Q3 2018 Earnings Call Transcript

Published: 9 Nov 2018

Operator:

Good day and welcome to the CynergisTek Inc. Third Quarter 2018's Earnings Call. Today's conference is being recorded. At this time, I would like to turn the conference over to Bryan Flynn, CynergisTek Investor Relations. Mr. Flynn, please go ahead.
Bryan Flynn:

Thank you, Operator. I want to welcome everyone to Cynergistek's Third Quarter 2018 Earnings Call. Joining us today from the company includes Mr. Mac McMillan, President and Chief Executive Officer; and Mr. Paul Anthony, Chief Financial Officer. Before we begin with the formal presentations, I'd like to remind everyone that some statements made on the call and webcast including those regarding future financial results and industry prospects among others are forward-looking and may be subject to a number of risks and uncertainties that could cause actual results to differ materially from those described in the conference call. Certain of these risks and uncertainties are or will be described in greater detail in the company's SEC filings. CynergisTek is under no obligation and expressly disclaims any such obligations to update or alter its forward-looking statements whether as a result of new information, future events or otherwise. At this time, I would like to turn the call over to our CEO, Mac McMillan.
Michael McMillan:

Thank you, Bryan and good afternoon everyone. During Q3, we continued the positive momentum started in Q2 by doubling the number of new security clients signing as many in Q3 as we did in the first 6 months of the year. We also extended half of our existing MPS contracts while increasing the scope of several agreements and rolling out an enhanced toner program for all of our clients through our premier partnership with HP. This partnership provides us the opportunity to offer higher yield OEM toner, which is better for our clients while reducing costs and improving margins. We also responded to 3 new managed print RFPs, successfully making it to the finalist round and we are hopeful to hear something positive in Q4. It has been hard work, but our focus on the fundamentals, execution of our plan on meeting our commitments and on building long-term relationships with our clients is absolutely paying off. Security is where we continue to see the greatest activity and growth. We saw multiple clients expand beyond their initial cap managed service by adding things like professional services, incident response and/or biomedical device security assessments. This quarter also saw more customers adding multiple services to their cap program immediately out of the gate or at renewal. Having a broad portfolio of healthcare differentiated security offerings is resonating with both our new and existing customers, allowing us to create more opportunities in the pipeline and expand our penetration in the market. The frequency of cyber incidents continues to increase in healthcare, along with the sheer volume of threats and represents a growing and significant problem. The healthcare industry is going through a transformation from a narrower compliance focus on HIPAA to a more comprehensive and security-centric risk management approach in its cyber security programs. Last quarter, we spoke about some of the new regulations that may affect the industry. New regulation will always create new requirements and new opportunities, but focusing on the regulatory requirements alone is not enough. Organizations must learn to adapt to not only meet governmental regulation, but also become more security conscious about the business impact of cyber events. In order to do this, organizations should focus on 3 persistent trends that continue to plague not only healthcare, but all industries. First, the attack surface continues to expand. Exploiting the supply chain for instance has been a major focus for cyber criminals as it allows them to expand the number of possible breach points while staying under the radar as they come in via trusted partner. Second, the lack of investment in cyber security that we have discussed multiple times in the past, preventing breaches has still not become a top priority for leadership when measured by the allocation of resources to the challenge. According to a study conducted by Hems Analytics and Symantec earlier this year, budget, staffing, and skill set imbalances were the three most significant barriers preventing healthcare firms from achieving a higher level of security. Finally, the explosion of IoT to include in particular medical devices has been recognized as a top security risk. According to a recent Ponemon Institute study, 80% of device makers and healthcare delivery organizations rate the level of difficulty in securing medical devices as being very high. Meanwhile, 67% of device manufacturers and 56% of healthcare organizations are expecting breaches involving medical devices over the next 12 months. Medical device compromises are both a cyber security risk as well as a patient safety issue. In late 2017, we created a dedicated role to lead our new service development efforts and we're seeing it pay off as well. The premise for doing this was to keep up with customer demands for new services to solve practical business problems. The strong relationships we have with our clients gives us an ear to the ground and an understanding of their struggles in maintaining their privacy and security programs. We are leading the market in development of security services and even though it's very early in their roll out, we're seeing a lot of interest and positive response from the industry. We will continue to focus on new service development, ensuring that as the industry adapts to the changes in its ecosystem, we are anticipating what that means from a privacy and security perspective. We always want to be in a position to help solve the practical challenges cyber security threats create and offer services that will address and solve those obstacles. Looking back at the third quarter, I am very excited to see that the services we offer have been able to meet these 3 growing trends in the healthcare industry. Our focus in Q2, which continued through Q3 was to take advantage of the industry-wide labor shortfall and provide healthcare organizations with a more cost effective and efficient way to run their operations by providing resources with the skills and expertise they need. We are making great progress and seeing high demand for our professional service offerings, especially in strategic projects where we added an additional 29 employees this year. These additions allow organizations to focus on their business while we provide talented cyber security professionals to fill critical gaps that they have thereby reducing unnecessary hires, improving operational performance, and reducing financial investment on the part of the customer. As a result, our Professional Services and Consulting revenues have grown by 39% year-to-date when compared to 2017. Our core managed service offerings also continue to show strong growth. Our sales team signed more than 15 managed service programs this quarter alone including 5 large academic medical center cap clients that selected CynergisTek to help develop and implement programs in security, privacy and compliance. Our managed services continue to fuel both long-term growth of the company as well as increase the opportunities to land and expand. I am most satisfied with the traction we are starting to see in our biomedical device security management program. We have closed 3 new contracts since its launch at the end of Q2 including just recently a 28 hospital system. The pipeline for these opportunities continues to grow steadily. One of the most exciting developments was the recent announcement of our partnership with Asimily, a leading solution for connected medical device lifecycle management and healthcare. This unique software combined with CynergisTek's new managed service offering provides an advantage that is unmatched in the market. The combined offering will allow healthcare providers the ability to identify and understand the number of biomedical devices connected to their network, the known risks and vulnerabilities associated with these devices and classify these risks as well as determine appropriate technical remediation priorities on an ongoing basis to help customers develop the strategy to secure these devices going forward. Lastly, not only did we increase the number of services we provide to our customers, we also increased the number of services we provide to our non-healthcare clients creating more opportunity for growth. We were very excited to deliver strong results across the board in Q3, which Paul will cover next and our sales team continues to make significant progress in bookings growth exceeding their booking targets for the second straight quarter in security. We've seen those bookings grew by more than 35% year-to-date when compared to 2017. Our teams have been working around the clock to increase profitability, improve our execution, and continue to innovate new service offerings. This hard work has put us in a favorable position as we round out the year and head into 2019. We have come out of the integration phase following the acquisition and are very focused on growth and performance to plan. Let me stop here and hand it off to Paul to review the financial highlights for everybody for the third quarter of 2018. Please go ahead, Paul.
Paul Anthony:

Thanks, Mac. Good afternoon, everyone. I was pleased with the results in the third quarter. Revenue was up 7% to $19.2 million compared to $17.9 million for the same quarter in '17. Breaking down the revenue into the new categories for Q3 2018 versus '17, managed services revenue was $13.6 million, which was a decrease of 10%. This decrease was a result of a 15% drop in our MPS related services due to non-renewals partially offset by a 13% increase in security-related managed services. As Mac highlighted earlier, our Q3 success in adding new security customers this quarter will continue to drive growth in this area. Consulting professional services increased by 51% to $2.9 million due to growth in security-related consulting and professional services provided to new and existing customers. Equipment, hardware and software resales increased to $2.7 million compared to $0.8 million for the same period in 2017. We saw gross margins decrease by 4% to 30% in the third quarter of 2018 as compared to the same period in '17. Although we expected a decrease in margin due to loss of some MPS accounts, the higher equipment revenue that is accompanied by lower margins and the fact that last year's margins were higher than normal due to some true ups of a few large MPS accounts, we're very happy with these results and they exceeded our expectations. Despite these challenges with the investment in the sales organization and the new cyber security programs, we were able to keep non-GAAP adjusted EBITDA after adding back stock-based compensation almost flat at $2.8 million or 15% of revenues for the third quarter of '18 compared to $3 million or 17% of revenues for the same period in '17. Non-GAAP adjusted earnings was $2.3 million or $0.24 per basic and $0.23 per diluted share for the third quarter of '18 compared to $2.6 million or $0.27 per basic and $0.26 per diluted share for the same quarter in '17. Full financials and reconciliation of GAAP to non-GAAP information can be found in the earnings release that came out earlier - actually came out last night. This concludes the prepared remarks. Operator, please open the floor for questions.
Operator:

[Operator Instructions]. We will now take our first question from Andrew D'Silva.
Andrew D'Silva:

Just a couple of quick questions here. First off, could you give an actual breakout between the security and managed print services side of the business. I know you switched over to kind of bundling by managed services and consulting and equipment, but are you still able to actually separate it on security versus print?
Michael McMillan:

Yes, it is still our plan to try to give you guys that information throughout the rest of the year. So for the third quarter, we did about $11 million in MPS services, $2.7 million in equipment, and $5.5 million in security.
Andrew D'Silva:

Okay, great and then as we start thinking about the gross margins, is this essentially the level we should expect it to kind of be at going forward, most - I'm assuming most of the headwinds have been cleared on the print side of the business and now you should steadily be able to continue to improve margins as you grow the security business. Is that the right way to think about it?
Michael McMillan:

MPS in the third quarter has traditionally been a little bit higher for us. So we did see a little bit of a bump. That isn't necessarily going to be the ongoing run rate for this business. So I would expect that to come down a little bit, but I think security was in line with our expectations. I think there is some room to potentially move up as we head in and see some additional growth as we head into the beginning in '19. So those 2 may have the opportunity to offset themselves. So if we're around this number, give or take a couple of percentage points is in line with what I would expect.
Andrew D'Silva:

Okay, got it and then when we start thinking about the biomedical side of the business, should we expect the primary sales channel for you to be analogous to what it's been historically through the hospital aspect or is there an opportunity for you to go directly to med-tech companies and get integrated into some of the protocols that they require with some of these devices. I know Medtronic had some bad press last quarter related to some of their medical devices having cyber security issues and I'm just trying to understand what kind of reach your company can actually have in the broader space over time?
Michael McMillan:

Sure. Andy, that's a great question and already we are basically selling through 3 different channels. So the first one is directly to our customer base install base that we have into hospitals - providers that are out there, but secondly, we are also working in relationships with some of the larger companies that do biomedical device management for healthcare and they're bringing us into the hospitals that they support and so we're really looking forward to those taking off because obviously that's a relationship where they already own the issue at the hospital and they're basically bringing us in as a partner. And then last, but not least, yes, we have had some inroads already with device manufacturers who are the ones that are being proactive about it and are looking to basically be able to go to their customers with a market differentiator of saying we have synergistic as our partner to help us secure those devices and do a better job for you. So really it's 3 different avenues, direct sales to providers, indirect sales through a partner relationship with the folks that manage those devices at those provider sites and then thirdly, with the folks who actually sell those devices to the sites.
Andrew D'Silva:

Okay, I was lucky enough recently to talk to somebody who was formerly - past life was in a security industry and worked with I believe the FBI or the CIA and now is working as a consultant with just large companies across multiple industries and what he essentially was saying is that companies that are in various fields don't feel like they are at risk if they are below a certain size and he was saying size of surprisingly large - he was talking to companies in the $10 billion range from a market cap standpoint and they thought they were too small to be targeted. Are you seeing that when you're looking at some of the companies that you're talking to you or is it heavily weighted to larger companies being more focused on security at this point or is it more broad outside of the hospital space, just more talking about the biomedical side?
Michael McMillan:

Sure, so certainly the larger the company is the more they feel that they've got a real target on their back, but we're actually beginning to see that realization come down to the smaller companies because everybody - I think everybody is beginning to understand - at least in healthcare where they - the difference between the healthcare space and some of the other industries is that in healthcare the breaches get reported, right, the incidents get reported. So everybody in that space sees that it's not just the large guys that get hit, but it's folks at all levels that get hit with incidents and so I think there's a little bit more awareness, if you will for folks that work in healthcare that I don't have to be big to be a target or I don't have to be big to have an incident. As it relates to the business associates or folks like the device manufacturers who necessarily providers, they see that as well and I think they are becoming a little bit better informed about that issue and there's a lot of information out there today that folks like the bureau and DHS and other folks are beginning to publish to try to help smaller companies realize that most of the attacks that we have out there today are very indiscriminate. They don't really know who they are attacking until they hit. They are really just looking for whoever is susceptible and you don't have to be a really big target or a really big company to actually be - to be a targeted organization and a lot of the smaller companies are also now I guess beginning to figure out that - or the larger guys are beginning to talk to them about the fact that they are also targets to get into the larger company. So in healthcare for instance, a lot of the businesses - the providers and especially the large healthcare providers are beginning to communicate to their third-party service providers and those other companies that work with them, particularly the smaller ones to say, we need you to be focused on your security because somebody hacks you, then they get into our organization through a backdoor through you and we end up having an issue or our information that you're handling for us gets put at risk and then it becomes an issue for us as well. So it's clearly the bigger guys have more awareness I would say about the issue, but it's beginning I think to trickle down to other folks to realize that you don't have to be a big player to be a target.
Andrew D'Silva:

