UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K10-K/A

(Amendment No. 1)

(Mark One)

☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2021

or

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from __________________________ to __________________________

Commission file number 001-41227

CERBERUS CYBER SENTINEL CORPORATION

(Exact name of registrant as specified in its charter)

6900 E. Camelback Road, Suite 240, Scottsdale, AZ 85251

(Address of Principal Executive Offices) (Zip Code)

Registrant’s telephone number, including area code: (480) 389-3444

Securities registered pursuant to Section 12(b) of the Act:

Securities registered pursuant to Section 12(g) of the Act: Common Stock, par value $0.00001

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the Registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒

The aggregate market value of the common stock held by non-affiliates of the registrant as of the last business day of the registrant’s most recently completed second fiscal quarter (June 30, 2021) was $165,667,445, computed by reference to the price at which the common stock was last sold ($8.14 per share).

The registrant had 136,719,649 shares of common stock outstanding as of April 15, 2022.

CERBERUS CYBER SENTINEL CORPORATION

2021 FORM 10-K ANNUAL REPORT

TABLE OF CONTENTS

FORWARD-LOOKING STATEMENTSEXPLANATORY NOTE

The information contained inWe are filing this report should be read in conjunction with the financial statements and related notes contained elsewhere in this Annual Report on Form 10-K. Certain statements made in this report are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”Amendment No. 1 (this “Amendment”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These statements are based upon beliefs of, and information currently available to us as of the date hereof, as well as estimates and assumptions made by us. Readers are cautioned not to place undue reliance on these forward-looking statements, which are only predictions and speak only as of the date hereof. When used herein, the words “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “future,” “intend,” “plan,” “predict,” “project,” “target,” “potential,” “will,” “would,” “could,” “should,” “continue” or the negative of these terms and similar expressions identify forward-looking statements. Such statements reflect our current view with respect to future events and are subject to risks, uncertainties, assumptions, and other factors, including the risks relating to our business, industry, and our operations and results of operations. Should one or more of these risks or uncertainties materialize, or should the underlying assumptions prove incorrect, actual results may differ materially from those anticipated, believed, estimated, expected, intended, or planned.

Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance, or achievements. Except as required by applicable law, including the securities laws of the United States, we do not intend to update any of the forward-looking statements to conform these statements to actual results.

Our financial statements are prepared in accordance with accounting principles generally accepted in the United States. These accounting principles require us to make certain estimates, judgments, and assumptions. We believe that the estimates, judgments, and assumptions upon which we rely are reasonable based upon information available to us at the time that these estimates, judgments, and assumptions are made. These estimates, judgments, and assumptions can affect the reported amounts of assets and liabilities as of the date of the financial statements as well as the reported amounts of revenue and expenses during the periods presented. Our financial statements would be affected to the extent there are material differences between these estimates and actual results. The following discussion should be read in conjunction with our financial statements and notes thereto appearing elsewhere in this report.

Forward-looking statements made in this Annual Report on Form 10-K include statements about:

These statements are only predictions and involve known and unknown risks, uncertainties and other factors, including the risks in the section entitled “Risk Factors” set forth in this Annual Report on Form 10-K for the year ended December 31, 2021, any of which may cause our or our industry’s actual results, levels of activity, performance, or achievements to be materially different from any future results, levels of activity, performance, or achievements expressed or implied by these forward-looking statements. These risks may cause our or our industry’s actual results, levels of activity, or performance to be materially different from any future results, levels of activity, or performance expressed or implied by these forward-looking statements.

Although we believe thatas filed with the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, or performance. Moreover, neither we nor any other person assumes responsibility for the accuracySecurities and completeness of these forward-looking statements. Except as required by law, we undertake no obligation to update any forward-looking statements after the dateExchange Commission on April 15, 2022 (the “Original Form 10-K”). The purpose of this report to conform these statements to actual results.

PART I

ITEM 1. BUSINESS

Unless otherwise indicated or the context requires otherwise, the terms “we,” “us,” “our,” and “our company” refer to Cerberus Cyber Sentinel Corporation, a Delaware corporation (“Cerberus”), and its wholly owned subsidiaries, including GenResults, LLC, an Arizona limited liability company (“GenResults”), TalaTek, LLC, a Virginia limited liability company (“TalaTek”), Technologyville, Inc., an Illinois corporation (“Techville”), Clear Skies Security, LLC, a Georgia limited liability company (“Clear Skies”), Alpine Security, LLC, an Illinois limited liability company (“Alpine”), Catapult Acquisition Corporation, a New Jersey corporation (“VelocIT”), Southford Equities, Inc., a British Virgin Islands company (“Arkavia”), True Digital Security, Inc., a Delaware corporation (“True Digital”), RED74 LLC, a New Jersey limited liability company (“RED74”), Atlantic Technology Systems, Inc., a New Jersey corporation (“ATS”), and Atlantic Technology Enterprises, Inc., a New Jersey corporation (“ATE” and together with ATS, “Atlantic”). Unless otherwise specified, all dollar amounts are expressed in United States dollars.

Our Business

General

We are a cybersecurity and compliance company comprised of highly trained and seasoned security professionals who work with clients to enhance or create a better cyber posture in their organization. Cybersecurity, also known as computer security or information technology security, is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The cybersecurity industry has a supply and demand issue wherein there is more demand for cybersecurity services than there are expert and seasoned compliance and cybersecurity professionals available in the market. We seek to identify, attract, and retain highly skilled cyber and compliance teams and bring them together to provide holistic cyber services. We accomplish this through acquisitions, direct hiring, and incentivizing employees with stock options to help retain them. On an ongoing basis, we seek to identify cyber talent that is culturally aligned and that offers operating leverage through both existing customer revenue and relationships. We have invested in enterprise solutions and executive talent to integrate our different organizations into an ecosystem that works together to provide complete and holistic cybersecurity through cross pollination of solutions. The ecosystem is intended to provide additional revenue opportunities and drive overall recurring revenue.

We emphasize to clients the critical nature of having their work force create a continuously aware security culture. Once engaged, we strive to become the trusted advisors for customers’ cybersecurity and compliance needs by providing tailored security solutions based upon their organizational needs. We do not focus on selling cybersecurity products; we are product-agnostic so that we can provide solutions that fit the customer’s security needs, financial realities, and future strategy. Our approachAmendment is to evaluate the client’s organization holistically, identify compliance requirements,file Exhibits 23.1 and help secure the infrastructure while helping to create a culture23.2, Consents of security.

We provide a full range of cybersecurity consulting and related services, encompassing all three pillars of compliance, cybersecurity, and culture. Our services include secured managed services, compliance services, security operations center (“SOC”) services, virtual Chief Information Security Officer (“vCISO”) services, incident response, certified forensics, technical assessments, and cybersecurity training. We believe that culture is the foundation of every successful cybersecurity and compliance program. To deliver that outcome, we developed our unique offering of MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), which is the only holistic solution that provides all three of these pillars under one roof from a dedicated team of subject matter experts. In contrast to the majority of cybersecurity firms that are focused on a specific technology or service, we seek to differentiate ourselves by remaining technology agnostic, focusing on accumulating highly sought-after topic experts. We continually seek to identify and acquire cybersecurity talent to expand our service scope and geographical coverage to provide the best possible service for our clients. We believe that bringing together a world-class team of technological experts with multi-faceted expertise in the critical aspects of cybersecurity is key to providing technology agnostic solutions to our clients in a business environment that has suffered from a chronic lack of highly skilled professionals, thereby setting us apart from competitors and in-house security teams. Our goal is to create a culture of security and to help quantify, define, and capture a return on investment from information technology and cybersecurity spending. Our brand rallies around the battle cry: “Cybersecurity is a Culture, not a Product.”

Offering this set of cybersecurity services allows us to capture more revenue with greater efficiency, facilitating greater profitability and stronger customer retention. The benefit to our customers is that they receive an efficient engagement from a single provider that covers a wide range of their needs. This means their challenges are addressed more thoroughly and problems are resolved more rapidly when compared to working with multiple vendors. This leads to the best possible outcome, which enables our customers to commit to us for the long term.

We believe that our business model is differentiated from other companies in the industry in that our employees are not consultants; they are dedicated partners available on a recurring monthly contract. Due to the numerous challenges in hiring experienced cybersecurity and compliance professionals, assimilating our team of industry and subject matter experts into our clients’ teams is the ideal solution.

We are technology agnostic. Whereas, most cybersecurity firms are locked into working with a single technology, we seek to differentiate ourselves by remaining technology agnostic. This approach enables us to work with any business, no matter what systems or tools they use. For our customers, the benefit is equally valuable as they are able to choose the best tools and technology for their business needs without affecting their relationship with us.

We believe that building a world-class technology team with industry-specific and subject-matter expertise is the key to providing cutting-edge solutions to our clients. We will continue to identify and acquire cybersecurity talent to expand our scope of services and geographical footprint to fortify our capability to deliver excellence to our customers. Furthermore, our goal is to stay a step ahead of threat actors and regulatory obligations to keep our customers safe and compliant.

The Cybersecurity Challenge

As the world has become increasingly connected through the Internet and the Internet of Things (“IoT”), cyberattacks have prevailed and evolved, in different forms, causing uncontainable threats to the integrity and privacy of enterprise and personal data and resulted in significant economic losses globally. The McKinsey Global Institute has estimated that approximately 127 new IoT devices connect to the Internet every second. A report published by CyberSecurity Ventures stated that damages from global cybercrime is predicted to hit $10.5 trillion annually by 2025. Cybersecurity Ventures also expects that a business falls victim to a ransomware attack every 11 seconds in 2021, up from every 14 seconds in 2019. As a result, ransomware is one of the fastest growing types of cybercrime. Moreover, a Cybercrime Magazine survey reported that 68% of business leaders feel their cybersecurity risks are increasing. Gartner Inc. has also predicted that worldwide global cybersecurity spending will exceed $1.75 trillion cumulatively from the fiscal years 2021 to 2025. Gartner reported that in 2021 there would be 3,500,000 million job openings unfilled in the cybersecurity field and forecasted that by 2023, this figure could be as high as 12.0 million.

In response to the increasing economic damage caused by heightened cybersecurity risks, regulatory bodies have pushed the implementation of new cybersecurity legislations, and cyber insurance companies have increased minimum cybersecurity requirements. We believe that we are well positioned in a fast-growing industry to provide businesses with a wide scope of cybersecurity services and with significant opportunities for growth.

Service Offering

We currently offer two major types of services to clients including security managed services and professional services.

Security Managed Services

Our security managed services deliver an end-to-end solution to cybersecurity and compliance needs based on the Cerberus Sentinel Process. We begin with a gap analysis of our customer’s existing cybersecurity and compliance practices. Next, we perform penetration testing, vulnerability scanning, and a best practices assessment. This culminates with a deliverable report outlining failures and risks and includes a remediation roadmap organized based on highest-value opportunities and critical necessities. This prioritized approach utilizes the maxi-min strategy to optimize our customers’ budgets, which we believe is something that comes from decades of experiential wisdom. Using this roadmap, our team performs remediation and change implementation throughout the customer’s business. This is followed by our culture program, which delivers cybersecurity and compliance awareness training, risk reporting, and periodic knowledge verification. We cover every area of our customer’s business and engage with every member of their team. This is our end-to-end holistic approach that leaves no stone unturned to ensure our customers are truly safe, secure, and compliant.

We offer multiple services in the security managed services portfolio, including the following:

Professional Services

Our advisory services include a wide array of tailored solutions for organizations of all sizes. Our in-depth and uniquely acquired industry expertise allows us to act as a trusted advisor of our clients to help them lower their risk profile, minimize cost impact, and meet regulatory compliance demands. We specialize in:

Growth Strategy

Cybersecurity service and consulting firms operate on various forms of business models. We do not focus on selling products; we promote a cybersecurity culture. Our growth strategy focuses on external acquisition and internal scalability to drive that culture within our customers’ organizations. Therefore, our revenue streams mainly come from security managed service and professional service fees. As the cybersecurity market grows over the years, we continue to see an increasing number of players entering the market with different sets of qualifications. However, organizations facing cybersecurity issues also usually lack the expertise to identify the right service provider or do not have the capital resources to hire a qualified CISO. We believe that this is where our growth opportunity lies since the lack of expertise leads to information asymmetry, which causes additional noise in the cybersecurity marketplace and exposes organizations to greater risks if found issues are not mitigated with the right group of experts. Furthermore, the industry is in need of highly qualified technology professionals in the cybersecurity field. A limited pool of talent results in increasing compensation and cost to retain such talent, which in turn compromises companies’ bottom line profitability and then increases the need to work externally with a partner such as our company. According to a Cybersecurity Jobs Report released in 2017 by Herjavec Group, total unfilled cybersecurity positions will be approximately 3.5 million by 2021. We intend to capitalize on this gap as our growth opportunity.

