UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K

(Mark One)

☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2024

or

☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from _______________ to ________________

Commission file number 001-41227

CISO GLOBAL, INC.

(Exact name of registrant as specified in its charter)

6900 E. Camelback Road, Suite 900, Scottsdale, AZ 85251

(Address of Principal Executive Offices) (Zip Code)

Registrant’s telephone number, including area code: (480) 389-3444

Securities registered pursuant to Section 12(b) of the Act:

Securities registered pursuant to Section 12(g) of the Act: Common Stock, par value $0.00001

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐ No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒ No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by checkmark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the Registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒

The aggregate market value of the common stock held by non-affiliates of the registrant as of the last business day of the registrant’s most recently completed second fiscal quarter (June 30, 2024) was $3,564,332.

The registrant had 16,458,933 shares of common stock outstanding as of March 24, 2025.

CISO GLOBAL, INC.

2024 FORM 10-K ANNUAL REPORT

TABLE OF CONTENTS

FORWARD-LOOKING STATEMENTS

The information contained in this report should be read in conjunction with the financial statements and related notes contained elsewhere in this Annual Report on Form 10-K. Certain statements made in this report are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”). These statements are based upon beliefs of, and information currently available to, us as of the date hereof, as well as estimates and assumptions made by us. Readers are cautioned not to place undue reliance on these forward-looking statements, which are only predictions and speak only as of the date hereof. When used herein, the words “anticipate,” “believe,” “estimate,” “expect,” “forecast,” “future,” “intend,” “plan,” “predict,” “project,” “target,” “potential,” “will,” “would,” “could,” “should,” “continue” or the negative of these terms and similar expressions identify forward-looking statements. Such statements reflect our current view with respect to future events and are subject to risks, uncertainties, assumptions, and other factors, including the risks relating to our business, industry, and our operations and results of operations. Should one or more of these risks or uncertainties materialize, or should the underlying assumptions prove incorrect, actual results may differ significantly from those anticipated, believed, estimated, expected, intended, or planned.

Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance, or achievements. Except as required by applicable law, including the securities laws of the United States, we do not intend to update any of the forward-looking statements to conform these statements to actual results.

Forward-looking statements made in this Annual Report on Form 10-K include statements about:

These statements are only predictions and involve known and unknown risks, uncertainties and other factors, including the risks in the section entitled “Risk Factors” set forth in this Annual Report on Form 10-K for the year ended December 31, 2024, any of which may cause our or our industry’s actual results, levels of activity, performance, or achievements to be materially different from any future results, levels of activity, performance, or achievements expressed or implied by these forward-looking statements. These risks may cause our or our industry’s actual results, levels of activity, or performance to be materially different from any future results, levels of activity, or performance expressed or implied by these forward-looking statements.

Our financial statements are prepared in accordance with accounting principles generally accepted in the United States. These accounting principles require us to make certain estimates, judgments, and assumptions. We believe that the estimates, judgments, and assumptions upon which we rely are reasonable based upon information available to us at the time that these estimates, judgments, and assumptions are made. These estimates, judgments, and assumptions can affect the reported amounts of assets and liabilities as of the date of the financial statements as well as the reported amounts of revenue and expenses during the periods presented. Our financial statements would be affected to the extent there are material differences between these estimates and actual results. The following discussion should be read in conjunction with our financial statements and notes thereto appearing elsewhere in this report.

PART I

ITEM 1. BUSINESS

Unless otherwise indicated or the context requires otherwise, the terms “we,” “us,” “our,” and “our company” refer to CISO Global, Inc., a Delaware corporation, and our wholly owned subsidiaries. Unless otherwise specified, all dollar amounts are expressed in United States dollars.

Our Business

General

Our company is a leading cybersecurity, compliance, and software firm composed of highly trained and seasoned security professionals. We collaborate with clients to enhance or establish a stronger cybersecurity posture within their organizations. Cybersecurity, also referred to as computer or information technology security, protects computer systems and networks from data breaches, hardware damage, software compromise, and service disruptions.

The cybersecurity industry faces a significant supply and demand imbalance, with greater demand for services than the market can supply in terms of expert, seasoned compliance and cybersecurity professionals. To address this, we prioritize identifying, attracting, and retaining top cybersecurity and compliance talent. Our strategy includes acquisitions, direct hiring, and employee incentivization through stock options to ensure retention. We continuously seek culturally aligned cyber talent that offers operational leverage through existing revenue streams and customer relationships.

We have invested in enterprise solutions, executive leadership, and our proprietary software to integrate our acquisitions into a unified ecosystem. This ecosystem fosters cross-pollination of solutions, promoting additional revenue opportunities and enhancing recurring revenue. By emphasizing a security-aware workforce culture, we aim to become trusted advisors, providing tailored, product-agnostic cybersecurity solutions that align with our clients’ security needs, financial realities, and strategic goals.

Our comprehensive cybersecurity services span compliance, cybersecurity, and culture. These services include compliance consulting, secured managed services, Security Operations Center (SOC) services, virtual Chief Information Security Officer (vCISO) services, incident response, certified forensics, technical assessments, and cybersecurity training. We believe culture forms the foundation of successful cybersecurity programs. To support this, we have developed MCCP+ (“Managed Compliance & Cybersecurity Provider + Culture”), a holistic solution combining all four pillars under one roof, delivered by a dedicated team of subject matter experts. Our proprietary software further enhances this offering by streamlining compliance management, threat detection, and response capabilities, ensuring a faster and more effective security posture for our clients.

We differentiate ourselves through a technology-agnostic approach and a relentless focus on acquiring high-demand cybersecurity talent, expanding both service capabilities and global reach. Paired with our proprietary CISO software, which enhances threat visibility and accelerates incident response, we deliver unparalleled value to clients — surpassing competitors and traditional in-house security models. This strategy drives scalable growth, strengthens recurring revenue streams, and positions us as a leader in a market facing a critical cybersecurity talent shortage.

Our integrated service model enhances revenue capture and operational efficiency, resulting in improved profitability and stronger client retention. Clients benefit from streamlined engagements with a single provider addressing a broad range of needs, leading to faster problem resolution and superior outcomes compared to multi-vendor approaches. This fosters long-term client partnerships.

We further differentiate ourselves through our staffing model: our employees are dedicated partners, not consultants, available under recurring monthly contracts. This structure helps mitigate the challenges associated with hiring experienced cybersecurity professionals. By integrating our team of industry and subject matter experts into clients’ operations — supported by our proprietary software — we offer a robust, embedded cybersecurity solution that continuously adapts to evolving threats.

Our technology-agnostic stance allows us to work seamlessly with any business, regardless of existing systems or tools. Clients retain the flexibility to select the best technologies for their needs without impacting their relationship with us.

Building a world-class technology team with industry-specific expertise remains a cornerstone of our strategy. We will continue acquiring top cybersecurity talent to expand our services and geographical footprint, reinforcing our ability to deliver exceptional results for clients. Our goal remains to stay ahead of emerging threats and regulatory changes, ensuring our clients’ safety, compliance, and success — with our proprietary software serving as a vital tool to support ongoing security, compliance, and operational excellence.

Cybersecurity Landscape: A Market Poised for Growth

As global connectivity accelerates, cyberattacks have emerged as one of the most pressing threats to enterprise and personal data, driving unprecedented economic losses. Cybersecurity Ventures projects global damages from cybercrime to reach $10.5 trillion annually by 2025. Ransomware remains one of the fastest-growing attack types, with incidents expected to occur every two seconds, inflicting an estimated $265 billion in annual damages by 2031 — a dramatic rise from $20 billion and an attack every 11 seconds in 2021.

In parallel, an Accenture survey reports that 68% of business leaders perceive increasing cybersecurity risks. Reflecting this urgency, global cybersecurity spending is forecasted to surpass $1.75 trillion cumulatively between 2021 and 2025, with $459 billion allocated in 2025 alone. Despite this investment surge, the talent gap remains a critical constraint. According to The New York Times and Cybersecurity Ventures, 3.5 million cybersecurity roles remain unfilled — a disparity expected to persist through 2025.

Market Drivers: Regulation and Cyber Insurance

Heightened cyber risks have triggered a wave of regulatory reforms and tighter cyber insurance standards. Governments worldwide are enforcing more rigorous cybersecurity mandates, while insurers have raised premium costs and minimum underwriting criteria. This evolving landscape compels organizations to prioritize cybersecurity investments to maintain compliance, secure coverage, and safeguard their operations.

Strategic Market Leadership and Growth Potential

We are uniquely positioned to capitalize on this rapidly expanding market, offering end-to-end cybersecurity services with substantial opportunities for sustained growth and value creation. Key differentiators include:

Investor Value Proposition: Positioned for Scalable, Long-Term Success

The evolving cybersecurity landscape presents a dynamic, high-growth market ripe with opportunity. As threats intensify and regulatory pressures mount, businesses require an agile, trusted cybersecurity partner. Our proven mergers and acquisitions track record, expansive client base, channel-first approach, and intellectual property-driven innovation uniquely position us for scalable growth and market leadership.

We remain steadfast in our commitment to innovation and operational excellence — empowering organizations to stay resilient and secure in an increasingly complex digital ecosystem. This strategic approach ensures sustained value creation for our stockholders, partners, and investors alike.

Cybersecurity Offerings

We offer a comprehensive suite of cybersecurity services to safeguard our clients’ digital assets and ensure compliance with applicable industry standards and regulations. Our offerings fall into three main categories: Security Managed Services, Professional Services, and Cybersecurity Software.

Security Managed Services

Our Security Managed Services deliver proactive, scalable, and resilient cybersecurity solutions tailored to meet evolving threat landscapes and regulatory requirements.

Compliance Services

We assist clients in implementing and maintaining appropriate security controls, prioritizing risk mitigation strategies, and ensuring continuous compliance with key industry frameworks and regulations, including the following:

Our team of certified experts provides ongoing monitoring, assessment, and advisory services to help clients navigate the complexities of regulatory compliance and mitigate operational risks.

Cyber Defense Operation

Our U.S.-based, 24/7 SOC leverages advanced technology and expert analysis to provide real-time threat detection, response, and mitigation. Core capabilities include the following:

These services support comprehensive threat visibility, rapid incident response, and continuous improvement of clients’ security postures, helping to minimize downtime and reduce the potential impact of cyberattacks.

Secured Managed Services

Our integrated Security Managed Services (“SMS”) offering combines a robust portfolio of cybersecurity capabilities, including the following:

Our experienced engineers and cybersecurity architects support clients with secure cloud migrations, infrastructure modernization, and tailored risk mitigation strategies — ensuring operational resilience and business continuity.

Professional Services

Our Professional Services division delivers comprehensive cybersecurity solutions designed to mitigate risk, enhance resilience, and protect organizational value.

Incident Response and Digital Forensics

Leveraging advanced threat intelligence and real-world adversarial techniques, our elite cybersecurity team specializes in swiftly identifying, containing, and eradicating cyberattacks. We conduct discreet, environment-wide investigations to assess breach scope, minimize operational disruption, and remediate persistent threats — positioning us as the trusted partner when others fail.

Security Testing and Training

We empower organizations to proactively strengthen their cyber defenses through rigorous security assessments, including red team and purple team penetration testing, simulated attack exercises, and specialized cybersecurity training. Our programs include industry-recognized certifications such as CMMC (Certified Cyber Professional and Cybersecurity Capability Assessment), CompTIA, and ISC2, driving measurable improvements in cybersecurity posture and regulatory readiness.

Cybersecurity Software

We offer a comprehensive suite of proactive cybersecurity software solutions designed to protect organizations from evolving cyber threats. Our offerings encompass advanced threat detection, proactive monitoring, and robust risk management to ensure enterprise security and compliance.

CISO Edge

CISO Edge is an AI-driven cloud security solution that provides comprehensive protection across cloud-first, hybrid, and remote environments. Purpose-built for large enterprises, government entities, and high-value networks, CISO Edge defends against sophisticated cyber threats, including ransomware and AI-powered exploits. Notably, during testing at the 2024 Black Hat USA and DEF CON 32 conferences, CISO Edge blocked over 87,000 cyberattacks in just six hours without a single breach.

CHECKLIGHT® Security Monitoring

CHECKLIGHT is a proactive security monitoring software that detects potential threats to endpoints and alerts users before attacks can take hold, thereby reducing the impact of breaches. It identifies malicious software such as phishing attacks, malware, ransomware, and viruses. Since its inception, CHECKLIGHT has maintained a record of detecting all breaches, providing organizations with confidence in their endpoint security.

Argo Security Management

Argo is a security management platform that aggregates and curates all security data across various services, including SIEM, MDR, XDR, governance, risk, compliance, and more. This centralized approach enhances the effectiveness of security teams by providing environment-wide cybersecurity visibility through a customizable dashboard, enabling better-informed decisions.

Through these innovative software solutions, we empower organizations to enhance their cybersecurity measures, protect critical assets, and maintain compliance in an ever-evolving threat landscape.

Growth Strategy

We have begun to execute a phased growth strategy designed to position our company as a leading provider of end-to-end cybersecurity solutions. Our strategy is built upon strategic acquisitions, development of proprietary intellectual property (“IP”), and a focus on scalable growth. We aim to leverage our expertise and advanced technology offerings to drive both organic growth and market expansion, thereby creating value for our investors.

Phase I: Foundation of Expertise through Strategic Acquisitions

In Phase I, we established a solid foundation of cybersecurity expertise by acquiring niche companies with unparalleled capabilities in various cybersecurity domains. These acquisitions have significantly expanded our talent pool and technical expertise, positioning us as a leading cybersecurity provider. The acquired talent spans across the United States, with deep domain knowledge in key cybersecurity areas including the following:

This diverse expertise, coupled with leadership from seasoned industry executives, has enabled us to effectively address the complex and rapidly evolving cybersecurity needs of organizations across various sectors.

Phase II: Expanding Service Offerings and Capitalizing on Cross-Selling Opportunities

Phase II of our growth strategy focuses on leveraging the synergies from our numerous historical acquisitions to expand service offerings to existing clients. Despite having only penetrated approximately 20% of our 475 clients for multiple services, we see significant opportunities for cross-selling and upselling. This presents a substantial revenue growth opportunity as we expand our service offerings across our client base.

Additionally, we have been building and expanding a strong channel and partnership ecosystem. This ecosystem provides value-added training, support, and partner marketing content, establishing a reliable stream of new revenue. Our growing network of partnerships enhances our ability to acquire new clients while fostering long-term relationships with existing ones.

Intellectual Property Development and Innovation

A key element of Phase II is the development of proprietary intellectual property that addresses the evolving cybersecurity challenges facing enterprises. We are investing heavily in the development of software-first technologies, leveraging cutting-edge advancements such as machine learning (“ML”), artificial intelligence (“AI”), deep learning, neural networks, and proprietary DarkNet threat intelligence. These technologies will be foundational to our offerings, providing differentiated solutions that drive effectiveness, resilience, and advanced threat mitigation for our clients.

Phase III: Scaling Through Product-Led Growth and Scalable Technology Solutions

In Phase III, our primary focus will shift toward fueling organic growth through the commercialization and scaling of our proprietary intellectual property. We plan to accelerate growth through product-led strategies, optimizing the user experience and enabling hands-free purchasing via digital interfaces. This approach will allow us to expand our client base while reducing the demand on our services team, driving efficiency and scalability.

As we expand our technology offerings, we anticipate increasing revenue and operating margins concurrently. The scalability of our intellectual property-driven solutions positions us to capture a larger share of the cybersecurity market while maintaining high levels of profitability.

Intellectual Property Suite and Future Growth

At the heart of our strategy is the development of a comprehensive suite of proprietary software solutions, incorporating AI, neural networks, and the latest algorithms. These technologies are designed to address the most pressing cybersecurity challenges facing enterprises today, positioning us at the forefront of the cybersecurity industry.

Through these efforts, we aim to deliver sustainable, long-term growth while continuing to provide our clients with best-in-class cybersecurity solutions. Our continued investment in intellectual property and innovative technologies will be key drivers of value creation for our investors as we scale our business and expand our market presence.

Our Intellectual Property suite includes the following:

ARGO Security Management – A security management platform that is able to aggregate, then curate security data in real time from a client’s entire environment, including network asset information, currently deployed cyber tools, SOC, vulnerability management, secure managed IT and penetration testing data.

CISO Edge Cloud Security Platform – A cloud-first security solution designed to protect users from untrusted and malicious online threats. CISO Edge uses advanced AI deep learning as well as artificial neural networks to provide advanced threat detection and monitoring.

CHECKLIGHT^® Endpoint Security Monitoring – A powerful, proactive security monitoring software that detects potential threats to networks and provides advance alerts so attacks can’t take hold. Relying on the same cybersecurity software engine used by several federal agencies, it identifies unauthorized processes associated with fraudulent phishing attacks, hacking, imposter scams, malware, ransomware, and viruses.

DISC Next Gen VPN – A token exchange-protected remote access solution that replaces traditional VPN connections with enhanced security and access verification.

Skanda Breach Assessment Tool – A next-generation, analysis tool that applies AI-based automation and ML technologies, which looks beyond vulnerabilities identified by most other technology to deliver continuous security assessments.

Our Corporate and Acquisition History

We were formed on March 5, 2019 as a Delaware corporation. Our principal offices are located at 6900 East Camelback Road, Suite 900, Scottsdale, Arizona 85251.

On October 2, 2019, we filed a registration statement on Form 10-12G with the Securities and Exchange Commission (“SEC”) to effect registration of our common stock, par value $0.00001 per share, under the Exchange Act. The registration statement became effective on December 1, 2019.

On February 29, 2024, our board of directors approved a 1-for-15 reverse stock split of our common stock. The record date for the reverse stock split was the close of business on March 7, 2024, with share distribution occurring on March 8, 2024. As a result of the reverse stock split, stockholders received one share of CISO Global, Inc. common stock, par value $0.00001, for each 15 shares they held as of the record date. All share and per share amounts have been retroactively restated for the effects of this reverse stock split. Common stock underlying our outstanding warrants, convertible notes, and options have also been adjusted, and the conversion and exercise prices have also been adjusted.

We have substantially expanded our business in recent years through a number of acquisitions. The following table sets forth certain information regarding such acquisitions:

Customers

Our past acquisitions have resulted in expansion of our customer base and increased usage within existing customers. None of our customers individually accounted for more than 10.0% of our consolidated revenue for the years ended December 31, 2024 and 2023, nor are we dependent upon a few major customers.

Cybersecurity Market Analysis

The cybersecurity market is highly fragmented, characterized by a diverse landscape of established industry leaders and emerging security product vendors. While competition within traditional endpoint and IT operations markets remains significant, we anticipate encountering new competitors as we strategically expand into adjacent markets, thereby increasing our total addressable market.

We believe our competitive positioning is strengthened by several key differentiators, including:

Despite these advantages, many of our competitors maintain substantially greater financial, technical, and operational resources, along with broader brand recognition, larger sales and marketing infrastructures, deeper customer relationships, more extensive distribution channels, and mature intellectual property portfolios. Additionally, cloud-based service providers introduce increased competition, transcending geographic limitations.

We remain committed to leveraging our core strengths, including frontline expertise, integrated solutions, and a disciplined acquisition strategy — to expand our market presence, drive sustainable growth, and create long-term value for our stockholders.

Intellectual Property

Our intellectual property portfolio is a critical component of our competitive advantage and long-term business strategy. We rely on a combination of trademarks, patents, copyrights, trade secrets, license agreements, intellectual property assignment agreements, confidentiality procedures, non-disclosure agreements, and employee non-disclosure and invention assignment agreements to secure and enforce our proprietary rights. While these legal protections are important, we believe our success is more significantly driven by the expertise and ingenuity of our workforce, alongside the functionality and continuous innovation embedded in our solutions.

We are committed to expanding and strengthening our intellectual property portfolio to support our products, services, research and development efforts, and other strategic initiatives. Where appropriate and financially prudent, we intend to pursue additional intellectual property protections to enhance our market position and safeguard our technology.

As we continue to grow and achieve greater market visibility, we anticipate increased competition and the potential for third parties to develop solutions that may attempt to replicate or infringe upon our proprietary technologies. Additionally, large and established companies within the cybersecurity sector maintain extensive patent portfolios and are frequently involved in both offensive and defensive intellectual property litigation. From time to time, we may face allegations of intellectual property infringement from such companies or from non-practicing entities. These claims may target us directly, or indirectly affect our business by targeting our channel partners, cloud service providers, or customers — parties to whom we have contractual indemnification obligations.

If a third party successfully asserts an intellectual property infringement claim against us, we could face significant financial and operational consequences, including the inability to market or deliver certain products or services, the necessity to allocate resources toward developing non-infringing alternatives, or the obligation to pay substantial damages, including enhanced damages for willful infringement in the United States. Additionally, we could be required to enter into costly licensing agreements or settlement arrangements. We cannot guarantee that our current or future products and services will not be found to infringe upon third-party intellectual property rights.

Defending against intellectual property-related claims, regardless of merit, can be time-consuming, expensive, and disruptive to our business. We intend to vigorously protect and enforce our intellectual property rights where necessary to preserve our competitive position and long-term financial performance. However, there can be no assurance that we will succeed in these efforts or that our intellectual property protections will be sufficient to prevent competitors from developing similar technologies or services that may diminish our market share or revenue potential.

Government Regulation

We are not aware of any specific regulations that govern cybersecurity firms or the areas in which we operate. While there are a few federal cybersecurity regulations, they govern industries that we serve and exist to focus on specific industries.

Three of the main cybersecurity regulations are HIPAA, the 1999 Gramm-Leach-Bliley Act, and the 2002 Homeland Security Act, which included the Federal Information Security Management Act (“FISMA”). The three regulations mandate that healthcare organizations, financial institutions, and federal agencies, respectively, should protect their systems and information. FISMA, which applies to every government agency, requires the development and implementation of mandatory policies, principles, standards, and guidelines on information security. However, the regulations do not address numerous computer related industries, such as Internet Service Providers and software companies. Furthermore, the regulations do not specify what cybersecurity measures must be implemented and require only a “reasonable” level of security.

In addition, the National Cybersecurity Division is another regulatory body that is a division of the Office of Cybersecurity & Communications within the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Human Capital Management

Our future success relies on our ability to continually attract, hire, and retain top-tier talent, particularly within our senior management, engineering, and technical teams. As a leader in the highly competitive cybersecurity industry, securing skilled personnel is essential to maintaining our position at the forefront of innovation and incident response.

Competing for Top Talent

We recognize that the cybersecurity landscape is evolving rapidly, and the demand for specialized expertise continues to grow. To remain competitive, we have designed comprehensive compensation and benefits programs that address the diverse needs of our global workforce. In addition to competitive salaries, our offerings include performance-based incentive plans, pensions, healthcare and insurance coverage, paid time off, family leave, and on-site services. These benefits are tailored to meet regional requirements and employment classifications, ensuring flexibility and relevance.

Retention Through Recognition and Rewards

To retain our most valuable contributors — particularly senior leaders and key technical personnel — we strategically deploy equity-based grants with thoughtful vesting schedules. This approach aligns employee success with company performance, fostering long-term commitment and engagement.

Prioritizing Employee Well-being

The success of our business is inherently tied to the well-being of our people. We are steadfast in our commitment to fostering a healthy, safe, and supportive work environment. Our people are our greatest asset. By cultivating an environment where talent thrives, supported by competitive rewards, opportunities for growth, and a commitment to well-being, we ensure our continued leadership in cybersecurity and incident response.

Environmental, Social, and Governance Efforts

Environmental Commitment

We are committed to protecting the environment and attempt to mitigate any negative impact of our operations. We monitor resource use, improve efficiency, and at the same time reduce our emissions and waste.

Social Responsibility

We are a trusted cybersecurity expert providing safe, efficient, and sustainable services to our existing and new communities. Our success is the direct result of the dedication and strength of our team and promotes equity, diversity, integrity, inclusion, reliability, and accountability. We believe that a combination of diverse team members and an inclusive culture contributes to our success. Each member is a valued part of our team bringing a diverse perspective to help grow business and achieve our goals. Our tradition of serving employees, customers, and investors is at the core of our culture. For third-party vendor selection and oversight, we have standard operating procedures that apply to employees and subcontractors who, on our behalf, oversee and conduct technical protocols.

Employees

As of December 31, 2024, we had 143 employees, of which 141 were full-time. In addition, we utilize independent contractors for projects of short duration or where specialized knowledge or experience is needed for a complex project. We are not dependent on any independent contractor, and we believe adequate replacements would be available in the event any such independent contractor becomes unavailable to us. We believe our relations with our employees is good.

Available Information

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, our proxy and information statements and all amendments to those reports will be available free of charge through our website at www.ciso.inc as soon as practicable after such material is electronically filed with, or furnished to, the SEC. Except as otherwise stated in these documents, the information contained on our website or available by hyperlink from our website is not incorporated by reference into this report or any other documents we file, with or furnish to, the SEC.

Implications of Being an Emerging Growth Company

We qualify as an “emerging growth company” as the term is used in The Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), and therefore, we may take advantage of certain exemptions from various public company reporting requirements, including:

We may take advantage of these provisions for up to five years after our first public equity sale or such earlier time that we are no longer an emerging growth company. We would cease to be an emerging growth company if we have more than $1.07 billion in annual revenue, issue more than $1.0 billion of non-convertible debt over a three-year period, or become a large accelerated filer. So long as we remain an emerging growth company, we may choose to take advantage of some, but not all, of the available benefits of the JOBS Act. We have taken advantage of some of the reduced reporting requirements in our filings. Accordingly, the information contained herein may be different than the information you receive from other public companies in which you hold stock. In addition, the JOBS Act provides that an emerging growth company can delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have elected to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will not be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.

ITEM 1A. RISK FACTORS

An investment in our common stock involves a number of very significant risks. Readers of this Annual Report on Form 10-K should carefully consider the following risks and uncertainties in addition to other information in this Annual Report on Form 10-K in evaluating our company and its business before purchasing shares of our common stock. Our business, operating results and financial condition could be seriously harmed due to any of the following risks. An investor in our common stock could lose all or part of their investment due to any, or a combination of these risks.

Risk Factor Summary

Risks Related to Our Business and Industry

Risks Related to Our Common Stock

Risks Related to Our Business and Industry

We will need to raise capital to realize our business plan and growth strategy, the failure of which could adversely impact our operations.

Our growth strategy focuses on expanding our client base and increasing consolidated revenue through strategic acquisitions and seamless integration of businesses offering complementary cybersecurity services. As of December 31, 2024, our business has not yet achieved profitability. To reach profitability and sustain long-term growth, we require adequate funding, significant revenue growth, and continued successful integration of our acquisitions. As of March 24, 2025, we maintained cash resources of approximately $250,000.

We plan to fund operations through a combination of available net operating cash flows and future capital raises, which may include issuing equity or other securities. This approach may result in dilution for existing stockholders. Any newly issued securities may carry rights, preferences, or privileges that differ from those of our existing common stock.

We incurred significant operating losses during the years ended December 31, 2024 and December 31, 2023, and we have limited cash flow. Unless we increase revenue and cash flow or raise additional capital, we may be unable to take advantage of any acquisition opportunities that arise or expand our business, all of which could adversely impact us.

We are unable to predict if and when we will be able to generate significant positive cash flow or achieve profitability. Our plan regarding these matters is to strengthen our revenue and continue improving operational efficiencies across the business. There can be no assurances that we will be successful in increasing revenue, improving operational efficiencies or that financing will be available or, if available, that such financing will be available under favorable terms. In the event that we are unable to generate adequate revenue to cover expenses and cannot obtain additional financing, we may need to cut back or curtail our expansion plans.

We will need to improve the size and capabilities of our organization, and we may experience difficulties in managing this growth.

As we shift our growth strategy from acquisition-driven expansion to a focus on organic growth, we recognize the importance of effectively integrating and scaling our operations. This transition requires the careful alignment of managerial, operational, sales, marketing, financial, and other key functions across the organization. Successfully managing these dynamics is critical to sustaining our growth trajectory and enhancing long-term stockholder value.

Our ability to achieve future growth will depend on the following factors:

We anticipate that these growth initiatives will place increasing demands on our management team, including the need to balance day-to-day operational responsibilities with the strategic oversight required to guide expansion. As our leadership team continues to evolve, limited long-term experience working together may present challenges to operational cohesion.

We depend on key personnel who would be difficult to replace, and our business plans will likely be harmed if we lose their services or cannot hire additional qualified personnel.

Our business is significantly dependent on the continued efforts and abilities of our senior management and executive officers. The loss of services of one or more of these key individuals, or our inability to attract, train, and retain key personnel, could materially disrupt our operations, delay strategic initiatives, and hinder our ability to execute our business plan.

At present, we do not maintain key man insurance for any members of our senior management or key personnel. The competition for qualified management and personnel, particularly those with specialized expertise in the cybersecurity industry, is intense. If we were to lose the services of any of our key executives, or if we are unable to successfully recruit, retain, and develop personnel with the necessary skills and industry knowledge, our ability to continue executing on our acquisition strategy and service program development could be adversely impacted. Furthermore, such a loss could have a significant effect on our ability to maintain and grow client relationships, which may negatively impact our financial performance and long-term prospects.

We recognize the critical importance of having a strong and capable leadership team to execute our business strategy. As such, we continue to explore options for mitigating these risks, including potential investments in succession planning and talent development. However, there can be no assurance that we will be successful in securing or retaining the right talent, and any failure to do so may materially affect our ability to achieve our objectives.

We operate in an industry that is experiencing a shortage of qualified compliance and cybersecurity professionals. If we are unable to recruit and retain key management and technical and sales personnel, our business would be negatively affected.

To execute our growth strategy, attracting and retaining highly skilled compliance and cybersecurity experts remains critical. The demand for these professionals is intense, particularly given the global shortage of talent with the technical and strategic expertise required to deliver exceptional services to our clients.

Our competitors, many with greater resources, also seek to recruit skilled professionals, and compensation packages—particularly stock options and other equity incentives—often play a significant role in attracting candidates. We are mindful of the importance of offering competitive compensation, but recognize that fluctuations in stock value can impact this dynamic. We continually evaluate our compensation strategies to ensure they align with market trends and support our long-term growth objectives.

We depend on independent contractors to provide certain services for which we do not have the expertise internally. Any compromise in the service quality may delay our business processes and cause economic loss.

We currently rely, and for the foreseeable future will continue to rely, in substantial part on certain independent organizations, advisors, and consultants to provide certain services. There can be no assurance that the services of these independent organizations, advisors, and consultants will continue to be available to us on a timely basis when needed, or that we can find qualified replacements. In addition, if we are unable to effectively manage our outsourced activities or if the quality or accuracy of the services provided by consultants is compromised for any reason, some of our business activities may be delayed or terminated, and we may not be able to mitigate negative impacts or otherwise advance our business. There can be no assurance that we will be able to manage our existing consultants or find other competent outside contractors and consultants on economically reasonable terms, if at all. If we are not able to effectively expand our organization by hiring new employees and expanding our groups of consultants and contractors, we may not be able to successfully implement the tasks necessary to further expand and, accordingly, may not achieve our business goals.

We have recently acquired multiple businesses. Our growth strategy is driven by successful acquisitions and integration of additional businesses that provide comparable or complementary services.

We have completed the acquisition and integration of several complementary businesses, and we intend to consider opportune additional potential strategic transactions that enhance stockholder value, which could involve acquisitions of businesses or assets, joint ventures, or investments in businesses or technologies that expand, complement, or otherwise relate to our business. We may also consider, from time to time, opportunities to engage in joint ventures or other business collaborations with third parties. Should our relationships fail to materialize into significant agreements, or should we fail to work efficiently with these companies, we may lose sales and marketing opportunities and our business, results of operations, and financial condition could be adversely affected.

Any business acquisition creates risks such as, among others: (i) the need to integrate and manage the businesses acquired with our own business; (ii) additional demands on our resources, systems, procedures, and controls; (iii) disruption of our ongoing business; and (iv) diversion of management’s attention from other business concerns. Moreover, these transactions could involve: (a) substantial investment of funds or financings by issuance of debt or equity securities; (b) substantial investment with respect to technology transfers and operational integration; and (c) the acquisition or disposition of lines of businesses. Also, such activities could result in one-time charges and expenses and have the potential to either dilute the interests of our existing stockholders or result in the issuance of, or assumption of debt. Such acquisitions, investments, joint ventures, or other business collaborations may involve significant commitments of financial and other resources. Any such activities may not be successful in generating revenue, income, or other returns, and any resources we committed to such activities will not be available to us for other purposes. Moreover, if we are unable to access the capital markets on acceptable terms or at all, we may not be able to consummate acquisitions, or may have to do so on the basis of a less than optimal capital structure. Our inability to take advantage of growth opportunities or address risks associated with acquisitions or investments in businesses may negatively affect our operating results.

Additionally, any impairment of goodwill or other intangible assets acquired in an acquisition or in an investment, or charges to earnings associated with any acquisition or investment activity, may materially reduce our earnings. Future acquisitions or joint ventures may not result in their anticipated benefits and we may not be able to properly integrate acquired technologies or businesses with our existing operations or successfully combine personnel and cultures. Failure to do so could deprive us of the intended benefits of those acquisitions.

Our business strategy may impose limitations on our ability to accurately forecast future revenue and operating results.

Our operating results are subject to a variety of factors that could cause our financial performance to fluctuate significantly. These factors include, but are not limited to, fluctuations in client demand, competitive pricing pressures, debt servicing obligations, and general economic conditions. Our ability to achieve consistent revenue growth is highly dependent on several key elements, including:

While we have a robust strategy in place to manage and mitigate these risks, there can be no assurance that we will successfully navigate the challenges associated with organic growth. We cannot guarantee that our efforts will result in sustainable revenue growth, improved profitability, or the achievement of long-term financial objectives.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense.

Our sales cycles are often long and unpredictable, and our sales efforts require significant time, resources, and investment. These factors introduce considerable uncertainty into our ability to forecast revenue and operating results. Specifically:

Considering these factors, we cannot guarantee that we will successfully close sales in the anticipated timeframes, and the uncertainty surrounding our sales cycle may affect our ability to achieve our revenue and financial objectives.

Because we recognize revenue from subscriptions to our solutions over the term of the subscription, downturns or upturns in new business will not be immediately reflected in our operating results.

We recognize revenue from customer subscriptions ratably over the term of their agreement, which generally spans one to three years. As a result, a significant portion of the revenue we report in any given period is derived from the recognition of deferred revenue related to agreements entered into in prior periods. This model presents the following risks:

As a result of these factors, our ability to manage and adjust our operations in response to changes in sales or renewals may be hindered, potentially leading to variability in our financial results from period to period. We may also face challenges in maintaining profitability if revenue trends do not align with our cost structure adjustments.

We provide service level commitments under some of our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide partial refunds, or our customers could be entitled to terminate their contracts and our business would suffer.

Certain of our customer agreements include service level commitments, which specify the availability and performance of our solutions and support services. Failure to meet these commitments could have a material adverse effect on our business. The following outlines key risks associated with our service level commitments:

Our business is subject to the risks of warranty claims from real or perceived defects in our solutions or their misused by our customers or third parties and provisions in certain agreements potentially expose us to substantial liability and other losses.

Our solutions are subject to warranty claims arising from real or perceived defects or misuse by our customers or third parties. The following risks are associated with potential liability claims:

We continue to monitor and manage these risks, but there can be no assurance that our efforts will prevent material adverse impacts on our business.

Additionally, our solutions may be used by our customers and other third parties who obtain access to our solutions for purposes other than for which our solutions was intended. We maintain insurance to protect against certain claims associated with the use of our solutions, but our insurance coverage may not adequately cover the claims asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management’s time and other resources, and harm our business and reputation. We have offered some of our customers a limited warranty, subject to certain conditions. Any failure or refusal of our insurance providers to provide the expected insurance benefits to us after we have remediated warranty claims would cause us to incur significant expense or cause us to cease offering warranties which could damage our reputation, cause us to lose customers, expose us to liability claims by our customers, negatively impact our sales and marketing efforts, and have an adverse effect on our business, operating results, and financial condition. Further, although the terms of the warranty do not allow those customers to use warranty claim payments to fund payments to persons on the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), list of Specially Designated Nationals and Blocked Persons or who are otherwise subject to U.S. sanctions, we cannot assure you that all of our customers will comply with our warranty terms or refrain from taking actions, in violation of our warranty and applicable law.

Our future results may be affected by various legal and regulatory proceedings and legal compliance risks, including those involving intellectual property, governmental regulations, the U.S. Foreign Corrupt Practices Act, and other anti-bribery, anti-corruption, or other matters.

Our business is subject to various legal and regulatory proceedings, and we face compliance risks in multiple areas, including intellectual property, governmental regulations, and international anti-bribery and anti-corruption laws. These risks may adversely impact our business and financial results. Specifically:

We may be subject to risks from operating internationally.

We may seek to expand our operations in international markets, which may expose us to a variety of risks. Our international business growth is subject to numerous challenges, including:

Any of these factors could have a material adverse effect on our reputation, financial condition, results of operations, and stock price. The risks associated with operating internationally are inherent and may increase as we expand into new markets.

Our operations in certain emerging markets expose us to political, economic, and regulatory risks.

Our growth strategy includes expanding operations in emerging markets, particularly in regions such as South America and Europe. While these markets present significant growth opportunities, they also introduce a variety of risks that could adversely affect our business and financial results. The key risks associated with our expansion in emerging markets include:

Failure to manage political, economic, and regulatory risks in emerging markets could have a material adverse impact on our ability to achieve sales targets, grow our business, and maintain profitability in these regions. The risks associated with expanding into emerging markets may result in unanticipated costs, operational disruptions, or financial losses, which could negatively affect our financial condition, results of operations, cash flows, and stock price.

Adverse economic conditions in the United States may adversely impact our business and operating results.

Our operations, demand for services, and overall business performance are subject to general macroeconomic conditions, which can fluctuate and present significant risks to our financial performance. Key macroeconomic factors such as higher interest rates, inflation, recessions, or economic slowdowns—whether in the United States or globally—could adversely affect our business operations, customer demand, and financial results. The key risks include the following:

The unpredictability of macroeconomic conditions makes it difficult to accurately forecast and plan for future business activities. Adverse economic conditions may lead to changes in customer behavior, demand patterns, and spending priorities, all of which could have a negative effect on our ability to achieve growth and maintain profitability. In the event of future economic slowdowns or disruptions, we may face challenges in sustaining growth or expanding our business in the manner anticipated.

Breaches of network or information technology security could have an adverse effect on our business.

Cybersecurity threats, including cyber-attacks or breaches of our network or IT security, could have a material adverse effect on our operations, financial condition, and reputation. The nature of our business exposes us to various risks related to network security breaches, which could disrupt both our own operations and the operations of our clients. Key risks include the following:

A security breach, failure to protect sensitive information, or liability arising from a breach could have a material adverse effect on our business, operating results, financial condition, and prospects. We may incur significant legal, remediation, and security costs, and any reputational damage could undermine our business relationships and market position.

If we fail to meet our service level obligations under our service level agreements, we may be subject to certain penalties and could lose clients.

We have entered into service level agreements (“SLAs”) with many of our managed services clients, under which we guarantee specified levels of service availability. These arrangements require us to estimate and meet service delivery standards, including uptime and system performance, to ensure client satisfaction. The following risks are associated with these SLAs:

If we fail to fulfill our SLAs, it could result in material financial costs, including penalties, client churn, and reputational damage, which would adversely affect our business, operating results, financial condition, and prospects.

The nature of our business involves significant risks and uncertainties that may not be covered by insurance or indemnification.

We provide services in circumstances where insurance or indemnification may not be available or may be insufficient to cover operational risks and other uncertainties that we face. Our existing insurance coverages may not fully protect us against the risks associated with the delivery of our services, and additional insurance may not be available on favorable terms, or at all. The following risks are associated with our insurance coverage:

The occurrence of claims or liabilities for which we do not have adequate insurance or indemnification could have a material adverse effect on our business, operating results, financial condition, and prospects. Furthermore, the associated reputational risks and management distraction could hinder our ability to maintain growth and profitability.

We indemnify our officers and directors against liability to us and our security holders, and such indemnification could increase our operating costs.

Our certificate of incorporation and bylaws allow us to indemnify our officers and directors against claims associated with carrying out the duties of their offices. Our bylaws also allow us to reimburse them for the costs of certain legal defenses. Insofar as indemnification for liabilities arising under the Securities Act may be permitted to our officers, directors, or control persons, the SEC has advised that such indemnification is against public policy and is therefore unenforceable.

Our industry is highly competitive, and there is no assurance that we will compete successfully.

Our business operates in a highly competitive landscape, and our current and potential competitors vary significantly by size, service offerings, and geographic location. Our competitors include technology companies, consulting firms, telecommunication companies, technology resellers, hardware and software providers, and other entities. Many of these competitors have established relationships within specific industries or have developed a reputation for expertise in particular sectors of the cybersecurity market, including services, software, and hardware.

Primary factors influencing competition in our market include security, reliability, and functionality; customer service and technical expertise; reputation and brand recognition; financial strength; the breadth of products and services offered; price; and scalability. However, many of our competitors possess substantial advantages in these areas, including the following:

Some of our competitors are better positioned to:

As a result, competition in our industry could lead to several adverse outcomes for our business, including a loss of customers, reduced revenue, increased expenses, or pressure on our margins. These factors could adversely affect our business, financial condition, operating results, and long-term growth prospects.

Our success depends on our ability to protect our intellectual property and our proprietary technologies.

We rely on trade secrets to protect our intellectual property, proprietary technology, and processes, which we have developed or may develop in the future. However, there can be no assurance that confidentiality obligations will always be honored or that others will not independently develop similar or superior technology. The protection of intellectual property and proprietary technology through trade secret claims has become increasingly contentious, with more companies pursuing litigation to protect their rights or for competitive reasons, even when the claims may be unsubstantiated. The prosecution or defense of intellectual property claims can be costly and unpredictable, particularly given the evolving legal landscape. We may also face claims from other parties alleging infringement on their intellectual property or technology, which could adversely affect our business.

Increasingly complex cybersecurity regulations and standards may have significant impact on our business, and it may require us to substantially invest in our development capabilities to meet compliance requirements and may negatively impact our ability to offer certain services and remain profitable.

Cybersecurity legislation at the federal and state levels continues to evolve as lawmakers respond to the growing threat landscape. Multiple bills and resolutions are currently being considered, which may lead to new regulations, including cybersecurity standards and compliance requirements. Our expansion strategy, which includes acquisitions of other cybersecurity service providers, may be impacted by these regulations. We may be required to dedicate significant resources to ensure our services comply with diverse state-level requirements, potentially delaying service launches or limiting the scope of certain offerings. Non-compliance with these regulations could result in legal actions, increased costs, and operational disruptions, which would negatively impact our financial results.

We may become subject to disputes, including litigation, that could negatively impact our business, profitability, and financial condition.

We may become involved in disputes with third parties, which could result in litigation. Whether or not a dispute leads to litigation, significant resources—both management time and financial—may be required to resolve the issue. This could detract from our ability to focus on business operations. Any resolution could involve the payment of damages or other significant costs, and may involve restrictive terms that limit our operational flexibility. Prolonged or unfavorable legal disputes could materially harm our financial condition, profitability, and overall business performance.

If we incur additional debt, we will be subject to restrictive covenants and debt service obligations that could negatively impact our operations.

If we incur additional debt to fund operations or acquisitions, we will be subject to debt service obligations, including interest and principal payments. Debt agreements often contain restrictive covenants that may limit our operational flexibility and impose financial constraints. A default under any debt agreement could accelerate repayment and result in a judgment against us, potentially leading to the foreclosure of assets, which would materially adversely affect our business, financial condition, or results of operations.

The requirements of being a public company, including compliance with the reporting requirements of the Exchange Act and the requirements of the Sarbanes-Oxley Act and Nasdaq, may strain our resources, increase our costs, and divert management’s attention, and we may be unable to comply with these requirements in a timely or cost-effective manner.

As a public company, we are subject to the reporting requirements of the Exchange Act, and the corporate governance standards of the Sarbanes-Oxley Act and Nasdaq. We have a limited operating history as a public company, and these requirements may place a strain on our management, systems, and resources. In addition, we have incurred, and expect to continue to incur, significant legal, accounting, insurance, and other expenses. The Exchange Act requires us to file annual, quarterly, and current reports with respect to our business and financial condition within specified time periods and to prepare a proxy statement with respect to our annual meeting of stockholders. The Sarbanes-Oxley Act requires that we maintain effective disclosure controls and procedures and internal control over financial reporting. Nasdaq requires that we comply with various corporate governance requirements. To maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting and comply with the Exchange Act and Nasdaq requirements, significant resources and management oversight are required. This may divert management’s attention from other business concerns and lead to significant costs associated with compliance, which could have a material adverse effect on us and the market price of our common stock.

The expenses incurred by public companies generally for reporting and corporate governance purposes have been increasing. We expect these rules and regulations to continue to increase our legal and financial compliance costs and to make some activities more time-consuming and costly. These laws and regulations could also make it more difficult or costly for us to obtain certain types of insurance, including director and officer liability insurance, and we may be forced to accept reduced policy limits and coverage or incur substantially higher costs to obtain the same or similar coverage. These laws and regulations could also make it more difficult for us to attract and retain qualified persons to serve on our Board of Directors or its committees or as our executive officers. Advocacy efforts by stockholders and third parties may also prompt even more changes in governance and reporting requirements. We cannot predict or estimate the amount of additional costs we may incur or the timing of these costs. Furthermore, if we are unable to satisfy our obligations as a public company, we could be subject to delisting of our common stock, fines, sanctions, other regulatory action, and potentially civil litigation.

The preparation of our financial statements involves the use of estimates, judgments, and assumptions, and our financial statements may be materially affected if our estimates prove to be inaccurate.

Financial statements prepared in accordance with accounting principles generally accepted in the United States require the use of estimates, judgments, and assumptions that affect the reported amounts. Different estimates, judgments, and assumptions reasonably could be used that would have a material effect on the financial statements, and changes in these estimates, judgments, and assumptions are likely to occur from period to period in the future. These estimates, judgments, and assumptions are inherently uncertain, and, if they prove to be wrong, then we face the risk that charges to income will be required.

The auditor’s opinion on our audited consolidated financial statements for the year ended December 31, 2024, included in this annual report on Form 10-K, contain an explanatory paragraph relating to our ability to continue as a going concern.

The auditor’s opinion on our audited consolidated financial statements for the year ended December 31, 2024 includes an explanatory paragraph stating that our losses and negative cash flows from operations and uncertainty in generating sufficient cash to meet our operating obligations raise substantial doubt about our ability to continue as a going concern. While we are pursuing a variety of funding sources and transactions that could raise capital, there can be no assurances that we will be successful in these efforts or will be able to resolve our liquidity issues or eliminate our operating losses. If we are unable to obtain sufficient funding, we would need to significantly reduce our operating plans and curtail some or all of our strategic plans. Accordingly, our business, prospects, financial condition, and results of operations will be materially and adversely affected, and we may be unable to continue as a going concern. If we are unable to continue as a going concern, we may have to liquidate our assets and may receive less than the value at which those assets are carried on our audited consolidated financial statements, and it is likely that investors will lose all or a part of their investment. If we seek additional financing to fund our business activities in the future and there remains substantial doubt about our ability to continue as a going concern, investors or other financing sources may be unwilling to provide additional funding on commercially reasonable terms or at all.

Risks Related to our Common Stock

The market price of our common stock is volatile and may fluctuate in a way that is disproportionate to our operating performance.

The market price of our common stock may experience significant volatility due to a variety of factors, including, but not limited to:

Many of these factors are beyond our control. In addition to recent events, the stock markets have historically experienced substantial price and volume fluctuations. These fluctuations often have been unrelated or disproportionate to the operating performance of these companies. These broad market and industry factors could reduce the market price of our common stock, regardless of our actual operating performance.

Future sales of shares of our common stock by existing stockholders could depress the market price of our common stock.

We had an aggregate of 11,821,866 issued and outstanding shares of common stock as of December 31, 2024. Approximately 4,838,618 shares were in street name. The remainder of the outstanding shares may be sold, subject to certain volume limitations, pursuant to Rule 144 or other available exemptions. Also, in the future, we may issue additional securities in connection with financings and acquisitions. The amount of our common stock issued in connection with an investment or acquisition could constitute a material portion of our then outstanding stock. Due to these factors, sales of a substantial number of shares of our common stock in the public market could occur at any time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could reduce the market price of our common stock.

Provisions in our certificate of incorporation, our by-laws, and Delaware law might discourage, delay, or prevent a change in control of our company or changes in our management and, therefore, depress the trading price of our common stock.

Provisions of our amended and restated certificate of incorporation, our amended and restated by-laws, and Delaware law may have the effect of deterring unsolicited takeovers or delaying or preventing a change in control of our company or changes in our management, including transactions in which our stockholders might otherwise receive a premium for their shares over then current market prices. In addition, these provisions may limit the ability of stockholders to approve transactions that they may deem to be in their best interests. These provisions include the ability of our Board of Directors to designate the terms of and issue new series of preferred stock without stockholder approval, which could include the right to approve an acquisition or other change in our control or could be used to institute a rights plan, also known as a poison pill, that would work to dilute the stock ownership of a potential hostile acquirer, likely preventing acquisitions that have not been approved by our Board of Directors.

The existence of the forgoing provisions and anti-takeover measures could limit the price that investors might be willing to pay in the future for shares of our common stock. They could also deter potential acquirers of our company, thereby reducing the likelihood that an investor in our company could receive a premium for their common stock in an acquisition.

Our Board of Directors is expressly authorized to make, alter, or repeal our by-laws by majority vote, while such action by stockholders would require a super majority vote.

These anti-takeover provisions and other provisions under Delaware law could discourage, delay, or prevent a transaction involving a change in control of our company, including actions that our stockholders may deem advantageous, or negatively affect the trading price of our stock. These provisions could also discourage proxy contests and make it more difficult for stockholders to elect directors of their choosing and cause us to take other corporate actions they desire.

FINRA sales practice requirements may limit a stockholder’s ability to buy and sell our stock.

The Financial Industry Regulatory Authority, Inc. (“FINRA”) has adopted rules that require that, in recommending an investment to a client, a broker-dealer must have reasonable grounds for believing that the investment is suitable for that customer. Prior to recommending speculative low-priced securities to their non-institutional customers, broker-dealers must make reasonable efforts to obtain information about the customer’s financial status, tax status, investment objectives, and other information. Under interpretations of these rules, FINRA believes that there is a high probability that speculative low-priced securities will not be suitable for certain customers. FINRA requirements will likely make it more difficult for broker-dealers to recommend that their customers buy our common stock, which may have the effect of reducing the level of trading activity in the shares, resulting in fewer broker-dealers may be willing to make a market in our shares, potentially reducing a stockholder’s ability to resell shares of our common stock.

If we issue additional shares in the future, it will result in a dilution of our existing stockholders.

Our amended and restated certificate of incorporation authorizes the issuance of up to 300,000,000 shares of our common stock and up to 50,000,000 shares of preferred stock. Our Board of Directors may choose to issue some or all of such shares to acquire one or more companies and to fund our overhead and general operating requirements. The issuance of any such shares will reduce the book value per share and may contribute to a reduction in the market price of the outstanding shares of our common stock. If we issue any such additional shares, such issuance will reduce the proportionate ownership and voting power of all current stockholders. Further, such issuance may result in a change of control of our company.

We are eligible to be treated as an “emerging growth company,” as defined in the JOBS Act, and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

We are an “emerging growth company,” as defined in the JOBS Act. For as long as we continue to be an emerging growth company, we may take advantage of exemptions from various reporting and other requirements that are applicable to other public companies that are not emerging growth companies, including (i) not being required to comply with the auditor attestation requirements of Section 404(b) of the Sarbanes-Oxley Act, (ii) reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and (iii) exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We could be an emerging growth company for up to five years, although circumstances could cause us to lose that status earlier.

In addition, Section 107 of the JOBS Act provides that an emerging growth company can take advantage of the extended transition period provided in Section 7(a)(2)(B) of the Securities Act for complying with new or revised accounting standards that have different effective dates for public and private companies until those standards apply to private companies. We have elected to take advantage of the extended transition period for complying with the revised accounting standards. As a result, our financial statements may not be comparable to companies that comply with effective dates generally applicable to public companies.

Investors may find our common stock less attractive because we may rely on these exemptions, reduced reporting requirements, and extended transition periods. If investors find our common stock less attractive as a result of any of the foregoing, there may be a less active trading market for our common stock and our stock price may be more volatile or may decrease.

Our directors, a former director and executive officers beneficially own a substantial majority of our outstanding capital stock and will have the ability to control our affairs.

Our current directors and executive officers, and a former director beneficially own approximately 31.55% of our outstanding capital stock. By virtue of these holdings, they effectively control the election of the members of our Board of Directors, our management, and our affairs and may prevent us from consummating corporate transactions such as mergers, consolidations, or the sale of all or substantially all of our assets that may be favorable from our standpoint or that of our other stockholders.

Our failure to meet the continued listing requirements of Nasdaq could result in a delisting of our common stock.

If we fail to satisfy the continued listing requirements of Nasdaq, such as the corporate governance requirements or the minimum closing bid price requirement, Nasdaq may take steps to delist our common stock. On March 29, 2023, we received a letter from the listing qualifications staff of Nasdaq providing notification that the bid price for our common stock had closed below $1.00 per share for the previous 30 consecutive business days and our common stock no longer met the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). In accordance with Nasdaq Listing Rule 5810(c)(3)(A), we had an initial period of 180 calendar days to regain compliance. To regain compliance, the closing bid price of our common stock had to be $1.00 per share or more for a minimum of 10 consecutive business days at any time before the expiration of the initial compliance period. We were unable to regain compliance with Rule 5550(a)(2) during the initial compliance period, but pursuant to Nasdaq rules we were eligible for an additional 180 calendar day compliance period. To qualify, we needed to meet the continued listing requirement for market value of publicly held shares and all other initial listing standards for the Nasdaq Capital Market, with the exception of the minimum bid price requirement, and we were required to provide written notice of our intention to cure the deficiency during the second compliance period, by effecting a reverse stock split, if necessary. Subsequently, on December 28, 2023, we received a letter from the listing qualifications staff of Nasdaq providing notification that the bid price for our common stock had closed below $0.10 per share for the previous 10 consecutive trading days and our common stock no longer met the minimum bid price requirement for continued listing under Nasdaq Listing Rule 5550(a)(2). Accordingly we were subject to the provisions contemplated under Nasdaq Listing Rule 5810(c)(3)(A)(iii), and as a result, Nasdaq determined to delist our securities. We were granted an appeal with Nasdaq’s Hearings Panel on March 28, 2024. On March 8, 2024, our 1-for-15 reverse split became effective, increasing the bid price for our common stock above $1.00 per share. On March 22, 2024, we received notification from Nasdaq that we had regained compliance with the bid price requirements as set forth under Nasdaq Listing Rule 550(a)(2). As a result of regaining compliance, our appeal with Nasdaq’s Hearing Panel was cancelled.

We must continue to maintain a minimum closing bid price over $1.00 per share pursuant to Nasdaq Listing Rule 5810(c)(3)(A). If our closing bid price falls below $1.00 per share for more than 30 consecutive trading days, we may again be deemed noncompliant with Nasdaq’s continued listing requirements.

The liquidity of the shares of our common stock may be affected adversely by the reverse stock split undertaken to address such compliance failure, given the reduced number of shares that are outstanding following a reverse stock split. In addition, reverse stock splits may increase the number of stockholders who own odd lots (less than 100 shares) of our common stock, creating the potential for such stockholders to experience an increase in the cost of selling their shares and greater difficulty effecting such sales.

On January 10, 2025, we received a notification letter from the Listing Qualifications Staff of The Nasdaq Stock Market LLC (“Nasdaq”) indicating that, since we have not yet held an annual meeting of stockholders within twelve months of the end of its December 31, 2023 fiscal year, we are out of compliance with the Nasdaq rules for continued listing (Listing Rules 5620(a) and 5810(c)(2)(G)). The notification letter has no immediate effect on the listing of our securities on the Nasdaq Capital Market.

Under the applicable Nasdaq rules, we had 45 calendar days to submit a plan to regain compliance. If Nasdaq accepted our plan, Nasdaq can grant an exception of up to 180 calendar days from our most recent fiscal year end, or until June 30, 2025, to regain compliance.

We filed a definitive proxy statement on March 5, 2025 for an annual meeting to be held on April 25, 2025 to regain compliance with the applicable Nasdaq Listing Rules.

In the event that we again become non-compliant with Rule 5550(a)(2) and cannot re-establish compliance within the required timeframe, our common stock could be delisted from Nasdaq, which could have a material adverse effect on our financial condition, and which would cause the value of our common stock to decline. If our common stock is not eligible for listing or quotation on another market or exchange, trading of our common stock could be conducted in the over-the-counter market or on an electronic bulletin board established for unlisted securities such as the Pink Sheets or the OTC Bulletin Board. In such event, it would become more difficult to dispose of, or obtain accurate price quotations for, our common stock, and there would likely be a reduction in our coverage by security analysts and the news media, which could cause the price of our common stock to decline further. In addition, it may be difficult for us to raise additional capital if we are not listed on a national securities exchange.

Following a reverse stock split, the resulting market price of our common stock may not attract new investors, including institutional investors, and may not satisfy the investing requirements of those investors. Consequently, the trading liquidity of our common stock may not improve.

Although we believe that a higher market price of our common stock may help generate greater or broader investor interest, there can be no assurance that our reverse stock split will result in a share price that will attract new investors, including institutional investors. In addition, there can be no assurance that the market price of our common stock will satisfy the investing requirements of those investors. As a result, the trading liquidity of our common stock may not necessarily improve.

We do not intend to pay dividends on our common stock.

We have never paid any cash dividends, and currently do not intend to pay any dividends for the foreseeable future. We intend to retain any future earnings to the extent necessary to develop and expand our business. Payment of cash dividends, if any, will depend, among other factors, on our earnings, capital requirements, and the general operating and financial condition, and will be subject to legal limitations on the payment of dividends out of paid-in capital. Because we do not intend to declare dividends, any gain on an investment in our company will need to come through an increase in the stock price. This may never happen, and investors may lose all of their investment.

Our business could be negatively impacted by stockholder activism.

In recent years, stockholder activists have become involved in numerous public companies. Stockholder activists frequently propose to involve themselves in the governance, strategic direction, and operations of companies. Stockholder activists have also become increasingly concerned with companies’ efforts with respect to environmental, sustainability and governance standards. Responding to actions by activist stockholder, such as requests for special meetings, potential nominations of candidates for election to our Board of Directors, requests to pursue a strategic combination or other transaction, or other special requests may disrupt our business and divert the attention of management and employees. In addition, any perceived uncertainties as to our future direction resulting from such a situation could result in the loss of potential business opportunities, be exploited by our competitors, cause concern to our current or potential customers, and make it more difficult to attract and retain qualified personnel and business partners, all of which could negatively impact our business. Stockholder activism could result in substantial costs. In addition, actions of activist stockholder may cause significant fluctuations in our stock price based on temporary or speculative market perceptions or other factors that do not necessarily reflect the underlying fundamentals of our business.

Our share price may be volatile, and you may be unable to sell your shares.

The trading price of our common stock is likely to be highly volatile and these fluctuations could cause you to lose all or part of your investment in our common stock. Since shares of our common stock were sold in our initial public offering (IPO) in January 2022 at a price of $75.00 per share, the reported high and low sales prices of our common stock ranged from $0.26 to $138.15 per share through March 24, 2025. Factors that may cause the market price of our common stock to fluctuate include:

In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, operating results or financial condition. The trading price of our common stock might also decline in reaction to events affecting other companies in our industry even if these events do not directly affect us.

In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. If our stock price is volatile, we may become the target of securities litigation, which could result in substantial costs and a diversion of management’s attention and resources.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY

ITEM 2. PROPERTIES

Our corporate headquarters is in Scottsdale, Arizona where we currently lease approximately 3,300 square feet of office space. We lease one additional office, which we believe is not material to our operations.

We believe our existing facilities are sufficient for our current needs. Although we have recently closed or consolidated certain of our facilities, in the future, we may need to add new facilities or expand our existing facilities to meet our evolving business needs.

ITEM 3. LEGAL PROCEEDINGS

We are currently not a party to any material legal proceedings.

ITEM 4. MINE SAFETY DISCLOSURES

Not applicable.

PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

Market Information

Until January 13, 2022, our common stock was traded under OTC Market Group’s OTCQB. Since January 13, 2022, our common stock has been listed for trading on The Nasdaq Stock Market LLC under the symbol “CISO”.

As of December 31, 2024, there were 755 holders of record of our common stock, and the last reported sale price of our common stock on The Nasdaq Stock Market LLC on March 24, 2025 was $0.4499. A significant number of shares of our common stock are held in either nominee name or street name brokerage accounts, and consequently, we are unable to determine the total number of beneficial owners of our common stock.

Dividend Policy

To date, we have paid no dividends on our common stock and do not expect to pay cash dividends in the foreseeable future. We plan to retain all earnings to provide funds for the operations of our company. In the future, our Board of Directors will decide whether to declare and pay dividends based upon our earnings, financial condition, capital requirements, and other factors that our Board of Directors may consider relevant. We are not under any contractual restriction as to present or future ability to pay dividends.

Unregistered Sales of Equity Securities

In March 2024, we issued 100,000 shares of our common stock to LendSpark Corporation as additional consideration to enter into a loan agreement in which we received gross proceeds for $2,200,000.

In July 2024, we issued 100,000 shares of our common stock to Hudson Global Ventures, LLC as consideration for consulting services.

ITEM 6. [RESERVED]

ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

The following Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with our consolidated financial statements and the related notes contained elsewhere in this Annual Report and is intended to provide information necessary to understand our audited consolidated financial statements for the year ended December 31, 2024 compared to the year ended December 31, 2023 and highlight certain other information which will enhance a reader’s understanding of our financial condition, changes in financial condition, and results of operations. In particular, the discussion is intended to provide an analysis of significant trends and material changes in our financial position and the operating results of our business during the year ended December 31, 2024 compared to the year ended December 31, 2023. These historical consolidated financial statements may not be indicative of our future performance. This Management’s Discussion and Analysis of Financial Condition and Results of Operations contains numerous forward-looking statements, all of which are based on our current expectations and could be affected by the uncertainties and risks described throughout this filing, particularly in “Item 1A. Risk Factors.”

Our Business

We provide a comprehensive suite of cybersecurity consulting and related services built on four critical pillars: Proprietary Software Stack, Compliance, Cybersecurity, and Organizational Culture.

Our services include managed security, compliance assessments, Security Operations Center (SOC) support, virtual Chief Information Security Officer (vCISO) services, incident response, digital forensics, technical assessments, and cybersecurity training. We have developed a unique offering called MCCP+, which integrates all four pillars through a dedicated team of subject matter experts.

Unlike many cybersecurity firms focused on specific technologies or services, we remain technology-agnostic. Our approach is centered around building a world-class team of cybersecurity and compliance experts with diverse skill sets, enabling us to provide truly holistic solutions that address the chronic shortage of highly skilled cybersecurity professionals.

The Proprietary Software Stack is foundational to our approach. We have developed a comprehensive suite of proprietary software solutions powered by machine learning, artificial intelligence (AI), and dark web threat intelligence. These multilayered technologies enhance our cybersecurity effectiveness, improve organizational resilience, and offer real-time insights to our clients, enabling them to stay ahead of evolving threats.

We also emphasize Compliance, working with clients to ensure they meet industry regulations and standards. Compliance assessments, audits, and adherence to best practices are integrated into our services, helping organizations safeguard sensitive information and minimize risk.

The Cybersecurity pillar includes advanced threat detection, incident response, and ongoing risk assessments to protect client systems, networks, and data from evolving cyber threats. Our team applies cutting-edge tools and methodologies to proactively defend against potential breaches, minimizing downtime and mitigating damage.

Finally, we focus on Organizational Culture, recognizing that a strong security-first mindset is essential for resilience. By working with clients to cultivate a culture of security, we help them make security an integral part of their operations, improving both their overall security posture and return on cybersecurity investments.

With a comprehensive portfolio of scalable intellectual property solutions, proprietary software stack, and an end-to-end team of experts, we are well-positioned for organic growth. By optimizing the user experience and leveraging digital interfaces, we can expand our client base without overburdening our service team. This scalability will enable us to drive increased revenue and profit margins concurrently.

Financial Highlights

Our operating results for the year ended December 31, 2024 included the following:

Results of Operations

Comparison of the Year Ended December 31, 2024, to the Year Ended December 31, 2023

Our financial results for the year ended December 31, 2024 are summarized as follows in comparison to the year ended December 31, 2023:

Revenue

Security managed services revenue decreased by $2,550,301, or 8%, for the year ended December 31, 2024, as compared to the year ended December 31, 2024, primarily due to lower hardware and software sales.

Professional services revenue decreased by $1,080,952, or 30%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, primarily due to lower customer projects.

Cybersecurity software revenue increased by $440,809, or 100%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, primarily due to our initial launch of our suite of internally developed cybersecurity software products.

Expenses

Cost of Revenue

Security managed services cost of revenue decreased by $654,975, or 7%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due primarily to lower hardware and software sales.

Professional services cost of revenue decreased by $128,296, or 22%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to decreased use of consultants.

Cybersecurity software cost of revenue increased by $119,900, or 100%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, primarily due to our initial launch of our suite of internally developed cybersecurity software products.

Cost of payroll decreased by $3,968,854, or 25%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to headcount reduction.

Stock-based compensation decreased by $486,022, or 10%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to the timing of recognition of the reversal of expense for options forfeited by former employees, a decrease in the number of options granted in 2024 and certain option grants that had fully vested.

Operating Expenses

Professional fees decreased by $1,871,615, or 58%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to a decrease in accounting, legal and other professional fees incurred related to our periodic SEC filings and our efforts to raise additional capital.

Advertising and marketing expenses decreased by $449,231, or 100%, for the year ended December 31, 2024, as compared to December 31, 2023, due to utilizing internal resources for advertising and marketing activities.

Selling, general, and administrative expenses decreased $5,156,190, or 28%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to our analysis of our carrying amount of intangible assets being impaired for the year ended December 31, 2023, reductions in head count, and lower costs for insurance and lease expenses for the year ended December 31, 2024.

Stock-based compensation expenses decreased by $3,036,007, or 39%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to the timing of recognition of the reversal of expense for options forfeited by former employees, a decrease in the number of options granted in 2024 and certain option grants that had fully vested.

Impairment of goodwill decreased by $35,933,364, or 100%, for the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to our analysis of our carrying amount of goodwill being impaired in 2023.

Other Income (Expense)

Interest expense, net increased by $1,317,599, or 58%, during the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to an increase in our debt assumed and the effective interest rate on such debt.

Loss on issuance of convertible notes increased by $1,022,650, or 100%, during the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to our costs associated with issuing convertible notes exceeding the fair value of convertible notes.

Change in fair value of derivative liability increased by $593,083, or 100%, during the year ended December 31, 2024, as compared to the year ended December 31, 2023, due to an increase in the share price of our common stock to $3.47 per share on December 31, 2024, providing more value as of December 31, 2024 to the holders of the convertible note if they were converted at such time.

Working Capital

Our working capital as of December 31, 2024, as compared to our working capital as of December 31, 2023, is summarized as follows:

The decrease in current assets is primarily due to an increase in cash and cash equivalents and prepaid cost of revenues of $750,946 and $89,445, respectively, offset by decreases to accounts receivable and prepaid expenses and other current assets of $962,688 and $68,194 respectively. The increase in current liabilities is primarily due to the increase in accounts payable and accrued expenses, loans payable, line of credit, derivative liability, and convertible notes payable of $2,037,617, $817,845, $1,957,938, $2,102,927, and $5,000,002, respectively.

Cash Flows

Our cash flows for the year ended December 31, 2024, as compared to our cash flows for the year ended December 31, 2023, can be summarized as follows:

Operating Activities

Net cash used in operating activities was $3,841,706 for the year ended December 31, 2024 and was primarily due to cash used to fund a net loss of $24,243,919, adjusted for non-cash expenses in the aggregate of $17,013,753 and additional cash increases from changes in the levels of operating assets and liabilities in the aggregate of $3,388,460, primarily as a result of an increase in accounts receivable, accounts payable and accrued expenses, and deferred revenue. Net cash used in operating activities was $5,920,112 for the year ended December 31, 2023 and was primarily due to cash used to fund a net loss of $80,231,083, adjusted for non-cash expenses in the aggregate of $64,085,528 and additional cash increases from changes in the levels of operating assets and liabilities in the aggregate of $10,225,443, primarily as a result of an increase in accounts receivable, accounts payable and accrued expenses, and deferred revenue.

Investing Activities

Net cash used in investing activities of $83,095 for the year ended December 31, 2024, was primarily due to cash paid to purchase property and equipment. Net cash used in investing activities of $160,158 for the year ended December 31, 2023, was primarily due to cash paid to purchase property and equipment.

Financing Activities

Net cash provided by financing activities for the year ended December 31, 2024 was $3,914,162, which was primarily due to cash received from the sale of our common stock, net proceeds from loans and lines of credit, and convertible notes payable of $154,947, $8,919,412, and $2,065,000, respectively, and offset by the payment of loans and convertible notes payable, and lines of credit of $6,157,484 and $1,067,713, respectively. Net cash provided by financing activities for the year ended December 31, 2023 was $6,193,046, which was primarily due to cash received from the sale of our common stock, and net proceeds from loans and convertible notes payable of $6,655,493 and $11,975,631, respectively, and offset by the payment of loans and convertible notes payable of $12,929,931.

Liquidity

The accompanying consolidated financial statements have been prepared on the basis that we will continue as a going concern, which contemplates realization of assets and satisfying liabilities in the normal course of business. At December 31, 2024, we had an accumulated deficit of $182,262,606 and working capital deficit of $21,474,576. For the year ended December 31, 2024, we had negative cash flows from operations of $3,841,706. Although our company is showing positive operating cash flows and gross profit trends, we expect to incur further losses through the end of 2025.

To date, we have funded operations primarily through the sale of equity in public offerings, private placements, loan proceeds, and revenue generated by our services. During the year ended December 31, 2024, we received $154,947 from public and private offerings of our common stock and $3,759,215 in net proceeds from our loans and convertible notes payable. On June 27, 2022, our Registration Statement on Form S-3 was declared effective, and we may offer and sell from time to time, in one or more series, any of our securities, for total gross proceeds up to $300,000,000. As of December 31, 2024, we had $291,190,324 of available funding from our S-3 Registration Statement from which we may issue our securities to fund current and future operations.

Going Concern

The accompanying financial statements have been prepared on a going concern basis, which assumes the realization of assets and satisfaction of liabilities in the normal course of business. However, due to losses incurred, substantial doubt about the Company’s ability to continue as a going concern exists.

We are actively evaluating strategies to obtain the necessary additional funding for future operations. These strategies may include, obtaining equity financing, issuing debt or entering into other financing arrangements, and restructuring of operations to grow revenues and decrease expenses. However, we may be unable to access further equity or debt financing when needed. Consequently, there is no assurance that we will be able to obtain the necessary liquidity when needed or under acceptable terms, if at all.

Our ability to continue as a going concern depends on successfully executing the plan outlined in our Growth Strategy and eventually achieving profitable operations. The consolidated financial statements do not include any adjustments to the carrying amounts and classification of assets, liabilities, and reported expenses that may be necessary if the Company were unable to continue as a going concern.

Recently Issued Accounting Pronouncements

See Note 3 to our consolidated financial statements for the years ended December 31, 2024 and 2023 included elsewhere in this Annual Report.

Critical Accounting Policies and Estimates

Use of Estimates

The preparation of financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent liabilities at dates of the financial statements and the reported amounts of revenue and expenses during the periods. Our significant estimates include the allowance for credit losses, the carrying value of intangible assets and goodwill, deferred tax asset and valuation allowance, the valuation of convertible notes, derivative liabilities, the estimated fair value of assets acquired, liabilities assumed and stock issued in business combinations, and assumptions used in the Black-Scholes-Merton pricing model, such as expected volatility, risk-free interest rate, share price, expected dividend rate, and the adequacy of insurance reserves, could be affected by external conditions, including those unique to us and general economic conditions. It is reasonably possible that these external factors could have an effect on our estimates and could cause actual results to differ from those estimates.

Fair Value Measurement

The fair value measurement guidance clarifies that fair value is an exit price, representing the amount that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants. As such, fair value is a market-based measurement that should be determined based on assumptions that market participants would use in the valuation of an asset or liability. It establishes a fair value hierarchy that prioritizes the inputs to valuation techniques used to measure fair value. The hierarchy gives the highest priority to unadjusted quoted prices in active markets for identical assets or liabilities (Level 1 measurements) and the lowest priority to unobservable inputs (Level 3 measurements). The three levels of the fair value hierarchy under the fair value measurement guidance are described below:

Level 1 - Unadjusted quoted prices in active markets that are accessible at the measurement date for identical assets or liabilities;

Level 2 - Quoted prices in markets that are not active, or inputs that are observable, either directly or indirectly, for substantially the full term of the asset or liability; or

Level 3 - Prices or valuation techniques that require inputs that are both significant to the fair value measurement and unobservable (supported by little or no market activity).

Business Combination

We allocate the purchase price of an acquired business to the tangible and intangible assets acquired and liabilities assumed based upon their estimated fair values on the acquisition date. Any excess of the purchase price over the fair value of the net assets acquired is recorded as goodwill. The purchase price allocation process requires management to make significant estimates and assumptions, especially at the acquisition date with respect to intangible assets. Direct transaction costs associated with the business combination are expensed as incurred. The allocation of the consideration transferred in certain cases may be subject to revision based on the final determination of fair values during the measurement period, which may be up to one year from the acquisition date. We include the results of operations of the business that it has acquired in its consolidated results prospectively from the date of acquisition.

If the business combination is achieved in stages, the acquisition date carrying value of the acquirer’s previously held equity interest in the acquiree is re-measured to fair value at the acquisition date; any gains or losses arising from such re-measurement are recognized in profit or loss.

Goodwill and Indefinite-Lived Intangible Assets

Goodwill and indefinite-lived intangible assets are assessed for impairment annually, or more frequently, if events occur that would indicate a potential reduction in the fair value of a reporting unit below its carrying value. We perform our annual impairment review of goodwill at the reporting unit level. If we determine the fair value of the reporting unit’s goodwill or other indefinite-lived intangible assets is less than their carrying value as a result of an annual or interim test, an impairment loss is recognized and reflected in operating income or loss in the consolidated statements of operations during the period incurred. We perform our impairment assessment based on a quantitative analysis performed for our reporting unit.

We review finite-lived intangible assets for impairment whenever an event occurs or circumstances change that indicate that the carrying amount of such assets may not be fully recoverable. Recoverability is determined based on an estimate of undiscounted future cash flows resulting from the use of an asset and its eventual disposition. Should an asset not be recoverable, an impairment loss is measured by comparing the fair value of the asset to its carrying value. If we determine the fair value of an asset is less than the carrying value, an impairment loss is recognized in operating income or loss in the consolidated statements of operations during the period incurred.

We performed our annual impairment assessment for 2024 and concluded that no impairment of goodwill was indicated. As of December 31, 2024, we believe such assets are recoverable, however, there can be no assurance that these assets will not be impaired in future periods. Any future impairment charges could adversely impact our results of operations.

See Notes 3 and 7 to our financial statements for additional information regarding goodwill and indefinite-lived assets.

Impairment of Long-lived Assets

We will periodically evaluate the carrying value of long-lived assets to be held and used when events and circumstances warrant such a review and at least annually. The carrying value of a long-lived asset is considered impaired when the anticipated undiscounted cash flow from such asset is separately identifiable and is less than its carrying value. In that event, a loss is recognized based on the amount by which the carrying value exceeds the fair value of the long-lived asset. Fair value is determined primarily by using the anticipated cash flows discounted at a rate commensurate with the risk involved. Losses on long-lived assets to be disposed of are determined in a similar manner, except that fair values are reduced for the cost to dispose.

Stock-Based Compensation

We measure and recognize compensation expense for equity-based awards based on the grant date fair values of the awards. For options with service or performance-based vesting conditions, the grant date fair value is estimated using the Black-Scholes option-pricing model, which requires management to make assumptions and apply judgment in determining the grant date fair value.

The most significant assumptions and judgments include estimating the expected option term, the expected stock price volatility and the risk-free interest rates. The assumptions used in our option pricing model represent management’s best estimates. If factors change and different assumptions are used, our equity-based compensation expense could be materially different in the future. We record forfeitures when they occur, based on our lack of historical data available to estimate an appropriate forfeiture rate. Changes in our forfeiture rate can have a significant impact on our equity-based compensation expense since the cumulative effect of adjusting the forfeiture rate is recognized in the period in which the estimate is changed.

We will continue to use judgment in evaluating the assumptions related to our equity-based awards on a prospective basis. As we continue to accumulate additional data related to our awards, we may refine our estimates, which could materially impact our future equity-based compensation expense.

Revenue Recognition

Our agreements with clients are primarily service contracts that range in duration from a few months to three years. We recognize revenue when control of these services is transferred to the client for an amount, referred to as the transaction price, which reflects the consideration to which we are expected to be entitled in exchange for those goods or services.

A contract with a client exists only when:

We do not adjust the promised amount of consideration for the effects of a significant financing component since we expect, at contract inception, that the period between the time of transfer of the promised goods or services to the client and the time the client pays for these goods or services to be generally one year or less. Our credit terms to clients generally average thirty days, although in some cases payments are required in 15 days.

We do not disclose the value of unsatisfied performance obligations for contracts with original expected duration of one year or less.

See Note 3 to our consolidated financial statements for the years ended December 31, 2024 and 2023 included elsewhere in this Annual Report for additional information regarding revenue recognition and deferred revenue.

Reimbursed Expenses

We include reimbursed expenses in revenue and cost of revenue as we are primarily responsible for fulfilling the promise to provide the specified service, including the integration of the related services into a combined output to the client, which are inseparable from the integrated service. These costs include such items as consumables, transportation, and travel expenses, over which we have discretion in establishing prices.

Cost of Revenue

Cost of revenue include the following:

Volatility in Stock-Based Compensation

We determine the expected stock price volatility based on the historical volatility of our common stock.

Change in fair value of derivative liability

The automatic discounted share-settlement feature of our convertible notes issued in December 2024 is an embedded derivative requiring bifurcation accounting as (1) the feature was not clearly and closely related to the debt host and (2) the feature met the definition of a derivative under ASC 815 (Derivatives and Hedging).

The bifurcated embedded features were initially recorded on the balance sheet at their fair value on the date of issuance. After the initial recognition, the fair value of the embedded derivative feature changed over time due to changes in our share price. The change in fair value has been included in our statement of operations.

Off-Balance Sheet Arrangements

We have no off-balance sheet arrangements that have or are reasonably likely to have a material current or future effect on our financial condition, changes in financial condition, revenue or expenses, results of operations, liquidity, capital expenditures, or capital resources.

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

Because we are a smaller reporting company, we are not required to provide the information called for by this Item.

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

The information called for by Item 8 is included beginning on page F-1 contained in this Annual Report on Form 10-K.

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE

None.

ITEM 9A. CONTROLS AND PROCEDURES

Evaluation of Disclosure Controls and Procedures

We maintain disclosure controls and procedures (as that term is defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act) that are designed to ensure that information required to be disclosed in our reports under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including Chief Executive Officer and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosures. In designing disclosure controls and procedures, our management necessarily was required to apply its judgment in evaluating the cost-benefit relationship of possible disclosure controls and procedures. The design of any disclosure controls and procedures also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Any controls and procedures, no matter how well designed and operated, can provide only reasonable, not absolute, assurance of achieving the desired control objectives.

Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, has evaluated the effectiveness of the design and operation of our disclosure controls and procedures as of the end of the period covered by this report. Based on this evaluation, our CEO and CFO concluded that, as of December 31, 2024, our disclosure controls and procedures are designed at a reasonable assurance level and are effective to provide reasonable assurance that information we are required to disclose in reports we file or submit under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms, and that such information is accumulated and communicated to our management, including our CEO and CFO, as appropriate, to allow timely decisions regarding required disclosure.

Limitations on Effectiveness of Controls and Procedures

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. In addition, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with the policies or procedures may deteriorate.

Changes in Internal Control Over Financial Reporting

There were no changes in our internal control over financial reporting during the quarter ended December 31, 2024 that materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.

Management’s Report on Internal Control over Financial Reporting

Our management is responsible for establishing and maintaining adequate internal control over financial reporting based on the framework established in Internal Control—Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. Our internal control over financial reporting is a process designed under the supervision of its principal executive and principal financial officers and effected by our Board of Directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of its consolidated financial statements for external reporting purposes in accordance with United States generally accepted accounting principles. Based on our assessment under this framework, our management concluded that our internal control over financial reporting was effective as of December 31, 2024.

Our independent registered public accounting firm will not be required to report on the effectiveness of our internal control over financial reporting pursuant to Section 404 until we are no longer an “emerging growth company” nor a non-accelerated filer.

ITEM 9B. OTHER INFORMATION

During the quarter ended December 31, 2024, no director or officer of our company adopted or terminated a “Rule 10b5-1 trading arrangement” or a “non-Rule 10b5-1 trading arrangement” (in each case, as defined in Item 408 of Regulation S-K).

ITEM 9C. DISCLOSURE REGARDING FOREIGN JURISDICTIONS THAT PREVENT INSPECTIONS

Not applicable.

PART III

ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE

The following table sets forth certain information regarding our Directors and Executive Officers. The age of each Director and Executive Officer listed below is given as of March 24, 2025.

Our Executive Officers

David G. Jemmett – Chief Executive Officer and Director

Mr. Jemmett has served as our Chief Executive Officer and a director since the company’s formation in March 2019. He founded GenResults in June 2015, which was acquired by our company in April 2019. Prior to this, he served as Chief Executive Officer of NantCloud, LLC in 2014, a provider of secure cloud-hosted applications for healthcare, and as Chief Technology Officer of NantWorks, LLC, the parent company of the “Nant” family of companies. From 2005 to 2013, Mr. Jemmett was the founder and Chief Executive Officer of ClearDATA Networks Corporation, a leading HIPAA-compliant hosting company specializing in healthcare.

Mr. Jemmett has deep expertise in both technology and business, having led innovation in the cybersecurity and healthcare technology sectors. He is a recognized leader, having appeared on CBS, CNN, MSNBC, and CSPAN, and testified before the U.S. Senate Subcommittee on Telecommunications and Internet Security in 1998. Mr. Jemmett is also a published author and today sits on the Forbes technology counsel. With extensive leadership experience, a strong technical background, and significant equity ownership, Mr. Jemmett is well-positioned to lead our company and serve as a director.

Debra L. Smith – Chief Financial Officer

Ms. Smith has served as our Chief Financial Officer since June 2021. Ms. Smith previously served as a director on our Board of Directors from May 2023 to January 2025. Ms. Smith served as our Executive Vice President of Finance and Accounting from February 2021 to June 2021. Prior to joining our company, Ms. Smith served as Executive Vice President of Finance at Arrivia Inc. from January 2020 to February 2021 and Controller and, subsequently, Chief Accounting Officer at BeyondTrust from October 2016 to January 2020. Ms. Smith received a Bachelor of Science degree in Accounting, Summa Cum Laude, from DeVry University and a Master’s degree in Counseling with Honors from Argosy University.

Kyle J. Young – Interim Chief Operating Officer

Mr. Young has served as our Interim Chief Operating Officer since March 2023. Previously Mr. Young served as our Executive Vice President, Operations from January 2022 to March 2023 and as our Vice President, Operations from February 2021 to January 2022. Mr. Young served in various roles at BeyondTrust Software, a U.S.-based cybersecurity vendor, from December 2007 to February 2022, most recently serving as its Vice President, Business and Sales Operations. Mr. Young holds a bachelor’s degree in Speech Communications & Rhetoric from the University of Illinois Urbana-Champaign.

Our Directors

Andrew K. McCain – Director

Mr. McCain has served as a director of our company since May 2019. He has served as the President and Chief Executive Officer for Hensley Beverage Company since January 2024, and previously served as President and Chief Operating Officer from 2014 through January 2024. He is Chairman of Hensley Employee Foundation and a Patrons Committee member of United Methodist Outreach Ministries’ New Day Centers. He is past Chairman of the Board of the Fiesta Bowl, past Chairman of the Anheuser-Busch National Wholesaler Advisory Panel, past Chairman of the Greater Phoenix Chamber of Commerce, past board member of the Arizona Super Bowl Host Committee, and past board member of the Arizona 2016 College Football Championship Local Organizing Committee. Mr. McCain received his Bachelor of Arts in Mathematics in 1984 and an MBA in 1986 from Vanderbilt University.

We believe Mr. McCain is qualified for service as a director of our company due to his significant business experience and leadership.

Phillip Balatsos – Director

Mr. Balatsos has served as a director of our company since January 2025. As Vice President at XP Investments US LLC, he has significantly expanded the firm’s presence in North America and Europe, achieving a 300% increase in FX revenue. Previously, Mr. Balatsos was Director at Barclays Capital, where he managed high-value institutional relationships and led joint ventures that boosted annual revenues by millions. He began his career at Credit Suisse, rapidly advancing to Vice President supporting hedge fund sales. His entrepreneurial ventures include owning Thomas-Mackey Veterinarian Service, SeaPath Advisory LLC, and TwoMacks Properties LLC, which demonstrate his diverse expertise. He also served on the Board of Directors for Sadot Group Inc., contributing to the company’s strategic growth. Mr. Balatsos holds a Bachelor of Science in Business Administration from Skidmore College and has received leadership recognition in various roles.

We believe Mr. Balatsos is qualified for service as a director of our company due to his significant experience with financial markets and his executive and board experience at other companies.

Mohsen (Michael) Khorassani – Director

Mr. Khorassani has served as a director since January 2025. He has served as founder and CEO of Orion 4, a corporate advisory firm, since March of 2019 where he has served as capital markets, business development and marketing advisor for many public and private companies. Before founding Orion, he spent nineteen years at Oppenheimer Private Client Division as Director of Investments focused on building and developing a successful wealth management practice. He was responsible for advising both high net-worth and institutional clients. Prior to joining Oppenheimer, he served as a Vice President at Oscar Gruss & Son, an institutional NYSE member firm where he was responsible for helping build the firm’s retail division. His responsibilities included recruiting advisors, managing teams, and sales and trading. Prior to Oscar Gruss and Son, he spent four years at Gruntal and Co. as V.P of Investments. He started his financial services career at Lehman Brothers two years earlier. Mr. Khorassani has demonstrated extensive understanding of the capital markets over his thirty years of Wall Street experience and brings with him a wealth of knowledge and a deep bench of personal relationships.

We believe Mr. Khorassani is qualified for service as a director of our company due to his significant experience in financial markets and leadership experience with publicly traded companies.

Andrew Hancox – Director

Mr. Hancox has served as a director since January 2025. As the Founder and Managing Member of Block 8 Ventures, he has successfully invested in over 25 blockchain projects and provided strategic consulting to high-growth companies. Previously, he co-founded Katapult (NASDAQ: KPLTW) and served as COO, raising over $250M in capital and expanding the team to 100+ members. Andrew’s experience includes a role as an analyst at Permian Investment Partners, where he evaluated and recommended equity investments, and as the Co-Founder and CEO of Anderson Audio Visual, growing the company to $40M in sales. His educational background includes studies in Law and Mathematics from Victoria University (New Zealand) and a Private Equity and Investment Banking Program from the Institute of Banking and Finance (New York). Mr. Hancox is also a lead mentor at Entrepreneurs Roundtable Accelerator and Parallel 18, an accomplished skier, marathon runner, and avid traveler, having visited 107 countries. Originally from New Zealand, he currently splits his time between New York, NY and San Juan, PR.

We believe Mr. Hancox is qualified for service as a director of our company due to his significant experience in investment analysis and leadership positions with other companies.

Pursuant to that certain Securities Purchase Agreement, dated December 10, 2024, by and among the company and certain investors (as defined therein), Messrs. Baltsos, Khorassani, and Hancox were appointed to the Board of Directors.

Board Constitution

Our Board of Directors currently consists of five members. All directors hold office until the next annual meeting of stockholders. At each annual meeting of stockholders, the successors to directors whose terms then expire are elected to serve from the time of election and qualification until the next annual meeting following election.

Director Independence

Our Board of Directors is comprised of a majority of independent directors, as “independence,” is defined by the listing standards of The Nasdaq Stock Market and by the SEC. Our Board of Directors has concluded that each of Messrs. McCain, Balatsos, Khorassani and Hancox are “independent”, having concluded that any relationship between such director and our company, in its opinion, does not interfere with the exercise of independent judgment in carrying out the responsibilities of a director. Mr. Jemmett is an employee director.

Board Committees

Our Board of Directors has three standing committees: the Audit Committee, the Compensation Committee, and Governance and Nominating Committee.

Audit Committee

The Audit Committee of our Board of Directors was established in accordance with Rule 10A-3 promulgated under the Exchange Act. The current members of our Audit Committee are Messrs. McCain, Hancox, and Balatsos with Mr. McCain serving as the chair. Each member of the Audit Committee meets the independence and other requirements to serve on our Audit Committee under The Nasdaq Stock Market Rules and the rules of the SEC. In addition, our Board of Directors determined that each of Messrs. McCain, Hancox, and Balatsos is considered an “audit committee financial expert” as defined in the rules of the SEC.

Former directors Reid S. Holbrook and Ernest M. (Kiki) VanDeWeghe, III, served on the Audit Committee during fiscal year 2024 until their resignation in January 2025.

The Audit Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Audit Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at www.ciso.inc/investor-relations/charter-of-the-audit-committee. The principal functions of the Audit Committee are to oversee our accounting and financial reporting processes and the audits of our consolidated financial statements; oversee our relationship with our independent auditors, including selecting, evaluating, and setting the compensation of, and approving all audit and non-audit services to be performed by the independent auditors; and facilitate communication among our independent registered public accounting firm and our financial and senior management.

Compensation Committee

We have a standing Compensation Committee of our Board of Directors. The members of our Compensation Committee are Messrs. Khorassani, Hancox, and McCain, with Mr. Khorassani serving as the chair. Each member of the Compensation Committee meets the independence and other requirements to serve on our Compensation Committee under The Nasdaq Stock Market Rules and the rules of the SEC.

Former directors Reid S. Holbrook and Ernest M. (Kiki) VanDeWeghe, III, served on the Compensation Committee during fiscal year 2024 until their resignation in January 2025.

The Compensation Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Compensation Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at www.ciso.inc/investor-relations/charter-of-the-compensation-committee. The Compensation Committee has responsibilities relating to the performance evaluation and the compensation of our Chief Executive Officer; the compensation of our executive officers and directors; and our significant compensation arrangements, plans, policies, and programs, including our stock compensation plans. Certain of our executive officers, our outside counsel, and consultants may occasionally attend the meetings of the Compensation Committee. However, no officer of our company is present during discussions or deliberations regarding that officer’s own compensation.

Governance and Nominating Committee

We have a standing Governance and Nominating Committee of our Board of Directors. The current members of our Governance and Nominating Committee are Messrs. Balatsos, Khorassani and Hancox, with Mr. Hancox serving as the chair. Each of Messrs. Balatsos, Khorassani and Hancox meets the independence and other requirements to serve on our Governance and Nominating Committee under The Nasdaq Stock Market Rules and the rules of the SEC.

Former directors Reid S. Holbrook, Ret. General Robert C. Oaks, and Ernest M. (Kiki) VanDeWeghe, III, served on the Governance and Nominating Committee during fiscal year 2024 until their resignation in January 2025.

The Governance and Nominating Committee was formed in 2021. Our Board of Directors has adopted a written charter for the Governance and Nominating Committee, a copy of which is posted in the Investor Resources and Corporate Governance section of our website at www.ciso.inc/investor-relations/charter-of-the-nominating-and-corporate-governance-committee. The Governance and Nominating Committee considers the performance of the members of our Board of Directors and nominees for director positions and evaluates and oversees corporate governance and related issues.

The goal of the Governance and Nominating Committee is to ensure that our directors possess a variety of perspectives and skills derived from high-quality business and professional experience. The Governance and Nominating Committee seeks to achieve a balance of knowledge, experience, and capability on our Board of Directors. To this end, the Governance and Nominating Committee seeks nominees with the highest professional and personal ethics and values, an understanding of our business and industry, diversity of business experience and expertise, a high level of education, broad-based business acumen, and the ability to think strategically. Although the Governance and Nominating Committee uses these and other criteria to evaluate potential nominees to our Board of Directors, it has no stated minimum criteria for such nominees. The Governance and Nominating Committee does not use different standards to evaluate nominees depending on whether they are proposed by our directors and management or by our stockholders. To date, we have not paid any third parties to assist us in this process.

Code of Ethics

We have adopted a Code of Ethics and Business Conduct (“Code of Ethics”) that sets forth various policies and procedures to promote ethical behavior and that applies to all our directors, officers and employees. The Code of Ethics is publicly available on our website at www.ciso.inc. Amendments to the Code of Ethics and any grant of a waiver from a provision of the Code of Ethics requiring disclosure under applicable SEC rules will be disclosed on our website.

Delinquent Section 16(a) Reports

Section 16(a) of the Exchange Act, requires officers and directors of our company and persons who beneficially own more than 10% of a registered class of our company’s equity securities to file initial statements of beneficial ownership of common stock (Form 3) and statements of changes in beneficial ownership of common stock (Forms 4 or 5) with the SEC. Officers, directors, and greater than 10% stockholders are required by SEC regulations to furnish us with copies of all such forms they file.

Based solely on our review of such reports and certain representations from each reporting person, we believe that during 2024, all Section 16(a) filing requirements were satisfied on a timely basis.