WhiteHawk Wins US Federal Government Cybersecurity Contract Worth up to US$5.9M
Cybersecurity company WhiteHawk Ltd (ASX:WHK) remains central to our long-term investment portfolio.
Since adding WHK to our portfolio and naming it as our 'Pick of The Year', we have spent hours speaking to management and conducting ongoing due diligence, all while the stock has flown under the radar of the broader market.
Yet, with the market starting to take an interest in the cybersecurity sector, along with WHK's new contract signings, the company may now attract the attention it deserves.
Today, WhiteHawk announced it has been contracted by a key US federal government Chief Information Security Officer (CISO) to implement its Cyber Risk Radar.
The annual Software as a Service (SaaS) contract will see WhiteHawk generate base revenues of US$580,000 (A$811K) and up to an additional US$600,000 (A$839K), for a total of up to US$1.18 million (A$1.65M), for each year of the contract.
Under the five-year contract, WHK will implement its Cyber Risk Radar for this key US federal government department.
The Cyber Risk Radar is a SaaS subscription that will monitor, identify, and prioritise both cyber and business risks of vendor companies.
WhiteHawk will provide Cyber Risk Scorecards quarterly, virtually and remotely for 150 to 300 vendors to this US federal government CISO, via an integrated risk management dashboard.
This is a particularly notable contract signing — not just for its dollar value, but it is the first US federal contract on which WhiteHawk is the Prime Contractor. On its three other US federal department CIO contracts, WhiteHawk is a cyber solution sub-contractor to Accenture Federal, SAIC and GuideHouse (formerly PWC Federal).
As we noted above, this is a stock that’s been central to our long-term investment portfolio since we picked up a significant shareholding in the company last year after awarding it the title of Next Tech Stock’s top 'Pick of the Year'.
During this time, we have developed enormous confidence in the company and its management team, led by Terry Roberts — a former deputy director of US Naval Intelligence.
Rapidly evolving technology had already set cybersecurity up to be a major growth sector, but the sudden COVID-19 driven shift to remote work has brought this sector to the fore quicker than anticipated.
Organisations are vulnerable to malicious attempts to exploit this shift — right as their IT teams are stretched to the max and as they become increasingly dependent on the internet and a remote workforce to operate.
Yet organisations are recognising that they need an ongoing risk monitoring and mitigation approach to cybersecurity — now more than ever.
WhiteHawk is one company that is stepping up to provide cybersecurity solutions to major businesses as well as US government departments.
Roberts recently told Yahoo Finance that she was a self-confessed “paranoid international risk professional”. More importantly, Roberts is a 35-year veteran of the US national security and cyber intelligence community, including as a former Deputy Director US Naval Intelligence, a Department of Defence Senior Executive, and an Executive at the Carnegie Mellon Software Engineering Institute.
With a market capitalisation of just $16.2 million, there is huge potential upside on offer here as the company continues to sign new partnerships and bring in new revenue streams.
We continue to hold a long term and significant shareholding in the company and remain confident of WhiteHawk’s management team, whose credibility continues to be demonstrated via its partnerships and contract announcements, such as today’s.
Catching up with ...
Share price: $0.094
Market Capitalisation: $16.16 million
Cash: $1.47 million (at 31 March 2020)
Here’s why I like WhiteHawk:
WhiteHawk wins five-year US government Cyber Risk Radar contract
WhiteHawk (ASX:WHK) today revealed that it has been contracted by a US federal government Chief Information Security Officer (CISO) to implement a WhiteHawk Cyber Risk Radar.
While the exact US federal government department cannot be named for security reasons, this is a key department and a huge validation of WhiteHawk’s capabilities and its reputation within the US federal government.
The annual Software as a Service (SaaS) contract, will see WhiteHawk generate base revenues of US$580,000 (A$811K) and up to an additional US$600,000 (A$839K), for a total of up to US$1.18 million (A$1.65M) over the first year of the contract. Each of the four additional option years will be at the same levels, subject to the client exercising those options.
The contract involves WhiteHawk providing continuous monitoring, prioritisation, and near real-time mitigation of this key US federal government CISO team’s vendors. It will also oversee its supply chain’s cyber risks over time and identify and prioritise risk mitigation strategies.
WHK will provide its Cyber Risk Scorecards quarterly, virtually and remotely for between 150 and 300 vendors to this US federal government CISO, via an integrated risk management dashboard.
The SaaS approach allows for rapid implementation and scaling across all of the 150+ vendors virtually and remotely — which is the optimum approach during the current COVID-19 pandemic.
Using global publicly available data sources, AI analytics, and custom cyber analytics WhiteHawk will assess and report on top risk indicators and vectors, areas that may require prioritised attention.
Because its Cyber Risk Radar approach is based on externally available data so is non-invasive, WHK does not require access to internal IT assets and configurations.
This contract is the result of a Proof of Value that was implemented early in 2019 across 10 vendors from the same US government agency, during which WhiteHawk demonstrated through automation and subject matter expertise, the status and health of suppliers.
Using global publicly available data sources, AI analytics, and custom cyber analytics, WhiteHawk assessed and reported on top risk indicators and vectors, areas that may require prioritised attention.
Because the Cyber Risk Radar approach is externally available data based and is non-invasive, WhiteHawk does not require access to internal IT assets and configurations in order to deliver its services.
This is the first US federal contract where WhiteHawk is the Prime Contractor. On three other US federal department CIO contracts, WhiteHawk is a cyber solution sub-contractor to Accenture Federal, SAIC and GuideHouse (formerly PWC Federal).
