Risk analytics firm QOMPLX is set to go public via a SPAC

Yahoo Finance Video

QOMPLX CEO Jason Crabtree joined Yahoo Finance Live to break down QOMPLX's plan to go public and how the company will continue to work with government agencies.

Video Transcript

ADAM SHAPIRO: I want to talk about cybersecurity because guaranteed just about all of us have either been the victims of a phishing attack or some kind of cyber breach where some kind of information we don't want out there on the dark web gets sold to somebody who tries to do something with it. That may change.

Let's bring in a CEO from QOMPLX, Jason Crabtree, whose cyber security firm is going to go public through a merger with Tailwind Acquisition Corp. Thank you for joining us. Let me start with something simple. What are most of us getting wrong when we throw out this term "cybersecurity" and what we believe to be cyber threats?

JASON CRABTREE: I think the biggest challenge in cybersecurity is that identity and authentication have rules of the road, and what you see in SolarWinds is that fundamental protocols that work behind the scenes in every large network can be attacked directly. And this is why all the big security vendors didn't successfully detect the lateral movement and privilege escalation in both commercial entities and in the government. And that's what QOMPLX does for some of the world's biggest brands, and we're pretty excited to start doing it for the government as well now.

SEANA SMITH: Well, Jason, I want to ask you a little bit more about that. You brought up the SolarWinds hack, and yes, that's the most recent hacking and something that-- that I think a lot of people think of. But you, specifically-- your clients are government agencies and big corporations, the exact targets of the SolarWinds hack. I guess, what can be done in order to make sure-- you're saying that your company will prevent this from happening again, but what specifically needs to be done in order for something like that to never occur again?

JASON CRABTREE: Well, I think the fundamental thing about security is that you have to balance getting the right sort of observability and detections in place and that when you look at how these attacks occur, even a lot of the major ransomware attacks, they really attack identity providers. So they attack Active Directory on-premise, and they attack SAML providers in the cloud.

And QOMPLX is pretty unique in being able to actually keep track of all these different tickets and tokens that are used to authenticate users and computers and to actually process all those in memory, in near real time and to use that to detect different types of identity forgeries. And that's been a huge driver for us and some of the world's largest companies.

We're pretty excited to also connect that to actual risk metrics, so we're working to bring that kind of discipline into the insurance world and then to leverage data feeds from other kinds of security tools. And we think this is the future of cyber risk and cyber insurance.

ADAM SHAPIRO: This is a $1.4 billion deal, but for those of us who are Luddites when it comes to the things you're talking about, I want to let everybody know that your company-- you've got experts from West Point, from the Air Force Academy. You yourself, I believe, are a Rhodes Scholar. What does this mean to the average Jane and Joe? When you talk about the identity-centric attacks-- what is that?

JASON CRABTREE: Sure. So your computer, every time you send an email, every time you go to the file share, is actually getting permission to do all these things behind the scenes, and the fundamental protocols that are used for this are-- in the cloud, this is the SAML forgeries that you can read about in-- in a lot of the SolarWinds coverage.

And in-- on on-premise, you see Active Directory, which is used by the majority of world's corporations, and that protocol is called Kerberos. And so the reality is these are the fundamental ways that every single user or attacker actually eventually becomes authenticated traffic, so the goal of a phishing attack, the goal of a ransomware attack, the goal of a SolarWinds attack was ultimately to gain appropriately authenticated traffic in the network and basically become a legitimate user.

And so you actually have to watch the watchers, right. This is the consequence of trusting trust. Every time someone told you zero trust, what they actually meant is 100% trust in the identity provider, and we make sure you can actually trust the identity provider.

SEANA SMITH: So Jason, you're going public via a SPAC. Why decide to do this? We know SPACs have been very, very popular recently, but why did this make sense for your company compared to the more traditional route?

JASON CRABTREE: Yeah, so we were really excited to try to drive together more scale in our business by bringing in some really exceptional insurance analytics technology and by combining with a key partner of ours on the government side that was already servicing some of the most important US federal and government agencies and gave us classified contract vehicles and the ability to deliver a tremendous amount of solutions into the government space.

And so QOMPLX decided that, given our background in the national security space, and our work in large companies, and really bringing quantitative approaches to cybersecurity and risk together, the best opportunity for us was to go be a public company and-- and to be able to ultimately tell that story in the market. So we think there's a lot of demand for this out there, and we think it's the future of the industry.

ADAM SHAPIRO: You know, but you're a CEO. You sit in a chair many of us will never occupy. The pressure you'll get once you're a public traded company-- is it going to be the same as the pressure you get from VC or from funders right now, or will it be different? And will it potentially tie your hands as you want to lead the company? Because cybersecurity is constantly evolving, I would imagine.

JASON CRABTREE: I think for us, if you look at our background, right, Bill Foley and [? Kenai ?] led our investment round a couple of years ago, and they've invested again in this round. We're really lucky to have folks like RenaissanceRe and other major institutional partners of ours actually participate as investors in this.

So fundamentally, you know, we're a business that did 96 million on a pro forma basis last year. We're on track to do 141 on a pro forma basis this year. We think we have real revenues, real scale, real barriers to disintermediation and real opportunities to drive into a sizable public business.

ADAM SHAPIRO: And we wish you the best. We look forward to the next discussion with you when you start reporting your earnings and you're a public company. Congratulations and all the best to you and the team at QOMPLX. CEO Jason Crabtree, thank you