Plurilock Security Inc. (PLUR) Earnings Call Transcript & Summary

Good morning, and thank you for joining us for Plurilock Securities Conference Call to discuss its financial results for the year ending December 31, 2024. I'm Sean Peasgood from Sophic Capital, Plurilock's Investor Relations firm. On the call today, we have Plurilock's CEO, Ian Paterson; and CFO, Scott Meyers. During the call, all participants are in a listen-only mode. Following the presentation, we will conduct a question-and-answer session. We encourage you to submit your questions through the Q&A tab at any time, and management will answer them following the prepared remarks. Before management discusses the results, I'd like to remind everyone that certain statements in this call may be forward-looking in nature. These include statements involving known and unknown risks, uncertainties and other factors that could cause actual results to differ materially from those expressed or implied in our forward-looking statements. For caveats about forward-looking statements and risk factors, please see Plurilock's MD&A for the year ended December 31, 2024, which can be found on our company profile at SEDAR +. And unless otherwise stated, all dollar amounts referred to in this call are in Canadian dollars, the company's reporting currency. I'll now pass the call over to Plurilock's CEO, Ian Paterson. Ian?

Thank you, Sean, and thank you all for joining today. Good morning and welcome to Plurilock's Financial Results Conference Call for fiscal year-end 2024. My name is Ian L. Paterson, CEO of Plurilock. As we review the results, I'll provide some highlights along with a business update. Then I'll turn the call over to Scott Meyers, our CFO, to walk through recent financial performance. We'll wrap up the prepared remarks discussing our outlook, and we will leave some time at the end for Q&A. Before we start discussing our financial results, I actually want to take a moment to reflect on the broader cybersecurity landscape. In 2024, the threat environment grew much more complex and dangerous. We saw state sponsored attacks, AI-driven threats, supply chain vulnerabilities become more frequent, more sophisticated. And this puts unprecedented pressure on both governments, enterprises and organizations of all sizes to act decisively. This has really shifted the cybersecurity industry from a back-office IT function to a board level and national security priority. Within that global context, Plurilock continues to execute with discipline. We've built our business around real-world security needs, ones that are better becoming more urgent, more complex and more strategic with each passing quarter. And in 2024, we demonstrated the Plurilock is a trusted partner to governments and commercial clients across North America and NATO countries who are navigating this increasingly high-stakes environment. And I'll ask Sean if you indulge me to go to the business overview, and we'll talk about the 3 interconnected business segments. So Plurilock has 3 business segments today. We have our Solutions division, which is the core unit, which provides technology and cybersecurity products through an extensive network of partners and customers. It also serves as a key entry point for both our critical services and SaaS offerings. Critical Services, which is something we'll be talking about quite a bit on this call, is a specialized team that delivers tailored cybersecurity services to help clients address urgent security challenges and build long-term resilience and Plurilock AI, our proprietary Software-as-a-Service platform focused on advanced security and identity protection. While all segments are contributing to overall progress, critical services, which we formally launched in February of 2024, has become a strategic priority due to its significantly higher margin profile and its ability to create long-lasting client relationships. Acting as a trusted cybersecurity adviser, Plurilock brings deep domain expertise in regulatory compliance, security architecture, technology integration to support government agencies in Canada and the U.S. as well as large global enterprises. Our strategy is to build on existing customer engagements, transitioning them into recurring managed services. By introducing adjacent high-value offerings through our reseller network, we help clients solve more of their cybersecurity challenges, deepening relationships, increasing retention and enhancing profitability. So now I'd like to walk through a few highlights from the year. And so Sean, would encourage you to maybe go through and show our business update slide. So to start with the gross sales bookings of $81 million for the year ended 2024. This is an increase of 15% from our previously reported $70 million of revenue in 2023. Gross sales bookings are unaudited numbers, but are a reflection of what is our revenue -- what our revenue would have been rather had we continued to report with the same accounting practices that we had, had in the past. Now with that implementation of our new accounting practice, which focuses on recognizing revenue from software and services, over time rather than upfront recognized