Exhibit 99.2
|March 2021 Company Overview
|Disclaimer This investor presentation (this “Presentation”) is for informational purposes only to assist interested parties in making their own evaluation with respect to the proposed business combination (the “Business Combination”) between Tailwind Acquisition Corp. (“Tailwind”) and QOMPLX, Inc. (the “Company”). The information contained herein does not purport to be all-inclusive and none of Tailwind, the Company or their respective affiliates or representatives makes any representation or warranty, express or implied, as to the accuracy, completeness or reliability of the information contained in this Presentation. This Presentation does not constitute (i) a solicitation of a proxy, consent or authorization with respect to any securities or in respect of the proposed Business Combination or (ii) an offer to sell, a solicitation of an offer to buy, or a recommendation to purchase any security of Tailwind, the Company, or any of their respective affiliates. You should not construe the contents of this Presentation as legal, tax, accounting or investment advice or a recommendation. You should consult your own counsel and tax and financial advisors as to legal and related matters concerning the matters described herein, and, by accepting this Presentation, you confirm that you are not relying upon the information contained herein to make any decision. The distribution of this Presentation may also be restricted by law and persons into whose possession this Presentation comes should inform themselves about and observe any such restrictions. The recipient acknowledges that it is (a) aware that the United States securities laws prohibit any person who has material, non-public information concerning a company from purchasing or selling securities of such company or from communicating such information to any other person under circumstances in which it is reasonably foreseeable that such person is likely to purchase or sell such securities, and (b) familiar with the Securities Exchange Act of 1934, as amended, and the rules and regulations promulgated thereunder (collectively, the "Exchange Act"), and that the recipient will neither use, nor cause any third party to use, this Presentation or any information contained herein in contravention of the Exchange Act, including, without limitation, Rule 10b-5 thereunder. This Presentation and information contained herein constitutes confidential information and is provided to you on the condition that you agree that you will hold it in strict confidence and not reproduce, disclose, forward or distribute it in whole or in part without the prior written consent of Tailwind and the Company and is intended for the recipient hereof only. Forward-Looking Statements Certain statements in this Presentation may be considered forward-looking statements. Forward-looking statements generally relate to future events or Tailwind’s or the Company’s future financial or operating performance. For example, projections of future Adjusted EBITDA, Adjusted Gross Profit and other metrics are forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as “may”, “should”, “expect”, “intend”, “will”, “estimate”, “anticipate”, “believe”, “predict”, “potential” or “continue”, or the negatives of these terms or variations of them or similar terminology. Such forward-looking statements are subject to risks, uncertainties, and other factors which could cause actual results to differ materially from those expressed or implied by such forward looking statements. These forward-looking statements are based upon estimates and assumptions that, while considered reasonable by Tailwind and its management, and the Company and its management, as the case may be, are inherently uncertain. Factors that may cause actual results to differ materially from current expectations include, but are not limited to: (1 the occurrence of any event, change or other circumstances that could give rise to the termination of negotiations and any subsequent definitive agreements with respect to the Business Combination; 2 the outcome of any legal proceedings that may be instituted against Tailwind, the combined company or others following the announcement of the Business Combination and any definitive agreements with respect thereto; 3 the inability to complete the Business Combination due to the failure to obtain approval of the shareholders of Tailwind, to obtain financing to complete the Business Combination or to satisfy other conditions to closing; 4 changes to the proposed structure of the Business Combination that may be required or appropriate as a result of applicable laws or regulations or as a condition to obtaining regulatory approval of the Business Combination; 5 the ability to meet stock exchange listing standards following the consummation of the Business Combination; 6 the risk that the Business Combination disrupts current plans and operations of the Company as a result of the announcement and consummation of the Business Combination; 7 the ability to recognize the anticipated benefits of the Business Combination, which may be affected by, among other things, competition, the ability of the combined company to grow and manage growth profitably, maintain relationships with customers and suppliers and retain its management and key employees; 8 costs related to the Business Combination; 9 changes in applicable laws or regulations; 10 the possibility that the Company or the combined company may be adversely affected by other economic, business, and/or competitive factors; 11 the inability of the Company to execute and complete the acquisitions of Sentar and Tyche and realize the expected