Description

Please note- this is an illiquid microcap best suited for smaller funds and/or PA's.

Elevator Pitch
The recent acquisition of fast-growing privately-held healthcare cybersecurity/privacy firm CynergisTek by Auxilio, a healthcare-focused managed print services microcap, provides investors with an opportunity to purchase a combined business with immediate/sizable cross-selling opportunities, a long-term runway given its unique positioning in an industry with heavy tailwinds, all for a very cheap price. Both companies are founder-run, have individually grown revenue at high rates over the past 5 years, require minimal amounts of operating working capital, and have the same customer-type with almost no customer overlap. The consolidated business is trading at a 28% discount to prices paid for each independent company just 8 months ago.

Since FY2011, publicly-traded Auxilio (previous ticker "AUXO" which has no previous VIC writeup) has grown revenues at a 22% CAGR to $60mm in FY2016. Auxilio, as a standalone entity, is a healthcare focused managed print services business (and will be referred to as the "MPS Segment" for purposes of this writeup) providing customers with immediate and transparent cost-reduction and privacy-risk mitigation related to a hospitals daily printing activity. Given the advent of electronic healthcare records ("EHR"), it is easy to see how a business tied to the printing of physical paper may become ignored by the market. Counterintuitively, despite the widespread adoption of EHR, significant print volumes and resulting direct/indirect costs continue to impact the industry. Operational inefficiencies, as well as inherent risks tied to privacy regulations and paper-related breaches, are hidden costs which allows the MPS segment to provide a targeted focus on a back-office function largely ignored by the healthcare industry. The MPS Segment produced $3.6mm in EBITDA in FY2016 (the business is minimally capital-intensive and consistently runs on negative-working capital).

Privately-held CynergisTek (referred to as the "CTEK Segment" for purposes of this writeup) was purchased in January 2017 by Auxilio for $26.8mm at 1.8x FY16 revenue/6.4x FY16 EBITDA (note- total purchase price amounts to $34.3mm after adding EBITDA-earn out through 2021 to the co-founders who are staying with the company). Since FY2011, the CTEK Segment has grown revenues at a 34% CAGR to $15mm in FY2016. The CTEK Segment is a cybersecurity, privacy and compliance SaaS/consulting firm specializing in the healthcare industry. CTEK's established presence (award winning, has ~10% of a fast-growing market share) and solid management team put the CTEK Segment in a strong position to benefit from industry tailwinds. The CTEK Segment produced $4.2mm EBITDA in FY2016.

The merger of the two businesses provides immediate value given the similar customer base and minimal customer overlap. For perspective, the MPS Segment works with ~220 hospitals and post-acquisition has gained access to 600 additional hospitals through the CTEK segments customer base. In August 2017, the consolidated company changed its name to CynergisTek (ticker 'CTEK') from the Auxilio brand, likely due to the companies growing recognition in the industry (the consolidated current company will be referred to as "Consolidated CTEK" for purposes of this writeup).

Consolidated CTEK currently trades at $3.61 per share with 10.28mm diluted shares and $15.49mm net debt ($37mm market cap; $52.5mm enterprise value). Current prices imply a 28% discount to the sum of the independent segment prices previously paid by market participants just 8 months ago. The consolidated company currently produces strong cash flow yield at 8.3x EV/EBITDA / 9.2x unlevered FCF / 7.8x levered FCF at a 0.7 EV/Revenue multiple. Coupled with management skin in the game (24% of total diluted shares), current prices offer a strong margin of safety given the sizable industry tailwinds on the cybersecurity front and the immediate expansion of client exposure for the MPS segment. Our base case suggests meaningful upside of 97% through 2021 (~18% cagr) and managements growth estimates (our 'blue sky' case) imply 178% upside through 2021 (29% cagr).

