Plurilock Security Inc

XTSX:PLUR

Good afternoon, and thank you for joining us for Plurilock Security's conference call to discuss its financial results for the third quarter of 2024 ending September 30, 2024. I'm Ryan from Sophic Capital, and we handle Plurilock's Investor Relations.

On the call today, we have Plurilock's CEO, Ian Paterson; and CFO, Scott Meyers. [Operator Instructions]

Before Management discusses the results, I'd like to remind everyone that certain statements in this call may be forward-looking in nature. These include statements involving known and unknown risks, uncertainties and other factors that could cause actual results to differ materially from those expressed or implied in our forward-looking statements. For caveats about forward-looking statements and risk factors, please see Plurilock's MD&A for the quarter ended September 30, 2024, which can be found on our company profile at SEDAR+.

I will now pass the call over to Plurilock's CEO, Ian Paterson. Ian?

Thanks, Ryan. Good afternoon, and welcome to Plurilock's quarterly results conference call for the third quarter of 2024. My name is Ian L. Patterson. I am the CEO of Plurilock. Today, as we review the quarterly results, I will provide highlights, along with a business update. Then I will turn the call over to Scott Meyers, CFO, to walk through our recent financial performance. We will wrap up the prepared remarks discussing our outlook, and we will leave some time at the end for Q&A. This is the first of what we intend to be a regular series of conference calls going forward.

For those of you new to Plurilock, we are a trusted provider of IT and cybersecurity solutions for governments and commercial clients across North America and NATO countries. We develop and integrate innovative solutions for specific security challenges, addressing gaps in the market. Our portfolio boasts established brands renowned for their commitment to client safety and regulatory compliance. And our focus on high-end Critical Services, combined with patented AI, data and identity solutions positions us as a key player in the evolving $2 trillion cybersecurity market.

Plurilock operates 3 main business units. Our Solutions Division serves as the foundation where we resell technology and cyber solutions through a deep partner network and customer base, facilitating both Critical Services delivery and SaaS sales. Our Critical Services team delivers customized services to address and resolve critical security gaps that disrupt organizations, and our Plurilock AI, a proprietary SaaS cybersecurity platform.

While all aspects of the business are growing -- and I think I might just add, Scott, if you would like to advance the slide -- our Critical Services are a key focus, given its much higher gross margin profile and stickiness with customers as their trusted go-to partner for all things cyber. Plurilock has deep government security and technology expertise to ensure regulatory compliance and provide comprehensive solutions to address the critical needs of the U.S. government, Canadian government and large multinational enterprises.

Recognizing the increased need for specialized solutions, which many companies and organizations we sell to lack because of a severe skill shortage, Plurilock shifted resources towards our Critical Services team, which we launched earlier this year in February 2024 officially. Our strategic plan involves expanding established customer relationships to convert initial onetime engagements into long-term managed services contracts. By identifying complementary higher-margin and higher-value offerings, Plurilock utilizes our network to introduce existing clients to new solutions that address additional security needs. This not only expands client value, but improves customer retention, while boosting profitability and ultimately solving problems for our customers.

There's nothing like an example to illustrate how we are building our critical services team, and for that, I'd like to talk to you a little bit about our work with a large S&P 500 company. We put out a number of press releases this year in regards to work that we have been doing. To give you some perspective, we initially started work with this S&P 500 company earlier this year. It began as what we call a land-and-expand model, where we did some initial critical services work. We conducted health checks. We went to really understand the current state of the customers' cybersecurity organization and technology stack, and as a result of those initial Critical Services engagements led to a significant revenue opportunity for Plurilock.

So over the course of just around 7 months, we've announced approximately $22 million of sales within that period of time, just with this one client alone, which also for the client included approximately $7 million of cost savings and cost avoidance. Ultimately, we were able to deliver a next-generation AI cybersecurity platform for this company. The company was able to realize a positive ROI, and it's a great example of what a true win-win can create when it comes to Plurilock's Critical Services team.

The cybersecurity industry is short on talent, and organizations do not have necessarily the people with the skill set to deal with all these problems. We at Plurilock are able to not only help with these problems, but also educate, provide ongoing protection and support for our clients. This ultimately builds trust, which drives leverage throughout the organization.