benefits of those acquisitions within the time periods expected for any reason; 12 inaccuracies for any reason in the estimates of expenses and profitability and projected financial information for the Company, Hyperion Gray, Sentar and Tyche; and 13 other risks and uncertainties set forth in the section entitled “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements” in Tailwind’s final prospectus relating to its initial public offering dated September 3, 2020. Nothing in this Presentation should be regarded as a representation by any person that the forward-looking statements set forth herein will be achieved or that any of the contemplated results of such forward-looking statements will be achieved. You should not place undue reliance on forward-looking statements, which speak only as of the date they are made. Neither Tailwind nor the Company undertakes any duty to update these forward-looking statements. Non-GAAP Financial Measures This Presentation includes certain financial measures not presented in accordance with generally accepted accounting principles (“GAAP”) including, but not limited to, Adjusted EBITDA and Adjusted Gross Profit. These non-GAAP financial measures are not measures of financial performance in accordance with GAAP and may exclude items that are significant in understanding and assessing the Company’s financial results. Therefore, these measures should not be considered in isolation or as an alternative to net income, cash flows from operations or other measures of profitability, liquidity or performance under GAAP. You should be aware that the Company’s presentation of these measures may not be comparable to similarly-titled measures used by other companies. 1
|Disclaimer (Cont’d) The Company believes these non-GAAP measures of financial results provide useful information to management and investors regarding certain financial and business trends relating to the Company’s financial condition and results of operations. The Company believes that the use of these non-GAAP financial measures provides an additional tool for investors to use in evaluating ongoing operating results and trends in and in comparing the Company’s financial measures with other similar companies, many of which present similar non-GAAP financial measures to investors. These non-GAAP financial measures are subject to inherent limitations as they reflect the exercise of judgments by management about which expense and income are excluded or included in determining these non-GAAP financial measures. Please refer to footnotes where presented on each page of this Presentation or to the appendix found at the end of this presentation for a reconciliation of these measures to what the Company believes are the most directly comparable measure evaluated in accordance with GAAP. This Presentation also includes certain projections of non-GAAP financial measures. Due to the high variability and difficulty in making accurate forecasts and projections of some of the information excluded from these projected measures, together with some of the excluded information not being ascertainable or accessible, the Company is unable to quantify certain amounts that would be required to be included in the most directly comparable GAAP financial measures without unreasonable effort. Consequently, no disclosure of estimated comparable GAAP measures is included and no reconciliation of the forward-looking non-GAAP financial measures is included. Use of Projections This Presentation contains financial forecasts with respect to the Company’s projected financial results for the Company's fiscal years 2020 through 2024. Further, certain of these projected financial results give pro forma effect to the Company’s acquisition of Hyperion Gray and its proposed acquisitions of Sentar and Tyche. The Company's independent auditors have not audited, reviewed, compiled or performed any procedures with respect to the projections for the purpose of their inclusion in this Presentation, and accordingly, they did not express an opinion or provide any other form of assurance with respect thereto for the purpose of this Presentation. These projections should not be relied upon as being necessarily indicative of future results. The assumptions and estimates underlying the prospective financial information are inherently uncertain and are subject to a wide variety of significant business, economic and competitive risks and uncertainties that could cause actual results to differ materially from those contained in the prospective financial information. Accordingly, there can be no assurance that the prospective results are indicative of the future performance of the Company, on a stand alone or a pro forma basis for its acquisitions of Sentar, Tyche and Hyperion Gray, or that actual results will not differ materially from those presented in the prospective financial information. Inclusion of the prospective financial information in this Presentation should not be regarded as a representation by any person that the results contained in the prospective financial information will be achieved. Industry and Market Data In this Presentation, Tailwind and the Company rely on and refer to certain information and statistics obtained from third-party sources which they believe to be reliable. Neither Tailwind nor the Company has independently verified the accuracy or completeness of any such third-party information. Additional Information Tailwind intends to file with the SEC a Registration Statement containing a proxy statement/prospectus relating to the proposed Business Combination, which will be mailed to its shareholders once definitive. This Presentation does not contain all