Our external acquisition strategy targets engineer-owned cybersecurity firms in the top U.S. and international markets with existing revenue in the range of $2 million to $25 million and profit margin of at least 15% to 25%, although there could be opportunities beyond the larger end of this range. We expect each acquisition to be strategic and accretive, and we expect to obtain direct access to a pool of ready-to-deploy and seasoned cybersecurity talent and enhanced access to a larger client base geographically.

Our internal scalability strategy will focus on exploring and materializing synergies with the acquired targets. With strategic acquisitions, on the topline, we expect to provide a broadened service offering, which translates into more diverse revenue streams and a larger client base. We also anticipate that we will be able to broaden our geographical sales coverage and reduce client acquisition costs. We also intend to synergize best practices across the platform, which will enhance client experience and client loyalty. On the bottom line, we plan to centralize general and administrative support functions in one location, which will significantly improve net margin for all the service lines. This will allow our management to focus on sales initiatives and achieve internal operations scalability in a relatively short period of time. We estimate that with a typical acquisition, we will realize annual savings on centralized operations, generate additional revenue from upselling to existing clients, and add revenue from new clients. In the long term, we expect to become a pure-play cybersecurity consolidator in the United States.

Our Corporate and Acquisition History

We were formed on March 5, 2019 as a Delaware corporation. Our principal offices are located at 6900 East Camelback Road, Suite 240, Scottsdale, Arizona 85251.

On April 1, 2019, we acquired GenResults. GenResults was established on June 22, 2015. Prior to our acquisition of GenResults, GenResults was wholly owned by an entity affiliated with David G. Jemmett, our Chief Executive Officer and a director of our company. Due to the companies being under common control, we accounted for the acquisition as a reorganization.

On April 12, 2019, we consummated a transaction whereby VCAB Six Corporation, a Texas corporation, (“VCAB”) merged with and into us (the “VCAB Merger”). At the time of the VCAB Merger, VCAB was subject to a bankruptcy proceeding and had minimal assets, no equity owners, and no liabilities, except for approximately 1,500 holders of Class 5 Allowed General Unsecured Claims and a holder of allowed administrative expenses (collectively the “Claim Holders”). Pursuant to the terms of the VCAB Merger, and in accordance with the bankruptcy plan, we issued an aggregate of 2,000,000 shares of our common stock (the “Plan Shares”) to the Claim Holders as full settlement and satisfaction of their respective claims. As provided in the bankruptcy plan, the Plan Shares were issued pursuant to Section 1145 of the United States Bankruptcy Code. As a result of the VCAB Merger, the separate corporate existence of VCAB was terminated. We entered into the VCAB Merger to increase our stockholder base to, among other things, assist us in satisfying the listing standards of a national securities exchange.

On October 1, 2019, we entered into an agreement and plan of merger with TalaTek (the “TalaTek Merger”) pursuant to which TalaTek became our wholly owned subsidiary. Under the TalaTek Merger, all issued and outstanding units representing membership interests in TalaTek were converted into an aggregate of 6,200,000 shares of our common stock.

On October 2, 2019, we filed a registration statement on Form 10-12G with the SEC to effect registration of our common stock, par value $0.00001 per share, under the Exchange Act. The registration statement became effective on December 1, 2019.

On May 25, 2020, we entered into a stock purchase agreement with Techville and its sole shareholder, pursuant to which we acquired all of the issued and outstanding common stock of Techville (the “Techville Acquisition”). Under the terms of the Techville Acquisition, all issued and outstanding common stock of Techville was exchanged for an aggregate of 3,392,271 shares of our common stock.

On August 1, 2020, we entered into a stock purchase agreement with Clear Skies and its equity holders, pursuant to which we acquired all of the issued and outstanding equity securities of Clear Skies (the “Clear Skies Acquisition”). Under the terms of the Clear Skies Acquisition, all issued and outstanding equity securities in Clear Skies were exchanged for an aggregate of 2,330,000 shares of our common stock.

On December 16, 2020, we entered into an agreement and plan of merger with Alpine and its sole member, pursuant to which Alpine became our wholly owned subsidiary (the “Alpine Acquisition”). Under the terms of the Alpine Acquisition, all issued and outstanding membership units in Alpine were exchanged for an aggregate of 900,000 shares of our common stock.

On July 26, 2021, we entered into an agreement and plan of merger with VelocIT, pursuant to which VelocIT became our wholly owned subsidiary of our company. All issued and outstanding shares of common stock of VelocIT were converted into the right to receive an aggregate of up to 2,566,778 shares of common stock, subject to a holdback of 256,678 shares of our common stock. In addition, the Company issued replacement options to various VelocIT employees to purchase an aggregate of 1,542,251 shares of the Company’s common stock. The transaction closed on August 12, 2021.

On October 1, 2021, we entered into a stock purchase agreement with ATS, ATE, James Montagne as the sole shareholder of ATS, and James Montagne and Miriam Montagne, as the sole shareholders of ATE (the “Shareholders”). Pursuant to the agreement, we purchased from the Shareholders all of the outstanding shares of ATE and ATS. The aggregate purchase price for the shares was 200,000 shares of our common stock and $75,000 in cash. Furthermore, the Shareholders shall receive an additional 100,000 shares of our common stock based upon Atlantic achieving certain revenue and earnings thresholds and an additional $150,000 in cash upon our listing to a national exchange. As of the date of this filing, this has not been paid.

On October 8, 2021, we entered into a merger agreement with RED74 and Ticato Holdings, Inc., a New Jersey corporation (“Ticato”), and Tim Coleman, as sole shareholder of Ticato. Tim Coleman and Ticato were the sole shareholders of RED74. Pursuant to the agreement, the merger became effective at such time as a certificate of merger was accepted by the Secretary of State of New Jersey, or November 9, 2021 (the “Effective Time”). All shares of RED74 issued and outstanding immediately prior to the Effective Time were converted into the right to receive an aggregate of 340,000 shares of our common stock and $50,000 in cash, subject to a 10% holdback. In the event that no claim is made by any Cerberus Indemnitee (as defined in the merger agreement) within one year from the closing, then we shall pay the entire amount of the 10% holdback to Tim Coleman.

On December 1, 2021, we entered into a stock purchase agreement with Arkavia and all of the owners of Arkavia, pursuant to which we acquired all of the issued and outstanding equity securities of Arkavia (the “Arkavia Acquisition”). Under the terms of the Arkavia Acquisition, all of the issued and outstanding equity securities of Arkavia were exchanged for an aggregate of 2,914,000 shares of our common stock.

On January 5, 2022, we entered into a stock purchase agreement (the “True Digital Stock Purchase Agreement”) with certain stockholders of True Digital and an agreement and plan of merger (the “True Digital Merger Agreement”) with True Digital and certain of its other stockholders. On January 19, 2022, the transactions contemplated by the True Digital Stock Purchase Agreement and the True Digital Merger Agreement were consummated, with True Digital becoming a wholly owned subsidiary of our company. In connection with consummation of the transactions, we paid aggregate consideration of $6,153,000 in cash and 8,229,000 shares of our common stock.

Customers

Our recent acquisitions have resulted an expansion of our customer base and increased usage within existing customers. One of our customers accounted for an aggregate of 20.4% of our revenue for the year ended December 31, 2021, while two of our customers accounted for an aggregate of 59.0% of our revenue for the year ended December 31, 2020.

Competition

The cybersecurity market is highly fragmented. In the top quartile, the market is dominated by several major global players, including IBM Corporation, Cisco Systems, AVG Technologies, Broadcom, and Dell. The rest of the market is highly competitive without dominant players. According to MarketsandMarkets.com, North America is expected to continue its hold as the largest market size in the cybersecurity market through the year 2023. A recent report from Statista forecasted the cybersecurity market to grow to $345.4 billion by 2026. An increasing awareness of cyber threats has led to a rising investment in cybersecurity infrastructure worldwide.

We face direct competition from all small-to-medium-sized cybersecurity service providers nationwide given the broad service scope we currently provide. Many competitors provide cloud-based services, which means our competition is not restricted by regions. It is critical for our executive management team to identify and attract strategic acquisition targets in order to strengthen our competitive advantage as a cybersecurity consolidator, which we believe brings higher service quality, more diverse service scope, and broader geographical coverage at a lower cost.

Intellectual Property

We intend to take appropriate steps to protect our intellectual property. We have registered the trademark “Cybersecurity is a culture, not a product,” which has been approved with a registration date of October 29, 2019.

Government Regulation

We are not aware of any specific regulations that govern cybersecurity firms or the areas in which we operate. While there are a few federal cybersecurity regulations, they govern industries that we serve and exist to focus on specific industries.

Three of the main cybersecurity regulations are HIPAA, the 1999 Gramm-Leach-Bliley Act, and the 2002 Homeland Security Act, which included the Federal Information Security Management Act (“FISMA”). The three regulations mandate that healthcare organizations, financial institutions, and federal agencies should protect their systems and information. FISMA, which applies to every government agency, requires the development and implementation of mandatory policies, principles, standards, and guidelines on information security. However, the regulations do not address numerous computer related industries, such as Internet Service Providers and software companies. Furthermore, the regulations do not specify what cybersecurity measures must be implemented and require only a “reasonable” level of security.

In addition, the National Cybersecurity Division is another regulatory body that is a division of the Office of Cybersecurity & Communications within the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

COVID-19 Pandemic

In March 2020, the World Health Organization characterized the outbreak of the novel strain of coronavirus, specifically identified as COVID-19, as a global pandemic. This has resulted in governments enacting emergency measures to combat the spread of the virus. These measures,Independent Registered Public Accounting Firm, which include the implementation of travel bans, self-imposed quarantine periods, and social distancing, have caused material disruption to business, resulting in a global economic slowdown. Equity markets have experienced significant volatility and weakness and the governments and central banks have reacted with significant monetary and fiscal interventions designed to stabilize economic conditions.

The current challenging economic climate may lead to adverse changes in cash flows, working capital levels, and/or debt balances, which may also have a direct impact on our operating results and financial position in the future. The ultimate duration and magnitude of the impact and the efficacy of government interventions on the economy and the financial effect on our company is not known at this time. The extent of such impact will depend on future developments, which are highly uncertain and not in our control, including new information which may emerge concerning the spread and severity of COVID-19, or any of its variants, and actions taken to address its impact, among others. The repercussions of this health crisis could have a material adverse effect on our business, financial condition, liquidity, and operating results.

In response to COVID-19, we have implemented working practices to address potential impacts to our operations, employees, and customers, and will take further measures in the future if and as required. At present, we do not believe there has been any appreciable impact on our company specifically associated with COVID-19.

Human Capital Management

We believe that our future success will depend, in part, on our continued ability to attract, hire, and retain qualified personnel. In particular, we depend on the skills, experience, and performance of our senior management and engineering and technical personnel. We compete for qualified personnel with other cyber security companies and industry experts.

We provide competitive compensation and benefits programs to help meet the needs of our employees. In addition to salaries, these programs (which vary by country/region and employment classification) include incentive compensation plan, pension, healthcare and insurance benefits, paid time off, family leave, and on-site services, among others. We also use targeted equity-based grants with vesting conditions to facilitate retention of personnel, particularly for our key employees.

The success of our business is fundamentally connectedconsents to the well-being of our people. Accordingly, we are committed to the health and safety of our employees. In response to the COVID-19 pandemic, we implemented significant changes that we determined were in the best interest of our employees, as well as the communities in which we operate, and which comply with government regulations. This includes having employees work from home, while implementing additional safety measures for employees continuing critical on-site work.

Environmental, Social, and Governance Efforts

Environmental Commitment

We are committed to protecting the environment and attempt to mitigate any negative impact of our operations. We monitor resource use, improve efficiency, and at the same time reduce our emissions and waste.

Social Responsibility

We are a trusted cybersecurity expert providing safe, efficient, and sustainable services to our existing and new communities. Our success is the direct result of the dedication and strength of our team and promotes equity, diversity, integrity, inclusion, reliability and accountability. We believe that a combination of diverse team members and an inclusive culture contributes to our success. Each member is a valued part of our team bringing a diverse perspective to help grow business and achieve our goals. Our tradition of serving employees, customers, and investors is at the core of our culture. For third-party vendor selection and oversight, we have standard operating procedures that apply to employees and subcontractors who, on our behalf, oversee and conduct technical protocols.

Employees

As of December 31, we had 186 employees, of which 184 are full-time. In addition, we utilize independent contractors for projects of short duration or where specialized knowledge or experience is needed for a complex project. We are not dependent on any independent contractor, and we believe adequate replacements would be available in the event any such independent contractor becomes unavailable to us. We believe our relations with our employees is good.

