashboard, which has been completely reimagined for compliance, security and operational resilience. So instead of icons, we have this compliance-focused dashboard that gives you everything you need to understand the health and the security posture of your network at a glance. So you can see here the total number of devices that have been discovered, how many vulnerabilities that have been detected. You can see any orphan devices, the devices that should be on your network, but have not been seen for a while. You can see hardware and software change alerts. You can also see things like file writing exposure, so where files are discoverable externally, and that's a significant cybersecurity priority. So on this dashboard, anything blue is informational. Anything flagged in yellow or red means that action is needed and green means you're doing well. I will take us through to this vulnerability screen now. And here, instead of just seeing the vulnerabilities exist, we can now see every CVE that's been detected on the network, grouped by criticality, so critical, high, medium or low. These come directly from those CVE files. I've got -- so that you can see a really good example of a CVE, I've got one that's already open here. So this is one that has a high severity and they get scored as well. So it's got an 8.8 score. We can see here that it's related to chrome. We can see the -- obviously, the vendors that's related to. We get a description of what the actual vulnerability is and the remediation instructions. We also provide in this screen links to everything that you need to be able to learn more about the CVE and to be able to correct the issue within your network. When we jump across the devices, we can see each of the devices that have been affected by this particular vulnerability. So from here, it's up to you to take that direct action to patch, escalate or remote in and resolve the problem on that particular machine. Once that remediation is complete and the system scans again, and we are constantly scanning for those vulnerabilities, it will disappear from the queue and automatically update your security posture. I might stop sharing there and jump back to Danny and the Q&A.
Ruth Sloley
executiveThanks, Sharon. And Danny, I'll hand back over to you now.
Danny Maher
executiveOkay. Thank you, Sharon. I'm trying to get my camera turned on and fling with the technology. Okay. Thanks, Sharon. [Operator Instructions] We do have one question there already from Kim Wingerei. I'm assuming you want me to take this one, Sharon. It's a good question. It's a bit of a curly one. Actually, Sharon, are you able to read it out? Well, I'm just...
Sharon Hunneybell
executiveYes, I can read it out. So it's from Kim, Kim Wingerei. So nice to see you, Kim. This is basically how mantek first marketed its business opportunity to shareholders some 10 years ago, but it never happened. What is different now? And what will you do differently to make it happen?
Danny Maher
executiveYes. So it's a bit of a curly one, it's a good question. So for those investors or for those on the call that aren't aware, FirstWave acquired a company called Opmantek a few years ago. And this particular technology came across with that acquisition. So Kim and others, at Opmantek, we always had Open-AudIT ticking away there and doing well. But the main focus was actually driving up the blue-chip clients that were using the MIS product. And we made some attempts at selling some commercial add-on features to Open-AudIT. We're very, very lucky and fortunate to still have that user base. It's remained -- that activity has remained pretty consistent, and we're very fortunate that, that happened. So the big shift is what's happened with AI. So inside this software is data on every IT asset, software, hardware, firmware, printers, security cameras, firewalls, routers, switches, PCs, laptops, everything. And businesses are connecting all sorts of stuff to their networks to do whatever they want and people bring in their own devices. And it's the shifts in AI, which are enabling us to do what we've just demonstrated. So that's the first big change is that we've actually built this product to try and monetize this user base. So that's a huge change. And the change in compliance, like quite honestly, the changes in the focus for getting IT managers to compliance, as Sharon spoke to, has been big in the last 12 months, right? So they're saying it's not acceptable to have a list of IT assets anymore. You have to be actively monitoring what's happening to them, how they're configured and what the changes are. And that is new. It's a new space. Sharon, you might know the actual quoted stats, but something like 64% of companies, is that right, have a compliance management system and some don't, I don't remember. It's something like that. It is a new space and a growing space. And that's the big difference that we're able to use AI to take one of these CVEs, but you have to have the data in your product to do what we're doing, and we're the only ones that have that data. So hopefully, this is the big change for us, which enables us to monetize this user base. If it's not, then we're going to have to try something else. But for sure, there's a shift in the focus of the company that we actively want to have this as our top priority to monetize this user base. I love this stuff. And so hopefully, this is what does it. And then we'll do more and more and more, and we'll sell more things for a higher price. But yes, we want to see inquiries from this straight away when we release it. 200 organizations are going to implement this per day after we release it. So we're going to know fast. I'm not saying that orders will come like that, but we should be getting activity and inquiries very rapidly. So let's see. But definitely in a different place for sure.