the information that should be considered concerning the proposed Business Combination and is not intended to form the basis of any investment decision or any other decision in respect of the Business Combination. Tailwind’s shareholders and other interested persons are advised to read, when available, the preliminary proxy statement/prospectus and the amendments thereto and the definitive proxy statement/prospectus and other documents filed in connection with the proposed Business Combination, as these materials will contain important information about the Company, Tailwind and the Business Combination. When available, the definitive proxy statement/prospectus and other relevant materials for the proposed Business Combination will be mailed to shareholders of Tailwind as of a record date to be established for voting on the proposed Business Combination. Shareholders will also be able to obtain copies of the preliminary proxy statement/prospectus, the definitive proxy statement/prospectus and other documents filed with the SEC, without charge, once available, at the SEC’s website at www.sec.gov, or by directing a request to: Tailwind Acquisition Corp., 1545 Courtney Avenue, Los Angeles, California. Participants in the Solicitation Tailwind and its directors and executive officers may be deemed participants in the solicitation of proxies from Tailwind’s shareholders with respect to the proposed Business Combination. A list of the names of those directors and executive officers and a description of their interests in Tailwind is contained in Tailwind’s final prospectus relating to its initial public offering dated September 3, 2020, which was filed with the SEC and is available free of charge at the SEC’s web site at www.sec.gov, or by directing a request to Tailwind Acquisition Corp., 1545 Courtney Avenue, Los Angeles, California. Additional information regarding the interests of such participants will be contained in the proxy statement/prospectus for the proposed Business Combination when available. The Company and its directors and executive officers may also be deemed to be participants in the solicitation of proxies from the shareholders of Tailwind in connection with the proposed Business Combination. A list of the names of such directors and executive officers and information regarding their interests in the proposed Business Combination will be included in the proxy statement/prospectus for the proposed Business Combination when available. Trademarks This Presentation contains trademarks, service marks, trade names and copyrights of Tailwind, the Company and other companies, which are the property of their respective owners. 2
|Overview of Tailwind Acquisition Corp. Tailwind At A Glance Purpose-built to support visionary founders Approximately $334M held in trust Key Differentiators Built by founders and operators for founders and operators Significant track record of scaling public and private companies QOMPLX Is An Ideal Partner For Tailwind Meeting Our Key Acquisition Criteria Differentiated & High Growth Large & Growing TAM Long-Term Customer Relationships Substantial Upside Compared to Peers Best-in-Class Management Team Mission Critical, Embedded Solutions Management Board of Directors Chris Hollod CEO Founder and Managing Partner of Hollod Holdings Philip Krim Chairman Co-Founder and CEO of Casper Sleep (NYSE: CSPR) Alan Sheriff Director Vice Chairman of Institutional and Corporate Banking, PNC Financial Services Group; Co-Founder and former Co-CEO of Solebury Capital Will Quist Director Partner at Slow Ventures Wisdom Lu Director Founding Partner of Stibel & Co. and Bryant Stibel Matt Eby CFO Co-Founder and Managing Partner of Tengram Capital Partners Former President at Expedia Group (NYSE:EXPE) 3
|Transaction Summary($Millions) Pro Forma Valuation QOMPLX Illustrative Share Price$10 (6) Equity Value1,448 ▪Net Debt 6$274 Enterprise Value$1,173 TEV / 2021E Revenue ($141M TEV / 2022E Revenue ($210M 8.3x 5.6x Source of Funds Uses of Funds Pro Forma Ownership % @ $10 / Share (5) Cash Held in Trust2$334 QOMPLX Equityholder Consideration1$850 ■ Issuance of Tailwind Equity1 850 Est. Transaction Fees & Expenses40 Acquisition of Sentar & Tyche4200 PIPE Investors 3130■ Total Uses$1,364 Total Sources$1,364 4
|Today’s Presenters Risk and cybersecurity specialist, author, inventor; co-founder of QOMPLX in 2015 Previously Special Advisor to Commanding General US Army Cyber Command after serving as Ranger qualified infantry officer in Afghanistan B.S. in Engineering from U.S. Military Academy at West Point, First Captain and Brigade Commander of the Corps of Cadets Rhodes Scholar with graduate research degree from the University of Oxford in AI-driven engineering design and optimization Supports go-to-market executive team members MBA from the Wharton School of the University of Pennsylvania Previously ran business operations, implemented data analytics and led financial management activities within the Department of Defense Joined QOMPLX after retiring as a Major General over a 32-year career in the U.S. Army 5
|Category-Deﬁning Cloud Platforms 1995 2004 2005 2011 2015 As data gets cheaper, attention gets more expensive - is an effective filter and lens through which to view critical decisions. 6
|Introduction to QOMPLX Who We Are The cloud-native leader in risk analytics What We Do We help organizations make intelligent business decisions and better manage risk through our advanced, proprietary analytics platform How We Do It We are the leaders at rapidly ingesting, transforming, and contextualizing large, complex, and disparate data sources through our data factory, in order to help organizations better quantify, model, and predict risk in areas like cybersecurity, insurance, and finance We Serve Global Leaders1 (1)Pro forma company exemplary clients 7