Before passing the call over to Scott, I'd like to share a few points about Plurilock's focus and the results of our operational efficiency. For those new to the company, Plurilock has acquired and integrated 4 acquisitions to date. Notably, we were able to streamline operations across these businesses and should realize $2 million in annual savings to reinvest in our critical services. Plurilock is laser focused on profitability and our continued focus on reducing costs, focus on higher-margin sales and ultimately driving increased gross profit. Our existing client base provides the platform for growing higher-margin services, generating stable and predictive revenue streams.

At this point, I'd like to turn the call over to Scott Meyers, who will walk you through some of the Q3 financial results. Scott?

Thank you, Ian. I'm going to go over some of the key financial highlights from the quarter, and then I'll provide a financial outlook. All dollar amounts discussed are in Canadian dollars. I want to make sure that we're looking at the quarterly numbers and also the 9-month numbers as they point to the longer-term momentum and trends in the business, which we have been talking about and how we will measure our success. This is especially important this quarter, given that Q3 comparable numbers and how much Q4 will make up for the full year 2024 results.

Total revenue for the 3 and 9 months ended September 30, 2024 was $14,328,564 versus $38,554,520 (sic) [$38,545,520], respectively, as compared to $20,000,867 and $48,019,338 for the 3 and 9 months ended September 30, 2023, respectively. Revenue for the 3 and 9 months ended September 30, 2024 and 2023 included revenue both from the Technology Division and the Solutions Division. Revenue for the 9 months ended September 30, 2024 is lower than comparative period as a result of the timing of a few large orders, offset partially by growth in Professional Services sales.

Hardware and systems revenue for the 3 and 9 months ended September 30, 2024 totaled $11,913,548 and $30,942,715, respectively, compared to $17,514,024 and $40,326,636, respectively, in the prior years for the same periods. Software, license and maintenance sales revenue for the 3 and 9 months ended September 30, 2024 was $1,539,906 and $4,266,395, respectively, compared to $1,862,921 and $5,727,266, respectively, for the same periods in the prior year. Professional Services revenue was [ $875,110 ] and $3,336,410 for the 3 and 9 months ended September 30, 2024, respectively, compared to $623,922 and $1,965,436, respectively, for the same periods in the prior year.

Hardware and system sales revenue for the 3 and 9 months ended September 30, 2024 accounted for 83.1% and 80.3%, respectively, of the total revenues compared to 87.6% and 84%, respectively, for the 3 and 9 months ended September 30, 2023. Software, license and maintenance sales revenue for the 3 and 9 months ended September 30, 2024 accounted for 10.7% and 11.1%, respectively, compared to 9.3% and 11.9%, respectively, for the 3 and 9 months ended September 30, 2023. Professional Services revenue for the 3 and 9 months ended September 30, 2024 accounted for 6.1% and 8.7%, respectively, of total revenues compared to 3.1% and 4.1%, respectively, for the 3 and 9 months ended September 30, 2023.

Gross margin for the 3 and 9 months ended September 30, 2024 was 6.8% and 14.2%, respectively, compared to 7.2% and 10.3%, respectively, for the 3 and 9 months ended September 30, 2023. While gross margin has been increasing year-over-year in the first 2 quarters of 2024, timing of the contracts negatively impacted Q3 gross margin. Management expects Q4 gross margin to trend back towards where it was in the first half of 2024.

Adjusted EBITDA for the 3 and 9 months ended September 30, 2024 was negative $2,116,276 and negative $2,724,010, respectively, compared to $1 million -- or negative $1,397,007 and $3,848,144, respectively, in the prior year for the same periods.

Cash and cash equivalents and restricted cash on September 30, 2024 was $3,427,977 compared to $2,058,193 on December 31, 2023.

During the 3 and 9 months ended September 30, 2024, the company used $4,398,395 and $6,456,035 of cash from operating activities, respectively, compared to $2,457,065 and $1,627,839 used from operating activities in the prior year during the same periods.

Looking out into the future, we feel very good about our positioning to be able to grow in all aspects of the organization with a focus on increasing margins and hitting profitability. The cyber market is growing, and we're seeing more demand for solutions across all aspects of our customer base. While we are not providing specific guidance, we have stated that we expect the year to end with higher revenue than last year as a recognized revenue and gross margin for the first 10 months of 2024. Sorry, and for the first -- sorry, the revenue and gross margin for the first 10 months of 2024 have already exceeded the total revenues and gross margin for the entire year of 2023. We are focused on continuing to focus on critical service for the balance of 2024 and into 2025.