Managed Print Services Business ("MPS Segment")
The MPS Segment is a an outsourcing/consulting business with a primary focus on clients in the healthcare industry. The MPS segment provides customers two value-add services:

1.  As the company describes, "a risk-free program with guaranteed cost savings" whereby MPS Segment re-engineers back office printing processes and installs an on-site team to reduce cost inefficiencies associated with high-volume printing (guarantees between 10% to 30% savings for client over life of contract); and
2.  Process/controls review and remediation to mitigate inherent regulatory and cyber-related privacy risks resulting from physical paper printing of documents with patient health information ("PHI").

At the onset of a contract, MPS takes over its customers printing costs (assumes all of the customers printing costs immediately) and charges customers a fixed contractual per-printed document basis. This cost-transfer structure provides customers with upfront transparency around cost-saving incentives and transfers execution risk of cost-saving to MPS. Contracts are generally 5 years in length and margins tend to expand over time (first 6-12 months are front-loaded w/ upfront costs and renegotiations take place once MPS has a strong presence and relationship in the hospital).

Print management services in healthcare is highly fragmented and competitive. Competitors are primarily large photocopy/digital device manufacturers (e.g. Xerox, Canon, Konica Minolta, Sharp) which are less healthcare focused than MPS. To a lesser degree, competitors include regional/local equipment manufacturers and in-house back office functions (which MPS seeks to replace). The targeted focus on healthcare provides MPS with a unique advantage in understanding healthcare-specific privacy and regulatory risk. Additionally, management states that they are the only "healthcare exclusive" and vendor neutral managed print services company in the United States (companies like Xerox may have limitations in their ability to implement systems within a hospital given Xerox-only equipment/solutions, whereas MPS sources equipment from Ricoh, HP, even Xerox, depending on best solution given the specific situation). Further, the competition is "equipment centric", with incentives to sell as much equipment as possible, whereas MPS provides from a different perspective (cost reduction, process efficiency, privacy risk reduction).

With the advent of electronic health records ('EHR'), the obvious question for the MPS segment is whether this is a business anyone wants to be in right now? Going back to 2015, EHR adoption was already in its mature stages with 84% of hospitals having adopted an EHR system (https://dashboard.healthit.gov/evaluations/data-briefs/non-federal-acute-care-hospital-ehr-adoption-2008-2015.php) - management investor slides indicate 99% adoption today. Although EHR has been largely adopted, the absolute need for printing physical records remains significant (and ironically, 60% of hospital print volume actually results from printing of EHR). To provide context using one anecdotal example, one of MPS' customers in New Jersey is a 2,700 bed 8-hospital health system which produces roughly 15 million pieces of paper every month. More broadly speaking, the average 250-350 bed hospital (average hospital size) in the states produces between 1-2mm pieces of paper every month. To quote Joe Flynn, CEO: "the reality is, we see no significant reduction in paper volume. If anything, we see paper going up. Paper use going up, particularly through the implementation of EMR and that is because EMR was really not designed to make paper go away".

Simple functions such as device-error management, managing toner inventory/replacement, time spent producing large volumes of paper inherent in a hospitals operations, and consideration of regulatory/privacy risks associated with confidential patient information, become complex and inefficient in aggregate as printing costs/processes are not traditionally owned by a central function but rather siloed to individual departments/functions. Management's recent estimate is that a 1,500 bed hospital spends $3.8mm on printing related costs. The below detail illustrates the economics of the business, including the value add for its customers and potential for bottom-line growth opportunities created by the recent acquisition:

Average Print Volume Data: 250-350 bed hospital produces 1-2mm paper per month (data point from management)
Average Print Volume Per Hospital Bed, Annual: 48,000-68,571 sheets per bed per year (1,000,000/250 = 48,000)
Average Cost Data: Average 1,500 bed hospital spends $3.8mm annually (data point from management)
Average Cost Per Hospital Bed, Annual: $2,533 (3,800,000/1500 = 2533)
Average Cost Per Sheet in Hospitals: Between $0.037-$0.053 (2,533/48,000=0.037). Average ~= $0.045