|Positioned At The Nexus Of The Most Important Trends In Technology 8
|Our History Founded to democratize data-driven decision-making with scalable distributed systems Open Platform (2021 Direct access of core data platform for broad set of risk categories Insurance (2019 Adjustably automated underwriting, insurance telematics, risk modeling and data science Cloud Security Telematics (2018 Data, models, logs, and application analytics for hybrid cloud Active Directory (On Premise) → Cloud Identity → Virtual Identity One platform Universally accessible Deployed globally Operating at scale Common data fabric, data integration, unified storage and search, and rich data orchestration 9
|QOMPLX Cloud-Native Risk Platform 10
|Recent and Targeted Acquisitions Strengthen QOMPLX Platform 11
|46% FY21E PF Revenue Growth Sustainable & Fast Growth 98 Customers Robust Customer Base 77% Recurring Revenue 1 Predictable Revenue $160B TAM Massive Addressable Market 114% Net Revenue Retention Rate2 Strong Retention 136% in Commercial Business) QOMPLX at a Glance QOMPLX Enables Organizations To Integrate Data To Drive Better Risk-Weighted Decisions $141M FY21E PF Revenue Significant Scale Note: Financials reflect pro forma entity for Hyperon Gray, Sentar and Tyche acquisitions. Fiscal year ends on 12/31. Defined as any revenues related to a contract over 1 year in length. Calculated as beginning recurring revenue plus expansion/price increases minus churn, divided by beginning recurring customer revenue. 12
|The Amount Of Data Flowing Into The Enterprise Has Changed Enterprises Used To Measure Their Data In Terabytes… …Now They Measure In Petabytes… …And Growth Is Accelerating 26% CAGR Total Volume Of Global Data Created Per Year (Zettabytes) 1 IDC, Worldwide Datasphere Forecast, 2020.13
|Model / Data Explosion & Variety 70% 80% Amount of Data That is Unstructured (1) Noise Drowns out the Signal Architectural Complexity & Interconnectedness 89 Vendors Interacting with a company’s network every week (3) Concentration of Physical & Virtual Risks New, Embedded Economic Decisions in Operations Costs of Data Breaches $1T Cybercrime costs in 2020 (2) Organizations Need A Risk Platform That Spans The Enterprise Risk Platform for timely and informed decision-making at scale IDC, WekaIO Redefining What Digitally Transforming Enterprises Should Expect from Unstructured Storage Platforms, 2021. McAfee, The Hidden Costs of Cybercrime, 2020. Bomgar, Vendor Vulnerability, 2016. 14
|$11.6B IT Operations Management 4 8%+ YoY $164.2B 10% YoY Total Addressable Market 8%+ YoY $46.7B Cyber Software 1 11%+ YoY $66.8B Big Data & Analytics Software 2 11%+ YoY $39.1B Insurance Analytics 3 Gartner, Forecast Analysis: Information Security and Risk Management, Worldwide, 2020. IDC, Worldwide Big Data and Analytics Software Forecast, 2020. RBC Cyber Insurance, Munich Re, 2020; Global Insurance Telematics Market, Kenneth Research, 2019; Kenneth Research, 2020. IDC, Worldwide IT Operations Management Software Forecast, 2020. 15
|A Secure Cloud-Native Architecture Is Required 16
|QOMPLX: The Data Factory for Risk Driving Enterprise Data Flow Programming at Scale with Q:OS Inputs Licensed Sources Market, Financial & Alternative Data Internal Data Contractual, Enterprise & Network Data, Emails, Calendar, IT & Security Profiles Public Sources News, Events, Social Media, Logistics, Macroeconomic Data, Real Estate, Weather, Location, & Natural Hazards Outputs Data Sets Rules Models Algorithms Simulations Alerts Suggestions Decisions Data Ingest Workflow AutomationDatasets & Analytics Cloud Provider FlexibleLarge-Scale Cloud I/OWeb Crawling Domain-agnostic core technology can extend to operate or partner in any specific application vertical to drive advantage 17
|Our Core Data Factory Is Our Competitive Advantage Unified Analytics Infrastructure - Common Authentication Access Control, Permissions, Provenance ■ ■ DATA SOURCES■ ■ Databases ■ Enterprise Applications■ Third-Party APIs APM and Log Data IOT Unstructured & Web Data■ ■ ■ ■ ■ ■ CONSUMERS ■ Real-Time Analytics Ad Hoc Data Science Model and Data Marketplace ■ ■ ■ ns at Scale ■ ■ ■ ■ ■ ■ ■ ■
|How it Started How it’s Going July 9, 2015 Jan 12, 2021 QOMPLX has been developing the most comprehensive solution for Active Directory/Kerberos and SAML authentication security since 2015. ompany Raises New Red Flags.
|The QOMPLX Risk Cloud – Applied to Cyber Security Privilege Assurance (PA Attack Modeling & Analysis Fusion & Analytics Structured & Unstructured Data Ingest Analyze Model Persist Cloud Security Threat Detection & Analytics Investigation & Response Marketplace Data + Models + Connectors Risk Cloud Identity Assurance (IA On-Premise Authentication Validation & Analytics Hybrid Cloud Architecture Extensions Managed Analytics Managed Identity Assurance & Privilege Assurance External Exposure Monitoring Managed Detection & Response (MDR Risk Monitoring Risk Quantification Posture Scan & Score Network Risk Score & Resilience Score Cyber Data Enrichment 20