Available Information

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, our proxy and information statements and all amendments to those reports will be available free of charge through our website at www.cerberussentinel.com as soon as practicable after such material is electronically filed with, or furnished to, the SEC. Except as otherwise stated in these documents, the information contained on our website or available by hyperlink from our website is not incorporatedincorporation by reference into thisof (i) Semple, Marchal & Cooper, LLP’s report or any other documents we file,dated April 15, 2022 with or furnish to, the SEC.

Implications of Being an Emerging Growth Company

We qualify as an “emerging growth company” as the term is used in The Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), and therefore, we may take advantage of certain exemptions from various public company reporting requirements, including:

We may take advantage of these provisions for up to five years or such earlier time that we are no longer an emerging growth company. We would cease to be an emerging growth company if we have more than $1.07 billion in annual revenue, have more than $700.0 million in market value of our capital stock held by non-affiliates or issue more than $1.07 billion of non-convertible debt over a three-year period. So long as we remain an emerging growth company, we may choose to take advantage of some, but not all, of the available benefits of the JOBS Act. We have taken advantage of some of the reduced reporting requirements in our filings. Accordingly, the information contained herein may be different than the information you receive from other public companies in which you hold stock. In addition, the JOBS Act provides that an emerging growth company can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.

ITEM 1A. RISK FACTORS

An investment in our common stock involves a number of very significant risks. Readers of this Annual Report on Form 10-K should carefully consider the following risks and uncertainties in addition to other information in this Annual Report on Form 10-K in evaluating our company and its business before purchasing shares of our common stock. Our business, operating results and financial condition could be seriously harmed due to any of the following risks. An investor in our common stock could lose all or part of their investment due to any of these risks.

Risks Related to Our Business and Industry

We will need to raise capital in order to realize our business plan and growth strategy, the failure of which could adversely impact our operations.

Our growth strategy is based upon increasing the number of our clients and our consolidated revenue by making successful acquisitions and integrating businesses that provide comparable or complementary cyber security services. As of December 31, 2021, our business was not profitable. Without adequate funding, a significant increase in revenue, and continued successful integration of our acquired targets, we may not be able to achieve profitability in the existing lines of business and attract further capital. As of April 13, 2022, we had available cash resources of approximately $4,500,000.

We expect to continue to finance our operations with available net operating cash flows and will need to raise additional capital in the future by issuing equity or other forms of securities, which could significantly reduce the percentage ownership of our existing stockholders and substantially dilute the equity of purchasers of our common stock in this offering. Furthermore, any newly issued securities could have rights, preferences, and privileges senior to those of our existing common stock and may have a dilutive impact on the ownership interest of existing stockholders.

We may have difficulty obtaining additional funds as and when needed, and we may have to accept terms that would adversely affect our stockholders. In addition, any adverse conditions in the credit and equity markets may adversely affect our ability to raise funds when needed. Any failure to achieve adequate funding will delay our acquisition efforts and could lead to abandonment of one or more of our acquisition initiatives, as well as prevent us from responding to competitive pressures or take advantage of unanticipated acquisition opportunities. Any additional equity financing will likely be dilutive to stockholders, and certain types of equity financing, if available, may involve restrictive covenants or other provisions that would limit how we conduct our business or finance our operations.

We incurred significant operating losses during the years ended December 31, 2021 and December 31, 2020, and we have limited cash flow. Unless we increase revenue and cash flow or raise additional capital, we may be unable to take advantage of any acquisition opportunities that arise or expand our business, all of which could adversely impact us.

We are unable to predict if and when we will be able to generate significant positive cash flow or achieve profitability. Our plan regarding these matters is to strengthen our revenue and continue improving operational efficiencies across the business. There can be no assurances that we will be successful in increasing revenue, improving operational efficiencies or that financing will be available or, if available, that such financing will be available under favorable terms. In the event that we are unable to generate adequate revenue to cover expenses and cannot obtain additional financing, we may need to cut back or curtail our expansion plans.

We will need to grow the size and capabilities of our organization, and we may experience difficulties in managing this growth.

As our acquisition strategies develop, we must carefully integrate managerial, operational, sales, marketing, financial, and other personnel in the expanded organization and manage costs. Future growth will impose significant added responsibilities on members of management, including the following:

Our future financial performance and our ability to commercialize our strategic acquisitions will depend, in part, on our ability to effectively manage any future growth. Our management may also have to divert a disproportionate amount of its attention away from day-to-day activities in order to devote a substantial amount of time to managing these growth activities. This lack of long-term experience working together may adversely impact our senior management team’s ability to effectively manage our business and growth.

We depend on key personnel who would be difficult to replace, and our business plans will likely be harmed if we lose their services or cannot hire additional qualified personnel.

Our success depends substantially on the efforts and abilities of our senior management and executive officers. We currently do not maintain key man insurance for any of our senior management or key personnel. The competition for qualified management and key personnel is intense. The loss of services of one or more of our key employees, or the inability to hire, train, and retain key personnel, especially executive managers with cybersecurity industry knowledge, could delay the execution of new acquisitions and launch of new service programs, disrupt our business, and interfere with our ability to execute our business plan.

We operate in an industry that is experiencing a shortage of qualified compliance and cybersecurity professionals. If we are unable to recruit and retain key management and technical and sales personnel, our business would be negatively affected.

To execute our growth strategy, we must continue to attract and retain highly skilled compliance and cybersecurity experts. Competition for these employees is intense, especially for compliance experts and cybersecurity professionals, as there is a global shortage of these professionals who can provide the technical and strategic skills required for us to deliver high levels of services to our clients and potential clients. We may not be successful in attracting and retaining qualified employees. We have from time-to-time in the past experienced, and we expect to continue to experience in the future, difficulty in hiring and retaining highly skilled employees with appropriate qualifications. Many of the companies with which we compete for these highly skilled employees have greater resources than we have. In addition, in making employment decisions, particularly in the high- technology industry, job candidates often consider the value of the stock options, restricted stock grants, or other stock-based compensation they are to receive in connection with their employment. Declines in the value of our stock could adversely affect our ability to attract or retain key employees and result in increased employee compensation expenses. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be severely harmed.

We depend on independent contractors to provide certain services that we do not have the expertise on internally. Any compromise in the service quality may delay our business processes and cause economic loss.

We currently rely, and for the foreseeable future will continue to rely, in substantial part on certain independent organizations, advisors, and consultants to provide certain services. There can be no assurance that the services of these independent organizations, advisors, and consultants will continue to be available to us on a timely basis when needed, or that we can find qualified replacements. In addition, if we are unable to effectively manage our outsourced activities or if the quality or accuracy of the services provided by consultants is compromised for any reason, some of our business activities may be delayed or terminated, and we may not be able to mitigate negative impacts or otherwise advance our business. There can be no assurance that we will be able to manage our existing consultants or find other competent outside contractors and consultants on economically reasonable terms, if at all. If we are not able to effectively expand our organization by hiring new employees and expanding our groups of consultants and contractors, we may not be able to successfully implement the tasks necessary to further expand and, accordingly, may not achieve our business goals.

We have recently acquired multiple businesses. Our growth strategy is driven by successful acquisitions and integration of additional businesses that provide comparable or complementary services. Our ability to grow is limited if we fail to identify and consummate acquisitions.

We have completed the acquisition of certain complementary businesses, and we intend to consider additional potential strategic transactions, which could involve acquisitions of businesses or assets, joint ventures, or investments in businesses or technologies that expand, complement, or otherwise relate to our business. We may also consider, from time to time, opportunities to engage in joint ventures or other business collaborations with third parties. Should our relationships fail to materialize into significant agreements, or should we fail to work efficiently with these companies, we may lose sales and marketing opportunities and our business, results of operations, and financial condition could be adversely affected.

Any business acquisition creates risks such as, among others: (i) the need to integrate and manage the businesses acquired with our own business; (ii) additional demands on our resources, systems, procedures, and controls; (iii) disruption of our ongoing business; and (iv) diversion of management’s attention from other business concerns. Moreover, these transactions could involve: (a) substantial investment of funds or financings by issuance of debt or equity securities; (b) substantial investment with respect to technology transfers and operational integration; and (c) the acquisition or disposition of lines of businesses. Also, such activities could result in one-time charges and expenses and have the potential to either dilute the interests of our existing stockholders or result in the issuance of, or assumption of debt. Such acquisitions, investments, joint ventures, or other business collaborations may involve significant commitments of financial and other resources. Any such activities may not be successful in generating revenue, income, or other returns, and any resources we committed to such activities will not be available to us for other purposes. Moreover, if we are unable to access the capital markets on acceptable terms or at all, we may not be able to consummate acquisitions, or may have to do so on the basis of a less than optimal capital structure. Our inability to take advantage of growth opportunities or address risks associated with acquisitions or investments in businesses may negatively affect our operating results.

Additionally, any impairment of goodwill or other intangible assets acquired in an acquisition or in an investment, or charges to earnings associated with any acquisition or investment activity, may materially reduce our earnings. Future acquisitions or joint ventures may not result in their anticipated benefits and we may not be able to properly integrate acquired technologies or businesses with our existing operations or successfully combine personnel and cultures. Failure to do so could deprive us of the intended benefits of those acquisitions.

We intend to grow our client base significantly through acquisitions of other service providers. If we fail to retain existing clients and attract new clients through acquisitions, we may never achieve profitability.

Through acquisition of other service providers, we will inherit an increasingly larger client base, which creates cross-selling and up-selling opportunities. We need high-quality service and exemplary client management to retain and grow our client base. We also plan to launch sales and marketing efforts, including trade show appearances, sales demos, and advertising campaigns in various forms to promote our brand name. If our marketing efforts do not materialize, we may lose existing clients or fail to obtain new clients. Our inability to grow sales as we expand in operations may result in continuing losses, and we may not be profitable for an extended period of time. In addition, even if we are able to make future acquisitions, we will incur additional costs to consummate them, which may result in a shortage in our capital resources. We may also incur difficulties in integrating new businesses with our current operations.

Our business strategy may impose limitations in our ability to accurately forecast future revenue and operating results.

Our operating results are dependent on a variety of factors, including purchasing patterns of our clients, competitive pricing, debt servicing, and general economic trends. Our revenue and operating results may fluctuate if our sales targets are not met, new service offerings receive poor client response, or client acquisition costs increase due to competition. In addition to these factors, our acquisition strategy may impose additional risks to the predictability of our operating results. Revenue streams may be volatile due to the uncertainty in identifying attractive acquisition candidates and our ability to consummate new acquisitions. Unexpected expenses may be incurred during due diligence and post-acquisition. Management intends to manage risk carefully with the acquisitions; however, there can be no assurance that we will be able to identity and consummate acquisitions that improve our results of operations.

Our future results may be affected by various legal and regulatory proceedings and legal compliance risks, including those involving intellectual property, governmental regulations, the U.S. Foreign Corrupt Practices Act, and other anti-bribery, anti-corruption, or other matters.

We may be subject to various legal and regulatory proceedings, and are subject to certain legal compliance risks in the areas of intellectual property, governmental regulation, U.S. Foreign Corrupt Practices Act, and related anti-bribery and anti-corruption regulations. The outcome of any such legal proceedings may differ from our expectations because the outcomes of litigation, including regulatory matters, are often difficult to reliably predict. Various factors or developments can lead us to change current estimates of liabilities and related insurance requirements where applicable, or make such estimates for matters previously not susceptible of reasonable estimates, such as a significant judicial ruling or judgment, a significant settlement, significant regulatory developments, or changes in applicable law. A future adverse ruling, settlement, or unfavorable development could result in future charges that could have a material adverse effect on our results of operations or cash flows in any particular period.

Any future COVID-19 pandemic scenarios may adversely affect our operations and financial condition.

We are subject to risks related to the public health crises such as the global pandemic associated with COVID-19. Economic and health conditions in the United States and across most of the globe continue to change rapidly. The COVID-19 outbreak may disrupt our operations through its impact on our employees, our clients, and the industries in which they conduct business.

Numerous state and local jurisdictions have imposed, and others in the future may impose, “shelter-in-place” orders, quarantines, executive orders, and similar government orders and restrictions for their residents to control the spread of COVID-19.

While the potential economic impact brought by, and the duration of, COVID-19 may be difficult to assess or predict, the widespread pandemic has resulted in, and may continue to result in, significant disruption of global financial markets and a recession or market correction that could materially affect our business, including the ability of our clients to continue to engage us, and the value of our common stock.

The COVID-19 outbreak may disrupt our operations through its impact on our employees, our clients, and the industries in which our clients operate. Disruptions to our clients may impair their ability to fulfill their obligations to us.