Lastly, as many of you likely already know, there have been announcements coming from the President Elect in the United States in regard to the potential Canadian tariffs. For clarity, Plurilock does not export from Canada to the U.S. Instead, we operate U.S. subsidiaries with U.S. people selling U.S. goods.

With that, I will open the call to questions.

Thank you, Ian and Scott. [Operator Instructions] We'd like to thank those that have submitted questions so far. So we'll start off here.

Do we have any sales and margin breakup related to our partnerships announced with CrowdStrike and TD SYNNEX?

Thank you. So I'll take that question. So the short answer is no, we've not historically broken out sales by either partner or sales by customer. What I would say is that partnerships like with CrowdStrike and like with TD SYNNEX tend to have both direct benefits and indirect benefits. And so, by that, I mean, in some cases, we might sell a CrowdStrike product. And so, that would be a direct benefit as a result of that partnership. In other cases, it might simply be a referral. In particular, myself and one of our leads from Critical Services participated in the CrowdStrike conference in Europe earlier this year, and there were certainly some good business development opportunities that resulted, so not a direct benefit, but certainly an indirect one. I would say at a high level, partnerships, particularly strategic partnerships with large companies like this tend to blossom over time. We're very excited about what we are already seeing, and there is a tremendous amount of activity internally with these partners. And it's something that we're really looking forward to both for the balance of 2024, as well as into 2025.

So, we have a question here kind of surrounding like the decline in revenue in hardware and software, [ assuming ] that is the majority of the business. I know we've had some timing of things push into Q4. We've announced a lot of deals so far there. Could you kind of touch on that decline and how the strategy of us pivoting towards critical services is our go-to, but we're not neglecting those other divisions either?

Yes. So I'll maybe restate the question because I see the text here. It's a little bit broken up. So the question ultimately is, we saw a decline in top line revenue, specifically with regards to hardware and software. And so, the question, I think, revolves around why is that the case and what is the outlook moving forward?

So, to back up a little bit, the strategy of the company from our initial listing in 2020 was to acquire distribution within cybersecurity and upsell and cross-sell higher-margin products and services. And so, from a multi-year perspective, we were successful in the early phase of that with 4 acquisitions that we completed between 2021 and 2022. 2023 was very much an integration year. And what we have characterized 2024 as is really about expansion. And so, what we are doing internally is, we are executing programs where we are taking that core legacy business, we are continuing that business, but we're also looking for opportunities to sell higher-margin products and services. And unfortunately, we don't have an unlimited amount of selling time with our sales force. So what that means in practice is that in many cases, we will have salespeople who have 12 hours in the day. And if they have a choice of working on a potentially a high-revenue, low-margin opportunity or a lower-margin -- lower-revenue but higher-margin opportunity instead, that's really where we're pushing. And so, I think you can see that in where the financials are going. Revenue is still persisting. We've been very focused the whole way through the year on profitability, and specifically, the leading indicator for that is gross profit. And so, we've been very intentional to focus a lot of time and attention on gross profit.

So, what does that mean for us moving forward? Well, what that means for us moving forward is that we're still going to continue with the Solutions Division business, which is the lower-margin resell business. We are going to continue looking for opportunities where we can scale and grow the higher-margin products, which specifically, in our case, is Critical Services, which has been growing at a very high rate, and we're going to continue that. And so, that's how I would frame the business moving forward.

We have a couple of questions here on the same topic. Given the majority of our revenue comes from U.S. partnerships, do you see a potential uplist to the NASDAQ at some point here in the near future?

Yes, it's a good question. So we put out a press release late in the summer. We announced that we had retained Clear Street to help us assess strategic options. Part of that was to look at U.S. markets. But really, it's a holistic view around how do we create shareholder value. I think that like what Scott was saying at the end of the prepared remarks, we have a very large U.S. business. It operates in the United States. We employ a lot of Americans, and we sell a lot of American goods. And I think one could make the argument that we're much more of an American company than a Canadian company. I think one of the other things is, if you look at it from a leadership perspective, the management team between Scott, Tucker, our COO, and myself, we're actually 50-50. I'm a Canadian, Scott is dual, and Tucker, our COO, is American. So we're 50-50 there, and we have a number of American Board of Directors as well. So I think that there's certainly an argument that we ought to be on a U.S. exchange. I think at the end of the day, we're ultimately trying to create shareholder value. And so, as the likelihood of that being realized through a NASDAQ uplist increases, that we're going to continue to look at that more closely.