|Why We Win Product Dimensions Our CompanyCompetitors SECURITYANALYTICS PLATFORMINSURANCE InfrastructureConfigurable infrastructure to build scalable and flexible data workflows Lack declarative framework for rapid and effective specification of data flow and processing Cyber SecurityDetect and respond to attacks on critical infrastructure with rich context The premier authentication security solution for Active Directory and cloud identity attacks with both detections and stateful protocol validation Static and inflexible solutions - siloed views lack scalability, timeliness and context Noisy or ineffective detections for lateral movement - no ability to validate authentication protocols Cyber InsuranceFlexible combination of outside-in and inside-out risk metrics combined with rich breach, threat, and exposure data Competitor solutions have disproportionate dependence on poor proxies for risk Risk EconomicsEconomic modeling of risk mitigation, response and finance for 21 Fail to embrace sound quantitative probabilistic models when balancing anticipatory and reactive investments
|23 Market Entry Strategy Establish Lighthouse Accounts Across Industries We Know How To Sell Internationally And Are Already Doing It 22
|Our Go-To-Market Strategy Multi-Faceted Approach To High-Velocity, Low-Friction Distribution Exper tise Proven Sales Model - Organized Around Domain Expertise GTM Accelerators Go to Market Partnerships C Level Majors Divisions Frictionless Test Flights Technology Marketplace Integrations Industrial Experts Financial Services Aerospace & Defense Government Manufacturing & Logistics Healthcare Distributors and Referrals Live Cyber Ranges & Analytics Demonstration Cases Midmarket Marketplace Geographic Coverage North America Europe Asia Pacific Middle East & North Africa South America Rank and File 23
|Multiple Vectors For Rapid Growth Expand Geographically Marketplace For Data, Models, And Simulations Expand Into New Verticals Acquire New Customers Expand Within Our Existing Customers Grow LogosUpsellBroaden OfferingsExtend Reach 24
|Customers adopt additional products from our unified platform Unique mix of domain agnostic and specialized cyber and insurance offerings with deep differentiation Integration ecosystem with other enterprise tools Universal data and model access, lineage, and control New Product Adoption We expand as customers grow their cloud workloads We enable self-service, frictionless expansion Easy to grow usage under hybrid SaaS and utility computing model Self-guided trials Cloud-based test ranges for validation Easy to adopt Short time to value Frictionless Usage Expansion 25
|QOMPLX Customer Case Studies Global Professional Services Firm Customer Journey: 2018 Initial Cyber Contract for Identity and Privilege Analytics 2019 Renewed contract and added additional scope 2020 Account expansion as strategic security analytics and operations provider – increasing data processing and managed detection and response footprint globally 2021 Additional expansion to support acquisitions and integration efforts Cyber data collection, integration, analytics and data persistence Active Directory and identity/privilege security analytics, risk assessment, and monitoring External and internal tech-driven security posture monitoring Identification, prioritization and quantification of cyber and technology risks and scenarios 26
|QOMPLX Customer Case Studies (Cont’d) Fortune 500 Insurance Firm Customer Journey: 2019 Identity Analytics and Managed Identity Assurance 2020 Multiple contract expansions for Analytics, External Posture, and Security Assessments/Monitoring Utilizes detailed QOMPLX tech-driven security assessments and posture (internal and external) to better evaluate acquisition targets Reduce overall security spend by evaluating and remediating cyber risks using scenario-based stochastic risk models Automated 247 analytics with expert add-on monitoring by QOMPLX frees up scarce internal resources and leverages specialized domain expertise 27
|Senior Executive Team Executive Team Andrew Sellers CTO / Founder John Ferrari CFO / CAO CEO / Founder Go-To-Market Leadership Andrew Jaquith Chief Information Security Officer & GM, Cyber Conan Ward President & GM, Rubiqon & Insurance Operations Alastair Speare-Cole President & GM, Insurance Analytics Alun Marriott* Managing Partner, Tyche Darren Kraabel* President, Sentar Common Core Business Functions Randy Clayton Chief Delivery Officer Abha DasGupta Chief Strategy Officer Chad Kite Vice President, Sales opleVice President, Applied Research Richard Kelley 28
|Financial Overview 29
|Financial Highlights 1Highly Durable, Recurring and Predictable Revenue Model 2Multiple Drivers of Sustainable Organic Growth 3Scalable Cost Structure With Structural Operating Leverage 4Visible Path to Near-Term Profitability 5Platform for M&A To Drive Scale and Distribution Advantages 30
|8.5x QOMPLX Standalone Business Momentum 3.6 CAC Payback (Months)1 0% Churn Rate1 139% Net Revenue Retention (NRR 12 75% Organic Revenue Growth FY21E3 Gross Margin (FY21E3 Note: Fiscal year ends on 12/31. 1 For calendar year ending 12/31/2020 2 Calculated as beginning recurring revenue plus expansion/price increases minus churn, divided by beginning recurring customer revenue. 31
|98 QOMPLX Pro Forma Key Metrics 7 7% Recurring Revenue(1) $4.1M Avg. Revenue Per Customer (Top 20 46% FY21E PF Revenue Growth 114% Net Revenue Retention Rate(2) 136% in Commercial Business) 4.2 Years Avg. Tenure of Customer Top 203) Note: Financials reflect pro forma entity for Hyperon Gray, Sentar and Tyche acquisitions. Fiscal year ends on 12/31. Defined as any revenues related to a contract over 1 year in length. Calculated as beginning recurring revenue plus expansion/price increases minus churn, divided by beginning recurring customer revenue. Based on recurring revenue from customers. 32
|Industry-Leading Growth and Increasing Proﬁtability($Millions) Pro Forma RevenueAdjusted Gross Profit 1Adjusted EBITDA 2 % Revenue Growth% Margin% Margin 45% 46% 49% 44% 39% 39% 47% 56% 62% 69% 12% 10%7% 20% 30% Note: Financials reflect pro forma entity for Hyperon Gray, Sentar and Tyche acquisitions. Fiscal year ends on 12/31. 33 (2) (3)2022E 2024E CAGR.