We are continuously monitoring our own operations and intend to take appropriate actions to mitigate the risks arising from the COVID-19 pandemic, but there can be no assurances that we will be successful in doing so. The ultimate extent of the effects of the COVID-19 pandemic on us is highly uncertain and will depend on future developments, which cannot be predicted.

Breaches of network or information technology security could have an adverse effect on our business.

Cyber-attacks or other breaches of network or IT security may cause equipment failures or disrupt the systems and operations of us and our clients. The potential liabilities associated with these events could exceed the insurance coverage we or our clients maintain, if any. An inability to operate as a result of such events, even for a limited period of time, may result in significant expenses or loss of market share to other competitors in the market we serve. In addition, a failure to protect our, or our client’s, enterprises, networks, privacy of customer, and employee confidential data against breaches of network or IT security could result in damage to our reputation. To date, we have not been subject to cyber-attacks or other cyber incidents which, individually or in the aggregate, resulted in a material adverse effect on our business, operating results, or financial condition.

Security threats to our own IT infrastructure may affect our clients indirectly. A party who is able to compromise the security measures on our networks or the security of our infrastructure could misappropriate our proprietary information or the personal information of our clients, cause interruptions or malfunctions in our operations or our clients’ operations, or damage our computers or systems and those of our clients. As security is a primary competitive factor in our industry, such a compromise could be particularly harmful to our brand and reputation. We may be required to expend significant resources to protect against such threats or to alleviate problems caused by breaches in security. As techniques used to breach security change frequently, and are generally not recognized until launched against a target, we may not be able to implement security measures in a timely manner or, if and when implemented, we may not be able to determine the extent to which these measures could be circumvented. If we are unable to protect sensitive information, our clients or governmental authorities could question the adequacy of our threat mitigation and detection processes and procedures. Any breaches that may occur could expose us to increased risk of lawsuits, regulatory penalties, loss of existing or potential customers, harm to our reputation, and increases in our security costs, which may not be fully insured or indemnified by other means. Additionally, breaches of our, or our clients’, systems could similarly result in a loss of confidence in our services or damage to our brand and reputation. Occurrence of any of these events could have a material adverse effect on our business, financial condition, operating results, or prospects.

Because our services are aimed at protecting clients from, and limiting the impact of, critical business interruptions and losses related to cyber-attacks, if our client’s experience losses related to cyber-attacks that result in lost profits or other indirect or consequential damages to our clients, our clients may expose us to lawsuits. Our service agreements with our clients typically contain provisions limiting our liability. However, we cannot provide assurances that a court would enforce any contractual limitations on our liability. The outcome of any such lawsuit would depend on the specific facts of the case and any legal and policy considerations that we may not be able to mitigate. In such cases, we could be liable for substantial damage awards that may exceed our liability insurance coverage by unknown but significant amounts, which could materially impair our financial condition.

If we fail to meet our service level obligations under our service level agreements, we may be subject to certain penalties and could lose clients.

We have service level agreements with many of our managed services clients under which we guarantee specified levels of service availability. These arrangements require us to estimate the level of service we will provide. If we fail to meet our service level obligations under these agreements, we may be subject to penalties, which could result in higher than expected costs, and we may lose clients, which could lead to decreased revenue and decreased gross and operating margins. If we fail to meet our service level obligations under these agreements, our reputation may suffer as a result.

The nature of our business involves significant risks and uncertainties that may not be covered by insurance or indemnification.

We provide services in circumstances where insurance or indemnification may be not available to us. Our existing insurance coverages may not be sufficient or additional insurance may not be available to protect us against operational risks and other uncertainties that we face. Liabilities or claims arising from our services in excess of any indemnity or insurance coverage (or for which indemnity or insurance coverage is not available or is not obtained) could harm our financial condition, cash flows, and operating results. Any claim, even if fully covered or insured, could negatively affect our reputation in the marketplace and make it more difficult for us to compete effectively. The defense of such claims may be costly and time-consuming and could divert the attention of management.

We indemnify our officers and directors against liability to us and our security holders, and such indemnification could increase our operating costs.

Our certificate of incorporation and bylaws allow us to indemnify our officers and directors against claims associated with carrying out the duties of their offices. Our bylaws also allow us to reimburse them for the costs of certain legal defenses. Insofar as indemnification for liabilities arising under the Securities Act may be permitted to our officers, directors, or control persons, the SEC has advised that such indemnification is against public policy and is therefore unenforceable.

Our industry is highly competitive, and there is no assurance that we will compete successfully.

Our current and potential competitors vary by size, service offerings, and geographic location. Competitors include technology companies, consulting companies, telecommunication companies, technology resellers, hardware and software companies, and others. Many of our competitors have entrenched relationships in particular industries or have gained a reputation for expertise in a specific segment of the cybersecurity market, including services, software, and hardware. Primary competitive factors in our market include security, reliability and functionality; customer service and technical expertise; reputation and brand recognition; financial strength; breadth of products and services offered; price; and scalability. Many of our current and potential competitors have substantially greater financial, technical, and marketing resources; more diversified product and service offerings; larger customer bases; longer operating histories; greater brand recognition; and more established relationships in the industry than we do. As a result, some of these competitors may be able to:

Many of these companies have significantly greater financial, technical, marketing, and other resources than we do and may be better positioned to acquire, offer, and service complementary products and technologies. These companies and alliances resulting from possible combinations may create more compelling product and service offerings; be able to offer greater pricing flexibility than we can; or engage in business practices that make it more difficult for us to compete effectively, including on the basis of sales and marketing programs (such as providing greater incentives to our channel partners to sell a competitor’s product), technology, or product functionality. Competition could result in, among other things, a substantial loss of customers, reduction in revenue, or increase in expenses, which could materially adversely affect our business, financial condition, results of operations, or prospects.

A portion of our revenue depends on a small number of customers.

One of our customers accounted for an aggregate of 20.4% of our revenue for the year ended December 31, 2021, while two of our customers accounted for an aggregate of 59.0% of our revenue for the year ended December 31, 2020.

A significant deterioration in the financial condition of these customers could have a material adverse effect on our sales and profitability. We regularly monitor and evaluate the credit status of our customers and attempt to adjust sales terms as appropriate. Despite these efforts, substantial financial issues or a bankruptcy filing by a key customer could have a material adverse effect on our business, operating results, and financial condition.

Our success depends on our ability to protect our intellectual property and our proprietary technologies.

We rely on trade secrets to protect intellectual property, proprietary technology, and processes, which we have or may develop in the future. There can be no assurances that secrecy obligations will be honored or that others will not independently develop similar or superior technology. The protection of intellectual property and/or proprietary technology through claims of trade secret status has been the subject of increasing claims and litigation by various companies both in order to protect proprietary rights as well as for competitive reasons even where proprietary claims are unsubstantiated. The prosecution of proprietary claims or the defense of such claims is costly and uncertain given the uncertainty and rapid development of the principles of law pertaining to this area. We may also be subject to claims by other parties regarding the use of intellectual property, technology information, and data, which may be deemed proprietary to others.

Increasingly complex cybersecurity regulations and standards may have significant impact on our business, and it may require us to substantially invest in our development capabilities to meet compliance requirements and may negatively impact our ability to offer certain services and remain profitable.

Federal and state legislatures continue to advance policy proposals in recent years to address cyber threats directed at governments and private businesses. As threats continue to evolve and expand and as the pace of new technologies accelerates, legislatures are making cybersecurity measures a high priority. At the federal and state level, hundreds of bills or resolutions have been introduced and considered that deal significantly with cybersecurity. These proposals are at multiple stages of development and may shape out new standards concerning different areas. Our business expansion strategy focuses on accretive acquisitions of other cybersecurity service providers in the top thirty U.S. markets to achieve greater service coverage. The complex regulatory environment in each state may require us to dedicate additional resource to ensure our service scope and service quality are in compliance with the standards enacted in each state we operate business in. We may incur additional legal and compliance costs, and our service scope may be restrained due to compliance requirements. This will cause a delay in our service launch and negatively impact our operating results. We may also face litigations if we fail to respond accordingly to these regulatory measures in certain states.

We may become subject to disputes, including litigation, that could negatively impact our business, profitability, and financial condition.

We may become subject to disputes with third parties from time to time. Any such dispute could result in litigation between us and the other parties. Whether or not any dispute actually proceeds to litigation, we may be required to devote significant management time and attention and financial resources to its resolution (through litigation, settlement, or otherwise), which would detract from our management’s ability to focus on our business. Any such resolution could involve the payment of damages or expenses by us, which may be significant. In addition, any such resolution could involve our agreement with terms that restrict the operation of our business.

If we incur additional debt, we will be subject to restrictive covenants and debt service obligations that could negatively impact our operations.

If we incur additional debt for operations or acquisitions, a portion of our cash flow will have to be dedicated to the payment of principal and interest on such indebtedness. Typical loan agreements also might contain restrictive covenants, which may impair our operating flexibility. Such loan agreements would also provide for default under certain circumstances, such as failure to meet certain financial covenants. A default under a loan agreement could result in the loan becoming immediately due and payable and, if unpaid, a judgment in favor of such lender which would be senior to the rights of our stockholders. A judgment creditor would have the right to foreclose on any of our assets resulting in a material adverse effect on our business, operating results, or financial condition.

The preparation of our financial statements involves use of estimates, judgments, and assumptions, and our financial statements may be materially affected if our estimates prove to be inaccurate.

Financial statements prepared in accordance with accounting principles generally accepted in the United States require the use of estimates, judgments, and assumptions that affect the reported amounts. Different estimates, judgments, and assumptions reasonably could be used that would have a material effect on the financial statements, and changes in these estimates, judgments, and assumptions are likely to occur from period to period in the future. These estimates, judgments, and assumptions are inherently uncertain, and, if they prove to be wrong, then we face the risk that charges to income will be required.

Risks Related to our Common Stock

The market price of our common stock is volatile and may fluctuate in a way that is disproportionate to our operating performance.

Our stock price may experience substantial volatility as a result of a number of factors, including, among others:

Many of these factors are beyond our control. In addition to recent events, the stock markets have historically experienced substantial price and volume fluctuations. These fluctuations often have been unrelated or disproportionate to the operating performance of these companies. These broad market and industry factors could reduce the market price of our common stock, regardless of our actual operating performance.

Future sales of shares of our common stock by existing stockholders could depress the market price of our common stock.

We had an aggregate of 136,719,649 issued and outstanding shares of common stock as of April 13, 2022. Our current directors and executive officers beneficially own approximately 66%, or 90 million shares of our outstanding capital stock.  The remainder of the outstanding shares may be sold, subject to certain volume limitations, pursuant to Rule 144 or other available exemptions. Also, in the future, we may issue additional securities in connection with financings and acquisitions. The amount of our common stock issued in connection with an investment or acquisition could constitute a material portion of our then outstanding stock. Due to these factors, sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.

Provisions in our certificate of incorporation, our by-laws and Delaware law might discourage, delay, or prevent a change in control of our company or changes in our management and, therefore, depress the trading price of our common stock.

Provisions of our amended and restated certificate of incorporation, our amended and restated bylaws, and Delaware law may have the effect of deterring unsolicited takeovers or delaying or preventing a change in control of our company or changes in our management, including transactions in which our stockholders might otherwise receive a premium for their shares over then current market prices. In addition, these provisions may limit the ability of stockholders to approve transactions that they may deem to be in their best interests. These provisions include the ability of our Board of Directors to designate the terms of and issue new series of preferred stock without stockholder approval, which could include the right to approve an acquisition or other change in our control or could be used to institute a rights plan, also known as a poison pill, that would work to dilute the stock ownership of a potential hostile acquirer, likely preventing acquisitions that have not been approved by our Board of Directors.

The existence of the forgoing provisions and anti-takeover measures could limit the price that investors might be willing to pay in the future for shares of our common stock. They could also deter potential acquirers of our company, thereby reducing the likelihood that an investor in our company could receive a premium for their common stock in an acquisition.

Our Board of Directors is expressly authorized to make, alter, or repeal our by-laws by majority vote, while such action by stockholders would require a super majority vote.

These anti-takeover provisions and other provisions under Delaware law could discourage, delay, or prevent a transaction involving a change in control of our company, including actions that our stockholders may deem advantageous, or negatively affect the trading price of our stock. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and cause us to take other corporate actions they desire.

FINRA sales practice requirements may limit a stockholder’s ability to buy and sell our stock.