All right. Sticking with the U.S. theme, how confident do you feel in the growth of Critical Services with the Trump presidency? Is it more bullish?

It's a good question. One of the things that I saw very early after the President Elect was announced as the winner, he issued a statement indicating that he intended to go to war with the drug cartels. And actually, one of the ways in which he intended to do that was through cyber operations, which I don't think we would have seen 5 years ago or 10 years ago. I think that cyber operations have become somewhat normalized now. It is a tool of statecraft. We've certainly felt this for the last handful of years that cybersecurity is growing in importance, both because cyber criminals are making a ton of money from ransomware and data extortion, and as well, it is a tool for espionage and IP theft. We see many nation states out there regularly attacking our customers, attempting to steal data. Not to mention, crypto thefts and scams are a large driver to North Korea's nuclear program, which those in the cyber industry will know, but sometimes surprises those who are not inside the cyber industry. So ultimately, I think that the core driver for is cyber going to be important and doesn't matter is really a function of do we have more or less connected devices this year versus last year? And we continue to see digital transformation connectivity blossom. There's more devices than ever that are connected. Ultimately, those devices have vulnerabilities. And so, that's bullish, from my perspective, on having a need for cybersecurity.

Thanks, Ian. Are there any plans to expand beyond Canada and the U.S., like Europe, South America, Asia?

So, from an operational perspective, our focus has always been North America. I think, if you look at our last year financials, we broke out revenue by country, and you'd see that the vast majority was in the United States. We have historically had some sales in Canada and some sales, which we would just define as rest of world. Rest of world could be a NATO. It could be in other allied countries around the world. I don't think that in the near term, we are looking to expand our geographical footprint into those locations. There's certainly a lot that we can do remotely. I will say that we are getting pulled into Europe, just as one example. A number of sales opportunities have centered around Europe. And I have been back and forth a number of times on customer-related travel. And so, I think that there's perhaps an East versus West bifurcation taking place right now on the world stage. And as that takes place, we see opportunities for allied countries, countries allied to Canada and the United States, look to work more closely together. And so, I think that that's ultimately good for us as a cybersecurity company. I'll probably leave it there.

Got a few questions here around Critical Services. Could you elaborate on the potential upside in the Critical Services? And how do you anticipate it might grow?

So, what we're seeing -- and this is maybe a qualitative change from maybe the second half of this year to the first half of this year. Qualitatively, what we're finding is that we've completed the shorter-term Critical Services contracts. Those were the land contracts, and they are turning into longer-term, potentially larger contracts. So that's the land-and-expand. Now, that does have an impact on revenue recognition. So I'll maybe invite Scott here to chime in just on how we recognize revenue from a Professional Services perspective. But one of the trends that I'm noticing is that we are starting to sign more higher-quality or longer-term engagements for Critical Services, which I just think is a very bullish signal. And really, it's a huge vote of confidence in the client getting a taste of the initial service, being happy and wanting to get more.

Scott, do you want to maybe talk just a little bit about how we recognize revenue for PS?

Yes. So, for our Critical Services, even if we land, say, a large deal, we recognize it over the time that we are doing the work. So, for example, we announced, I think, a large deal on October 3, I believe, and the services associated with that would be recognized over the course of the service contract, which in that case was a year. So just keep that in mind when you see our contracts. Usually, there's a time frame and revenue recognition rules. It means that we're recognizing it over the course that we work.

It's a good point. And I think the other thing to -- that I would just draw attention to is that sometimes -- like even today, we announced a $1.2 million Critical Services contract. We were intentional to make sure to list that, that was a 9-month time frame. So we wouldn't expect that Critical Services revenue to hit until we actually perform the work. So, certainly, the sales announcements are a good leading indicator when it comes to the backlog of contracted work for which we will recognize as we complete that work.

So, we have a few questions about when Plurilock will become profitable.

Sure. So I'll start. Ultimately, we, as a company, are laser focused on profitability. I think you can look at earlier press releases and shareholder updates that we've put out throughout the year. Nothing has changed there. I think where we have been maneuvering is specifically around where we see specific opportunities. And so, by that, I mean one of the first things that Scott did when he came into the company last summer was realize approximately $2 million of cost savings. And that was very quickly reallocated back into Critical Services because, for us, it's really about increasing gross profit. And at a certain point, gross profit will exceed OpEx. And ultimately, that's where we want to be. So I think it's a combination of being extremely disciplined on costs, while also being very aggressive when it comes to landing those higher-margin contracts.