|Attractive Long-Term Financial Proﬁle Financial Metrics Overview 10%Adjusted EBITDA Margin 230% Source: Company provided financials (1) (2) 34
|6% % 35 Selected Public Comparables – Operating KPIs
|Appendix - Market Comparables 36
|Selected Public Comparables – Operating Metrics CY2021E & CY2022E Revenue ($Millions) CY2021E & CY2022E Revenue Growth Source: Company filings, Wall Street research and Capital IQ as of 2/26/21. Note: QOMPLX metrics reflect pro forma entity for Hyperion Gray, Sentar and Tyche acquisitions. 1 C3.ai metrics represent fiscal years 2022E and 2023E which ends in April 2022 and April 2023. 37
|Selected Public Comparables Operating and Valuation Metrics CY2021E & CY2022E Gross Margin CY2021E & CY2022E EV/Revenue Source: Company filings, Wall Street research and Capital IQ as of 2/26/21. Note: QOMPLX metrics reflect pro forma entity for Hyperion Gray, Sentar and Tyche acquisitions.Multiples are shown on a fully diluted basis. (1) 2022 and April 2023. 38
|Appendix - Additional Product Details 39
|QOMPLX Technology + Sentar Distribution & Delivery Healthcare Security & Connected Medical Devices Operational Technology & Industrial Controls Exemplary Historical Work Cyber operations and intelligence domain experts Insider threat, vulnerability management, and security operations Mission resilience – planning for, responding to, and recovering from attacks Opportunity QOMPLX platform opportunities for data and cyber security Cybersecurity for healthcare – tech and managed offerings transferable to private industry Connected medical devices for providers and for consumers poised for massive growth and require QOMPLX’s unified analytics platform Exemplary Historical Work Determination and mitigation of cybersecurity risk to missions across defense and critical infrastructure Security control assessment and implementation for IT and OT networks Opportunity Continuous operational technology systems security assessment and monitoring using QOMPLX risk cloud Commercial ICS/OT monitoring services – managed and automated Forward deployable QOMPLX OS for isolated and classified networks supporting converged IT, OT and operational analytics 40
|QOMPLX Tech/Operations + Tyche Analytics and Delivery and Life Insurers and ReinsurersInsurance Intermediaries, Distributors, and Regulators Exemplary Historical Work Provide software to enable insurance clients to transform their internal business processes including those surrounding capital, pricing, reserving, valuation and risk Faster integrated approach to capital modeling and pricing with faster execution, less operational risk, more functionality and less cost Low-code/no-code flow editors + scripting with cloud-based execution Opportunity QOMPLX platform allows Tyche actuarial modeling tools to be paired with data science tools like Python, R, and Scala Full integration with QOMPLX risk cloud with future elastic scaling and adjustably automated underwriting Broader integration of alternative and third-party data for insurance Exemplary Historical Work Streamlining pricing, capital and other actuarial modeling tasks to reduce transaction costs and timelines Robust capital modeling and pricing foothold as a “core” risk cloud component Opportunity Expanding into general data analytics, orchestration and storage of insurance and risk finance using QOS risk cloud Expansion into capital modeling for non-insurance financial services use cases including banking via QOMPLX sales channels Linking risk selection, pricing, capital modeling and catastrophic risk modeling into the single unified QOMPLX risk cloud 41
|RubiQon Is A Case Study in Data-Driven Risk Finance Telematics Driven Risk Assessment, Control And Finance In Cyber – Illustrates The Strategy Demonstrating Progressively More Effective And Accurate Approaches With Increasing Levels Of Visibility 42
|Product Examples QCyber - Privilege Analytics, Identity Analytics, Data Fusion and Risk Modeling 43
|Product Examples QInsurance Underwriting and Exposure/Loss Analytics 44
|Product Examples Ad Hoc Analytics with Integrated Scratchpads 45
|Product Examples QSIM Integrated Simulation and Modeling 46
|48 Supplemental Slides Exemplary Use Cases & Background 47
|Five Nightmares – One Common Thread Almost all large-scale breaches have something in common: ABUSE OF PRIVILEGES and CREDENTIALS Ransomware/Extortion Threats to leak data leveraging cryptography and takeover of highly privileged accounts Business Risk Drivers Service Culture Availability > Security Integration > Security Cloud migration and scalable cloud computing SaaS delivery and the integrated SaaS supply Chain Pandemic Response Software Lifecycle Changes Continuous integration, continuous deployment, and microservices DevOps → Dev Sec Ops “Credentials are the Firewall” Trust in Identity and Authentication 48
|Toxic data spill Attacker steal millions of customer records, resulting in large fines and reputation damage CASE STUDY COULD IT HAPPEN TO YOU? Attackers exploited Marriott with a remote access trojan (RAT.1. After gaining access, Mimikatz was likely used to gain domain admin access Attackers stole 380 million Starwood guest records, including those from 30 million EU citizens; 18 million encrypted passport numbers; and 9 million encrypted payment card numbers. At time of discovery, attackers had been resident in Marriott’s system for four years In August 2019, Marriott took a charge of $126M for the cost of the breach.2 The UK Information Commissioner also fined Marriott €110 million. Do you monitor for outbound connections including keeping DNS and proxy logs? Have you hardened Active Directory? If not, tactics similar to those used with Marriott, post-exploit, will be difficult to detect. Do you understand the security posture of recently acquired subsidiaries? You may be inheriting their weaknesses. Do you continuously monitor Kerberos and enterprise authentication events? 49