Example MPS Segment Client: 1,000 bed hospital printing 4mm sheets per month
Document Cost prior to hiring MPS: $180k per month ($0.045 per sheet) spent on leasing costs, printer and parts purchases, toner acquisition, labor, printer downtime, etc
Value add: MPS comes in, takes over hospitals print-related costs, enters into contract with client at $0.035 per sheet (22% savings to client; average savings is 10-30%).
Cost Reduction to Client: $40k per month (0.01 * 4mm sheets); $480k per year; $2.4mm over 5 year contract - not an insignificant amount given average size of hospitals and average mid-single digit operating margins
MPS Revenue: $1.68mm per year ($0.035 * 4mm)

The MPS Segment does ~20% gross margins but margins tend to expand over the life of the contract as the first 6-12 months require upfront costs (mature contracts reach ~25 margin). As of 1H2016- "we currently classify approximately 40% of our MPS revenue under contract as immature, which is defined as either less than one year old or less than 50% of the MSP of copiers having been converted to lower cost solutions. As we have discussed in the past, contracts enter the mature or maintenance phase, profitability is expected to improve substantially". Taking on a large new client historically causes as much as a 5% to 6% decline in the overall gross margin for the first quarter or two. As they re-sign contracts after 5 year periods (customers are able to renegotiate prices downwards given MPS lack of initial costs for current clients), they have been able to maintain mature margin profiles off of lower absolute dollars.

The founder, Joe Flynn, remains the CEO of the consolidated company and has grown MPS revenues from $1mm when he started the business in 2004 to $60mm in 2016. The CFO joined in year 2 (2005) and remains CFO today. In August 2015, prior to the acquisition, they guided towards reaching $100mm in revenues over the next 3-4 years and have historically been solid with guidance. Management estimates they currently have ~5% of the addressable market. Historic returns on tangible assets range in the mid-to-upper teens. The MPS Segment currently has ~220 hospitals as customers.

Healthcare Security and Privacy Industry Trends
Prior to describing the acquired CTEK Segment, an overview of the current environment provides helpful context to understand the companies runway and positioning.

Breaches cost the healthcare industry $6.2bn per year (as of 2017). The adoption of electronic medical records has substantially increased the risk of cyberattacks. 90% of all hospitals had a breach in the past two full fiscal years (2015/2016) with a 64% yoy increase in hacking-related breaches. The WannaCry breach in May 2017 brought to public attention the risks associated with inadequate IT systems and personnel in hospitals. IDC estimates ransomware attacks on healthcare organizations will double in 2018. On September 25, 2017, news reports of Deloitte (who, ironically, provides cybersecurity consulting services in competition with CTEK) reported that it has been hacked exposing confidential client emails. More broadly, the September 2017 Equifax breach resulting in over 100mm customers received front-page media attention. The cybersecurity industry (total, not healthcare specific) is poised for substantial continued growth over the next 5 years - Cyber security research firm CyberSecurity Ventures estimates the industry to be worth $170bn in 2017 and in 5 years ending in 2021, it estimates the industry will eclipse $1 trillion. A research report specific to healthcare cybersecurity suggests healthcare cybersecurity will grow at a ~12.7% CAGR through 2022 (https://finance.yahoo.com/news/global-healthcare-cybersecurity-market-forecasts-165300904.html).

A recent 'HIMSS' (Health Information and Management Systems Society) industry survey showed that 85% of respondents indicated that IT security is an increased priority in the year ahead. 80% reported experiencing at least 1 recent major IT security related incident. Primary reasons listed as current barriers to achieving IT security included lack of appropriate cybersecurity personnel and growth in new/emerging threats. There is a recognition across the healthcare industry that IT security must be brought up to minimum standards, while the definition of minimum standards continues to be raised as a result of increased attacks, new vulnerabilities, and regulatory pressure. Healthcare organizations lack the ability to meet these standards internally. Mac McMillan (CTEK Segment co-founder) made an interesting point on the first conference call (Jan 2017) explaining the healthcare industries transition in moving away from point-solutions (i.e. installed software managed internally) to managed solutions (CynergisTek offering) given the lack of knowledge/experience and lack of cyberscurity skill force supply available across the healthcare industry.