The Financial Industry Regulatory Authority, Inc. (“FINRA”) has adopted rules that require that, in recommending an investment to a client, a broker-dealer must have reasonable grounds for believing that the investment is suitable for that customer. Prior to recommending speculative low-priced securities to their non-institutional customers, broker-dealers must make reasonable efforts to obtain information about the customer’s financial status, tax status, investment objectives, and other information. Under interpretations of these rules, FINRA believes that there is a high probability that speculative low priced securities will not be suitable for certain customers. FINRA requirements will likely make it more difficult for broker-dealers to recommend that their customers buy our common stock, which may have the effect of reducing the level of trading activity in the shares, resulting in fewer broker-dealers may be willing to make a market in our shares, potentially reducing a stockholder’s ability to resell shares of our common stock.

If we issue additional shares in the future, it will result in the dilution of our existing stockholders.

Our certificate of incorporation authorizes the issuance of up to 250,000,000 shares of our common stock. Our Board of Directors may choose to issue some or all of such shares to acquire one or more companies and to fund our overhead and general operating requirements. The issuance of any such shares will reduce the book value per share and may contribute to a reduction in the market price of the outstanding shares of our common stock. If we issue any such additional shares, such issuance will reduce the proportionate ownership and voting power of all current stockholders. Further, such issuance may result in a change of control of our company.

Our directors and executive officers beneficially own a substantial majority of our outstanding capital stock and will have the ability to control our affairs.

Our current directors and executive officers beneficially own approximately 66% of our outstanding capital stock. By virtue of these holdings, they effectively control the election of the members of our board of directors, our management, and our affairs and may prevent us from consummating corporate transactions such as mergers, consolidations, or the sale of all or substantially all of our assets that may be favorable from our standpoint or that of our other stockholders.

We are eligible to be treated as an “emerging growth company,” as defined in the JOBS Act, and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we may take advantage of exemptions from various reporting and other requirements that are applicable to other public companies that are not emerging growth companies, including (i) not being required to comply with the auditor attestation requirements of Section 404(b) of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation our periodic reports and proxy statements, and (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We could be an emerging growth company for up to five years, although circumstances could cause us to lose that status earlier.

In addition, Section 107 of the JOBS Act provides that an emerging growth company can take advantage of the extended transition period provided in Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards that have different effective dates for public and private companies until those standards apply to private companies. We have elected to take advantage of the extended transition period for complying with the revised accounting standards. As a result, our financial statements may not be comparable to companies that comply with effective dates generally applicable to public companies.

Investors may find our common stock less attractive because we may rely on these exemptions, reduced reporting requirements, and extended transition periods. If investors find our common stock less attractive as a result of any of the foregoing, there may be a less active trading market for our common stock and our stock price may be more volatile or may decrease.

We do not intend to pay dividends on our common stock.

We have never paid any cash dividends, and currently do not intend to pay any dividends for the foreseeable future. We intend to retain any future earnings to the extent necessary to develop and expand our business. Payment of cash dividends, if any, will depend, among other factors, on our earnings, capital requirements, and the general operating and financial condition, and will be subject to legal limitations on the payment of dividends out of paid-in capital. Because we do not intend to declare dividends, any gain on an investment in our company will need to come through an increase in the stock price. This may never happen, and investors may lose all of their investment.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 2. PROPERTIES

The following table sets forth information regarding our principal physical properties:

In addition to our headquarters, we also have other short-term leases, none of which we believe to be material to our operations. We believe that our offices are suitable to carry on our business. We also believe that, if required, suitable alternative or additional space will be available to us on commercially reasonable terms, along with the consolidation of any office space that we feel may be necessary from time-to-time as we integrate our acquisitions now or in the future.

ITEM 3. LEGAL PROCEEDINGS

We are currently not a party to any material legal proceedings.

ITEM 4. MINE SAFETY DISCLOSURES

Not applicable.

PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

Market Information

Until January 13, 2022, our common shares were traded under OTC Market Group’s OTCQB. Since January 13, 2022, our common stock has been listed for trading on The Nasdaq Stock Market LLC under the symbol “CISO.”

As of April 13, 2022, there were approximately 730 holders of record of our common stock, and the last reported sale price of our common stock on The Nasdaq Stock Market LLC on April 13, 2022 was $5.29. A significant number of shares of our common stock are held in either nominee name or street name brokerage accounts, and consequently, we are unable to determine the total number of beneficial owners of our common stock.

Dividend Policy

To date, we have paid no dividends on our common stock and do not expect to pay cash dividends in the foreseeable future. We plan to retain all earnings to provide funds for the operations of our company. In the future, our Board of Directors will decide whether to declare and pay dividends based upon our earnings, financial condition, capital requirements, and other factors that our Board of Directors may consider relevant. We are not under any contractual restriction as to present or future ability to pay dividends.

Unregistered Sales of Equity Securities

During the year ended December 31, 2021, we issued 1,625,000 shares of common stock with a fair value of $2.00 per share to investors for cash proceeds of $3,250,000.

During the year ended December 31, 2021, we issued an aggregate of 392,900 shares of common stock with a fair value of $2.05 per share to a related party consultant for services rendered.

On December 31, 2021, we issued an aggregate of 1,500,000 shares of common stock for the conversion of a convertible note of $3,000,000.

ITEM 6. [RESERVED]

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

The following Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with our financial statements and the related notes contained elsewhere in this Annual Report and is intended to provide information necessary to understand our audited consolidated financial statements for the year ended December 31, 2021 compared to the year ended December 31, 2020 and highlight certain other information which, will enhance a reader’s understanding of our financial condition, changes in financial condition, and results of operations. In particular, the discussion is intended to provide an analysis of significant trends and material changes in our financial position and the operating results of our business during the year ended December 31, 2021, as compared to the year ended December 31, 2020. These historical financial statements may not be indicative of our future performance. This Management’s Discussion and Analysis of Financial Condition and Results of Operations contains numerous forward-looking statements, all of which are based on our current expectations and could be affected by the uncertainties and risks described throughout this filing, particularly in “Item 1A. Risk Factors.”

Our Business

We are a cybersecurity and compliance company comprised of highly trained and seasoned security professionals who work with clients to enhance or create a better cyber posture in their organization. Cybersecurity, also known as computer security or information technology security, is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The cybersecurity industry has a supply and demand issue wherein there is more demand for cybersecurity services than there are expert and seasoned compliance and cybersecurity professionals available in the market. We seek to identify, attract, and retain highly skilled cyber and compliance teams and bring them together to provide holistic cyber services. We accomplish this through acquisitions, direct hiring, and incentivizing employees with stock options to help retain them. On an ongoing basis, we seek to identify cyber talent that is culturally aligned and that offers operating leverage through both existing customer revenue and relationships. We have invested in enterprise solutions and executive talent to integrate our different organizations into an ecosystem that works together to provide complete and holistic cybersecurity through cross pollination of solutions. The ecosystem is intended to provide additional revenue opportunities and drive overall recurring revenue.

We provide a full range of cybersecurity consulting and related services, encompassing all three pillars of compliance, cybersecurity, and culture. Our services include secured managed services, compliance services, security operations center (“SOC”) services, virtual Chief Information Security Officer (“vCISO”) services, incident response, certified forensics, technical assessments, and cybersecurity training. We believe that culture is the foundation of every successful cybersecurity and compliance program. To deliver that outcome, we developed our unique offering of MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), which is the only holistic solution that provides all three of these pillars under one roof from a dedicated team of subject matter experts. In contrast to the majority of cybersecurity firms that are focused on a specific technology or service, we seek to differentiate ourselves by remaining technology agnostic, focusing on accumulating highly sought-after topic experts. We continually seek to identify and acquire cybersecurity talent to expand our service scope and geographical coverage to provide the best possible service for our clients. We believe that bringing together a world-class team of technological experts with multi-faceted expertise in the critical aspects of cybersecurity is key to providing technology agnostic solutions to our clients in a business environment that has suffered from a chronic lack of highly skilled professionals, thereby setting us apart from competitors and in-house security teams. Our goal is to create a culture of security and to help quantify, define, and capture a return on investment from information technology and cybersecurity spending. Our brand rallies around the battle cry: “Cybersecurity is a Culture, not a Product.”

2021 Highlights

Our operating results for the year ended December 31, 2021 included the following:

Results of Operations

Comparison of the Year Ended December 31, 2021 to the Year Ended December 31, 2020

Our financial results for the year ended December 31, 2021 are summarized as follows in comparison to the year ended December 31, 2020:

Revenue

Security managed services revenue increased by $6,438,618, or 120%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, primarily due to the acquisitions of Alpine, VelocIT, Atlantic, RED74, and Arkavia, which were consummated on December 16, 2020, August 12, 2021, November 9, 2021, October 1, 2021, and December 1, 2021, respectively. An aggregate of $4,238,631 in revenue was the result of these acquisitions for the year ended December 31, 2021. The additional increase in revenue was the result of additional customers and usage increases within existing customers.

Professional services revenue increased by $1,463,113, or 78%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, primarily due to the acquisitions of Alpine, VelocIT, Atlantic, RED74, and Arkavia , which were consummated on December 16, 2020, August 12, 2021, November 9, 2021, October 1, 2021, and December 1, 2021, respectively.

Expenses

Cost of Revenue

Security managed services cost of revenue increased by $2,098,324, or 212%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, primarily due to the acquisitions of VelocIT, Atlantic, RED74, and Arkavia, which were consummated on August 12, 2021, November 9, 2021, October 1, 2021, and December 1, 2021, respectively. As a result of these acquisitions, we incurred cost of revenue of $1,750,169 for the year ended December 31, 2021. In addition, we anticipated a lower margin during the year ended December 31, 2021, due to VelocIT’s hardware revenue stream having a low margin, as well as Technologyville’s planned territory expansion which created upfront costs.

Professional services cost of revenue increased by $427,900, or 490%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, primarily due to the acquisitions of Alpine, VelocIT, and Arkavia, which were consummated on December 16, 2020, August 12, 2021, and December 1, 2021, respectively. As a result of these acquisitions, we incurred cost of revenue of $106,211 for the year ended December 31, 2021. The additional increase in revenue was a result of additional customers and usage increases within existing customers. In addition, we anticipated lower margins during the year ended December 31, 2021 due to increased training costs as a result of the increase in new employees.

Cost of payroll increased by $6,442,506, or 196%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, primarily due to the acquisitions of Technologyville, Clear Skies, VelocIT, Atlantic, RED74, and Arkavia, which were consummated on May 25, 2020, August 1, 2020, August 12, 2021, November 9, 2021, and October 1, 2021, respectively. In addition, $2,132,554 of compensation expense related to options was recorded during the year ended December 31, 2021. As a result of these acquisitions, we incurred cost of revenue of $3,574,942 for the year ended December 31, 2021.

Operating Expenses

Professional fees increased by $262,793, or 28%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, as a result of increased expenses resulting from preparation for our uplist to Nasdaq and our public offering.

Advertising and marketing expenses increased by $284,780, or 190%, for the year ended December 31, 2021, as compared to December 31, 2020, as a result of additional spend on public relations.

Selling, general, and administrative expenses increased $6,500,114, or 196%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, as a result of an increase in payroll due to our ability to recognize a full year of Clear Skies’ and Alpine’s payroll, as well as a portion of VelocIT’s, Atlantic’s, RED74’s, and Arkavia’s payroll.

Stock-based compensation expenses increased by $6,180,412, or 438%, for the year ended December 31, 2021, as compared to the year ended December 31, 2020, primarily as a result of an increase in stock options awarded during the year ended December 31, 2021.

Impairment of goodwill increased by $22,078,064, or 100%, for the year ended December 31, 2021, as compared to the year ended December 31, 2021, as a result of our analysis of our carrying amount of goodwill being impaired.

Other Income (Expense)

Interest expense increased by $290,212, or 1,692%, during the year ended December 31, 2021, as compared to the year ended December 31, 2020, as a result of the recording of a full year of interest related to our $3,000,000 related party convertible note.

Working Capital

Our working capital as of December 31, 2021, as compared to our working capital as of December 31, 2020, is summarized as follows:

The increase in current assets is primarily due to a decrease in cash and cash equivalents of $2,471,995, offset by an increase in accounts receivable, inventory and prepaid expenses and other current assets of $3,833,968, $727,974, and $818,821, respectively. The increase in current liabilities is primarily due to the increase in accounts payable and accrued expense, and the settlement liability of $1,899,262 and $470,000, respectively.

Cash Flows

Our cash flows for the year ended December 31, 2021, as compared to our cash flows for the year ended December 31, 2020, can be summarized as follows:

Operating Activities

Net cash used in operating activities was $7,385,129 for the year ended December 31, 2021 and was primarily due to cash used to fund a net loss of $39,145,650, adjusted for non-cash expenses in the aggregate of $33,853,661 and additional cash outlaid by changes in the levels of operating assets and liabilities in the aggregate of $2,093,140, primarily as a result of an increase in accounts receivable and other current assets. Net cash used in operating activities was $1,702,079 for the year ended December 31, 2020 and was primarily due to cash used to fund a net loss of $3,413,262, adjusted for non-cash expenses in the aggregate of $2,064,389, partially offset by cash generated by changes in the levels of operating assets and liabilities in the aggregate of $353,206, primarily as a result of an increase in accounts payable.