|Catastrophic asset damage A mass ransomware attack spreads swift ly across t he networks and destroys systems CASE STUDY COULD IT HAPPEN TO YOU? Victim of the NotPetya ransomware campaign NotPetya bundled Mimikatz to extract Active Directory credentials and gain admin access The attack destroyed most of Maersk’s IT networks, destroying 49,000 laptops, 3,500 out of 6,200 servers, 1,000 out of 1,200 applications, achieving “100% destruction of anything based on Microsoft that was attached to the network”1 Resulted in $300M in damages Is your network segmented? Flat networks have few compartments to limit mass ransomware attacks. Have you minimized Active Directory trusts? You may trust admins from domains with poor security practices. Have you hardened Active Directory? If not, attacks similar to the NotPetya campaign will be difficult to detect in time. Commentary QOMPLX Identity Assurance protects against the type of credential attacks used against Maersk - including extremely difficult to detect Kerberos-based attacks on authentication. 50
|Large-scale data dump An external attacker or privileged insider downloads sensitive information in bulk CASE STUDY COULD IT HAPPEN TO YOU? Employee data theft Over a 9 month period, an Anthem employee stole 18,000 members’ personal health information, emailing them a personal account. Employee that had been stealing and misusing Medicaid member data since as early as July 2016 Data was exfiltrated via email Data included Medicare ID numbers, Social Security numbers, Health Plan ID numbers, names of members, and dates of enrollment Do you have many highly privileged Windows administrators with significant access? Do you have critical IT staff who could be targets for potential bribery or extortion? Do you implement a robust Data Loss Prevention (DLP program? Commentary QOMPLX Privilege Assurance identifies weaknesses in your Active Directory environment, including misconfigurations, over privileged users and accounts, and dangerous trust relationships. 1.“The Insider Threat: Protecting Your Company from Itself”, https://www.securitymagazine.com/articles/90237-the-insider-threat-protecting-your-company-from-itself 51
|Subsidiary security incident A cyber attack on newly-acquired subsidiary damages its parent’s reputation CASE STUDY COULD IT HAPPEN TO YOU? FedEx expanded into new geographic markets by acquiring Netherlands-based TNT Networks in 2016. It also inherited all of TNT’s operations, technology assets… and security weaknesses. In June 2017, TNT fell victim to the NotPetya worldwide ransomware campaign. NotPetya bundled Mimikatz to extract Active Directory credentials and gain admin access The attack shut down TNT Express’s domestic and international freight operations for an extended period, resulting in $300M in damages. Significantly, media headlines refer to the attacks on FedEx TNT, not “TNT.” Has your firm acquired subsidiaries? Your reputation is only as secure as your least-secure subsidiary. Do you understand all of your predecessor firms’ security risks and technical debt? Have you hardened Active Directory? If not, attacks similar to the NotPetya campaign will be difficult to detect or stop. Do you have continuous monitoring in place for authentication protocols like Kerberos? Commentary:QOMPLX Identity Assurance protects against credential attacks like those used against FedEx TNT. Turn key detections include Golden Ticket, Silver Ticket, DC Sync, DC Shadow, Kerberoasting, ntds.dit extraction, pass the ticket, pass the hash, and over pass the hash. 52
|Rogue Administrators Data breaches by privileged insiders or by compromising over-privileged employees CASE STUDY COULD IT HAPPEN TO YOU? Employee data theft Over a 9 month period, an Anthem employee stole 18,000 members’ personal health information, emailing them a personal account. System administrator: a rogue City of San Francisco sysadmin was fired; the disgruntled employee locked city records containing email, payroll, and police records. Privileged user: an ex-employee at Google Waymo left the company with 14,000 documents including trade secrets on autonomous driving. Trusted third party A refrigeration contractor of Target was hacked and the trust established was exploited and hackers were able to laterally navigate Target’s network . Do you have many highly privileged Windows administrators with significant access? Do you enforce “least privilege” principles, and uniformly monitor access? Many employees amass significant privileges over time. Do you regularly review their application and systems entitlements? Commentary: QOMPLX Privilege Assurance helps identify overlooked Windows trusts and risky concentrations of privileges held by employees, so that a bad breach won’t grow into a catastrophic one. Limiting the BlastRadius is now a key aspect of responsibly managing identity. 53
|Defense actions Exemplary vendors QOMPLX solutions How QOMPLX disrupts catastrophic attacks QScan, Privilege Assurance and QAssess help customers identify and reduce their attack surfaces well before a breach. Identity Assurance sits at the critical choke point common to all large breaches—privilege escalation and lateral movement. Fusion capabilities integrate and contextualize data feeds across multiple speciality vendors. Lateral movement detection Identify download and installation attack planning attack Privilege and attack surface reduction Protect Detect Respond Recover Critical infrastructure hardening Network Security Monitoring 54
|Identity Assurance targets fundamental security gaps IA defense against catastrophic attacks by ensuring authentication can be trusted CrowdStrike, Chief Executive George Kurtz “The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network” 1 Shorten dwell time. Shorten attacker’s dwell time with timely detection in minutes or hours rather than weeks or months as attackers move laterally Enhance the value of existing security tools. Reduce the load on existing security tools including log management, security and incident management, and endpoint detection QOMPLX’s Identity Assurance module iand the only 1 “SolarWinds, Microsoft, FireEye, CrowdStrike Defend Actions in Major Hack - U.S. Senate Hearing” 55
|Enterprise Authentication = Today’s Biggest Security Risk Even Microsoft admits huge problems; proposed solution of just “buy our cloud” doesn’t address issue https://docs.microsoft.com/en-us/security/compass/esae-retirement Change announced after Solarwinds Breach Announcement Raising questions about hybrid-cloud security “serves the broader Microsoft narrative,” Deepak Patil, a senior vice president of Dell Technologies’ cloud business and former Microsoft cloud executive, told the Journal. “But the reality is, look at a majority of customers, their workloads are running on-prem.” https://www.wsj.com/articles/solarwinds-hack-pits-microsoft-against-dell-ibm-over-how-companies-store-data-11614456066 55 zure AD...