Having said that, we haven't publicly put out a specific time frame or date. I think sometimes when people are asked about profitability, there's a subtext question there, which is concern around dilution. And so, one of the other things that we have been communicating throughout the last couple of quarters is that we've had really a constant inflow of cash from warrant exercises. And so, that's been something that we've continued to report on, both the absolute cash balance at the end of the quarter, as well as the warrants coming in.

Awesome. I think this question we kind of answered with the prepared remarks, but can you help us understand why Professional Services dropped sequentially? And will we see growth going forward?

Yes. So I think like we were talking about, the way that we recognize revenue for services is different than the hardware and software sales. So, for hardware and software, generally speaking -- and I'll invite Scott to chime in here as well -- generally speaking, our obligation and when we recognize revenue is complete when we deliver to the customer, which could be a couple of weeks or it could be a couple of months. Sometimes the recognition -- the revenue recognition of hardware and software sales, if we get an order right at the end of a quarter and we don't necessarily deliver that until a couple of days later or a week later, then the revenue might get recognized in the following quarter. So, that can certainly happen. But then, with the Professional Services, again, the way that we're recognizing that is when we deliver -- actually deliver the service. So it's very similar to a SaaS company, where you might sign a $1 million contract, but you don't get to recognize that revenue until you deliver the service over the course of 12 months.

I think, Ian, I'll just jump in there and say, we still grew services quarter -- this quarter compared to last year, 40%. So we're definitely adding more and more to our services capabilities and ability to deliver in the field.

You've made some recent additions to your Advisory Council. Can you discuss what contributions they've made to the company so far?

Yes, absolutely. So we've always maintained a world-class advisory group. I think a lot of companies say they have a world-class team. I think we're one of the few companies who actually do have it. And so, from the early on, that included people like Admiral Mike McConnell, former Director of the NSA and also Director of National Intelligence. He reported directly to U.S. President, Bush, on a daily basis in the Oval Office. Also includes people like Admiral Jan Tighe, former Tenth Fleet Commander, U.S. Cyber Command, and she is currently on the Boards of Goldman Sachs and General Motors.

The Advisory Council for us plays a number of roles. The first is, one of our key advantages as a company is that we're very strong when it comes to talent. And this is important because cybersecurity as an industry has an estimated 4 million jobs unfilled, vacant because there's insufficient talent. And so, if you were to do a strengths and weaknesses comparison on Plurilock, talent actually is one of our key strengths. The way that we're able to attract top talent is in large part because of our network, and our network includes our advisors. And so, if we have a very hard customer problem, which needs a specialized skill set, most of the time we are talking to our advisors as saying, hey, who's been successful in your career? And then, those are the people that we seek to recruit into Critical Services. So talent acquisition is one key mandate of the Advisory Council. The second is sales or sales support. And so, by that, I mean potentially opening doors, or in some cases, we might have already opened the door to a customer or to a partner, but they're helpful behind the scenes.

Two examples there, I would say, Brian Aebig, we announced this year as an addition to the Advisory Council. He was formerly from Tech Data or TD SYNNEX. And a couple of weeks later -- a couple of months later, we announced a strategic partnership with TD SYNNEX. Similarly, we announced a little bit later, Joe Sexton, who joined the Advisory Council. He was formerly on the Board of Directors at CrowdStrike, a very illustrious career. He was formerly at McAfee and CA Technologies and just been everywhere. And soon after, we also announced a strategic partnership with CrowdStrike. So you can certainly draw some lines there with some of the public additions and some of the public announcements that we have made. But I think it's also -- there's -- I talked about soft benefits earlier about partnerships. There's also soft benefits from some of the things behind the scenes when it comes to talent and so on.

The last thing that I would say is that when it comes to M&A, a lot of the deal flow that we've had historically as a company has come through our network. And so, we get a lot of M&A opportunities coming to us as a result of our [ Rolodex ] and our network, which again is a key item for having that Advisory Council.

Do you have an update on how many warrants were exercised during the quarter and kind of a view of the balance sheet going forward in the next couple of quarters?