revenue for 2024 was $59 million, which was essentially flat over the new adjusted 2023 revenue. Now this shift aligns more accurately with the long-term nature of our contracts and strengthens our ability to build a predictable recurring revenue model. So as a result, we introduced backlog as a key metric to better reflect the scope and duration of our contracted business. And because we did not previously report contracted backlog on a consistent basis, comparing this quarter's results to past periods is inherently challenging and may not present a clear picture of the company's trajectory. We now have a contracted multiyear backlog, which as of December 31, 2024, was $56 million. This is a new metric that investors can track and use to model our future revenues. The introduction of backlog highlights the strength of our current business pipeline and provides a more meaningful indicator of Plurilock's future revenue and margin potential. And the backlog is comprised of both critical services as well as software revenue, which we expect to be recognized over approximately 3 years. Our critical services business grew 152% year-over-year to $8.7 million and we've added multiple professionals to support that demand. And so again, this critical services segment has been a primary focus of the business, and we also expect to continue to focus heavily on this segment moving forward. The other thing to mention is that Plurilock switch from hardware-centric technology sales to more software and services aligns with our core thesis of buying access to customers and leveraging that platform to drive higher-margin products and services. And really, these efforts have been designed to support longer-term margin improvement by diversifying revenue streams and deepening reoccurring service relationships. Gross margin increased to 13.1%, up from 8.5% as we continue to push our unique brand of higher-margin critical services as well as software, which led to gross profit increasing 50% to $7.8 million, even with the new reported revenue recognition practices, which, again, were flat roughly year-over-year. Now it is worth reminding folks that despite being a Canadian headquartered business, well over 90%, specifically, 92% of our revenue comes from the United States, which really positions us firmly in the world's most resilient and security-focused market. These achievements are not just financial. They're also strategic. As threats evolve, customers need partners who can not only sell cybersecurity products and technology but also architect and implement and operate those technologies and complex and real-time security solutions. And that's where Plurilock differentiates itself. We've deepened our role with customers by becoming a hands-on high-trust partner. And that also includes our strategic partnerships with leaders like CrowdStrike and Forcepoint, which are a very large part of that. These relationships help us expand market reach, solution, depth while also continuing to enhance our credibility. Leveraging our trusted position within the Canadian and U.S. public sector space with government agencies. We are now expanding further into the commercial sector. Our success and high stakes environments like defense and energy and infrastructure builds confidence in our ability to serve large commercial enterprises with equally critical needs. Now it's worth noting Plurilock historically has experienced a stronger half, which we certainly saw last year with Q4 and -- Q3 and Q4, consistently driving a larger share of our full year performance. Despite macro uncertainty and volatility, we continue to demonstrate operational resilience, consistency and strategic clarity. And we're executing on the focused playbook, delivering hands-on cybersecurity solutions, building long-term customer relationships and selectively expanding into commercial verticals where our credibility and expertise translates into real-world opportunity. In 2024, we made a deliberate investment in strengthening our sales organization along with our growing pipeline and evolving service offerings. And as I said, we've added multiple new professionals to our critical services and sales team. Plurilock's partner ecosystem also plays a critical role, both in market access and services delivery. The company is seeing steady engagement and continues to fulfill a wide range of customer requirements across both government as well as enterprise channels, which is contributing to active business development and customer acquisition efforts. And then as we continue to scale, we're committed to ensuring our sales function remains agile, aligned with our higher-margin offerings and supported by the right tools and incentives to drive long-term recurring repeatable customer value. And so really, it's the combination of these expanded capabilities, the deepening client relationships and reoccurring revenue momentum, which is beginning to generate flywheel effects and that's something that we expect will accelerate as we execute against our 2025 strategy. At this point, I'd like to turn it over to our CFO, Scott Meyers, who will walk through some of our 2024 financial results. Scott?