Sharon Hunneybell
executiveDo you want me to read -- there's another question there? Do you want me to read that out, Danny?
Danny Maher
executiveYes, sure. Thank you.
Sharon Hunneybell
executiveThanks for the presentation. Do you need to mention that customers can use Open-AudIT in conjunction with their preferred AI provider? Okay, Paul. So that's an interesting question. And the -- so this particular piece of technology that we're releasing within Open-AudIT, the AI actually runs within our own infrastructure. So we do all of the processing of the AI and enrichment of the files within our own server, and then we pass those enriched files back down to the users. So they actually don't have to have AI installed in their networks at all. We're doing all of that hard work ourselves, and we're just passing them the information and doing the matching on their side. So -- but we do have some more -- we do have some more features that are going to be released, the MCP servers, which will allow our clients to be able to deploy their own AI agents into this data as well. So it's all in the pipeline and coming up soon. Okay. There's another question there -- a comment there. So however you slice and dice the valuation, this is an outrageously exciting opportunity. The market is completely blind on this potential, obviously, due to limited coverage, market updates and past disappointments. I believe this will now be the next $1 billion Aussie tech company, let's go. Awesome. Thanks for the enthusiasm. And yes, I'm quietly excited about it as well.
Danny Maher
executiveIt's really exciting. But it's a new commercialization process. So we've got to look at the data, look at the inquiries, and we've got to see what we're converting and then we've got to increase the conversion rates, increase the value of our sales, and that's what we're going to do. But there's we were -- Mark, I don't mind you mind me saying -- you can turn on your camera if you want to, Mark. But yes, I remember early on in this release, and we're in the product updates and we developed this AI, hats off to Mark here, so it's a bit of a thank you to him. And we said, Mark, what's the feedback from the early adopters? What's happening? And he said, I'm frightened to say what I'm going to say about what the AI is doing and he goes, it actually works. And I'm like, wow, and he goes, it's working as it's supposed to, and there doesn't seem to be problems with it. So that was a really exciting day for us. And this is a big breakthrough for us, which is only facilitated by the way that AI has involved. And hopefully, we're a big beneficiary from this evolution in AI. But hats off to Mark and Sharon as well for listening to the customers and getting this done. Now let's see what they're prepared to pay. Okay. We don't have any more open questions. I'm sure there's going to be a lot next week after we release. I've certainly got a lot. And so look, thank you, everyone, for your time today. I know I particularly welcome new shareholders. I think you're kind of lucky ones to get at this time, and we will see and hopefully, that proves right. But thank you, everyone, for your time. Roger, you turn your camera on if you've got some closing remarks. But other than that, we're all done.
Roger Buckeridge
executiveMy closing remark is I'm really excited and I'm proud to be working with this team. I'm a late starter, but I can't think of a more interesting project to be working on these days. Well done, Mark. You're a quiet achiever.
Danny Maher
executiveYes. Thanks, Sharon. Thanks, Mark. See you.
Roger Buckeridge
executiveBye-bye.
Read the full transcript via the API
You're viewing the first half of this call. Get the complete FirstWave Cloud Technology Limited transcript — plus 246,000+ transcripts from 12,000+ companies, speaker segments, AI summaries and full-text search — through the EarningsCalls.dev API.
Get the API View API docs →This call discussed
For developers and AI pipelines
Programmatic access to FirstWave Cloud Technology Limited earnings transcripts and 246,000+ others is available through the
EarningsCalls.dev REST API. Plans from $24.99/month — full transcripts, speaker segments,
full-text search, and the recently-added /api/v1/transcripts/recent polling endpoint for ETL pipelines.