Thanks for the notes. Can you detail what collaboration protocol they use? It's hard to know how to respond to that comment.

I'm not sure if you're aware but the Australian department of defense over the next 10 years is undergoing major transformations particularly around the way they use and secure data through the One Defense Data program.

NC protect helps with attribute based access control within the Microsoft suite and CUI which is controlled unclassified information. These are methods that are used to secure the file at the micro level. It sounds fair to say that you have some knowledge of what you're talking about and so could you elaborate as to why that various levels of government or defence would not be intending to update their current data use with ABAC, particularly given the amount of hacks that happen through the weakest chain entry points.

Thanks for your time

Well it has been a while since I was in there, but it was just Microsoft suite with managed identities and bespoke software that you were granted access too based on clearance, need to know, and other requirements. You don't need to do file-based access control to do access controls. Find your nearest IT professional and ask them about identity management, and have a bottle of bourbon on hand.

Is the DOD moving to document-based control? Maybe, I don't know and will never return there.

Does NC protect do more than SharePoint now? (It didn't used to be the case) Your statement about MS Suite implies it, but that would be news to me - it wouldn't change my counter thesis though, as everyone else using MS today can do access management based on Identity management products.

On the idea of document-level ABAC vs hacking. Let's be clear these are two completely different concepts. Simplest way for me to illustrate this is by saying it almost impossible, and very rare these days, to gain access into a network without collecting identities and access controls from that network. The document is locked down to Johnny Sasquatch? No problem, because we dumped Johnny Sasquatch's passwords to get to this point. At that point, that deep in a network, the hacker IS you, or your boss, or more likely the IT guy.

Document-level ABAC is for preventing one thing - espionage (commercial or state) effected by an inside threat. That's it, the sole niche. And that's why, in my counter-thesis, very few organizations are going to fork out >$500K to configure an expensive ABAC solution that doesn't even fully control that risk^

Counter-intelligence and security are really hard, this isn't the silver bullet.

^the bad guy can still use their access to modify and loosen documents they have access to.

Thank you for your time and explaining that in layman's terms.

Insider threats are what makeup the majority of breaches but I guess what you're relaying is that a compromised identity is what an insider threat means and that's how access is sought? That would make sense to me.

If it is indeed the case, that there are such a small market fit, then I'm unsure why some of the information and contracts could/would be available. Hoping you can elaborate and help strawman my investment:

- Defence Industrial Base (DIB) have CMMC 2.0 coming into effect in 2025. This is the Cybersecurity Maturity Model Certification program, aligned to US DoD's information security requirements for DIB partners. It is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors. Even more critical with the aukus arrangement. This has very specific need for CUI (mentioned above)

Most notable, the comments by Richard Wakeman, also relevant Brigadier Warren Gould in regards to your previous comments around NC being redundant and impractical.

Notes for investment thesis:

Archtis is part of the MISA (Microsoft intelligent security association), guiding dialogue and solving problems. Hard to know what actually happens there, if it's genuine or a lofty title.

There is a mandated government spending on Australian capabilities for the Aus dod spending.

NCencrypt is another one of their products that has current contracts

Kojensi is integrated into the current departments

I understand you can't comment anymore on the One Data Defense program or movements since you are not in the sanctum, but you would have to admit that on the surface sounds like there is interest and intent to upgrade capabilities upon what currently exists, of which the archTIS team are part of the architecture advising team along with KPMG. There's a 200 page document that outlines a lot of critical need that archtis products do fit.

Thanks for your time and any commentary you can provide.

Sorry but I don't really know how to elaborate any further. It's too time consuming to counteract so much spin. The narrative has been stable since inception, so I guess, look at all those big badges they have and then draw a line back to their current revenue and ask why is it so low? How many more sexy customers like that exist out there? Low dozens, tops? If you got all of them how much would it add up to? Would they even deliver it without COGS going up? (They haven't so far).

"There's interest"

"Government Funding"

"Collaboration programs"

Can you map any of those back to tangible returns to you, the shareholder?

Add in another 2-3 government departments at 50-200 seats each. Add one more university doing defense research (or more if you can find them) for the minimum 50 seats. Add in a round dozen DI contractors for random numbers between 50 and 1000 seats.

Just as a final response:

My personal take is that the defense industrial base will be an area that they have been working towards securing for when cmmc 2.0 comes in to regulation. That program keeps getting pushed further and further into the future by the US government it seems to be set in place now with realistic time frames.

The Aus tender website lists Archtis as a vendor under multiple current and future contracts. The switching costs are high, the churn rate for this company is near zero and every contract they have received from the government trends upwards. I appreciate your responses.

For me the risk reward seems reasonable at the current price, I am down on my holding like everyone else who has invested in this company and can only reevaluate the opportunity cost if I was to redeploy funds, it would still rank high. Whether governments and businesses decide that the reduction of risk to espionage by employing these products is worth it, only the future will tell. My gut feel is that you may be slightly biased and too close, much like I am biased by my anchor and time investment in the company.

I hope we can interact in the future.

I am 100% biased, I had long and ugly interactions with Peter Woodland (aka Tumby of Hotcopper) and a dozen or so Queensland tradies (do they all hang out at the same pub?) who got very angry, very aggressive, and very threatening while they were pumping this shamelessly through 2020 and 2021 - moving in the same circles as people like Tyson Scholz.

And management enabled them at every, single, turn.

I agree with you though, that at this valuation it is compelling. Especially if we all understand this isn't a $250-500m stock any time soon then no one gets hurt!

Not a good look, you're absolutely right. I believe we are not defined by one action, or inaction. But you would certainly hope that people learn from experiences like that, because it is certainly distasteful. I hope the new inclusions into the company provide some greater leadership. ????

Some words from the CEO, particularly around near term opportunities.

Last company to present.

https://youtu.be/G9hXc2IiFNg?si=WxDXLflvH_eRa1bi

Comments:

Contracts sole sourced - no competitors.

Customer churn - zero.

POC win ratio - greater than 95% success rate.

POCs won - waiting on budget allocations.

Kojensi clients - SAP, Thales, Rheinmetall, SAFRAN, Hanhwa, TOLL, babcock, etc.

Margins - increasing in line with revenue base shift from services to licence-based.

Cashflow - neutral to positive being targeted.

If these comments are all true - the value of the business will be materially higher, and justify the oft-spoken about re-rate.