Thank you, Ian. So what I'd like to walk through is just our revenue margin performance, and then we'll take a look at the balance sheet. So while revenue was flat at $59.1 million, gross margin increased $2.8 million to $7.8 million. So this was mainly driven by our expansion in critical services. So if you look at critical services, we grew it to $8.7 million this year from $3.4 million, so more than doubling. This expanded our margin by $2 million alone on its own. So overall, our margin rate went from 8.5% of sales last year to 13.1%. And this near 5-point improvement again was driven off of mainly critical services, but we've also made some improvements in our resale business as well. Overall, that drove our adjusted EBITDA to improve by $2.9 million. If we take a look to the balance sheet, our working capital, so we've driven some of these improvements and it translated into our working capital improving by $2.2 million. Also this year, if you recall, if you've seen, even following what we've been doing, we converted $1.2 million of our convertible debt. So our total balance sheet improvement was $3.4 million this year versus last year. And with that, I will turn it back over to Ian to look at what's going -- coming ahead.

Yes. Thanks, Scott. So I think largely, we're going to continue executing on the strategy that we set out in 2024. We see flywheel spinning, and we want to continue that. I do want to emphasize that Plurilock entered 2024 with strong momentum a clear strategy and commitment to delivering value both to our customers and to our shareholders. I think that our foundation is strong. We're trusted by some of the most security-conscious organizations across North America. We're getting pulled into other organizations outside of North America. Our critical services business is scaling. Our pipeline reflects growing demand for real-world solutions. And we're not chasing hype. We're solving complex cybersecurity problems every day for our organizations that can't afford to get it wrong. So we see 2025 as a year of continued execution. We're expanding our presence in the U.S. commercial market. We're deepening relationships with public sector clients. We're pursuing higher-margin opportunities that will improve operating leverage. And we'll continue to invest where it makes sense. People, partnerships, performance while maintaining the disciplined focus that we brought so far. I will say as part of Plurilock's strategic road map, we're also actively expanding our footprints into NATO and NATO allied jurisdictions, by leveraging really our long-stand relationships with the public sector institutions in the United States and Canada. And in a world where the threat landscape changes day by day, resilience isn't just a goal, it's a requirement. And at Plurilock, we're ready. So thank you for your continued support. We look forward to delivering another year of progress, purpose and performance. And so with that, I might ask Sean, if you could help direct us through any, any Q&A that we might have, and we get into some questions.

Yes. Thank you, Ian and Scott. And thank you for everyone who's joined the call today and for submitting your questions. So as a reminder for others on the call who haven't submitted a question, you can click the Q&A tab at the bottom of the webinar and we get to them as they come in. So the first question, Critical Services ramping and the margins are good. How should we model blended gross margins over the long term?

I'll take that. So as our percentage of revenue becomes more weighted towards PLCS, we expect it to well exceed our traditional VAR offerings. So if you were looking to model this out, I would take our services revenue, which is published in our financial results and do your own projections there. Again, we're not giving forward guidance, but we are, if you could look at the performance. And what we just showed today, you can see the growth rate of services has been quite astounding.

Next question. Do you anticipate hiring more sales and support staff? Would you be doing that now or later in the year?

Yes. So for us, we did make an investment this past spring. So earlier this year, we set out on a specific strategy. We wanted to continue the flywheel spinning and accelerate those flywheels that we had last year coming into this year. So we did make an investment earlier this spring specifically targeted that. We are -- I mean, the short answer is we are constantly hiring. You never really stop hiring. I think for us, what that looks like is as we find new talent, we'll look to add those to the team. And I think the thing also that we're finding is that the salespeople that we've added so far have shown materially positive results. So short answer is we're always hiring. I think largely, though, this will be kind of more of a steady state where we add as additional sales performance makes sense.

Very great. Another financial question. At what revenue level would you be EBITDA positive.

Thanks, Sean. So again, we don't give forward guidance, but if you -- I would say, if you're modeling this out, I would look at what we've done and what we've accomplished over the past year, and you can see that we've been making a lot of strides towards that and look at our sales growth. I would say also consider how we've repositioned this business to be much more focused on services. We're also seeing that basically for every dollar of resell, there is almost $2 of services out there for us to go capture.