Terry Roberts, Executive Chair of WhiteHawk, commented, “After a very successful Proof of Value early last year, now we are putting in place our first 5-year Cyber Risk Radar contract with a sophisticated US Government CIO, who will work with us to take the capabilities of our platform and virtual services to the next level.”
The WhiteHawk Cyber Risk Program
WhiteHawk’s recently developed Cyber Risk Program allow a comprehensive outside-in approach to assess an enterprise's ongoing cyber risks.
The software as a service (SaaS) product incorporates its online Cybersecurity Exchange platform, its automated Cyber Risk Scorecards, and virtual consultations so that it can be remotely delivered to any organisations in the world, with speed, efficiency and impact.
The program acts as an outside-in looking second set of expert eyes that monitors, identifies, prioritises, validates, and mitigates cyber risks to an enterprises’ revenue and reputation.
The Cyber Risk Program includes:
- Cyber risk continuous monitoring and prioritisation;
- Cyber risk executive level scorecards and reporting;
- Cyber risk validation by real-time Red Team Assessment (a type of targeted penetration test); and, as appropriate,
- A dark net assessment based upon findings from the Cyber Risk Program.
Leveraging global open data sets, integrated with deep cyber and digital age business risk tradecraft, the program brings risk trends to light, providing automated, customised reporting on individual suppliers, companies, and across an entire enterprise portfolio.
WhiteHawk has architected and implemented Cyber Risk Programs, including its Cyber Risk Radar, at key US federal government departments and Fortune 500 enterprises, as part of its portfolio of cyber risk online platform and services.
The following video details WHK’s Cyber Risk Program:
WhiteHawk’s Cyber Risk Radar
The Cyber Risk Radar provides continuous monitoring, prioritisation, and near real-time mitigation of enterprises' teammates, vendors, or supply chain’s cyber risks over time. This includes identifying and prioritising a risk mitigation strategy.
It is provided as an annual SaaS subscription consisting of quarterly services that include Cyber Risk Scorecards, Cyber Risk Portfolio reports, and ongoing conversations with a professional Cyber Analyst for:
- Risk research and discovery — Collect, analyse, and correlate publicly available data into actionable intelligence.
- Continuous monitoring and alerts — Understand an organisation’s security performance and be alerted to impactful changes.
- Focused analytics — Perform deep dives in the areas that need focus rather than the entire dataset.
- Ecosystem maps — Visualise the enterprise by understanding the supplier and vendor interconnections.
- Risk prioritisation and mitigation — Prioritise mitigation and business actions based on levels for impact and performance.
- Integration into a centralised risk management dashboard — Continuous situational awareness, tracking, mitigation and management of the SCRM/VRM (Social Customer Relationship Program / Vendor Relationship Management) program.
- Portfolio assessments — Understand an organisation’s portfolio of all suppliers and vendors.
This compares to existing, often manually intensive, self-reporting risk management programs based upon checklists and iterative human verification, that often lack accuracy and scalability. That approach is fraught with potential for human error and only provides a point-in-time view.
Obtaining actionable information, prioritising risks and acting upon them in a timely manner requires an automated, on-line accessible approach that provides continuous monitoring and alerting based on continuously updated mission risk priorities.
The following video details WHK’s Cyber Risk Radar:
New partnership has generated US$400K annual revenues
Today’s contract win follows an April announcement that WhiteHawk has partnered with a major global consulting firm to sell its Cyber Risk Program — an agreement that had generated annual software as a service (SaaS) subscriptions worth in excess of US$400,000 (A$628K) by April.
That partnership has opened an additional sales channel for WhiteHawk through which it is selling its Cyber Risk Program that incorporates WHK’s online Cybersecurity Exchange platform, its automated Cyber Risk Scorecards, and virtual consultations.
Scoped remotely and implemented virtually, the SaaS product acts as a second set of expert eyes to identify and mitigate cyber risks to an organisation’s revenue and reputation. Available to any company, anywhere in the world, it allows for rapid scale remotely during the current pandemic related lockdown.
This is important as COVID-19 has provided the perfect opportunity for cyber hackers to mount potentially devastating campaigns against organisations, their employees, and their supply chain partners.
Next Tech Stock’s Pick of the Year
Having secured contracts with key US federal government departments, along with Fortune 500 companies, top US financial institutions, major insurers, manufacturers, utilities providers and a top Defence Industrial Base (DIB) company, WhiteHawk is now starting to attract the attention it deserves.
Given the secretive nature of cybersecurity and the partnerships with sensitive key US federal government departments as well as major US enterprises, including Fortune 100 companies, it’s not surprising that many partners’ names cannot be publicly revealed by WhiteHawk.
This does make it harder for investors to conceptualise the validity of WhiteHawk’s products and services provided to these enterprises and government departments and could be why the company has managed to largely fly under the radar to date.
The company is in a strong cash position and should remain well funded into 2021 with its existing revenue generating contracts and a strong sales pipeline.
Revenues had already doubled in the first three months of the year, prior to any cash arriving in the bank from the newest 5-year government contract worth up to US$1.18M annually or the US$400K in annual subscriptions from the company’s partnership as announced on 15 April. We are now awaiting the company’s latest quarterly report.
Going forward, WhiteHawk is positioned to benefit from government and enterprises’ need for greater cybersecurity protections.
With a market cap of just $16 million, we are more than comfortable holding this one in our long term portfolio.
General Information Only
S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.
Conflicts of Interest Notice
S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.
Publication Notice and Disclaimer
The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.
Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.
This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.