Cerberus Cyber Sentinel: Speculative Cybersecurity Prospect (NASDAQ:CISO)

In this modern era, where so much is determined or controlled by computers, cyber security is, sadly, a very much in-demand thing, without which data theft would flourish even more than it does. There are a number of players in this market, some large and others small, that warrant the attention of investors. One such prospect to consider that is on the small side is Cerberus Cyber Sentinel (NASDAQ:CISO). While many companies in the space prioritize specific hardware or software applications to address cyber security needs, Cerberus Cyber Sentinel focuses largely on providing consulting services around this space. Although the company is impossible to value at this time, it has undergone a number of transactions aimed at boosting sales and, hopefully, generating positive cash flows and profits. There's no doubt that this is a highly speculative prospect at this point in time. But if management can reach critical mass, this might not be a bad investment to entertain.

Cybersecurity is a massive market

No matter how you slice it, cyber security is a major pain point, not only for companies and governments, but for the global economy more broadly. According to an investor presentation provided by Cerberus Cyber Sentinel, an estimated $6 trillion was lost to cybercrime in 2021. That works out to about $11.4 million per minute across the globe. By 2025, the amount lost to cybercrime every year is expected to reach $10.5 trillion. To address these concerns, companies, and governments across the globe have invested heavily in the market. $170 billion is getting spent each year worldwide on information security. And there are an estimated 3.5 million job openings in this space in the US alone. Management has pointed out IoT (Internet of Things) devices as being particularly vulnerable, due in large part to the fact that's the number of them worldwide is expected to nearly triple to 25.4 billion by 2030.

To address this market need, many players in this space dedicate their efforts to developing specific technologies aimed at combating or otherwise mitigating the impact of illicit cyber attacks. But this is not the only way to handle things. There's also the approach of providing consulting services that aim to address weaknesses within a company and that try to pair up a client with the providers that will prove most valuable for them. That is where Cerberus Cyber Sentinel comes in.

A rapidly-growing niche player

Founded in 2019, Cerberus Cyber Sentinel has grown into a $1 billion company. The firm did this largely through acquisitions, with the first of these being of GenResults in April of that year. Since then, the business has undergone over a dozen different acquisitions, each one aimed at growing its footprint and acquiring customers and talent. Today, the company is set up to offer its security professionals to clients in order to help those clients achieve security on the cyber front. Historically speaking, Cerberus Cyber Sentinel does not sell cyber security products. Instead, they act as, in essence, an advisor that can offer services such as consulting, compliance auditing, vulnerability assessments, penetration testing, cyber security training, and more.

The nature of what Cerberus Cyber Sentinel offers is changing rapidly. But during the company's 2020 fiscal year, it generated about 74.9% of its revenue from providing consulting services. These activities include all of the aforementioned items such as compliance auditing and penetration testing. But the business also generated 25.1% of its sales from managed services, which included offering CISO-as-a-service, providing culture education and enablement, evaluating a client's policies and procedures for regulatory and compliance purposes, and more. The reason why I say that the picture is changing rapidly is because the company continues to make a number of acquisitions.

In just the past few months, for instance, the company announced no fewer than four different transactions. Many of these are in exchange for new shares in the business. For instance, the company acquired Arkavia, a company that specializes in penetration testing for the purpose of seeking out vulnerabilities in a client's computer systems, in a deal that cost shareholders 3.1 million shares of stock. At current pricing, that translates to $23.44 million. The business also made some smaller purchases, such as RED74, which is an integrated risk management services firm, in a deal valued at 340,000 shares, or $2.57 million, plus another $50,000 in cash consideration. Another deal involved ATE and ATS, costing the company 200,000 shares worth, today, $1.51 million, plus $225,000 in cash and the possibility of another 100,000 shares based on certain milestones. Of course, the largest recent acquisition was of True Digital Shares. That deal cost the company 8.229 million shares of stock, valued at $62.21 million today, plus $6.153 million in cash payments. This is not all that management has done recently.

The company also issued $1.5 million worth of convertible notes that can be converted at a price of $5 per share, implying an effective price today of $2.27 million. This is not the first time the company has gone the convertible note route. Also on its books today are convertible notes worth $3 million that convert $2 per share. Today, that would translate to $11.34 million in value. On top of this, the company also issued shares, in January of this year, at $5 per share in a public offering that, when combined with underwriters’ option of 60,000 shares, has broad and gross proceeds of $10.3 million. The reason why I bring up all of these miscellaneous transactions is because they do have a dilutive impact on the business. In effect, factoring in the complete conversion of these notes, and looking at the acquisitions the company made, shareholders have been diluted, from November of last year through the time of this writing, by 11.8%.

Though this may sound like a complaint on my end, I don't see it as a negative. Unfortunately, because we do not know the financial performance of all of these companies Cerberus Cyber Sentinel has acquired, we cannot know if shares are appropriately priced or not. All we do know is that, in 2020, the company generated revenue of $7.24 million and saw a net loss of $3.4 million with cash outflows of $1.7 million. These compared to results reported in 2019 of $1.91 million, negative $1.35 million, and negative $0.2 million. We also know that management, with the latest acquisition it made, announced a new milestone of reaching annualized revenue, in the 12 months ending in the third quarter of its 2021 fiscal year, of $45.5 million. So we know that, from a revenue perspective, these transactions have had a big impact on the company but an unknown impact on profitability. More likely than not, however, shares are rather pricey. Even if the firm were to generate a 50% profit margin, it would be trading at 44.4 times net income. Such a profit margin is highly unlikely. And a more realistic figure in the 10% to 20% range, if the company is profitable at all, would imply a multiple of between 110.9 and 221.8.

None of this is to say that the company could not well grow into this kind of valuation. Over the past 12 months, we have already seen tremendous expansion in revenue as I highlighted already. In addition, the company has a couple of good things going for it besides the aforementioned market growth that it should be able to benefit from in the years to come. Most notably what is political support in a statement made by the Biden Administration on March 21st of this year urging private industry to ‘harden’ their cyber defenses ‘immediately’. The Administration did this to warn about the threat of cyberattacks that could come from the Russian government during these times. It's unclear how much of an impact this particular call to action may have in the long run, but it should not be seen as a coincidence that, on the day of the announcement, shares of Cerberus Cyber Sentinel increased by 26.2%. Another possible contributor to this was the announcement, on this same day, that Ashley Devoto, formerly the CISO for the giant Booz Allen Hamilton (BAH), had decided to join Cerberus Cyber Sentinel as its CISO. The addition of such a qualified individual from a major cybersecurity firm should serve as a large vote of confidence for shareholders.

Takeaway

Right now, things are looking exciting in the cyber security space. It's unclear whether and to what extent shares of Cerberus Cyber Sentinel might be overpriced or undervalued. Clearly, if the company can continue to grow at a rapid pace, it could well grow into its valuation. But any obvious bet on this would be speculative. For investors who want to buy in, that risk may be considered acceptable when you consider market conditions and the current global political climate. But for investors who focus on the value approach to investing, significant caution is still warranted.

Comments are closed.