I think also just to add to that response. So the question is around what revenue level. I think actually, the key metric that we are looking at is gross profit, business really the focus for the business for the last 24 months has been very focused around driving gross profit. And I'll give you a practical example. If we have a salesperson and they have 2 potential sales opportunities, $1 million of technology resell at potentially 1% gross margin and $0.5 million of critical services at potentially 40% gross margin. Well, the latter example will drive significantly more operating leverage and gross profits to the company, but it will come at a lower revenue rate. And so for us, the key really is driving gross profit. I think also that comes with a quality of revenue improvement as well. So typically, when we're doing technology resell, it's a single transaction, whereas with critical services, not only do we get that initial sale, but we also get opportunities to sell additional products and services thereafter. So again, the way that we operate internally is really focused around gross profit, even to the point where our sales people are compensated on gross profit, it's not a revenue compensation plan. And so that's really the way to look at this business.

Yes. Okay. Great. Okay. I've got -- I'm going to merge 2 together that are also financial and then I have another one. So -- what -- this person is asking what the cash balance is now, it is probably tied together. And then another person is asking if you're raising capital. So maybe address the balance sheet.

Yes. So you'll see that at year-end, we've left the year with $1.4 million. Keep in mind then we've also done a raise of around $5.5 million. So we are not raising capital.

Very great. What risks do you anticipate with respect to the change in U.S. policy to protect U.S. businesses, if any?

Yes, it's a good question. I mean I think tariffs also play into this question. I mean, so from our perspective, the Plurilock corporate structure, we're Canadian headquartered, but we do have a U.S. operating subsidiary. And so if you're following press releases, we'll often talk about Aurora, which is one of our U.S. operating subsidiaries. Aurora is a U.S. company, it employs U.S. people. It sells U.S. products. It sells U.S. services to U.S. customers. So there's very little cross-border activity that takes place within that business. I would say that the broader trend though of supply chains being deglobalized has been occurring for many years. So if we zoom out from this specific question, I mean, we saw in the last 5 years, a huge shift away from purchasing brands like Huawei and ZTE from China or Kaspersky from Russia. So there's been this push for ongoing well before the current U.S. administration. There's been a push to kind of focus technology supply chains, including cybersecurity supply chains to be more aligned with friendly companies -- or excuse me, friendly countries. And so that's always been the case. Now I think what we have done really from day one is that we've made a very intentional decision that we were going to align ourselves with the 5 eye countries. So that's the United States, Canada, Australia, New Zealand and the United Kingdom as well as NATO-allied countries. And so that's largely Europe kind of with a focus around Western Europe, because we saw this trend very early on. And so we wanted to ensure that we, as a company, will ultimately align ourselves with the West. So we've tried to build our organization with that trend in mind. And you can see that show up in a number of places. You can see that in our corporate structure. You can also see that in our talent. If you look at -- if you look at our advisory council, for instance, you'll see Canadians, you'll see Americans. You'll see some British folks. And so you can see that kind of across the business. So that's the long answer and kind of the background for how we're set up and were structured. Obviously, we monitor the stuff pretty closely. But right now, we believe that we're well positioned for being successful.

Okay. That's great. Okay. I'm going to put another couple together here. Please explain your motivation to pursue interest in the U.S. accounting convention, PCAOB. And then the second follow-up to that, and I think it's probably linked is when do you roughly anticipate a Plurilock being listed on the NASDAQ.

All right. I'll take that one. So I think two things. One is just to clarify, PCAOB is an auditing standard, not necessarily like an accounting standard. So the U.S. and Canada have different standards. We're not going to comment on which one -- they're just -- they're different. And you need to have a PCAOB audited standard in order to list on the NASDAQ. So this is all part of the process for us to do some sort of potential U.S. uplift. In terms of timing, it's not necessarily upon us to say when we'll do this, there's definitely a series of steps. One is deciding how you're going to do it. So there's multiple avenues you can take, you can take a straight IPO. There's also potentially defined a NASDAQ shell and a few other options as well. We've been evaluating where our best option is, especially for our shareholders. And then there's a process. So we need to do -- part of this is the PCAOB. There's a few other steps that take a bit of time, and we have to get through, of course, SEC approval down there. Now part of the reason we're doing this is if you look at our valuation on the Canadian markets, we believe that U.S. listing would give us a higher valuation and get us more. We're basically undervalued here in Canada. And if you've kind of been following this space, there is a good business model for [ PE ] firms to also take out company and then later listed in the U.S. It made multiples on that. So again, there's, I think, a value gap between Canada and the U.S., and that's why we're focusing and putting attention here.