Investing Activities

Net cash provided by investing activities of $2,050,057 for the year ended December 31, 2021, was primarily due to the cash acquired in the acquisitions of VelocIT, Atlantic, RED74, and Arkavia. Net cash provided by investing activities of $285,297 for the year ended December 31, 2020, was due to cash acquired in the Techville and Clear Skies Acquisitions.

Financing Activities

Net cash provided by financing activities for the year ended December 31, 2021 was $2,863,077, which was primarily due to cash received from the sale of our common stock, and proceeds from loans and notes payable of $3,250,000 and $1,863,474, respectively, and offset by the payment of loans of $2,300,397. Net cash provided by financing activities for the year ended December 31, 2020 was $4,737,167 and was due to cash received from the sale of our common stock of $1,131,009 and proceeds from a convertible note of $3,000,000.

The Company has considered its material cash requirements from known contractual obligations, such as lease obligations, purchase obligations, and other liabilities reflected on the company’s balance sheet as of December 31, 2021 and has determined that none exist other than the Company’s commitment to pay $150,000 to the Atlantic Shareholders as part of the Company’s listing to a national exchange, $5,497,500 of future minimum payments of non-convertible outstanding debt and $284,512 in outstanding lease obligations.

Liquidity

The accompanying consolidated financial statements have been prepared on the basis that we will continue as a going concern, which contemplates realization of assets and satisfying liabilities in the normal course of business. At December 31, 2021, we had an accumulated deficit of $44,012,422 and working capital surplus of $4,113,215. For the year ended December 31, 2021, we had a loss from operations of $39,780,024 and negative cash flows from operations of $7,385,129. Although our company is showing positive revenue and gross profit trends, we expect to incur further losses through the end of 2022.

To date, we have funded operations primarily through the sale of equity in private placements and revenue generated by our services. During the year ended December 31, 2021, we received $3,250,000 from private placements of our common stock.

We believe that our existing cash and cash equivalents and cash generated by operating activities will be sufficient to meet our operating and capital requirements for at least the next 12 months as well as our longer-term expected future cash requirements and obligations.

Our future capital requirements, both near-term and long-term, will depend on many factors, in addition to our recurring operating expenses, include our growth rate, the continued expansion of sales and marketing activities, the introduction of new and enhanced products and service offerings, and the costs of any future acquisitions in complementary businesses and technologies. To the extent existing cash and cash equivalents are not sufficient to fund future activities, we may seek to raise additional funds through equity, equity-linked or debt financings. Any additional equity financing may be dilutive to our existing stockholders. We may enter into agreements or letters of intent with respect to potential investments in, or acquisitions of, complementary businesses, services or technologies, which could also require us to seek additional equity financing, incur indebtedness or use cash resources. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital when desired, or if we cannot expand our operations or otherwise capitalize on our business opportunities because we lack sufficient capital, our business, operating results and financial condition would be adversely affected.

Effects of Inflation

We do not believe that inflation has had a material impact on our business, revenue, or operating results during the periods presented.

Recently Issued Accounting Pronouncements

See Note 2 to our consolidated financial statements for the years ended December 31, 2021 and 2020 included elsewhere in this Annual Report.and (ii) Baker Tilly Chile Ltda.’s report dated April 15, 2022 with respect to the consolidated financial statements of Arkavia Networks SpA for the period from December 1, 2021 to December 31, 2021 (collectively, the “Auditor Consents”), into our Registration Statement on Form S-8, No. 333-259163. The Auditor Consents were inadvertently omitted from the Original Form 10-K.

Critical Accounting PoliciesIn accordance with Rule 12b-15 under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), Item 15(b) of Part IV of the Original Form 10-K is hereby amended and Estimatesrestated in its entirety. In addition, as required by the Exchange Act, new certifications by our principal executive officer and principal financial officer are filed herewith as exhibits to this Amendment pursuant to Rule 13a-14(a) or 15d-14(a) of the Exchange Act.

UseExcept as described above, no other changes have been made to the Original Form 10-K, and this Amendment does not amend, update, or change any other items or disclosures in the Original Form 10-K. The Original Form 10-K continues to speak as of Estimatesits original filing date. This Amendment does not reflect subsequent events occurring after the filing date of the Original Form 10-K or modify or update in any way disclosures in the Original Form 10-K.

The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent liabilities at dates of the financial statements and the reported amounts of revenue and expenses during the periods. Our significant estimates and assumptions include the recoverability and useful lives of long-lived assets, stock-based compensation, and the valuation allowance related to our deferred tax assets. Certain of our estimates, including the carrying amount of intangible assets and goodwill, could be affected by external conditions, including those unique to us and general economic conditions. It is reasonably possible that these external factors could have an effect on our estimates and could cause actual results to differ from those estimates.

Fair Value Measurement

The fair value measurement guidance clarifies that fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in the valuation of an asset or liability. It establishes a fair value hierarchy that prioritizes the inputs to valuation techniques used to measure fair value. The hierarchy gives the highest priority to unadjusted quoted prices in active markets for identical assets or liabilities (Level 1 measurements) and the lowest priority to unobservable inputs (Level 3 measurements). The three levels of the fair value hierarchy under the fair value measurement guidance are described below:

Level 1 - Unadjusted quoted prices in active markets that are accessible at the measurement date for identical assets or liabilities;

Level 2 - Quoted prices in markets that are not active, or inputs that are observable, either directly or indirectly, for substantially the full term of the asset or liability; or

Level 3 - Prices or valuation techniques that require inputs that are both significant to the fair value measurement and unobservable (supported by little or no market activity).

Business Combination

We allocate the purchase price of an acquired business to the tangible and intangible assets acquired and liabilities assumed based upon their estimated fair values on the acquisition date. Any excess of the purchase price over the fair value of the net assets acquired is recorded as goodwill. The purchase price allocation process requires management to make significant estimates and assumptions, especially at the acquisition date with respect to intangible assets. Direct transaction costs associated with the business combination are expensed as incurred. The allocation of the consideration transferred in certain cases may be subject to revision based on the final determination of fair values during the measurement period, which may be up to one year from the acquisition date. We include the results of operations of the business that it has acquired in its consolidated results prospectively from the date of acquisition.

If the business combination is achieved in stages, the acquisition date carrying value of the acquirer’s previously held equity interest in the acquiree is re-measured to fair value at the acquisition date; any gains or losses arising from such re-measurement are recognized in profit or loss.

Intangible Assets

Intangible assets are comprised of trademarks, customer bases, non-compete agreements and intellectual property with original estimated useful lives with a range of 2 to 15 years. Once placed into service, we amortize the cost of the intangible assets over their estimated useful lives on a straight-line basis.

Goodwill

Goodwill represents the excess of the purchase price of the acquired business over the estimated fair value of the identifiable net assets acquired. Goodwill is not amortized but is tested for impairment at least annually at year end, at the reporting unit level or more frequently if events or changes in circumstances indicate that the asset might be impaired. Goodwill is tested for impairment at the reporting level by first performing a qualitative assessment to determine whether it is more likely than not that the fair value of the reporting unit is less than its carrying value. If the reporting unit does not pass the qualitative assessment, then the reporting unit’s carrying value is compared to its fair value. The fair values of the reporting units are estimated using market and discounted cash flow approaches. Goodwill is considered impaired if the carrying value of the reporting unit exceeds its fair value. The discounted cash flow approach uses expected future operating results. Failure to achieve these expected results may cause a future impairment of goodwill at the reporting unit. Due to the Company determining that the reporting unit’s carrying value was over the estimate of the fair value recorded, we recognized a loss on impairment of goodwill of $22,078,064 at December 31, 2021.

Impairment of Long-lived Assets

We will periodically evaluate the carrying value of long-lived assets to be held and used when events and circumstances warrant such a review and at least annually. The carrying value of a long-lived asset is considered impaired when the anticipated undiscounted cash flow from such asset is separately identifiable and is less than its carrying value. In that event, a loss is recognized based on the amount by which the carrying value exceeds the fair value of the long-lived asset. Fair value is determined primarily using the anticipated cash flows discounted at a rate commensurate with the risk involved. Losses on long-lived assets to be disposed of are determined in a similar manner, except that fair values are reduced for the cost to dispose.

Stock-Based Compensation

We measure the cost of services received in exchange for an award of equity instruments based on the fair value of the award. For employees and directors, the fair value of the award is measured on the grant date and for non-employees, the fair value of the award is generally re-measured on vesting dates and interim financial reporting dates until the service period is complete. Awards granted to directors are treated on the same basis as awards granted to employees.

Revenue Recognition

Our agreements with clients are primarily service contracts that range in duration from a few months to one year. We recognize revenue when control of these services is transferred to the client for an amount, referred to as the transaction price, which reflects the consideration to which we are expected to be entitled in exchange for those goods or services.

A contract with a client exists only when:

We do not adjust the promised amount of consideration for the effects of a significant financing component since we expect, at contract inception, that the period between the time of transfer of the promised goods or services to the client and the time the client pays for these goods or services to be generally one year or less. Our credit terms to clients generally average thirty days, although in some cases payments are required in 15 days.

We do not disclose the value of unsatisfied performance obligations for contracts with original expected duration of one year or less.

Disaggregation of Revenue

Revenue consisted of the following by service offering for year ended December 31, 2021:

Revenue consisted of the following by service offering for the year ended December 31, 2020:

Practical Expedients

As part of Accounting Standards Code (“ASC”) 606, we have adopted practical expedients, including the following: (i) we have determined that we need not adjust the promised amount of consideration for the effects of a significant financing component since we expect, at contract inception, that the period between when we transfer a promised service to the customer and when the customer pays for that service will be one year or less and (ii) we recognize any incremental costs of obtaining a contract as an expense when incurred if the amortization period of the asset that the entity otherwise would have recognized is one year or less.

Reimbursed Expenses

We include reimbursed expenses in revenue and costs of revenue as we are primarily responsible for fulfilling the promise to provide the specified service, including the integration of the related services into a combined output to the client, which are inseparable from the integrated service. These costs include such items as consumables, transportation and travel expenses, over which we have discretion in establishing prices.

Costs of Revenue

Costs of revenue include (i) compensation and benefits for billable employees and consultants directly involved with delivering services offerings and engagements; (ii) consumables used for the services; and (iii) other expenses directly related to service contracts such as professional services, meals and travel expenses.

Volatility in Stock-Based Compensation

The volatility is based on historical volatilities of companies in comparable stages as well as the historical volatility of companies in the industry and, by statistical analysis of the daily share-pricing model. The volatility of stock-based compensation at any point in time is based on historical volatility of similar companies in the industry for the last two to five years.

Off-Balance Sheet Arrangements

We have no off-balance sheet arrangements that have or are reasonably likely to have a material current or future effect on our financial condition, changes in financial condition, revenue or expenses, results of operations, liquidity, capital expenditures, or capital resources.

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

Because we are a smaller reporting company, we are not required to provide the information called for by this Item.

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

The information called for by Item 8 is included beginning on page F-1 contained in this Annual Report on Form 10-K.

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE

None.

ITEM 9A. CONTROLS AND PROCEDURES

Evaluation of Disclosure Controls and Procedures

We maintain disclosure controls and procedures (as that term is defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) that are designed to ensure that information required to be disclosed in our reports under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosures. In designing disclosure controls and procedures, our management necessarily was required to apply its judgment in evaluating the cost-benefit relationship of possible disclosure controls and procedures. The design of any disclosure controls and procedures also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Any controls and procedures, no matter how well designed and operated, can provide only reasonable, not absolute, assurance of achieving the desired control objectives.

Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of the design and operation of our disclosure controls and procedures as of the end of the period covered by this report. Based upon that evaluation and subject to the foregoing, our Chief Executive Officer and Chief Financial Officer concluded that, our disclosure controls and procedures were not effective due to the material weaknesses in internal control over financial reporting described below.

Management’s Report on Internal Control over Financial Reporting

Our management is responsible for establishing and maintaining adequate internal control over financial reporting. Our internal control over financial reporting is a process designed under the supervision of its principal executive and principal financial officers and effected by our Board of Directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of its consolidated financial statements for external reporting purposes in accordance with U.S. generally accepted accounting principles.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. In addition, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with the policies or procedures may deteriorate.

Material Weakness in Internal Control over Financial Reporting

Our management assessed the effectiveness of our internal control over financial reporting as of December 31, 2021 based on the framework established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on this assessment, management has determined that our internal control over financial reporting as of December 31, 2021 was not effective.