Privacy is heavily regulated across healthcare - multiple privacy related laws affect healthcare organizations such as: HIPAA, HITECH, Meaningful Use, FISMA, FERPA, in addition to state-specific local laws. The Office of Civil Rights ("OCR") under the Department of Health and Human Services is the agency that enforces compliance with the Health Insurance Portability and Accountability Act (HIPAA). In September 2017, OCR released prelim results from an Audit over a sample of US healthcare providers reviewing "Entity Compliance with the HIPAA Rules" (Regulation 45 CFR Part 164) - OCR rated their compliance with the HIPAA Privacy, Security and Breach Notification standards as largely “inadequate,” with over 94% of the covered entities failing to demonstrate appropriate risk management plans.

The regulators have been performing a increased amount of compliance audits, resulting in increased volumes of enforcement fines/settlements (300% increase in fines from 2015->2016; 9 fines issued through August 2017 (8 mo YTD) for a total $17 mm versus 13 fines/$23.5mm in 2016). Some examples below:

- May 2017 - Memorial Hermann Health System (MHHS) -$2.4mm settlement + required remediation actions
- April 2017 - CardioNet pays - $2.5mm settlement + required remediation actions
- Feb 2017 - Memorial Healthcare System (MHS) - $5.5mm settlement + required remediation actions
- Feb 2017 - Children’s Medical Center of Dallas - $3.2mm civil penalty + required remediation actions
- Oct 2016 - St. Joseph Health (SJH) - $2.1mm settlement + required remediation actions

Initially, the public questioned whether new HSS Secretary Tom Price would reduce regulatory pressure on the healthcare industry. The figures above and the results of the HSS-led "Health Care Industry Cybersecurity Task Force" report issued in June 2017 (https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf) have dismissed the potential for reduced regulatory focus. The Task Force concluded that "healthcare cybersecurity is a 'public health concern' that needs 'immediate and aggressive attention'". Specific excerpts worth highlighting include action items hinting at incentives to be paid to companies utilizing Managed Security Service Providers (MSSPs), which should directly benefit CynergisTek if implemented.

• "Action Item 3.3.1 - "The federal government should evaluate incentive options, such as grants and tax incentives, to encourage more MSSPs to achieve economies of scale to support small and medium-size health care provider";

• " Action item 3.3.2 - "Federal regulatory agencies should evaluate incentive options, such as crediting small and medium-size health care providers who have engaged MSSPs during their audits and breach investigations, to encourage providers to leverage MSSPs"

A final industry item to note (found this to be interesting/terrifying)- medical devices are also an area vulnerable to cyber-attacks:

• http://www.fiercehealthcare.com/privacy-security/medical-devices-are-next-big-target-for-hackers

• Government report detailing the nature of a recent identified vulnerability in pacemakers which utilize radio frequency communications:  https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

There's an overflow of data unanimously pointing to increased attention on cybersecurity risk, both broadly and specifically within the healthcare space. CynergisTek finds itself in a strong position to capitalize on these prevalent trends.

CynergisTek Cyber/Privacy Security Business ("CTEK Segment")
CTEK provides IT security, compliance, and privacy services to companies in the healthcare industry (hospitals, clinics, physician practices, insurance providers, vendors that handle health services information). The company was founded in 2004 by co-founders Mac McMillan and Dr. Michael Matthews, who continued to hold 50% each of the private company up until being acquired by Auxilio in January 2017. Both continue in executive operating positions and have seats on the board within the combined business. Anecdotally, McMillan has been very impressive on the first few conference calls following the acquisition and is considered a thought leader in the industry as evidenced by the volume of keynote speeches he is invited to provide. The company states that many of their clients have been with one or both of the founders well before the company was established in 2004.

CTEK is a one-stop shop for healthcare privacy/security specialized in the healthcare industry. CTEK provides the following array of products:

• Privacy services - provide HIPAA privacy assessment audits, procedure/process development, temporary/permanent privacy consultant staffing, advisory during breach notification

• Security services - various levels/types of recurring risk assessments, vulnerability testing, architecture assessments, etc which almost always identify remediation plans (which CTEK fulfills). As Munger points out - "I have never seen a management consultant’s report in my long life that didn’t end with the following paragraph: 'What this situation really needs is more management consulting' "

• Compliance/Audit services - recurring IT General Controls Audits, OCR mock and readiness audits, meaningful use audits, etc

• Managed Professional services - Compliance assist partner program ('CAPP'), Virtual CISO (Chief Information Security Officer) for smaller clients, managed privacy monitoring services, vendor security management

• Remediation Services - Tactical/strategic issue remediation, contingency/disaster recovery plans, system patching, controls implementation, ongoing remediation consultant staffing

The CAPP program has been very successful as it packages elements of their broader suite of products and provides recurring revenues to CTEK. McMillan describing CAPP:  "Our CAPP program, which stands for compliance, assist, partner program, continues to see strong demand with the addition of several new customers during the quarter. Under this program, CynergisTek establishes proactive risk management protocols, then periodically performs audits of key controls to ensure compliance with both regulatory and internal mandates. CynergisTek’s CAPP program provides recurring consulting services to assist in maintaining a proactive risk management program by performing standards-based periodic assessments, setting and achieving compliance goals, conducting periodic audits of key controls and providing ongoing privacy and security advisory services. The 3-5 year CAPP program gives hospital clients and their executives access to 24/7 accessible subject matter experts in Security, Technical, Regulatory, Compliance, Research and Governance, covering the entire organization with one phone call."

The CynergisTek brand is strong and likely the motivation behind the consolidated companies name change. Healthcare organization senior executive rely heavily on independent vendor performance reviews provided by KLAS (healthcare research/analytics firm) as part of the vendor selection process. CynergisTek won the 2017 Best in KLAS award for Cyber Security Advisory Services (beating PricewaterhouseCoopers, Deloitte, Clearwater Compliance, and Dell Services) and was recognized in the 2016 KLAS Security Advisory Services report for having the highest overall client satisfaction, performance and impact on security preparedness in healthcare. Relevant management quotes for context:
-  17Q1 cc: "While those outside industry may not fully realize the benefit, the fact that CynergisTek recently won a prestigious award from the peer review organization known as KLAS is of great significance. We're undoubtedly seeing an increased level of interest in our security services as a result, especially from the larger health systems where that recognition has helped us get our foot in the door."
-  16Q4 cc: "I would say that before the class award, I would say CynergisTek was well-known, but now this award they have won far and above their competitors in the space, which are typically the large consulting firms like PwC and Deloitte & Touche, who you see a lot in these big health systems. So that award is definitely getting them to the table, getting us to the table much faster to these large place"

At the time of acquisition, CynergisTek had 90 health systems contracts across 600 hospitals in the US (management estimates ~10% market penetration). 60% or so of revenues come from multi-year contracts and they generally have success in layering on additional services once customer is entrenched. The CTEK Segment did $15mm in revenues and $4.2mm EBITDA in FY2016, has historic gross margins of ~50%, 25-30% EBITDA margins, and is also a capital light business. Revenues have grown at a 34% cagr since FY2011 (38% yoy for FY15 and 36% yoy for FY16). Our take is that Auxilio made a great deal here (6.4x fy16 ebitda) - capitalizing on an organic opportunity to expedite each segments growth through simple cross-selling opportunities.

Consolidated CTEK
McMillan and Mathews (CTEK co-owners) are both continuing to work in management positions and have joined the Board of the combined company. Joseph Flynn (AUXO standalone CEO) will continue as CEO and Paul Anthony (AUXO standalone CFO) stays on as CFO.

The CTEK Segment co-founders state that they turned down a series of offers as they were growing over the past few years, but chose to sell to Auxilio given the natural opportunity to organically grow through combining both customer networks CynergisTek's customer base is more aligned to medium (and small to a lesser extent) sized healthcare systems in parts of the country where the MPS Segment has not traditionally targeted (southwest, southeast, midwest). The opportunity is heavily weighted towards selling MPS to these clients. 10% penetration of the CynergisTek client base for MPS business would provide ~$10mm additional annual revenue (16% increase from FY16). Some relevant quotes from management:

• 17Q1 conference call: "While we continue to see extended sales cycles in the managed document solutions business, there was a noticeable increase in RFP [bidding process] activity during the quarter. This is partially due to our enhanced prospecting initiatives and greater brand awareness in the marketplace, given our expanded geographic footprint with the acquisition of CynergisTek. The Company is now at a size and scope where we are increasingly being invited to participate in the RFP process with customers we simply could not get traction list before."

• 17Q1 conference call: "But on the other side where we've approached our traditional cyber-security customers on the CynergisTek side and introduced the managed documents service to them, they have also been extremely receptive to it and in fact, we had two meetings last week with clients that we've had for quite a while. One of those who did not have a managed print service and they were very interested in not only understanding that and understanding what that could mean for them, but the other one was even more interesting in that they had already had a managed print service and the feedback that they gave us was that the Auxilio model, with respect to how it tackles going after cost in the environment, was much more prescriptive and much more detailed than what they had had with whoever their previous provider was."
  
  

The merger also augments the "one-stop shop" healthcare IT security/privacy selling point against competitors. One (small) advantage/selling point against competitors is that they focus all of their time on healthcare - because of this they have been able to carve out niche brand/management awareness to those familiar with the industry. Mac McMillan (CTEK co-founder) mentioned on a call that their strategy from the beginning was to remain within their core competency (healthcare) and this has likely contributed to their growth over the past few years.

• 16Q4 conference speaking on MPS selling to CTEK clients: "This is the key factor in the recently announced multimillion dollar contract win, and there are other prospects entering the pipeline with similar needs. Most of our competition traditionally comes from major device manufacturers and they simply do not view themselves as a complete end-to-end service provider, inclusive of a security component. It is just not the nature of their business. As it stands today, we are the only name in the space that can wrap security services around all the places Patient Health Information or PHI resides, including printed, storage, and digital documents, that is increasingly becoming a significant competitive advantage. "

Recent contract wins (MPS Segment):
- Won 5 year contract in 17Q1 March - approximately $12.5 million contract with a 1,000-bed hospital
- 17Q3 August- Won 5 year 'multi-million dollar' (not specifically disclosed) contract; customer has 27mm pages per year

Recent contract wins (CTEK Segment):
- Added five new customers under its Compliance Assist Partner Program (CAPP) in the first quarter of 2017.
- Press release from July 2017 discussing 1H17: "Experienced unprecedented growth in the first half of 2017, with double digit net new client wins and expanded contracts. Over the past six months, the company added multiple new clients to the roster to include some of the nation’s largest systems. CynergisTek also experienced an increased demand from existing clients to expand contracts with additional security, privacy and/or compliance services, with several provider organizations." Also: "continues to experience a significant renewal rate in its CAPP Managed Service Program." This seems significant off of the back of their 1H16 press release (as a private company): "Cynergistek standalone achieved record growth in the first half of 2016, with a 170 percent increase in revenue and a nearly 50 percent increase in bookings when compared to the first half of 2015. Specific to the first half of 2016, CynergisTek saw a 27 percent increase in new customers"
- Q317 July - Closed three deals, equating to over $2 million, to provide a large health system with specialized security implementation and remediation services.
- Q317 July - 3 year $750K contract, "CynergisTek’s highly-trained IT privacy and security specialists will help implement, evaluate and optimize the organization’s data privacy program"

Valuation

1.  Independent Segment Market Values:

Using Auxilio's (AUXO) $1.00 per share ($24.8mm) public market price pre-acquisition (and pre 1:3 reverse split) as a proxy for valuation, the market is currently valuing the CTEK Segment at $12.2mm (or 2.9x FY16 EBITDA), as compared to the $26.8mm price tag paid by Auxilio in January 2017. It is reasonable to assume that given the growth opportunities highlighted above and a reasonable price paid by Auxilio (trailing 1.8x revenues and trailing 6.4x ebitda), the purchase price of $26.8mm (before factoring in the additional $7.5mm EBITDA earn-out consideration) is a fair initial proxy for valuation. There is no sufficient reason for the drastic discount in price over the past 8 months other than market impatience/apathy. Based on the sum of these two independent 'market values', the consolidated company is worth $24.8+26.8 = $51.6mm (39% above current price).

2.  Earnings Power Valuation:

Assumptions used in the below 3 cases:
- MPS Segment maintains 20% FY16 gross margins (mature contracts grow to 25% but margins will lag 5-6% as the company grows)
- CTEK Segment maintains 50% historic gross margins
- Sales/Marketing % of Revenue FY17 = 8% (annualizing 1H17 numbers and managements 7% target; higher new hiring and new training due to acquisition/cross-selling)
- Sales/Marketing % of Revenue FY18-21 = 7%
- G&A % of Revenue = 13.5% (annualizing 1H17 after backing out $450k in one-off acquisition expenses; this keeping this flat through 2021 for conservatism)
- Interest Expense: FY17-19: $1.5mm per year; FY20: $0 (debt contractual payments)
- Capex: FY17 $608k (annualizing 1H17 numbers, management estimates, and growing 3%)
- Deprec: $400k a year (annualizing 1H17)
- Amort: $2mm a year (annualizing 1H17)
- No cash taxes during FY2017-2019 (NOLs from years ago); 35% tax rate FY2020 and FY2021

No Growth FY17 (for purposes of illustrating a conservative current yield):
- Using the above assumptions and 0% growth at both segments, the company currently trades at 8.3x EV/EBITDA, 9.2x unlevered FCF; 7.8x levered FCF

Base case through FY2021:
- MPS Segment Revenues: Assume cross-selling allows MPS to achieve 10% revenue growth in FY17 and FY18 + 5% revenue growth from 2019-2021 (below managements targets of 10% yoy) = $84mm 2021E segment Revenues
- CTEK Segment Revenues: Assume continued strength at a much lower than historical growth rate (25% FY17, 15% FY18 and FY19, 10% FY20 and FY21 - very conservative in comparison to prior growth/future runway) = $30mm 2021E segment Revenues
- Debt free at 2021
- Consolidated EBITDA $10.9mm at current 6.7x multiple = $73mm value (97% absolute and 18% cagr)

Blue sky case through FY2021 (Managements $150mm FY2021 revenue estimate):
- FY21E Consolidated Revenues = $150mm (using MPS Rev yoy FY17-21 respectively: 15%, 15%, 10%, 10%, 10% and CTEK segment Rev yoy FY17-21: 30%, 30%, 25%, 20%, 20%)
- Debt free at 2021
- Consolidated EBTIDA = $15.4mm at current 6.7x multiple = $103mm value (178% upside and 29% cagr)

Growth rates are inherently a ballpark estimate here - the simple thesis is current FCF yields 10-12% with probable modest to substantial levels of high roic growth.

Incentives
- Executives from private CTEK segment coming on board (McMillan and Mathews) now own 5.5% each of the diluted shares in the new company as of 17Q2 (over $2mm each) - not an incredibly high dollar amount but they both are further aligned as a) counterparties to the $9mm total promissory note on the combined companies books issued as part of the acquisition and b) incented with a $7.5mm contingent payment based on EBITDA performance through 2021 (from the acquisition).
- Insiders as a whole own 24.5%
- Recent open market purchases by chairman in May and August ($77k total)

Why does this opportunity exist?
- Small and illiquid (Already low liquidity levels have fallen off of a cliff. Average shares traded in 1H17 = 104k and average shares traded in Q3 = 26k with the difference not attributable to the acquisition)
- Name and ticker change - off the beaten path/previous Auxilio investors may not have been invested for cybersecurity theme
- Cursory investors missing AUXO's reverse stock split same week as acquisition when backing into current market value
- ACA overhang - CEO Quotes: "So a lot of the CIO's have expressed that -- it's not that they've less money but they're actually saving some of their money. They're creating war chests, waiting to see what Washington is going to do. And I think what this is going to do in some respects or could do, it's going to be a very interesting fourth quarter perhaps because all of a sudden they're going to get to the end of the fourth quarter, if something doesn't change with ACA, now they're going to have money in their budget that they're going to need to spend." and "management sees minor impacts to business but "we expect when the legislation reaches its final form, this uncertainty with the abate and the market will begin to normalize. We see growing pipelines in both document workflows and security, reflecting that the industry has an urgent need for services and that that will absolutely remain for the foreseeable future."
- Short term overhang (2-3 quarters) on small net client churn in MPS segment and P&L expenses related to Sales/Marketing to ramp up cross-selling efforts (full sales team implementation in late July 2017) + overall seasonality of the CTEK segment aligned to Q3/Q4 budget season
- Sales cycle for MPS is longer than 1-2 quarters and the market is unreasonably impatient with cross-selling
- Short term overhang given the modification of a large clients contract from recurring preventative services (recurring 3 year contracts) to immediate remediation (will hit margins short-term) which will likely subsequently transition back to recurring (positive overall looking out more than 1 quarter).

Risks
- Customer concentration: 2 largest customers accounted for 44% of revenues as of 6/30/17 (as compared to 49% of MPS Segment revenues on 6/30/16 or $29.4mm). These are MPS customers and a loss of one would not be devastating given the low margins in the MPS Segment
- Continued healthcare M&A consolidation. Lost a long term customer in Q1 in MPS due to M&A activity for their clients (larger acquirer comes in and they have a different solution). This may be a benefit in the future as well as a risk.
- Execution risk on cross-selling. Management seems promotional and very optimistic (5 year revenue target of $150mm consolidated, 15% cagr) and prior acquisitions (redspin) were over-aggressive. Discussed their mistakes in detail on 16Q4 conference call and it seems like they are thinking about things the right way, and execution is a risk partially mitigated by industry tailwinds. Quote: "Yes, I think the main lesson we learned is when you make an acquisition you are much better of making an acquisition that's got immediate -- a larger customer base and immediate scaling opportunities versus making acquisition that of very small companies that don't have a lot of management and experience to scale upward. So, like it said to Jeff, in a perfect world I would have done it in the reverse, we would have taken on CynergisTek first and then the other two as add-ons, because they are very complementary. So that's what we learned, and looking forward I don't think we would probably ever invest unless it was a nice piece of technology that we could easily rollout for customers. We probably won't be acquiring companies unless they are significantly accretive and have a growth trajectory without a significant investment to get there, if that makes sense."

Catalyst

- Brand renaming (including ticker change) to CynergisTek brand in August 2017 may increase industry attention
- Continued cybersecurity attacks justifying healthcare cybersecurity budget spend
- Combined sales force matures towards Q3-Q4 after sales/marketing updates, cross-selling training, and overall seasonality of the CTEK segment aligned to Q3/Q4 budget season
- Uncertainty around healthcare legislation is removed/fades
- Buyout - M&A seems to be all over the place in the healthcare IT space. No direct comps but plenty of healthcare services/IT firms make logical acquirers; also a company in the business of providing services to health care facilities - like an Aramark (William Leonard, Aramark CEO from many years ago, owns 6% of CTEK's stock- he has owned for ~4 years now). Essentially all public healthcare related IT companies trade at much higher multiples, but not included in thesis bc not directly comparable.
- Return to average liquidity levels (Already low liquidity levels have fallen off of a cliff. Average shares traded in 1H17 = 104k and average shares traded in Q3 = 26k with the difference not attributable to the acquisition)
- Sell side analysts have price targets of 100-170% upside from current mid $3 prices