So, I'll take that one. I think in terms of a view of the balance sheet in the next couple of quarters, that's somewhere in the forward guidance, which we've given in the presentation, the guidance that we're going to give. The number of warrants that came in was -- which I believe you'll find -- in the MD&A that will be released, you'll see the updated cap structure. We exercised, I think, in the last announcement, somewhere close to $4 million, which is around 15 million warrants.

Yes. I believe it was the November -- so, in addition to the MD&A, we also included some commentary around warrants exercised, I believe, in the November 16 corporate update, if I'm not mistaken.

R&D expenditures more than halved over the 18 months. Does it impact your ability to service the market or maintaining a competitive advantage?

Yes, I'll take that one. So we've -- I think going back to the $2 million of cost savings, we were able to rationalize costs across the business. I think where we were really focused were if there was duplication or optimizations that we can make. And so, we -- there was quite a lot of optimization that we were able to do on the R&D side. And so, that's really what drove those savings.

One of the things that I have been finding particularly exciting is that because we have that R&D capability and heritage DNA as part of the company, when we're looking at Critical Services opportunities, we're always looking at them in terms of how are we able to use technology to do that work more effectively in an automated fashion or just cut down on manual effort. And so, because of the background and the heritage of the company, that is something that I think might be a little bit different from us relative to just traditional consulting firms. And so, that's an area that we intend to continue looking at moving forward.

In terms of Critical Services, are there any limitations that could inhibit growth? How much can we cover our existing clients' needs and expand at the same time?

Yes, it's a good question. We really haven't penetrated very far even amongst our own customer base when it comes to Critical Services. So if you were to look at some of the press releases this year, you would see some familiar trends. We talk a lot about the semiconductor field and our work there. And so, what we're finding is that there's quite a lot of opportunity within a small number of customers that we have really gone deep with so far. For me, I get really excited about that because there's a large number of customers that we have yet to expand to, even within our own existing customer base. The other thing that we're seeing is opportunities starting to blossom with new logos entirely that we have not done any business with so far. So, to that end, I'm very excited about the future. And I think as our notoriety increases, I think that we're starting to see some early signs of a flywheel, which is tremendously exciting.

So, we've got quite a few questions about whether Plurilock plans to raise capital or not. Can you give a little color there?

Yes. So the short answer is that the capital plan is really to continue to see those warrants get exercised and come in. I think that that's the least dilutive way because to a certain extent, those warrants just are already on the cap table. They're just converting from warrant to share. And as we have talked about, I think we're -- there's still a decent number of warrants outstanding that are in the money, which creates an opportunity for capital to flow in.

Great. Thank you. In general, who do you often see in the competitive process for contracts? And what does Plurilock do better to win those?

So, it depends a little bit on what it is that we are doing. If I take that question as it relates to Critical Services, I would say that there's a wide variety of professional services companies or consulting companies or similar organizations. What tends to separate one from the next is a few items. The first is relationship. So, if we already have a relationship, like as an example, we've been reselling them technology for a number of years, that removes a lot of the friction, and so it can help us win a sale. The second is past performance. And so, that's not an official term per se, but really what that means is, have we done similar work with a similar type of company in the past? And potentially, would that other company act as a reference, either as part of a case study or a phone call, et cetera? So, our ability to win business gets better, the more business that we have already won, which might sound a bit on the nose, but this is what we're seeing. I think the third thing is that Plurilock is beginning to get a bit of a brand. I've noticed this over the last, I'd say, 3 to 6 months in particular, with some of the partnership conversations, some of the inbound sales opportunities that we've seen, and also some of the discourse on various social media, which is that people are starting to recognize Plurilock as being a key provider of solutions. And I think that that's a key difference between this year and last year and I think speaks very well to the go-forward prospects of Critical Services.

I know we've briefly touched on this, but are you providing any guidance for 2025?

So, the short answer is, no. We have provided some forward-looking statements, which is actually something that we've not historically done with Plurilock. But in today's press release and specifically the Q3 press release, because we put out 2 PRs today, there is some forward-looking information. I think that the strategy for the company continues to be the same, which is that we're laser focused on profitability. We see that Critical Services, in particular, is the foundational driver to that. We are absolutely going aggressively at landing new Critical Services contracts, as well as expanding existing Critical Services customers, and we're feeling good about that.

Thank you. Just a few more questions here before we wrap things up. The S&P Semiconductor partnership was nice to see outside of a government contract. Would we expect to see more private company logos working with Plurilock?