A material weakness, as defined in the standards established by the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.

The ineffectiveness of our internal control over financial reporting was due to the following material weaknesses which are indicative of many small companies with small number of staff:

Management’s Plan to Remediate the Material Weakness

Our management plans to implement measures designed to ensure that control deficiencies contributing to the material weakness are remediated, such that these controls are designed, implemented, and operating effectively. The remediation actions planned include:

Our management will continue to monitor and evaluate the relevance of our risk-based approach and the effectiveness of our internal controls and procedures over financial reporting on an ongoing basis and is committed to taking further action and implementing additional enhancements or improvements, as necessary and as funds allow.

This annual report does not include an attestation report of our registered public accounting firm regarding internal control over financial reporting. Our management’s report was not subject to attestation by our registered public accounting firm pursuant to rules of the SEC that permit us to provide only management’s report in this Annual Report on Form 10-K, which may increase the risk that weaknesses or deficiencies in our internal control over financial reporting go undetected.

Changes in Internal Control Over Financial Reporting

There have been no changes in our internal control over financial reporting (as defined in Rule 13a-15(f) and 15d-15(f) under the Exchange Act) during the quarter ended December 31, 2021 that have materially affected, or that are reasonably likely to materially affect, our internal control over financial reporting. During the year ended December 31, 2021, report, we have hired additional finance and accounting staff that we expect will positively impact our segregation of duties in the coming quarters. In addition, we have established an audit committee in the first quarter of 2021.

ITEM 9B. OTHER INFORMATION

None.

ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS.

Not applicable.

PART III

ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE

The following table sets forth certain information regarding our Directors and Executive Officers. The age of each Director and Executive Officer listed below is given as of April 13, 2022.

Our Executive Officers

David G. Jemmett – Chief Executive Officer and Director

Mr. Jemmett has served as our Chief Executive Officer and a director of our company since our formation in March 2019. He also founded GenResults in June 2015, which we subsequently acquired in April 2019. From January 2014 to December 2014, Mr. Jemmett served as Chief Executive Officer of NantCloud, LLC, a provider of secure cloud-hosted applications for healthcare customers, and Chief Technology Officer of NantWorks, LLC, a parent company for the “Nant” family of companies. From 2005 to 2013, Mr. Jemmett served as founder and Chief Executive Officer of ClearDATA Networks Corporation, a HIPAA compliant hosting company specializing in healthcare. He has been a guest speaker on CBS, CNN, MSNBC and CSPAN, and has spoken before the U.S. Senate Subcommittee on Telecommunications and Internet Security regarding internet technologies in 1998.

We believe Mr. Jemmett is qualified to serve as a director of our company due to his extensive business background, his experience in the cybersecurity industry, and his significant equity ownership in our company.

Rory V. Sanchez - President

Mr. Sanchez has served as our President since February 2022. Since March 2018, he has served as Chief Executive Officer of True Digital, an entity which we acquired in January 2022. Prior to that, from March 2000 to February 2018, Mr. Sanchez was Chief Executive Officer and President of SLPowers, the predecessor company to True Digital, a managed cybersecurity and compliance provider that helps organizations manage risk and compliance.

David A. Bennett – Chief Operating Officer

Mr. Bennett has served as our Chief Operating Officer since February 2022. From August 2021 to February 2022, he served as Chief Product Officer at Experian Health, a leader in healthcare revenue cycle solutions and digital health. From October 2020 to August 2021, Mr. Bennett served as Senior Vice President, Product at Gainwell Technologies, a leader in Medicaid management systems and payer analytics. From March 2018 to October 2020, Mr. Bennett served as Vice President, Global Build Healthcare & Life Sciences at DXC Technologies, which is an information technology services and consulting company. From November 2013 to March 2018, Mr. Bennett served as Executive Vice President, Product & Strategy for Orion Health, a software company that is a leader in health information exchanges, digital health, and healthcare analytics. He also serves on the Grand Canyon University President’s STEM Advisory Board. Mr. Bennett received a degree in Computer Information Science from DeVry University in 1985.

Debra L. Smith – Chief Financial Officer

Ms. Smith has served as our Chief Financial Officer since June 2021. Ms. Smith served as our Executive Vice President of Finance and Accounting from February 2021 to June 2021. Prior to joining our company, Ms. Smith served as Executive Vice President of Finance at Arrivia Inc. from January 2020 to February 2021 and Controller and, subsequently, Chief Accounting Officer at BeyondTrust from October 2016 to January 2020. Ms. Smith received a Bachelor of Science degree in Accounting, Summa Cum Laude, from DeVry University and a Master’s degree in Counseling with Honors from Argosy University.

Ashley N. Devoto – Chief Information Security Officer and Director

Ms. Devoto has served as our Chief Information Security Officer and a director of our company since March 2022. Ms. Devoto has served in various roles at Booz Allen Hamilton, a U.S.-based government contractor, from June 2018 to March 2022, most recently serving as its Chief Information Security Officer. From April 2017 to June 2018, Ms. Devoto served as Business Information Security officer for Bank of America, a financial services company. Ms. Devoto has served in the U.S. Air Force Cyberspace Operations since March 2010, and she served as defensive cyber operations planner at 24th Air Force and NORAD/USNORTHCOM. Ms. Devoto continues to serve in a reserve capacity by leading strategic cyber force development initiatives in her current assignment at the Pentagon. Ms. Devoto holds a bachelor’s degree in Computer Engineering from Vanderbilt University and a master’s degree in Engineering Management from Southern Methodist University.

We believe Ms. Devoto is qualified for service as a director of our company due to her cybersecurity experience, as well as her extensive experience across military, financial services, and professional services organizations.

Our Directors

Stephen H. Scott, Jr. – Director

Mr. Scott has served as a founder and director of our company since April 2019. Mr. Scott has been a Partner with Advisor ID (formerly BRI Partners), a financial services technology firm, since 2016. Mr. Scott was Managing Director of Longboard Asset Management from 2016 to 2017. From 2009 to 2016, Mr. Scott was at Van Eck Global, where he served as the Co-Head of the Alternatives Committee and as portfolio manager. Mr. Scott has founded and managed several investment partnerships focused on both private and public investment strategies since 1995. Mr. Scott holds a Bachelor of Science in 1991 from the University of Florida.

Mr. Scott is qualified for service as a director of our company due to his background in both the financial services and technology industries.

Ret. General Robert C. Oaks – Director

Ret. General Oaks has served as a director of our company since May 2019. He is a retired U.S. Air Force general who served as commander in chief of the U.S. Air Forces in Europe, and commander, Allied Air Forces Central Europe, with headquarters at Ramstein Air Base, Germany. He retired as a four-star General and Commander and Chief of U.S. Air Forces Europe and NATO Central Europe in 1994 after serving 34 years. Following his retirement, Ret. General Oaks was employed at U.S. Airways as Senior Vice President from 1994 to 2000. In 2000, Oaks resigned from this position when he was called to serve the LDS Church, where he served until 2009, when he was released as a general authority. He earned a Bachelor of Science degree in Military Science from the U.S. Air Force Academy and a Master’s degree in Business Administration from Ohio State University prior to graduating from the Naval War College. Ret. General Oaks currently serves as the official Liaison for the Church of Jesus Christ to the U.S. Armed Forces.

We believe Ret. General Oaks is qualified for service as a director of our company due to his experience with national security issues, including cybersecurity, through his extensive military service.

R. Scott Holbrook – Director

Mr. Holbrook has served as a director of our company since May 2019. Since 2013, Mr. Holbrook has been a Principal at Mountain Summit Advisors, a specialty firm focused on mergers and acquisitions of primarily healthcare technology and services companies, and a strategic advisor to Health Catalyst, a company focused on data analytics and warehousing primarily in healthcare. He served as the Executive Vice President of Medicity, a population health management company with solutions for health information exchange, business intelligence, and provider and patient engagement, from 2002 to 2013. In 1998, Mr. Holbrook founded KLAS where he remains as a board member. He has served in executive positions at IHC, GTE, Sunquest Information Systems, Integrated Medical Networks and is a founder of Park City Solutions. Mr. Holbrook is a HIMSS Fellow. He holds a Master of Science from Utah State University and a Bachelor of Science from Brigham Young University.

We believe Mr. Holbrook is qualified for service as a director of our company as a result of his significant experience in the healthcare technology sector.

Andrew K. McCain – Director

Mr. McCain has served as a director of our company since May 2019. He has served as the President and Chief Operating Officer for Hensley Beverage Company since 2014. He is a board member of the Arizona Super Bowl Host Committee, the Arizona 2016 College Football Championship Local Organizing Committee, Chairman of Hensley Employee Foundation, and a Patrons Committee member of United Methodist Outreach Ministries’ New Day Centers. He is past Chairman of the Board of the Fiesta Bowl, past Chairman of the Anheuser-Busch National Wholesaler Advisory Panel, and past Chairman of the Greater Phoenix Chamber of Commerce. Mr. McCain received his Bachelor of Arts in Mathematics in 1984 and an MBA in 1986 from Vanderbilt University.

We believe Mr. McCain is qualified for service as a director of our company due to his significant business experience and leadership.

Ernst M. (Kiki) VanDeWeghe, III – Director

Mr. VanDeWeghe has served as a director of our company since May 2021. He has served as the Executive Vice President, Basketball Operations of the National Basketball Association since 2013. Prior to that, Mr. VanDeWeghe was the general manager of the Denver Nuggets and the New Jersey Nets and a head coach of the New Jersey Nets. Prior to that he played professionally for the Los Angeles Clippers, New York Knicks, Portland Trail Blazers, and the Denver Nuggets. Mr. VanDeWeghe attended UCLA where he received a degree in Economics.

We believe Mr. VanDeWeghe is qualified for service as a director of our company due to his business acumen and experience as an organizational leader.

Board Constitution

Our Board of Directors currently consists of seven members. All directors hold office until the next annual meeting of stockholders. At each annual meeting of stockholders, the successors to directors whose terms then expire are elected to serve from the time of election and qualification until the next annual meeting following election.

Director Independence

Our Board of Directors is comprised of a majority of independent directors, as “independence,” is defined by the listing standards of The Nasdaq Stock Market and by the SEC. Our Board of Directors has concluded that each of Messrs. Oaks, Holbrook, McCain, and Mr. VanDeWeghe are “independent”, having concluded that any relationship between such director and our company, in its opinion, does not interfere with the exercise of independent judgment in carrying out the responsibilities of a director. Mr. Jemmett and Ms. Devoto are employee directors. Mr. Scott is considered independent as he has served as a founder and director of our company since April 2019. Sandra D. Morgan served on our Board of Directors in fiscal 2021 and resigned in March 2022. Ms. Morgan was independent director.

Board Committees

Our Board of Directors has three standing committees: the Audit Committee, the Compensation Committee, and Governance and Nominating Committee.

Audit Committee

The Audit Committee of our Board of Directors was established in accordance with Rule 10A-3 promulgated under the Exchange Act. The current members of our Audit Committee are Messrs. McCain, Holbrook, and VanDeWeghe with Mr. McCain serving as the chair. Ms. Morgan served on the Audit Committee during fiscal 2021 but resigned from our Board of Directors in March 2022. Mr. VanDeWeghe was appointed to the Audit Committee in March 2022 following Ms. Morgan’s resignation. Each member of the Audit Committee meets the independence and other requirements to serve on our Audit Committee under The Nasdaq Stock Market Rules and the rules of the SEC. In addition, our Board of Directors determined that each of Messrs. McCain and Holbrook and Ms. Morgan is considered an “audit committee financial expert” as defined in the rules of the SEC.

The Audit Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Audit Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at www.cerberussentinel.com/charter-of- the-audit-committee. The principal functions of the Audit Committee are to oversee our accounting and financial reporting processes and the audits of our consolidated financial statements; oversee our relationship with our independent auditors, including selecting, evaluating, and setting the compensation of, and approving all audit and non-audit services to be performed by the independent auditors; and facilitate communication among our independent auditors and our financial and senior management.

Compensation Committee

We have a standing Compensation Committee of our Board of Directors. The members of our Compensation Committee are Messrs. Holbrook, VanDeWeghe, and McCain with Mr. Holbrook serving as the chair. Each member of the Compensation Committee meets the independence and other requirements to serve on our Compensation Committee under The Nasdaq Stock Market Rules and the rules of the SEC.

The Compensation Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Compensation Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at www.cerberussentinel.com/charter-of-the-compensation-committee. The Compensation Committee has responsibilities relating to the performance evaluation and the compensation of our Chief Executive Officer; the compensation of our executive officers and directors; and our significant compensation arrangements, plans, policies, and programs, including our stock compensation plans. Certain of our executive officers, our outside counsel, and consultants may occasionally attend the meetings of the Compensation Committee. However, no officer of our company is present during discussions or deliberations regarding that officer’s own compensation.