|Stop the Zero Trust Marketecture - Identity Matters Zero Trust is really about 100% trust in authentication protocols and identity providers 2014 2020 It's also too hard to run (cloud software) Azure ID securely, and the complexity of the product creates many opportunities for attackers to escalate privileges or hide access. 55 57
|Privilege Assurance PA protects the heart of your Windows domain network—Active Directory (AD Find risks in AD. Identify over-privileged accounts. Identify and monitor accounts in close proximity to sensitive domain administrator accounts. Identify stale accounts and machines. Find end-of-life assets running Windows OSes that can’t be be patched. Visualize risks. In a graph, see blast radius, lateral movement pathways, and attack vectors—to help teams harden Active Directory and to assist security and incident response operations. See AD through an attacker’s eyes through one-hop analysis, attack path planning, and “blast radius” visualization Create analytics for the cybersecurity risk management program. Capture critical forensic data on your Active Directory environment for investigations and audits. Cloud identity privilege management extensions for investigations, monitoring, and audits spanning across Active Directory into select cloud providers coming soon.. 58
|Q:CYBER Oﬀerings - Driving down Risk QSCAN External – Non-invasive External Exposure and Security Posture Monitoring Cybersecurity External Assessment, 1st Party Assessment of 3rd Party & Supply Chain Cloud identity attack detection expansion capabilities Identity Assurance Internal - Defensive Kerberos Attack Detection and Stateful Protocol Validation to Stop Credential Forgeries Streaming Analytics for Heuristic Detections API, syslog, & Certified Integrations Privilege Assurance Internal - Proactive Monitor/Manage Access & Privilege Mapping Privilege and Credentials to inform Cyber Risk Metrics Exposure Assessment Fusion and Risk Strategic & Responsive Multisource log search and analytics Data Fusion and Model-drive Security (Rules, Stats, ML and AI Support Managed Detection and Response Strategic Risk Programs 59
|A Study in Risk Driven Security Challenge Solution Our client was performing due diligence on an acquisition. QOMPLX was asked to understand the security posture and risks of the prospective acquisition. Our reconnaissance indicated multiple severe exposures posing significant risk to the business. We assessed (and the buyer agreed) that the firm was at high risk of a significant cyber breach or ransomware event. Outcome With QCYBER, all Active Directory domain controllers are now protected with continuous monitoring for at least 9 of the most common and damaging privilege escalation and lateral movement tactics including Kerberoasting and Golden Ticket attacks. The target has a 3-year strategy, uplift and staffing plan to reduce their tail risk in dollar terms by 90%, and manage cyber insurance premium costs. Working with our client, QOMPLX deployed a complete set of technology and integrated risk services to rapidly identify, quantify and reduce the target’s cyber risks. The delivered solution included: A 60-day drive-to-zero surge to contain and eliminate all critical-, high-and medium-rated external vulnerabilities A 6-month strategic security transformation program to build risk focused models, map to maturity frameworks, develop NIST-aligned risk programs, and heighten cyber team capacity and expertise Ongoing instrumentation and monitoring of critical control infrastructure, to harden Active Directory—the target of choice in all recent major cyber breaches An economic model quantifying reductions in tail value at risk (TVAR, cyber insurance premiums, and retained (uninsured residual) cyber risks. Included a 5-year ROI analysis, and insurance coverage optimization 60
|Uniﬁed, Futureproof, Resilient & Powerful Data Scientists, Actuaries, and Security Teams should not waste time on plumbing Key Capabilities Purpose-built, Scalable, Cost-effective, Complementar y, and Flexible ✔Streaming analytics for real-time alerting with windowed rules ✔One dataset stored across the right mix of graph, time-series, wide column, and relational databases for scale and performance ✔Pre-integrated data fabric for ease of orchestration, transformation, and utilization of disparate data sources ✔Scratchpads and ad hoc analytics for exploratory data analysis and hunting ✔Flink and Spark jobs for large scale computation - covering both stream and batch ✔Modeling and tools for Monte Carlo simulations and scenario analyses ✔Domain Experts to “Make It All Happen” 61