Yes. It's always tricky to be able to disclose for a cybersecurity company who you are working with because in many cases, when we go to work, it's because a company has just had something very bad happen and they don't necessarily want that to get out. Having said that, ultimately, I think the question is, are we going to continue to see more commercial contracts as opposed to public sector? And I think the answer is, yes. You could look at the last several years at the revenue mix of public sector versus commercial, and what you would see is that we started very much public sector focused. And over the last 24 months, in particular, you've seen quite a large shift from going from public sector and really rounding out much more on the commercial side. Touching on some of the comments I made earlier around notoriety and good work [ getting ] more good work, I think the more that we celebrate the wins that we're having with some of our commercial clients, the more that is attracting additional commercial clients. So, that is a flywheel that we're already seeing starting to fly, and it's certainly an area where we intend to focus.

I will say just at a high level, commercial work tends to be higher margin than government work. Regardless of whether you're talking about services or product resell, just as a kind of an industry baseline, generally speaking, commercial is going to be higher margin. And so, when we think about our strategy of focusing on profitability and driving gross margin, given to clients, a public sector client or a commercial client, it's going to be easier to drive more gross margins with that commercial client than it is on the government side.

Okay. We'll wrap things up with one final question here. Plurilock has a strong presence in the U.S. and Canadian governments. What's the sales cycle like when you're breaking into new government accounts? Are you finding it shorter to be able to expand within those government departments?

Yes, it's a really good question. So generally speaking -- and I'll give you an industry answer first, and then I'll zero into Plurilock. So, as an industry answer, any IT capability, and cybersecurity is a portion of IT, any IT product, you're generally looking at a sales cycle measured in months. If it's a short sales cycle, it might be 1 to 3 months. Kind of an average sales cycle might be 3 to 9 months. Potentially, a large deal, like a multi-million-dollar deal, it could span over a couple of years at the high end. What we are finding is, if we're trying to break into a new account, a new logo that we have not necessarily done business with, that can take longer. Once we're already in there, we have a relationship. We have either a master service agreement if they're a commercial client, or a contract vehicle if they're a government client, but basically a way to sell our capabilities to the client. Once we have all those pieces, then the second sale, the third sale, the fourth sale tends to be faster. Generally speaking, when we're doing sales planning and we're looking at our sales pipeline, we're typically looking at over a 2 to 4, 2 to 6- month period. Generally speaking, you have some amount of visibility during that time and some ability to influence that. I think that what is perhaps different about some of the sales that we've announced this year, in particular that semiconductor company, is how much faster some of those Critical Services sales have gone compared to those averages. So with the S&P 500 company, in particular, we had started work with them this past spring. We've already seen 8 figures worth of sales orders generated from that client, which is really, really fast compared to the average.

And I think, Ryan, I just saw one other question here just in regards to the revenue recognition.

So, maybe just perhaps a clarification, and then, Scott, I'll invite you to do the same. So when we're talking about revenue recognition on the Professional Services side, what we're saying is that the revenue gets recognized as the work is done. And so, for instance, if it's a 9-month contract and we're doing an equal amount of work during those 9 months, we would recognize 1/9 of the revenue each month. So hopefully, that clarifies that the -- I think there might have been a misunderstanding there about it being all back-end loaded, which is not the case.

Scott, is there any other color you want to add on that?

No, you said it perfectly. And I think you can take over for our accounting department if you'd like at some point. Just kidding.

All right. With that, we'll wrap up the Q&A portion of our call. I'd like to thank everyone who did ask questions. If you weren't able to ask your question or you have other questions after this call, please feel free to e-mail all all@sophiccapital.com, and we'd be more than happy to answer any questions you might have.

I'll now pass the call back to Ian for closing remarks.

I appreciate it, Ryan, and I appreciate everybody joining today. I also appreciate those who are shareholders who have supported us thus far. I think from my perspective, cybersecurity is such an important part of our daily life. This has been a change. I think, if I look back over the last 4 years, cyber was not part of the daily conversation the way that it is today. Now, everybody has a story about a scam, crypto theft, ransomware, or -- if not directly, indirectly. And I think that Plurilock is very well positioned to be a key player in this industry. We've got fantastic clients who have supported us for many years. We have amazing talent when it comes to Critical Services. And I'm really excited about what we can do for the rest of this year and then into next.

All right. This concludes Plurilock Security's Q3 2024 conference call. Thank you all for joining us, and have a nice night.