Yes. And I think just to build that answer. So the process has really started last year. I mean, we put out a press release announcing that we were reviewing U.S. strategic options. We've engaged a banker. And I think what you're seeing is that we are taking steps to be ready to try and realize some of that value discrepancy that Scott was talking about. And so there's a lot of work that happens behind the scenes to be able to realize some of that value. And I think the intent was really to educate shareholders on what we are doing to be able to go after that and try and ultimately realize increase shareholder value.

Okay. Great. [Operator Instructions] So one more here. Can you provide an example of a, a normal customer journey. You've said you are increasing software and services as a percentage of sales. How are you shifting them from hardware to software?

Yes, that's a great question. So there's actually 2 selling motions, and so I'll describe both. But we see 2 main selling motions within our business. So the first is that we have well over 400 customer accounts that we sell to. And that's really coming from the Solutions segment of the business where we sell technology resell to those customers. And so when we do that, when there's a transaction, there's usually an opportunity to have a conversation with that customer and say, "Hey, you've just purchased some firewalls? Do you need help to deploy it, to configure it, to operate it, to manage it. And so that becomes an opportunity for our critical services team to come in and start to introduce the customer to what we're able to do. So that's one way, and that was really kind of the focus in 2023 and 2024, we talked a lot about cross-selling during those years. And so really, it was around introducing our current clients, our captive audience to our critical services offering. Now I will say that of those 400-plus customers that we have, only a fraction today are critical services customers. And that's -- so even the revenue growth that we have seen so far in the Critical Services segment, there's still a very large untapped market within our current customer base. We are going after those customers with the increase in sales folks. And so again, I talked earlier about a flywheel, that's a flywheel that's running. So that's really the first go-to-market motion. The second go-to-market motion, and this is a little bit newer, but is a reflection of the critical services work that we've been doing late last year and then coming into this year, is that we're starting to get notoriety. We're starting to get name recognition, and we're actually starting to get pull through from some of our partners. And so that -- so the way that, that looks is that we will be introduced in some way to a potential new customer that we've not done any business with in the past. What we're seeing is that we will start working with them typically on a smaller engagement. It could be a pen test through our offensive security practice. It could be some sort of security assessment. And so from a dollar figure perspective, that might be a $50,000 project of some clients. Now what we do is when we get into that customer account, we're really learning about that customer's environment. We understand what they're doing. We understand where the gaps are. We understand where the shortfalls are. And then from there, we're seeing good success and then upselling to potentially a $200,000 recurring Red Team engagements, where we have now an existing relationship and an ongoing relationship with that customer. From there, then the customer gets a chance to see how we work. They -- we have great results and we have great testimonials from customers saying that they're happy. And then additional doors open. And so perhaps the customer comes to us and asks, "Could you provide some help around our Zero Trust strategy" or similar. And so the door is open, and then we start to see a flywheel of additional customer engagements. And then at that point, we have a great relationship with that customer. We're providing value. They're coming -- they're turning to us with their problems, and we can rinse and repeat. This -- that example that has gave was one that actually happened with a multibillion-dollar U.S. publicly traded firm. And it worked exactly like that. I mean it started with approximately a $50,000 engagement. It led to a low 6-figure kind of ongoing relationship. And I spoke to the CIO a couple of weeks ago, and they said, we need help with Zero Trust, and we also need help with how do we effectively deploy AI inside our security organization. So that's the second sales motion. And again, that's newer this year relative to years past, but that's the typical way we see these things building.

Excellent. Okay. I don't see any other questions in the queue. So I think we're going to leave it at that. If you weren't able to ask your question or you have other questions after the call, please reach out to one of us. We'll be happy to answer them. Our contact information is available on the screen here or underneath any of the press releases that we put out. I'll now pass the call back to management for closing remarks.

Yes. I just want to say thank you both, for everybody attending today and listening and following Plurilock story. We look forward to continuing to share our progress with you in the quarters ahead.

All right. This concludes Plurilock's fiscal 2024 Conference Call. We thank you for joining us. Have a good day.