Governance and Nominating Committee

We have a standing Governance and Nominating Committee of our Board of Directors. The current members of our Governance and Nominating Committee are Messrs. Oaks, Holbrook and VanDeWeghe with Mr. VanDeWeghe serving as the chair. Ms. Morgan serve on the Governance and Nominating Committee during fiscal 2021 but resigned from our Board of Directors in March 2022. Mr. VanDeWeghe was appointed to the Governance and Nominating Committee in March 2022 following Ms. Morgan’s resignation. Each of Messrs. Oaks, Holbrook, VanDeWeghe and Ms. Morgan meets the independence and other requirements to serve on our Governance and Nominating Committee under The Nasdaq Stock Market Rules and the rules of the SEC.

The Governance and Nominating Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Governance and Nominating Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at https://www.cerberussentinel.com/investor-relations/charter-of-the-nominating-and-corporate-governance-committee. The Governance and Nominating Committee considers the performance of the members of our Board of Directors and nominees for director positions and evaluates and oversees corporate governance and related issues.

The goal of the Governance and Nominating Committee is to ensure that our directors possess a variety of perspectives and skills derived from high-quality business and professional experience. The Governance and Nominating Committee seeks to achieve a balance of knowledge, experience, and capability on our Board of Directors. To this end, the Governance and Nominating Committee seeks nominees with the highest professional and personal ethics and values, an understanding of our business and industry, diversity of business experience and expertise, a high level of education, broad-based business acumen, and the ability to think strategically. Although the Governance and Nominating Committee uses these and other criteria to evaluate potential nominees to our Board of Directors, it has no stated minimum criteria for such nominees. The Governance and Nominating Committee does not use different standards to evaluate nominees depending on whether they are proposed by our directors and management or by our stockholders. To date, we have not paid any third parties to assist us in this process.

Code of Ethics

We have adopted a Code of Ethics and Business Conduct (“Code of Ethics”) that sets forth various policies and procedures to promote ethical behavior and that applies to all our directors, officers and employees. The Code of Ethics is publicly available on our website at www.cerberussentinel.com. Amendments to the Code of Ethics and any grant of a waiver from a provision of the Code of Ethics requiring disclosure under applicable SEC rules will be disclosed on our website.

Delinquent Section 16(a) Reports

Section 16(a) of the Exchange Act, requires officers and directors of our company and persons who beneficially own more than 10% of a registered class of our company’s equity securities to file initial statements of beneficial ownership of common stock (Form 3) and statements of changes in beneficial ownership of common stock (Forms 4 or 5) with the SEC. Officers, directors, and greater than 10% stockholders are required by SEC regulations to furnish us with copies of all such forms they file.

During fiscal 2021, each of Ms. Smith and Messrs. Jemmett, Scott, Oaks, Holbrook, McCain and VanDeWeghe failed to file all reports which were required to be filed pursuant to Section 16(a) of the Exchange Act.

ITEM 11. EXECUTIVE COMPENSATION

The following table shows the total compensation paid or accrued during the years ended December 31, 2021 and 2020 to our Chief Executive Officer, our next two most highly compensated executive officers who were serving as executive officers on December 31, 2021 and one additional individual who served as an executive officer during the year ended December 31, 2021 but was not serving as an executive officer on December 31, 2021 (our “named executive officers”).

Summary Compensation Table

Outstanding Equity Awards as of December 31, 2021

The following table summarizes the outstanding equity awards held by each named executive officer as of December 31, 2021.

Employment Agreements with our Named Executive Officers

David G. Jemmett

On September 30, 2019, we entered into an employment agreement with Mr. Jemmett to serve as our Chief Executive Officer (the “Jemmett Employment Agreement”). The Jemmett Employment Agreement is evergreen and can be terminated by either party. Pursuant to the Jemmett Employment Agreement, Mr. Jemmett earned an initial annual base salary of $225,000, which was increased to an annual base salary of $250,000 upon our common stock becoming quoted on the OTC Markets. Mr. Jemmett’s base salary may be increased in accordance with our normal compensation and performance review policies. He is entitled to receive a discretionary annual bonus of up to 100% of his annual base salary, at the discretion of our Board of Directors, based on performance and our objectives. Subject to approval by our Board of Directors, Mr. Jemmett is entitled to additional stock options under our 2019 Equity Incentive Plan. The stock options will vest at 33% on the one-year anniversary of the Jemmett Employment Agreement and the remaining 66% of the options will vest monthly over the next 12 months. As of December 31, 2021, our Board of Directors had not approved or granted any stock options to Mr. Jemmett. On July 31, 2021, a bonus of $90,213 was accrued for Mr. Jemmett and subsequently paid on February 15, 2022. Mr. Jemmett is also eligible to participate in our standard benefit plans.

William Santos

On May 15, 2019, we entered into an employment agreement with Mr. Santos to serve as our Chief Operating Officer (the “Santos Employment Agreement”). The Santos Employment Agreement is evergreen and could be terminated by either party. Pursuant to the Santos Employment Agreement, as amended, Mr. Santos earned an initial base annual salary of $225,000, with an annual guaranteed bonus of $15,000, which could be increased to an annual base salary of $245,000 upon our company achieving gross annual revenue of $20,000,000 in any calendar year and an increase to an annual base salary of $300,000 upon our company achieving gross annual revenue of $40,000,000 in any calendar year. Mr. Santos was entitled to receive a discretionary annual bonus of up to 100% of his annual base salary, at the discretion of our Board of Directors, based on performance and company objectives. Subject to approval by our Board of Directors, Mr. Santos was entitled to stock options to purchase 3,000,000 shares of our common stock under our 2019 Equity Incentive Plan. Mr. Santos was also eligible to participate in our standard benefit plans. Mr. Santos resigned on July 16, 2021 in connection with his resignation, he received a portion of his guaranteed bonus, or $7,500, and a severance payment of $28,125.

Bryce Hancock

On December 14, 2020, we entered into an employment agreement with Mr. Hancock to serve as our Chief Operating Officer (the “Hancock Employment Agreement”). The Hancock Employment Agreement was evergreen and could be terminated by either party. Pursuant to the Hancock Employment Agreement, Mr. Hancock earned an initial base annual salary of $225,000, which could be increased at the discretion of our Board of Directors. Mr. Hancock was also eligible to participate in our standard benefit plans. Mr. Hancock resigned on February 15, 2022.

Debra L. Smith

On December 31, 2020, we entered into an employment agreement with Ms. Smith to serve as our Executive Vice President of Finance, effective as of February 1, 2021 (the “Smith Employment Agreement”). Pursuant to the Smith Employment Agreement, Ms. Smith earns an initial base annual salary of $200,000, with an increase upon our listing to a national exchange, subject to approval by the Company’s Board of Directors, a guaranteed bonus of $60,000 to be paid quarterly, and an additional $60,000 at the end of each fiscal year at the discretion of our Board of Directors. Ms. Smith is also eligible to participate in our standard benefit plans. On June 18, 2021, we appointed Ms. Smith to serve as Chief Financial Officer. The terms of the original Smith Employment Agreement remained in force.

Director Compensation^[2]

The following table sets forth for each director certain information concerning their compensation for the year ended December 31, 2021:

Notes:

2 Note to CISO: An introductory paragraph should be added summarizing director compensation (e.g., whether they receive, options, cash, etc. or whether they receive an initial grant upon appointment and then yearly thereafter). Issuer confirmed that there is no commitment or expectation, so no policy in place and is essentially random.

ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS

The following table sets forth certain information with respect to the beneficial ownership of our common stock as of April 13, 2022 for (a) the named executive officers, (b) each of our directors, (c) all of our current directors and executive officers as a group and (d) each stockholder known by us to own beneficially more than 5% of our common stock. Beneficial ownership is determined in accordance with the rules of the SEC and includes voting or investment power with respect to the securities. We deem shares of common stock that may be acquired by an individual or group within 60 days of April 13, 2022 pursuant to the exercise of options or warrants to be outstanding for the purpose of computing the percentage ownership of such individual or group but are not deemed to be outstanding for the purpose of computing the percentage ownership of any other person shown in the table. Except as indicated in footnotes to this table, we believe that the stockholders named in this table have sole voting and investment power with respect to all shares of common stock shown to be beneficially owned by them based on information provided to us by these stockholders. Percentage of ownership is based on 136,719,649 shares of common stock outstanding on April 13, 2022.

Security Ownership of Certain Beneficial Holders

Security Ownership of Directors and Executive Officers

Notes:

Securities Authorized for Issuance Under Existing Equity Compensation Plan

The following table summarizes certain information regarding our equity compensation plan as of December 31, 2021:

ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE

Transactions with Related Persons

Except as set out below, during the year ended December 31, 2021, there were no transactions, or currently proposed transactions, in which we were or are to be a participant and the amount involved exceeds the lesser of $120,000 or one percent of the average of our total assets at year-end for the last two completed fiscal years, and in which any of the following persons had or will have a direct or indirect material interest:

Note Payable with Jemmett Enterprises, LLC

On December 31, 2018, GenResults entered into an unsecured note payable with Jemmett Enterprises, LLC, an entity affiliated with Mr. Jemmett, Chief Executive Officer and Director, and majority stockholder of our company, for a principal amount of $200,000. The note had an original maturity date of June 30, 2020 and had an interest rate of 6% per annum. On June 29, 2020, the note payable was extended to July 30, 2021. During the year ended December 31, 2021 and 2020, we made cash payments of $59,787 and $50,000, respectively, under the note. The outstanding principal balance of this loan was zero and $59,787 as of December 31, 2021 and 2020, respectively.

Note Payable with Hensley & Company

On December 23, 2020, we issued a 6% unsecured convertible note to Hensley & Company (the “Lender”), in consideration of the Lender lending us $3,000,000 (the “Principal Amount”). The Principal Amount, together with accrued and unpaid interest, was due on December 31, 2021 (the “Maturity Date”), with no prepayment option. Interest was calculated at 6% per annum (based on a 360-day year) and was payable monthly. The Maturity Date was extendable at our election to December 31, 2022. At any time prior to or on the Maturity Date, the Lender was permitted to convert all or any portion of the outstanding Principal Amount and all accrued but unpaid interest thereon into shares of our common stock at a conversion price of $2.00 per share. During the years ended December 31, 2021 and 2020, we paid the Lender interest payments of $182,500 and zero, respectively. On December 31, 2021, the Lender converted the total Principal Amount under the note into 1,500,000 shares of common stock of our company. Mr. McCain, a Director of our company, is President and Chief Operating Officer of the Lender.

Sale of Common Stock to Hensley & Company

On September 22, 2020, we issued 250,000 shares of common stock to Hensley & Company, an entity affiliated with Mr. McCain, a Director of our company, for a purchase price of $2.00 per share, or aggregate cash proceeds of $500,000.

Director Independence

See “Directors, Executive Officers and Corporate Governance – Director Independence” and “Directors, Executive Officers and Corporate Governance – Board Committees” in Item 10 above.

ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES

Our Audit Committee has appointed Semple, Marchal & Cooper, LLP (“SMC”) as our independent registered public accounting firm (the “Independent Auditor”) for the year ended December 31, 2021. The following table sets forth the fees billed to our company for professional services rendered by SMC for the years ended December 31, 2021 and 2020:

Pre-Approval Policies and Procedures

The charter of our Audit Committee provides that the authority and responsibilities of our Audit Committee include the pre-approval of all audit and permitted non-audit and tax services that may be provided by our independent auditors or other registered public accounting firms, and the establishment of policies and procedures for the Audit Committee’s pre-approval of permitted services by our independent auditors or other registered public accounting firms on an on-going basis.

For audit services, each year our independent auditor provides our Audit Committee with an engagement letter outlining the scope of the audit services proposed to be performed during the year, which must be formally accepted by our Audit Committee before the audit commences prior to engagement of an independent auditor for next year’s audit, management will submit an aggregate of services expected to be rendered during that year for each of three categories of services to our Audit Committee for approval.

PART IV

ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES^[1]

(a) The following documents are filed as a part of the report:

(1) For a list of the financial statements included herein, see the index to the financial statements beginning on page F-1 of this Annual Report on Form 10-K, incorporated into this Item by reference.

(2) Financial statement schedules have been omitted because they are either not required or not applicable or the information is included in the consolidated financial statements or the notes thereto.

(b) Exhibits.

³ Note to CISO: To be discussed if any agreements are completed with no further obligations.

Material leases for real property should as also be filed as exhibits. [Note to CISO/Eventus: Can you please confirm if there are material leases for real property that should be included as exhibits?]