Thanks for the color on that. And then just last couple of things here, as far as the different industries you are in, could you give a little bit of color as far as what the industries are and the breakout relative to percent of the business as it relates to healthcare and other industries. And then also private equity in the past and just other players in the space, both in the print services and the security services seem to have been in a M&A mode a couple of years back in putting a lot of offers out. I was wondering what the pulse was in the market right now and if you're getting any inbounds or if that market is cooling off at all?
Michael McMillan:

So those are I think multiple questions in there, Andy. So let me take the first one first and I think you were talking about or asking potentially what portion of our business, I guess from a revenue perspective is associated with non-healthcare entities and I'm not - I don't know that we know the answer to that, specifically. I know that in terms of numbers of customer, meaning different types of customer from a percentage of customer base, it represents about 20% when you group them all together, that are not specifically healthcare providers and that's actually growing. So at some point, Bryan and the guys can probably figure out what's associated with that from a revenue perspective, but from my perspective, what I'm looking for is, are we increasing the number of customers over there, which ultimately means we're also increasing the revenue that we're seeing from that business as well. The second question I think gets to the question of, you were really speaking about, were we seeing inbound requests to us with respect to M&A activity around MPS, is that correct?
Andrew D'Silva:

Or the security side of the business, yes.
Michael McMillan:

Okay, so the answer to both those questions is, yes, we see it all the time and there - because there are multiple organizations out there that are trying to roll, have roll up strategies where they're trying to roll up multiple players obviously to a larger entity that then has higher value in the market and that happens on both sides and we see acquisitions constantly in both security and MPS. So there is a lot of activity out there with respect to that.
Operator:

We will now take our next question from Matt Hewitt from Craig-Hallum Capital.
Matthew Hewitt:

Congratulations on the strong quarter. Few different questions here. First, the percentage of your bookings that were I guess multiple solutions, multiple services versus single and you commented that you are seeing more, but do you have a breakdown or an approximation, I mean is it 60%, 70% or greater now that are coming in and signing up for multiple services at the same time or is it - where do we sit on that?
Michael McMillan:

That's a great question and I don't know exactly that percentage, I just know that more and more of our customers that are coming in under one or more of the managed service programs, but primarily the cap program are either - they're not just buying the standard cap anymore, they're typically buying the cap with biomedical assessment, with professional services associated, with a vCSO generally speaking, 2 or 3 other services that we provide that we hope that they can then bundle under their cap and we're also seeing a higher percentage of the renewals when they come in, folks, not just renewing straight up with whatever they had before, but either changing the mix of what they had and adding different things or in some cases going from standard cap that they maybe sign the first time out and adding additional services going forward. Probably the 2 biggest areas that we're seeing them add is the professional services around vCSO and biomedical.
Matthew Hewitt:

That's great and it's a perfect lead-in to the next question, which is earlier this year, you had added regions, you kind of restructured, if you will or reorganized the sales regions, you went from 5 to 10, you commented earlier that you've added numerous new employees to that team, how has that played out? I mean it sounds and it appears that it's hitting the mark, but maybe where are you in that process or do you think you still got to have maybe another quarter before all of the new hires are up to speed and so there still may be some growth potential out of them before you look to add more or any color along that re-org would be helpful?
Michael McMillan:

So, yes, that's a great question. So, we are absolutely - I think we're absolutely seeing the benefit of shifting to that strategy because just in the level of interaction that we're having with existing clients with those account reps being more involved with those accounts and staying with them after that initial sale and going back to them, I think that's where we're seeing a lot of the uptick in additional services because we're seeing a lot of add-ons to caps now that resells that those sales guys are bringing in, that they have that initial sale with the customer around a cap - new cap customer, then they go back in there a month later or a couple of months later or after the first assessment and say we can help you with this, we can help you with that and they're adding additional services. So it's having a - and that was part of our strategy for going forward for organic growth, it was not just the standard growth that we're seeing year-over-year in terms of adding new cap customers, but adding new managed services to these accounts as well as up-selling other services to those existing customers. So we're absolutely seeing that begin to happen. We do still have some folks out there that are fairly new, that are - just have one quarter under their belt and as you'll hear me talk about a little bit later, we just brought on board our new Vice President for Sales and Marketing, a gentleman who has a lot of experience in selling cyber security services previously. So we're hoping that, that too will make a difference as well going forward, but yes, I think we're probably, we still have - we're still not quite where I'd like us to be with respect to overall performance in that sales team. We have some folks that are knocking it out of the park. We have other folks that are doing a fair job and then we have other folks that are still coming up. So it would be nice to get everybody to a point where the overwhelming majority of them are performing at least at a good clip because that will make a world of difference.
Matthew Hewitt:

That's very helpful color. Maybe one last one for me. On the managed print service side, the 3 RFPs that you're still in the running, are the market dynamics still the same there, the same players that you've historically seen, has there been any changing on pricing, is that still the area where they tend to compete? And I guess for you how much of a difference does it make now versus a couple of years ago or I should say over a year ago where because of the breadth of the security side that is now the key differentiator as far as you're concerned and you're making sure that the potential customers understand that. Thank you.
Michael McMillan:

Yes, absolutely. So nothing has changed in the market. The market is still as we've described it in the past. It's still very much a downward pressure scenario in terms of the overall market. There is a little bit of change in the market today because there are also, as we talked about earlier folks out there who are rolling up MPS companies trying to create larger MPS organizations. One of the things that's helped us tremendously on that side of the house is our relationship with HP and the plus is that we've been able to bring to the table on the equipment side with our existing customers and consumables like toner with our existing customers and with new customers in terms of competitiveness on price, but the new - the RFPs that we have been brought into are very much what we were expecting in the sense that they are ones where we have relationships with the client or had previous relationships with the client and have been brought into those RFPs and fortunately in the case of at least 2 out of the 3 of those is really basically the incumbent and us that's competing for the business, but the nice thing too is with respect to the new model that we have and the restructuring that we did last year, all 3 of those opportunities are far better margins for us out of the gate than in the past, but they are not going to make up the difference for what we've experienced in the last 18 months in terms of a drop on that side of the business, but wins are wins and they are always nice to have and one of our goals has been wanting to get that business working and to get that business stronger and profitable and healthy and regardless of what happens to it in the long run so that it's a viable part of the company and carrying its part of the load.
Matthew Hewitt:

Congratulations on the progress so far.
Operator:

We will now take our next question from William Gibson.
William Gibson:

Mac, on the managed services side for security, what sort of the time frame from the range of contracts and how long they last?
Michael McMillan:

Sure, and thank you, Bill for being here. So most of our managed service contracts on the security side are 3 years in duration. That's pretty much the standard. We have a few that are longer than that, they are 5 years. Typically, what we see with some customers is after they've been with us for some period of time, their third or fourth renewal, if you will, a lot of times they'll say, can we renew for a little longer period so we don't have to go through contracting as often and when they do, we say sure, we'll go to 5 years, but most of those contracts are 3-year contracts, which is pretty much what the industry expects and we've learned is what their appetite is for, if you will.
William Gibson:

Thank you and then back on the device side where you talked about 3 new customers signed essentially introduced it. Are all those assessments or has anyone moved past the assessment stage?
Michael McMillan:

So all three of those are assessments and we are hoping - we have a couple of those that are talking to us about what comes next and we have - and we actually have a couple that are actually talking to us about what comes next before they do an assessment. So we really didn't have the managed service component of that ready until just recently. So that kind of sort of makes sense if you will in terms of where we're at, but now that we do, there are a number of folks that they're going through the assessment because they - first, they want to see how well the technology actually works. So they really treat the assessment as kind of a proof of concept, if you will, in terms of understanding how the technology works and our process, but really what they're interested long-term is how do we manage these devices better and so it's almost nobody is - I don't think there's anyone that we've talked to that has just been interested in an assessment in the sense that that's the only thing that they're talking about.
Operator:

We will now take our next question from Bill Sutherland from Benchmark Company.
William Sutherland:

Just curious again about the print side. So the renewal situation is nothing of major consequences until after next year?
Michael McMillan:

We have two contracts that come up for renewal in the first part of 2020, but we've had conversations with both of them with respect to early renewals. So we will be having those conversations in earnest with them this next quarter and for the beginning of next year, but, yes, that's where we are on the renewal front.
William Sutherland:

Okay and then the RFPs, it sounds like from your prior question that they are significant, but they don't offset what the ones that didn't renew last year? Is that fair?
Michael McMillan:

Yes, two of them are what I call normal size. That's probably a bad way to put it, but they are average size, if you will. One of them actually has the potential to be a much larger opportunity because it was the much larger health system. So hopefully that will materialize, but the good news is that as I said before, all 3 of them are based on very positive relationships with people at those organizations that we have sold to multiple times in the past and at least 2 of them were our customer on the MPS side at other organizations and invited us in and so we're very hopeful that's a positive sign that we've got a better than average chance at hopefully winning those.
William Sutherland:

Okay, great. I had one question on the managed service contracts, are they, I know they're probably all over the place in terms of scope and size, but should - I'm just kind of getting the feel for what it means to sign 15 for instance contracts in the third quarter just in terms of order of magnitude, is there anything that's helpful there?
Michael McMillan:

So I think the, Paul do you know the average size of it?
Paul Anthony:

No.
Michael McMillan:

I think, Bill, to answer your question, I think the average size of those contracts is somewhere between $200,000 and $250,000. Some of them are much larger than that. One of them was in fact much larger than that at an academic medical center that we signed and I think we had a press release on that one that went out earlier this year. So they, but typically speaking, they range somewhere between $0.25 million and $0.5 million normally depending on what they - the size of the organization and what they put in their cap, but then every once in a while we land one like the one that I spoke of where it's much larger because it - that one - that particular one included not only a three year cap but it included professional services, it included a vCSO. It's now been increased to include services on the privacy side and we're currently in discussions with them to expand the professional services footprint there, actually tripling it in size. So it's just - they can - like anything else, they can be very large or they can be routine depending on what the customer is looking to do.
William Sutherland:

No, I get it, but is that $250,000 to $500,000 over the multiple years or is that per year?
Michael McMillan:

Correct, it is over the three years.
William Sutherland:

It is over three years, okay. And Paul, just one quick one for you on the effective tax rate. I'm not sure what to - how to think about that at this moment?
Paul Anthony:

As far as - are you talking about from the cash perspective or -
William Sutherland:

Actually looking at the P&L and it was just a higher effective tax rate this quarter.
Paul Anthony:

I mean nothing changed this quarter that would have resulted in anything on the tax side. So we haven't seen any - other than the fact that we changed to a profitable position for both the quarter and the year-to-date, which might have triggered some of that. So we went into the black.
William Sutherland:

On a go-forward basis, I thought you guys with the tax - like the tax law, you were in the ballpark of 24% just to use the P&L.
Paul Anthony:

Yes, that's still the case. Yes, that still holds.
Operator:

We will now take our next question from Jeff Bash at General Pacific Partners.
Jeffrey Bash:

Good quarter, guys. With the factors that accounted for the acceleration in security bookings in the third quarter, how would you assess the durability of those factors going forward?
Michael McMillan:

So I would assess them as very strong because I think a lot of the factors that played into that were - we finally by the end of the second quarter, we had finally gotten most of sales positions filled and folks had - majority of them had at least a quarter under their belt in terms of beginning to build their pipeline and starting to sell and I think that has a lot to do with it. So I would think that it's - I think that's number one, that isn't going away. We've got the hope - I'm hoping not to lose my sales team tomorrow, but I think that had a lot to do - that has a lot to do with it. The other thing that I think had a lot to do with it, we continue to be fortunate enough to finish #1 in the various class reports around cyber security and healthcare and along with the other rankings that folks that are looking at companies in our space and that has a lot to do, we're having a lot of folks that are - we're not having to work as hard so to speak to bring customers into the program because they're starting off the conversation where I've heard you guys are the best and I've read the class report or I've talked to so and so. The biggest I think factor there has been, we finally have enough feet on the street to actually get out there and talk to more people. I think that's - like sales is always as you know, it's always a problem with numbers and the more you can put in the top of that funnel, the more that's going to end up coming out dripping out at the bottom and we have - we're seeing more coming into the funnel.
Jeffrey Bash:

Good, now in the past, the company's business was seasonally weak at the beginning of the year and stronger at the end. How do you see seasonality going forward?
Michael McMillan:

Well, let's cancel where we were this year, right, and that's a great question. I'm not - I don't really, I'm hoping that we start a new trend next year and be more balanced throughout the year because I'd like to - I know Paul would like to see that from a revenue recognition perspective and I think that should improve over time as the pipeline continues to improve and more and more customers come into the picture, but, yes, it's been - a lot of its artificiality. I mean this year, obviously a lot of it had to do with changes in Washington with respect to Obamacare and reimbursables and that - whenever that happens, everything tightens in healthcare and you go through a hurry up and wait until the CFO's figure that out and you can't really predict those, but it seems like a lot of that stuff seems to happen right at the end of the year. So first of the year is always this trying to figure out where healthcare is going to go, but I think it's - I'm really open that as we head into next year that we're able to smooth that out so to speak because we've been working really hard trying to do that.
Jeffrey Bash:

Good. Now with the recent addition of Jon Hilfiger to head sales, does the company now have all the leadership in place to take it to the next level?
Michael McMillan:

It does, especially from a sales side, so, we that - it will be - this will be the first quarter, so to speak, that we've had that team - had that whole team together and a leader for that team. And so I'm really looking forward to Jon's influence.
Jeffrey Bash:

Next, is the company at all capital constrained and pursuing all it would like to do in the security business and I guess this is somewhat related to an earlier question about inquiries on the MPS side about acquiring the business. Are you in a position where if you had more money, you could do more things, are you really able to do all the things you want now and then whatever you do with the MPS business has to do with the value of the company with it or without it.
Michael McMillan:

Yes, I mean obviously part of that was a rhetorical question, I mean obviously if you had more money, you could always do more, but I think the short answer, Jeff is I think organically we're in great shape with respect to the things that we want to do, but there is, we are looking at - we are continuing and in fact one of the things that I've asked Paul to do with Bryan and some of the help from some of the board members is really actively look at a strategy going forward, an acquisition strategy going forward to be able to add to our existing organization to accelerate some of our growth and to look at some strategic tuck-ins that can absolutely bring value to the company and or intellectual property that can bring additional value to the company and obviously there's always a balancing act between what you can do in servicing your debt structure and those kinds of things, which I think Paul does a fantastic job of, but I think from a straight up organic perspective, I think we're in fantastic shape right now in terms of not worrying about that, but yes, at some point as the organic sales and the organic growth continues to happen, I'm very hopeful that and excited about what potentially could come next in terms of what we're capable of doing.
Jeffrey Bash:

Well, keep in mind that in terms of acquisitions, the price of the stock is material and that is affected by anybody's perception of the MPS business.
Michael McMillan:

Yes, sir.
Jeffrey Bash:

The last question has to do with what I call the Red Adair firefighting strategy. You had talked about having an initiative where people would sign up on a subscription basis that have a tax responded to by the company with a team of the people who may be doing something else meanwhile, but would be dedicated to that effort. What kind of response have you gotten to that?
Michael McMillan:

So, we've actually gotten kind of a lukewarm response to the incident response initiative. Those customers are current installed base, they are very comfortable with using us in that vein, but in terms of actually having that expand beyond that, what we're seeing is that, what's critical to that business is not so much the capability to be able to do that, which I think everybody recognizes that we do and we get asked to do it all the time, but it's the relationships with the insurance companies, which is something that we're looking at now and that most of the firms that specialize in IR have relationships with the insurance companies so that they are preferred vendors under those various insurance agreements so that when organizations have incidents and they want their cyber security insurance to cover them, a lot of times they have to use whoever the preferred vendor is and so a lot of organizations have that. What's interesting is that, a lot of the companies that specialize in that space focus almost exclusively on the forensic piece, but not the other things that the organization has to do. So we're seeing folks acquire our support in building their IR program and running table tops and exercises around IR and in supporting them on the back-end after an incident with respect to remediation or recovery, but that piece in the middle with respect to the reaction and the forensics which is one of the reasons why one of the things that we're looking at from an acquisition perspective is perhaps acquiring that capability and so we have not only the ability to do that, but perhaps those relationships with the insurance companies that are very critical.
Operator:

We will now take our last question from Chris Brown from Aristides Capital.
Chris Brown:

Just a question for you, was there anything that was particularly excellent on the consulting and professional services side in Q3 that was kind of one-time or unlikely to be sustained in Q4?
Paul Anthony:

Well, let's go through Q1 there is a large contract that we've got in place that got in full cycle coming into the third quarter and we expect that through the fourth quarter and into the first quarter of next year. So we are hoping to obviously replace that with additional sales that will offset that as we go, but we do have a large deal that was fully running up in the third quarter.
Chris Brown:

Can you comment on what the roughly what the quarterly size or impact to revenue is on that deal right now?
Paul Anthony:

Yes, I can't provide that level of detail.
Michael McMillan:

But so far on the business side, I'm actually hopeful that we're going to be able to extend a lot of those resources there and in fact, we've already been able to do that with several of the folks that are there, they tend to get in there, do a good job and then the customer says, well, I got another project for them. So our goal is to get there and never leave, but Paul is right, the current contract at least goes through I think the end of the first quarter.
Chris Brown:

Okay, was that contract more than half of your consulting and professional services revenue in the quarter?
Michael McMillan:

It wasn't quite at.
Chris Brown:

And then my last question for you on the managed print services side, obviously, you said you were down 15% year-over-year, it seems like given the pace of renewals that you should be down less than 15% or closer to flat over the next 12 months, I was just wondering how I should think about that going forward?
Michael McMillan:

As far as the run rate on MPS managed services, I think we're probably getting close to that bottom point. We still got some comparatives to last year that are dragging that percentage, but we should be pretty close to that bottom point as we get into the first quarter of next year because we did see a loss earlier in this year as well. So we hope to see it, but I think we're getting pretty close to that bottom.
Chris Brown:

That's good to hear. Would you say that when you say close to a bottom, do you feel like the gross margins that you have there are also fairly close to a bottom and sustainable or do you see like continued margin pressure in that business?
Michael McMillan:

I think we'll see continued margin pressure in general in that business just from new accounts as well as renewals. So I think that will always be there, but I think the larger hits that we had taken in the past and the experience we probably seen the worst of that, but we'll continue to feel margin pressure in this side of the business.
Operator:

Thank you. It appears there are no more questions at this time. So I'd like to hand it back to you, Mr. McMillan for any additional or closing remarks. Please go ahead.
Michael McMillan:

Thank you, sir. So we had strong bookings in the second quarter, which gave us momentum that carried us through Q3 and is now positioning us to close out the year strong. We are going to continue to focus on building our pipeline and on our land and expand approach to further strengthen our market leading position. We all know that cyber security is going to be one of the top 10 challenges facing healthcare executives for the foreseeable future. We fully expect the threat picture will continue to evolve and with it the risk to patient information and care operations will grow. Cyber security skills gap will be with us past the next decade and organizations will have to turn more and more to external support to meet their resource needs. As a result, we expect to see greater need for our professional services. IoT in general and medical device security specifically for healthcare are finally receiving the attention they deserve, but this too despite the solutions we now have is a challenge that will be with us for years to come. The reality is that there will always be new cyber security challenges in information technology that companies will have to overcome and both services and technology will be critical to successful outcomes. CynergisTek will continue to focus on being that trusted partner that our customers turn to for their cyber security requirements. As a final point, and as you may have seen in our recent press release, I'm pleased to announce the appointment of Jon Hilfiger as the company's new Senior Vice President for Sales and Marketing. Jon brings more than 20 years of cyber security experience in global sales and business development. Jon brings a wealth of experience and knowledge to our executive leadership team and we're looking forward to him driving our marketing and sales efforts to new heights. This Saturday is the Marine Corps' birthday. They turn [indiscernible] years. So I'd like to say happy birthday early to any Marines listening in, Semper Fi, and I'd like to thank everyone else for joining the call today and Paul and I look forward to talking to you soon. Thank you, operator.
Operator:

Thank you. This marks the end of today's conference. We appreciate your participation and you may now disconnect.

Q3 2018 Earnings Call Transcript

Other earnings call transcripts: